User Profile
BraulioCulcay
Brass Contributor
Joined Jul 03, 2020
User Widgets
Recent Discussions
Self-Deploying Profile & AssignedAccess CSP - Guidance
Anyone have any luck working with Assigned Access CSP & Self-Deploying Profile? Trying to setup an AV device that requires an app install. While the Kiosk Profile works the issue is it configures AppLocker as well which isn't something I would like to configure with an App that may run additional applications. I have been unsuccessful with configuring a Custom OMA-URI to configure Shell Launcher during OOBE. I'm convinced I'm doing something wrong with Shell Launcher (CSP) Config during OOBE. I can share my xml if desired. Overall, what i am trying to achieve is for the device to go through Autopilot and configure using a Self-Deploying Profile, then at ESP Page configure the Shell Launcher (Create Account, Configure Auto Logon) and install the application then head into the customized shell after the Device Setup Phase.785Views0likes0CommentsRe: Android Enabled Teams Devices and Intune Configurations
Thanks for the reply Pradeep7880. I was able to figure out my mistake, yes part of the issue was CA which I figured out early on, but this specific issue was a complete oversight of my Enrollment device platform restrictions. Crazy thing is when I was researching and talking to Support I kept telling them those settings where all good and checked. Doesn't Hurt To Double Check...2.3KViews1like0CommentsDetection of Office C2R after Co-Mgmt Workload Move
Hi Everyone, I am in the process of identifying potential issues with moving our C2R workload from SCCM over to Intune. Our SCCM devices currently have Office C2R installed on them from when they were imaged, but are not managed using SCCM. From the Intune side we actively deploy Office to all machines using the built in Office C2R. My concern is when I toggle the switch over to Intune that my existing device will get Office reinstalled/removed. I have tested this and the result is inconsistent, but at least some of the devices did get Office reinstalled, MS Support confirmed this. In an effort to try and minimize the amount of devices that will get Office reinstalled I am trying to identify how Intune detects Office C2R built-in to be able to compare against our existing devices. Anyone have any info around how Intune detects the built in Office.921Views0likes0CommentsAndroid Enabled Teams Devices and Intune Configurations
Has anyone tested using Android OS Teams Phones? I've followed this doc: https://docs.microsoft.com/en-us/microsoftteams/devices/phones-displays-deploy, but something else seems to be preventing getting to the home screen, it will just get stuck at verifying things and then eventually just unenroll itself and start fresh. It's a little unknown how the workflow works for these devices. Other than Conditional Access and Compliance policies does anyone know any other gotcha to look out for when setting these up?SolvedRe: Windows 11 Delay Rollout via Intune
Jeffrey, This can be achieved by one of two ways that I can think of: 1. Deploy an Update rings for Windows 10 and later policy to all devices and exclude IT/test users and create a second policy for those testing; or 2. Deploy a Feature update for Windows 10 or later policy and specify the feature update version you want to deliver, in doing this the targeted devices will not go further than the feature update version stated in the policy, so if your devices are already at 21H1 then when you deploy the policy to those devices they will not update further than 21H1. Microsoft goes a little into detail on how this works and how the safeguards work. https://docs.microsoft.com/en-us/mem/intune/protect/windows-10-feature-updates https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-feature-update-status#safeguard-holds4.1KViews0likes2CommentsTargeting only Net New Enrollments Dynamically without Affecting Existing Devices
So I posted on my blog last week about how you can target only new enrollments dynamically by using filters. I wanted to share it if anyone is running into a circumstance where they have a dynamic device environment where little to nothing is assigned statically to a group and want to make a change only to net new enrollments while leaving the existing devices. This solution could be a way to perform intrusive changes to only new devices, and as old devices refresh/wipe, they will transition. For instance: You deployed configurations that adjust user set defaults and/or customizations a few months ago, now you want to make changes to those, but it will affect every one of those users, making it a massive change management request. It would be helpful if you could deploy these changes only to new users and slowly refresh/wipe the existing devices into this new enrollment path. https://braulioculcay.com/2021/07/16/target-new-autopilot-enrollments-in-intune-dynamically-via-filters/ This also got me curious; if you have experienced this gap and resolved it otherwise, how did you do it?Re: Intune and MECM App deployment
Hey Nick, I haven't personally deployed anything that large, the closet I have gotten to that is 4GB and had inconsistent deployments unfortunately. I would check out the new Windows Package Manager and seeing how you can utilize that for a better experience. I will say that if I had to do this I would try and get creative with it and see how I can make the device can pull the data instead of pushing similar to your thoughts with Chocolatey. With the new Store I am eager to see the capabilities of in situations like this since you can upload Win32 Apps.1.1KViews0likes0CommentsRe: Exporting "Device Actions" via Graph API
I think you may be able to use this: https://graph.microsoft.com/beta/deviceManagement/remoteActionAudits If you need to filter the data further you can use the OData Query Parameters to do so. Below are links to Microsoft Docs around Remote Action Audits & OData Query parameters. https://docs.microsoft.com/en-us/graph/api/intune-devices-remoteactionaudit-get?view=graph-rest-beta https://docs.microsoft.com/en-us/graph/query-parameters1.9KViews0likes0CommentsRe: How to get the email of intune device assigned user through Graph API?
To echo Justin, I am not aware of a simple way to get the email if the UPN is different. You will more than likely can achieve this by building a script or leveraging power automate. Personally I would build it out in Power Automate and build a Power App or Power Virtual Agent in front of it. That way you can build out a repo of popular used commands for yourself.3.8KViews0likes0CommentsWin32 App Successful Install going from 80+ down to 30+ Installs
I have been having an issue I haven't seen before where a win32 app has been installed successfully to 80+ devices. After checking a few hours later the number of successful installs is down to 30+ with less than 10 failed. Under assignments there is only a group in the required field & users don't have rights to uninstall. My theory is that something is up with reporting because a device that was successful doesn't show up on the successful install list. Anyone have any thoughts or experienced this?
Recent Blog Articles
No content to show