Access collections information locally
Is there a way through WMI/Microsoft.SMS.Client comobject to access information from the computer if is in a collection (cached information or otherwise)? I'm not sure if a computer gathers that information somewhere. I can't access that information on the site server or through the AdminService as the account running the commands would be the SYSTEM account. My goal is query if a computer is in a collection and install a piece of software through a task sequence.
Windows Servers AAD Hybrid Joined and SCCM ConfigMgr Co-Management MDM Auto-Enrollment
I have doubts about some configurations. Basically, we have: sccm installation with co-management performed via cloud-attach wizard intune pilot group device collection configured default client setting policy allows device registration in azure ad azure ad connect configured for hybrid join mdm user scope configured to all in azure ad mam user scope configured to none users can register devices in azure ad (Users may join devices to Azure AD) business premium licenses usage location configured in the azure ad synced user no conditional access or mfa configured The situation is that both client and server are synchronized in azure ad and are seen as join type "hybrid azure ad joined". In azure ad the clients has as mdm "microsoft configuration manager", the same clients then on intune in the managed column by show "co-managed". Servers on the other hand (windows 2016) are not automatically enrolled in intune and i don't understand why, the are hybrid azure ad joined in azure ad as devices. Other unclear thing, do i have to create the gpo for automatic enrollment in active directory (enable automatic mdm enrollment using default azure ad credentials)? At the moment it is created and linked to the OU containing servers and set as "device credential" (i read in documentation that with sccm or azure virtual desktop it is supported), even if i set in "user credential" anyway it doesn't work. With the gpo applied the scheduled task is created but in the events I get the following error: Auto MDM Enroll: Device Credential (0x1), Failed (Unknown Win32 Error code: 0x8018001c) By doing a dsregcmd /status on the machine everything seems ok. I don't understand what the best practices are regarding this gpo, and where I am going wrong.
How to remove orphaned duplicate devices
Hi, I'm having a bit of a problem with some duplicate devices, who seem to be orphaned. But I cannot delete them. The most likely cause I could think of is a wonky sync with MECM in the past. The question for now is how can I delete the duplicate? Here is a example: The problem is with the device managed by ConfigMgr, when I open this device I see: So, no delete button or AAD device ID, only a Intune device ID. How can I delete this device from Intune? Greetings Harald
Comanagement Compliance makes software Center report non-compliant
Hi all, Bit of a weird one, I have enabled the Intune Policy "Require compliance from ConfigMgr". When this is set, it returns non-compliant and so does software center. However, according to control panel my device is compliant. Screenshots are attached of the messages. Has anyone had this before? I am at a loss. If I set co management back to ConfigMgr for compliance only, Software center reports all is ok. Cheers, ConorUpdate rings applied, but clients not updating from Intinue /Windows update for business
Recently I switched the Windows Update Policies co-management workload from Configmgr to Pilot Intune and created update rings in Intune assigned to my pilot group. The update ring is set to defer both quality and feature updates for 0 days, with deadlines of 2 and 28 days. The clients don't seem to be updating based on that schedule though. It's been more than the 28 days since I set this up, and none of the computers in the pilot ring have installed a feature update since the change was made. The computers in the pilot group are running a mix of Win10 1903, 1809, and 1803. They have received the January 2020 updates, but I think those still came from configmgr, not Intune / Windows Update for Business. What am I missing that would cause the clients to still get windows updates from Configmgr and not intune/WUfB?
