Event banner
Event details
81 Comments
- Custom compliance discovery scripts for Microsoft Intune - will they ever be supported on MacOS (or iOS), if not why? NB For Windows we run a PowerShell script and can mark BYOD devices non compliant for various reasons such as non applied pending Windows updates
- Joe_Lurie
Microsoft
DavidB2390 As we are actively building out the functionality of managing macOS in Intune - even over the past 6 months or so - I don't want to say that this is not going to happen. But today, this is on our macOS roadmap with no committed date to share. Note that we offer custom compliance today for Windows and Linux devices: Create discovery scripts for custom compliance policy in Microsoft Intune | Microsoft Learn
Keep an eye on our roadmap page and What's new in Intune page for any developments in this area.
Roadmap page: https://aka.ms/M365RoadmapWhat's new: https://aka.ms/IntuneNew
Feedback Portal: https://aka.ms/IntuneFeedback
Is there a road map item to create more granular permissions e.g. allow access to Microsoft Message center or Service Health without being able to read all user objects? We run privileged access workstations (PAW) with role separation so our non admin accounts can't read email digest Message center notices (annoying) and can't read device or user objects (by design)
- What kind of Microsoft Defender features are available in China / 21Vianet tenants? Our Defender portal in this tenant looks very empty. Is it simply not supported? There are feature comparisons in your documentation but none seem to include Defender.
- Heather_Poulsen
Community Manager
You can find a list of supported features for 21Vianet here: https://learn.microsoft.com/azure/defender-for-cloud/support-matrix-cloud-environment.
- I have ~50 Windows 11 devices enrolled into Intune Autopatch out of ~700 devices that just show download and install in the check for updates screen. There are other devices in the same update rings that work as expected with downloading and installing quality updates with just a requirement to restart. I have been working with Microsoft support, but it has been slow going so I am hoping someone here can help point me in the right direction.
- EricMoeKeep working with support, as we are unable to do any sort of deep troubleshooting or diagnosing in this forum. If your devices are all in the same rings, the only other thing to check is to ensure you do not have Conflicting Configurations on the devices experiencing the issues, https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations
- Be sure to take a look at Ken Goosen's blog on the topic too - https://kengoossens.com/windows-autopatch-auto-remediation-script/
- Using WUfB deployment service for drivers and firmware updates is a great feature. In the inventory phase, we see for each driver on how many devices it is applicable. However, there is no click-through to see exactly which devices will receive the update *before* the deployment. I guess this is a 'feature request' unless there is another way to accomplish this? Remark that *after* the drivers or firmware has been deployed, the report for driver updates does list the machines it has been applied to.
Natalie_PalmisanoVanakenJ To add to what Steve said, there is a way to potentially leverage Graph API to get the information you are looking for. Be aware that your mileage may vary and definitely recommend you test, test, test this in your environment!
GET https://graph.microsoft.com/beta/admin/windows/updates/updatePolicies
This will list out all the policyId’s (highlighted in Yellow) and deploymentAudienceId’s (Highlighted in Green) for all policies created by the tenant. The deploymentAudienceId is needed in the next step.
Example:
This will list out all applicable drivers available in the policy, you will need the catalogEntryId of the driver you wish to know which devices are applicable for the driverExample:
This will return all deviceId’s that are applicable for the catalogEntryId specified. If it is a recommended driver it will say “recommendedBy”:[Microsoft] and if it is an Other driver it will say “recommendedBy”:[]Example:
- Thanks Johan. You are correct. We are tracking multiple requests for enhanced visibility and drill down for driver management. Watch soon for changes in this space!
- Are there any plans foreseen to evolve Delivery Optimization (DO) , as it is a core component of Windows Update and any delivery of CDN content ? The scenario is when you have a Microsoft Connected Cache (MCC) on-premises. In fact, it lacks some features to fully control it in modern enterprise environment, like (1) VPN solutions are old-style and replaced by non-VPN solution like ZScaler which make the DO controls/policies for VPN (to avoid use of MCC) useless and (2) there are no controls for example to avoid use of MCC servers in a specific mode for example LAN mode which is used for working from your home network.
- Hi Johan. I'm reviewing this question with our DO folks now, and will follow up as soon as I hear back.
