Event banner
Windows Office Hours: September 19, 2024
Event details
Get answers to your questions about adopting Windows 11 and managing the Windows devices used by remote, onsite, and hybrid workers across your organization. Get tips on keeping devices up to date effectively! Learn how to cloud attach your on-premises workloads!
Windows Office Hours is our continuing series of live Q&A for IT professionals here on Tech Community.
How does it work?
We will have a broad group of product experts, servicing experts, and engineers representing Windows, Microsoft Intune, Configuration Manager, Windows 365, Windows Autopilot, security, public sector, FastTrack, and more. They will be standing by here -- in chat -- to provide guidance, discuss strategies and tactics, and, of course, answer any specific questions you may have.
Post your questions in the Comments early and throughout the one-hour event.
Note: This is a chat-based event. There is no video or live meeting component. Questions and answers will appear in the Comments section below. |
- Heather_PoulsenCommunity Manager
Welcome to Windows Office Hours! Excited to see so many early questions. Let's get started! We'll be answering here until 9:00 am PT and if the folks "in the office" can't answer today, we'll find an answer for you shortly!
- ThomasTrombleyMicrosoftThanks, Heather, it's wonderful to be with you here today!
- Heather_PoulsenCommunity Manager
Thanks to everyone who joined us for Office Hours today. We'll be back next month (October 17) and the third Thursday of every month. Visit https://aka.ms/Windows/OfficeHours to add future dates to your calendar.
- Paul_WoodwardIron ContributorThanks all for taking the time.
- DavidB2390Copper ContributorWill Windows servers ever be supported in Intune and if not why not - we want to migrate off SCCM
- nlmitchellBrass ContributorWe're in the same boat. We only really use MECM now for Remote Takeover and Patch and App/Package delivery to Servers. Non-domain and other-domain servers would no doubt present an issue with getting them into Intune, but hopefully we can get them into their in the future. Currently co-managed, but would like to go 'Full' Intune at some point. Servers are the main thing holding us back on this at the moment, don't really want to go back to bare WSUS for patching if I can avoid, like the MECM skin on top 🙂
- Joe_LurieMicrosoft
nlmitchell and DavidB2390 I won't say "never" but we have no plans today to add servers into Intune. Intune is designed as a solution for endpoints: PCs, macOS, mobile, Linux (to an extent). For server management we recommend moving to Azure, and for on-prem servers you can use Azure Arc.
Hope this helps.
- VanakenJBrass ContributorUsing WUfB deployment service for drivers and firmware updates is a great feature. In the inventory phase, we see for each driver on how many devices it is applicable. However, there is no click-through to see exactly which devices will receive the update *before* the deployment. I guess this is a 'feature request' unless there is another way to accomplish this? Remark that *after* the drivers or firmware has been deployed, the report for driver updates does list the machines it has been applied to.
- SoupAtMSFTMicrosoftThanks Johan. You are correct. We are tracking multiple requests for enhanced visibility and drill down for driver management. Watch soon for changes in this space!
- Natalie_PalmisanoMicrosoft
VanakenJ To add to what Steve said, there is a way to potentially leverage Graph API to get the information you are looking for. Be aware that your mileage may vary and definitely recommend you test, test, test this in your environment!
GET https://graph.microsoft.com/beta/admin/windows/updates/updatePolicies
This will list out all the policyId’s (highlighted in Yellow) and deploymentAudienceId’s (Highlighted in Green) for all policies created by the tenant. The deploymentAudienceId is needed in the next step.
Example:
This will list out all applicable drivers available in the policy, you will need the catalogEntryId of the driver you wish to know which devices are applicable for the driverExample:
This will return all deviceId’s that are applicable for the catalogEntryId specified. If it is a recommended driver it will say “recommendedBy”:[Microsoft] and if it is an Other driver it will say “recommendedBy”:[]Example:
- barthoskinsCopper ContributorWhen can we expect more details on the *Windows enrollment will include quality updates during OOBE* change (message id MC891140)? The impact on the user enrolment & ESP experience is not clear - will device ESP last much longer and will users need to perform an additional sign-in-due to a reboot at the end of device OOBE? What will happen with pre-provisioning? If the updates install during pre-provisioning but the device is enrolled a month later will the user have to wait for updates to install and also reboot?
