Event banner
Event details
28 Comments
- Are GPP settings coming or are the going to be implemented in the new simpler way?
YES! Check out the Settings Catalog in Endpoint Manager Intune! https://docs.microsoft.com/en-us/mem/intune/configuration/settings-catalog
- Can you talk a little about how Microsoft Defender for Endpoint and MEM work together for security configuration on devices?
Great question and we are answering it live! Here are some documents on how to create compliance polices and conditional access polices that will tie your Secure Score to securing your environment.
https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windowshttps://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policies#:~:text=Conditions%201%20Sign-in%20risk.%20For%20organizations%20with%20Azure,based%20on%20their%20attributes%20in%20a%20policy.%20
Here is some information on deploying MDE onboarding/offboarding with Endpoint Manager Intune:
https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-security-edr-profile-settingsHope this helps!
- Great, thank you Roy!
- Hi, is there a way to manage multiple tenants with a own baseline? All devices are aad joined and configured with autopilot, running win 11. I know ms 365 lighthouse is there, but I cannot set my own baselines.
- Yep. We manage multiple non-profits and the default one is too strict.
- Will there be some miracle in the future from Microsoft , a miracle to convert hybrid AzureAD joined devices to AzureAD joined without wiping or reseting ? I am waiting for that day 🙂
heruy ejigu Take a look at this thread where Jason Sandys has answered a very similar question.
Re: AMA: Managing Windows with Microsoft Endpoint Manager - Page 2 - Microsoft Tech Community
- thank you Harjit ! that is very interesting. I will look into it further.
- Are cloud attached devices info stored in Azure AD or endpoint manager db ? if so where ? how can I manually delete them ? I removed a number of devices from config manager and AD but that device existed in Endpoint manager for long time. I tried looking for it in graph explorer to delete them but unable to find them.
For device clean-up in Endpoint Manager Intune, please see the following:
Using Intune device cleanup rules  - Microsoft Tech Communityhttps://docs.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe#delete-devices-from-the-intune-portal
heruy ejigu, Thanks for the question! Take a look at this doc on managing stale objects in Azure AD: https://docs.microsoft.com/en-us/azure/active-directory/devices/manage-stale-devices. There really isn't a database you can manage in AAD. Additionally, if you use PowerShell, you can manage objects using the Remove-ADComputer CMD-LET https://docs.microsoft.com/en-us/powershell/module/activedirectory/remove-adcomputer?view=windowsserver2019-ps
- thank you Roy ! I. will check it out.
- How does the MEM device data correlate to the AAD data? Like MEM device is listed as management "co-managed" but in AAD the device is listed as MDM "System Center Configuration Manager"? MEM Ownership "Corporate" AAD Owner "User name"? How do we reconcile these items?
- We have used Update compliance. How are the dead computers cleaned out of the inventory? Do you custom reports to view the data? If so do you know of any links you can share to review them? Why does the update compliance data not match CM data?
Dawn M Wertz.. Thank you for being so engaged! We'd recommend you take a look at this doc: https://docs.microsoft.com/en-us/mem/intune/protect/windows-update-compliance-reports and familiarize yourself with the use of KQL to write custom reports in Log Analytics. Here some more information on KQL: https://docs.microsoft.com/en-us/azure/data-explorer/kql-quick-reference
- We are looking at the Windows 365 Solution for virtual desktops. Do you have any advise on the deployments?
- EricOrman
Microsoft
We have two options of Windows 365, the Business and Enterprise, since I don't know you requirements I'd recommend to take a look at = https://docs.microsoft.com/en-us/windows-365/business-enterprise-comparison
- We are looking at Windows 365. What remote tools are available for help desk to assist a user? Does logmein work?
- EricOrmanSame tools used for a physical PC, we hear lots are using Quick Assist which is inbox to Windows, some use Remote Tools if devices are co-mgmt but yest Logmein should work fine.
- We are looking to switch from using CM for Updates to Windows Update for Business. do you have any advice? We are also using update compliance, but that appears to hold on to devices we have removed from CM. How is the update compliance data aged out?
Hey Dawn M Wertz! Thanks for the question! When it comes to transitioning workloads to Windows Update for Business, we recommend you follow this doc: https://docs.microsoft.com/en-us/mem/configmgr/sum/deploy-use/integrate-windows-update-for-business-windows-10.
Additionally, it would help to understand how you are applying WUfB polices currently in order to help you purge those devices from Update Compliance.
