Event banner
Event details
129 Comments
- With Windows Update for Business, we can deploy updates for Microsoft MSI Products. Do the WUfB reports in Monitor show the compliancy for just quality updates or for all updates?
David_GuyerMicrosoft
Hi Dawn, It would be helpful to know exactly which policies you are referring to. Here's a few things that I hope will help. If you create a compliance policy in Intune, and specify the compliant OS Versions, then the reports for those policies will show how many, and which devices are currently compliant or not. The reports for Windows Updates under Monitor are primarily for finding devices that have errors or other update blocking issues so that you can help remediate and get those devices healthy. In the Reports section of Intune, there's a Windows Updates section. Generally these reports are for reporting on devices assigned to policies. The device readiness and upgrade risks reports do report on all devices in the tenant when you have enabled collecting Windows data in the Tenant -> Connectors section. And we are working on adding more reporting that will provide information on all devices. Hope that helps.- We are moving from Config Mgr to Intune. In Config Mgr I could run an update compliance report that showed me the compliance for all product updates. I see on the "Update Right for Windows 10 or Later" that I set "Microsoft Product Updates" to Allow. How do I know which devices are not compliant will all product updates? I have a query in Monitor / Logs looking at the "UCClient" table. Does this show compliance for all updates? I will look at the reports section to see what is there.
- With the presentation of Copilot, we have been left with a lot of unanswered questions as to how this will be presented and controlled from an administration point of view. As admin in a company that is a bit more strict on how AI can be used, am I correct in assuming that Copilot will be an optional feature of 22H2 and will remain that way but become part of the standard install of 23H2? That would give us an opportunity to get to learn how to work with or block Copilot while we are preparing for 23H2. I also came across some documentation that appeared to suggest that Copilot will initially be placed behind a licensing option to give organizations the chance to block the functionality until the time they are ready to adopt it. But it also seemed to suggest to me that over time, Microsoft will enable it for everyone. Any light you can shed on that?
- Aaron Czechowski
Thanks hroes for your interest in Copilot in Windows! First, a couple of specific resources in our official product documentation on Microsoft Learn to help you:
- Manage Copilot in Windows - Windows Client Management | Microsoft Learn - the current home for this topic. To be honest, a bit light right now, but it provides info on the CSP and group policy to Turn off Copilot in Windows.
- Enterprise feature control in Windows 11 - What's new in Windows | Microsoft Learn - info on controlling features of Windows 11, and what specific features are under temporary or permanent control.
The short answer for Copilot is to use the first policy to turn it off for appropriate groups of users. Because it's under permanent control, then it will apply for both 22H2 and 23H2.
Things would get more interesting if you weren't using that policy for some reason, but aren't allowing temporary feature control, and then upgrade to 23H2. If necessary, I can go down that road to explain.
I'm not aware of any "licensing" aspects that apply here at this time. Can you share the link of the source that stated a licensing option and that it will be enabled for everyone? (I have an idea of what you're referring to, but don't want to assume!)
- Aaron Czechowski
I obviously answered specific to Copilot in Windows. If your questions are more general or for Microsoft 365 apps, you can check out the Microsoft 365 Copilot AMA - Microsoft Community Hub that starts in a few minutes. I see there are some questions already posted there that are similar to yours.
- Microsoft Word Translation service doesn't have a list of required URLs or IPs, can those be published?
- While the team is mainly focused on Windows, I will see if I can identify a SME to assist. In the meantime, this may provide additional clarity: https://support.microsoft.com/en-us/office/admin-considerations-for-the-modern-translator-feature-in-office-064e938e-0af4-4f35-bd1d-04feb45af9aa.
- Good Morning/Afternoon/Evening Eric, Please try this, which includes IPs and URLs: https://learn.microsoft.com/en-us/azure/ai-services/translator/firewalls. Best, Thomas
- That seems to be specific to Azure, not Office.
Switching the Azure Authentication Methods policy to "Migration complete" broke number matching for a lot of our users, and they are unable to register Microsoft Authenticator; when they scan the QR code they either get a message saying the code was already used, or Authenticator sets it up as a Software OATH token. I see that Microsoft has changed the deadline from September 30th, 2023, to September 30th, 2025, presumably because the modern authentication methods system is broken. Could a warning or further details be added to the relevant pages?
https://entra.microsoft.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods/fromNav/Identity
https://aka.ms/authmethodsmigrationdoc
https://www.reddit.com/r/sysadmin/comments/16s03cf/microsoft_365_mfa_registration_broken/- RobYorkJust checked with the Entra team and they're not aware of such an issue (the date change is completely unrelated). You're best-off contacting support, you can do this from the Azure portal by clicking the ? icon in the top right. Rob
- We would like to remove the "Encrypt" or "Encrypt-Only" function Outlook as we have an alternate way for our users to encrypt emails. How can we do this? We tried to set [Set-IRMConfiguration -SimplifiedClientAccessEnabled $false] as recommended here: https://learn.microsoft.com/en-us/purview/manage-office-365-message-encryption. However encrypt is still available.
