Event banner
Event details
129 Comments
- Will there be a way to have iOS kiosk mode devices to automatically update apps, WITHOUT having to take it out of Kiosk mode? Right now that is not possible even though we have automatic updates enabled.
- Good Morning/Afternoon/Evening Michael, I'm looking for a kiosk mode SME to assist. Apologies for the delay.
- We have adjusted our licensing here and need to find out what we are paying for each license for a user. For example, what do we pay for a Microsoft 365 F1 license, E3 and then E5 licenses.
- Good Morning/Afternoon/Evening Rich, That's a question best answered by your account manager or Cloud Service Provider (CSP). Best, Thomas
- Every time I post my comment, it gets deleted with no reason about why.
- Try replying here and we'll see if it works. Best, Thomas
- All deleted... disappointing... Thx for your good intention though! I really appreciate it. Have a nice one!
- My org is fully azure AD, but I would like to run some on-prem DNS services that are attached to my domain in Azure AD to capture more than just Windows endpoints. Is this the forum for that question?
- Hi TJ, I apologize for the delay, as we had lots of questions yesterday, and several of our SMEs were on business travel. However, while this falls a bit out of scope for this session, try this and let me know: To set on prem DNS server in Azure virtual network, you can1234: Use the management portal to configure the DNS servers in the NETWORKS section. Deploy a new VM inside the virtual network and set its IP to the same IP you have defined in the portal. Use PowerShell to deploy subsequent VMs to the virtual network. Set DNS on the Cloud Service which overrides the DNS setting on the VNet. Use private DNS zone and virtual network links to connect to privatelink.blob.core.windows.net. Go to VM settings and change the DNS servers in the network interfaces section.
- Can we have some information about when we can expect Tenant Attach delegation to support scope tags so this limitation is removed? https://learn.microsoft.com/en-us/mem/configmgr/cloud-attach/use-intune-rbac#limitations This would allow us to stop granting sccm access to use this great feature. Thks
- Apologies for the delay Stephane. I am reaching out to a few SMEs to assist.
- It seems to me like new policies are often added right away to Group Policy, but not Intune. How come Intune feels like it's always playing catch-up? An example I can think of recently is the ability to enable optional updates in Windows. As far as I can tell, this is not possible from Intune Settings, but is possible via Group Policy. I'd love it if everything could be done from Intune, and if these policies were available in Intune when they're announced, just like they are for Group Policy settings.
- In Microsoft Defender, we are currently using the Standard Preset Policy for Threat protection, and already have the Defender of Office 365 and Impersonation protections included. We are interested in trying Defender for Office 365 Plan 2 to try out automated email threat remediation and attack simulation, but are unsure which options we need to start using. We are prompted to start with Auditing or Blocking mode. Since we already have the Standard Preset Policy enabled and working, will starting in Audit mode turn that off? Or should we start in Blocking mode?
So, couple recommendations from my SME: recommend starting with Audit modeā¦ and leveraging our migration and operationalization guides: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-prepare?view=o365-worldwide, https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/mdo-sec-ops-guide?view=o365-worldwide
- Hi Nick, haven't forgotten about you and your question, just been trying to locate the right SME. I should have something for you shortly.
- Is there something that would keep our Windows 10 22H2 machines from being able to use the Microsoft Business Store on the private content? I know back in March 2023 the store was going to be replaced with Intune but then was delayed. We don't have it blocked with GPO but we get the Microsoft Store is blocked check with you IT or System Administrator.
- Is it possible that someone will get back to me on this in the future?
- Joe_Lurie
Microsoft
Hi reastman1966 - thanks for asking about the Store for Business. As you correctly noted, the Store for business is deprecated. The retirement has been delayed, but we disconnected Store for Business from Intune so there is no more sync action between the two services.
Even though we encourage you to start moving app deployment to Intune, we have not yet retired the "business store." It should still be accessible, if you were using it before you should be able to continue using it.
Make sure you see the updated policies we recently published, as your existing resultant policies may have changed: Add Microsoft Store apps to Microsoft Intune | Microsoft Learn
If you are still blocked, you may need to open a ticket.
- Intune: The ability to filter App Protection Policies by Management Type appears to have been removed over the past month or two. How can we best create App Protection Policies for BYOD mobile devices without forcing those same policies on company-managed devices? I haven't found a way of getting this to work without affecting both BYOD and company-managed devices, even when using filters and exceptions in conditional access.
- Good Afternoon/Evening Ryan, I found an engineer to assist, and they noted that this is still supported via Managed Apps Assignment Filters. There is help text in the admin console to guide customers for both new and existing APP policies: https://learn.microsoft.com/en-us/mem/intune/fundamentals/filters-device-properties#managed-app-properties. Best, Thomas
- Hi Thomas, thanks for passing along that link. I have already tried creating a filter like that, but using the rule syntax of (app.deviceManagementType -eq "Managed") never populates any results, despite having tens of devices already managed via InTune. The filter preview never shows any devices listed, which prevents the filter from working as intended.
- Good Morning/Afternoon/Evening Ryan, I have reached out to some of my SMEs, several of whom are on time and availability delay due to business travel. However, I am working on an answer for you. Best, Thomas
- For months now, I have been experiencing an issue whereby my explorer jumps to the front and takes focus at random times. I assumed it was just me and a configuration issue on my machine until I noticed it happening on another PC from one of my colleagues. That made me look into this issue a bit more and it seems that this is quite a common occurrence and that Microsoft is aware of this issue. Do you know of any updates surrounding this issue or is there a place where we can follow up? Because I'm afraid that as we start rolling out Windows 11 within the company, we will get complaints from end users and later on potentially management as well.
- Good Morning/Afternoon/Evening, apologies for the delay. I am assuming you tried: Open Settings, select Personalization, click on Start, turn off the Show recently opened items in Jump Lists on Start or the taskbar and in File Explorer. I'll follow up once you reply, but would also suggest filing an item in Feedback Hub right away so our engineers can directly troubleshoot with you.
- I also dug around in some of our prior content and saw one fix that worked more often than not: https://answers.microsoft.com/en-us/windows/forum/all/windows-explorer-jumps-to-top/9537cd98-7eb1-4df1-847c-c6e35193e06e. Let me know!