- nlmitchellBrass ContributorSeconded here for clearer guidance please. My current understanding is that the quality updates would apply during device provisioning stage of Autopilot, including pre-prov? If a device is then given to a user a month or so later, they would go through the user enrollment stage and updates would just apply once they are at the desktop level as per the WUfB policies that are in place in Intune and not delay the user enrollment stage further? Just trying to gauge the potential impact on engineers and users and get my head around what the change in process might look like. Bit like Bart is it seems
- Paul_WoodwardIron ContributorLicense assignment in M365 portal only and removing the feature from Entra is a serious degradation. This is extremely frustrating. We apply several licenses to each group, the UX is truly horrible in M365 portal. If you're going to push change on us, at least make it as good as what it replaces (hopefully better), otherwise it just feels arrogant and customer hostile. You're getting a lot of negative responses to this change, at the very least we'd like to know why you've felt the need to make things worse for us. Was it a technical requirement on your side, or a whim? We just don't know.
- ThomasTrombleyMicrosoft
Hi Paul,
Please post your concern here, as I know our Engineering team proactively reviews these pages (I say it as I'm one of them for Windows servicing!): Microsoft Entra - Microsoft Community Hub.
In addition, there's an existing comment in Message Center that aligns with your concern: Message Center - Microsoft 365 Admin Center - NEEDS IMPROVEMENT · Community.
I hope this helps.
- VanakenJBrass ContributorAre there any plans foreseen to evolve Delivery Optimization (DO) , as it is a core component of Windows Update and any delivery of CDN content ? The scenario is when you have a Microsoft Connected Cache (MCC) on-premises. In fact, it lacks some features to fully control it in modern enterprise environment, like (1) VPN solutions are old-style and replaced by non-VPN solution like ZScaler which make the DO controls/policies for VPN (to avoid use of MCC) useless and (2) there are no controls for example to avoid use of MCC servers in a specific mode for example LAN mode which is used for working from your home network.
- ThomasTrombleyMicrosoftHi Johan. I'm reviewing this question with our DO folks now, and will follow up as soon as I hear back.
- reastman1966Copper ContributorI have ~50 Windows 11 devices enrolled into Intune Autopatch out of ~700 devices that just show download and install in the check for updates screen. There are other devices in the same update rings that work as expected with downloading and installing quality updates with just a requirement to restart. I have been working with Microsoft support, but it has been slow going so I am hoping someone here can help point me in the right direction.
- EricMoeMicrosoftKeep working with support, as we are unable to do any sort of deep troubleshooting or diagnosing in this forum. If your devices are all in the same rings, the only other thing to check is to ensure you do not have Conflicting Configurations on the devices experiencing the issues, https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations
- SoupAtMSFTMicrosoftBe sure to take a look at Ken Goosen's blog on the topic too - https://kengoossens.com/windows-autopatch-auto-remediation-script/
- rgommersIron ContributorWhat kind of Microsoft Defender features are available in China / 21Vianet tenants? Our Defender portal in this tenant looks very empty. Is it simply not supported? There are feature comparisons in your documentation but none seem to include Defender.
- Heather_PoulsenCommunity Manager
You can find a list of supported features for 21Vianet here: https://learn.microsoft.com/azure/defender-for-cloud/support-matrix-cloud-environment.
- DavidB2390Copper Contributor
Is there a road map item to create more granular permissions e.g. allow access to Microsoft Message center or Service Health without being able to read all user objects? We run privileged access workstations (PAW) with role separation so our non admin accounts can't read email digest Message center notices (annoying) and can't read device or user objects (by design)