Event details
16 Comments
- What's the best way to deal with inactive MEM devices (test machines, leavers, lost/stolen devices) when looking at vulnerability reporting in the Microsoft 365 Defender portal? Because these devices don't disappear from reporting for 90 days after leaving MEM they often give us a lot of false positives in our reporting.
- I would love to see a closer integration of Defender for Endpoint into Intune - in particular, some amazing troubleshooting features like Live Response.
- HAADJ is a destination, not a journey. I've seen so many customers digging themselves into a hole by staying Hybrid. "Safe" means they're just scared of the change it takes to move, and as someone who evangelises MEM every day, I don't think it does enough to make it easier. I'll go as far as saying the GPO Analytics tool is a step _back_ as it encourages a migration of your tech debt.
- Just getting around to watch video, really good stuff but I do have a comment. The benefit of HAADJ is that things work without many challenges while gaining Internet functionality. AzureAD on Windows 10 is a horrible experience, can not speak about Win 11 yet to see if it will improve experience. Computer Management can not read AzureAD and need to rely on Powershell scripts to add SIDs, to local groups, that is so Win 95/DOS. Adding network printers, not a fun experience and other tools like VNC remote control can not leverage local groups because Azure is not working with nested groups, ie, AzureAD group inside of local group. But it does work with groups like Remote Desktop Users. Fear of the unknown is one thing, but working hard to make something fit is not a good approach. Intune is not ready, we have to install SCCM to gain reporting and application deployment and Azure sounds great, but we are debating adding Autopilot devices to AD to improve user experience with printing and more.
- I've been helping customers implement AADJ and Autopilot for years now, it sounds like your issues are down to legacy methods of doing things that need updating, not inherent issues with the toolset. Local group membership can be managed on devices via Intune in the Endpoint Security blade. Intune does reporting and application deployment.
- Do we expect to see further Premium add-ons in Intune - Remote help is a great leveraging of the existing Quick Assist but lacks some features to convince the additional purchase.
- ha I will be at Ignite Seatle 🙂
- Heather_Poulsen
Community Manager
Great! Say "hi" to Steve if you see him.
- App updating over MEM is still a big job for many teams (including my own) - with the upcoming changes/integrations with the Microsoft Store are you expecting much of this work to become automated as we head into 2023?
- Moving from Hybrid joined / co-managed to full cloud only, how can we tackle bringing applications over on scale. There are some great community projects for SCCM application to Win32 but thinking beyond just re-packaging everything.
- Question 2: What is the best successor of "Microsoft Store for Business" (expires Q1 2023)? - e.g. Only private Store is allowed for clients -> How to deploy Modern Apps in the future (Win10 /11)?
Question: Where should one start when having a green field (only Active Directory and hybrid joined Devices, EMS E3 licenses available for SCCM and/or intune)?