- Heather_Poulsen
Community Manager
We don't have anyone "in the office" today that specializes in Outlook, but we're on the hunt for the right person. Stay tuned!
- Hi there, I work for a high school in the french speeking part of Belgium. We are using Autopilot and Intune to manage computers in teaching rooms and it works great, but... it is not possible for us to use automatic keyboard configuration in the autopilot profile. Automatic keyboard configuration leads to a Fr-Fr configuration intead of Fr-BE. Microsoft support proposed to use a script to change input settings to Fr-BE, but that solution is not acceptable. It looks like it is a simple keyboard code mistake inside the locale settings for french-belgium It would be a incredible improvement of the service for us to have that fixed. Thanks a lot
- Heather_PoulsenThanks for the detailed use case, Alexandre. We're passing this feedback on to the Autopilot team!
Hi, 1. On Intune there isn't a report for Quality Updates as WaaSUpdateInsights is deprecated. Only on Azure there is Windows Updates for Business report. However, it takes a while to get report back compliance. I had to use query "UCClientUpdateStatus" for certain KB. Wondering if there is a GUI report to check on specific KBs and status. Also where can we see the Holds with details for Windows Feature Upgrade? 2. Endpoint Security, is it true when encrypting an External Device, the recovery keys does NOT escrow to AAD (Co-managed Devices)? Have been testing but never seen the recovery keys escrowed. Had to use script with Task Schedule on EventID to save keys for External Devices.
- David_GuyerWe are working on a report in Intune that will show the which Quality Updates all the devices in Intune are currently on. In the meantime, you can export the Devices view and group on OSVersion in Excel, not awesome, which is why we are building the new report!
- Hi everyone, I'm wondering if there is a perpetual per device upgrade license for Windows 11? I've seen online that the perpetual version is LTSC and that is set to release in 2024, and that only Windows E3 or E5 will work until then. Thanks
Hi. We have recently switched away from OnPrem Servers to full Azure & InTune Deployment / Management. One element we are having issue with, is OneDrive on the client windows 10/11 machines. for what ever reason, i cant seem to get either clear guidance on this, or a video demonstrating how this is achieved. I note from your YouTube Video, "Preparing your devices for 23-24 school year with InTiune" you shows that you logged in as a student, and the onedrive mapped itself automatically ( Time Stamp 16:27 ). Our school runs on all shared machines, with no 1 allocated user to any specific device, except the office, where there is normally 1 specific user ( Until a temp has to cover ). Can you please either let us know how this is achieved, or point to a Useful Document where it will walk one through the necessary steps. Also need to auto link the user to any Sharepoint document repository that they are a member of,
What I want to achieve is...
* On Windows Desktop, user is automatically logged into OneDrive on Windows Desktop ( 10 or 11 )
* The Sharepoint Document Repositories automatically on Windows Explorer for ease of access
* Desktop, Documents locations on logged in users one drive.
In Regards to MultiFactor Authentication, we have this enabled for all STAFF members, however for students, this is kinda stupid, as our school ranges from 4yr to 18yr kids, and one thing general is that no child is allowed to have personal mobile devices with them whilst in class. so for students, we have disabled MFA requirement. Interested to know your thoughts however on this MFA subject and how we apply this to education sensibily.
Appreciate your assistance. Sue Graves, Location : United Kingdom.- In Intune you can add a policy (search onedrive and it will list them all) to "Silently sign in users to the OneDrive sync app with their Windows credentials", and "Configure team site libraries to sync automatically".
- Only thing is Michael, it isn't working. I therefore feel something is a miss. I kinda need to know what to specify in the policy's, and which elements to specify correctly in order to get this working...
I am an Windows 7 user and want to upgrade to windows 10. After installation of all updates for Windows 7, I started "MediaCreationTool" and get only the answer that an installation is not possible with no specific reason and the Error "Code 0x80072F8F-0x20000". What do I have to do? Thank you for your advice, Felix, Germany
