User Profile
G_Jongeneel
Brass Contributor
Joined Jul 16, 2020
User Widgets
Recent Discussions
Defender for Endpoint licensing within Azure Virtual Desktop
Hi all, I would like to have an official confirmation of the current status. Can we use Microsoft Defender for Endpoint (per user), Windows Enterprise E5, Microsoft 365 E5 Security, or Microsoft 365 E5 for all of these use cases: - Windows 10/11 session hosts? - Windows Server (2016/2019/2022/2025) session hosts? This would be a server OS, so maybe not possible to do per user licensing? - Personal vs. pooled session hosts? Can we, as an alternative, choose licensing based on Microsoft Defender for Servers Plan 1 or Plan 2 (as part of the Defender for Cloud) offering or Microsoft Defender for Endpoint for Servers in all the same use cases? I guess it would not be possible or wise to make any combinations of these two licensing scenario's for a single Azure Virtual Desktop environment? In that second scenario and for a nonprofit organization, would it be recommended to use Microsoft Defender for Endpoint for Servers licenses? As they are often eligible for a considerable discount that they will not receive when using (PAYG) Microsoft Defender for Servers Plan 1 or Plan 2? Many thanks for your response! Sources: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/onboard-windows-multi-session-device?view=o365-worldwide#licensing-requirements https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-worldwide#licensing-requirementsIntune, AVD and loopback
With Group Policies comes the ability to configure loopback: applying user policies when logging into a session host. Such group policies apply to a machine and not so much to a user (unless the user logs on to the machine). This is mostly important when building RDS, Citrix, AVD and other related environments. How can we achieve such results with Intune? When we read the MS Docs, it clearly states that we can not assign user-based configuration policies to devices in a multi-session scenario. See also https://learn.microsoft.com/en-us/mem/intune/fundamentals/azure-virtual-desktop-multi-session#compliance-and-conditional-access. And indeed, all configuration settings that shows (User) in their name will result in a 'Not applicable' status. There is a configuration setting that deals with Group Policy Loopback processing mode, but that will only loopback GPOs and we would like to use Intune....Re: Can't go from Windows 11 dev channel to release version
omarrayyanxx That's really weird. I changed the setting (reg key) and even after several reboots, it is still there and active for sure. The option 'Stop getting preview builds' says 'Queued for unenrollment' now. I guess, we have to wait and see.Re: Can't go from Windows 11 dev channel to release version
FeelLikePhil It is possible to start Regedit, go to 'Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\UI\Selection' and change the option 'UIBranch' to another value. For instance, switch from 'Dev' to 'ReleasePreview'. However, I'm sure this is not officially supported and doing so can bring some unexpected results. In other words, Microsoft seems to protect you from getting into trouble. As far as I know, the option is only greyed out when you've selected 'Dev' earlier. There is no option to switch to maintain continuity. Since the ‘Dev’ channel gets the latest features ahead of the other two channels, Windows does not have the necessary tools to carry out the swift onboarding process. To move from one channel to another, the build of the destination channel has to be newer than the channel you are currently on. I'm afraid a clean install will be your best option.
