Issues with Windows 11 Autopilot Hybrid Joined Since last Week
Hi all, as of Thursday 4th December our Windows 11 Autopilot (Hybrid Joined) has ceased functioning. On the very first step, after the user attempts to enter their username&password, we can see the deployment profile gets downloaded to the device but then everything immediately stops with error "Something went wrong. Confirm you are using the correct sign-in information and that your organisation uses this feature. You can try and do this again and contact your system administrator with the error code 800004005". We can see that the ODJ process never starts. And we think we're seeing errors with the device reading the deployment profile JSON locally. Has anyone else had any errors? Wondering if Microsoft have made a change somewhere or have issues.
How is your company managing driver updates via Intune?
Hey folks, I’m currently reviewing our driver update strategy for Windows 11 devices managed via Intune. As you probably know, using Windows Update for Business (WUfB) gives us two main options for driver updates: Automatically allow drivers via WUfB Manually approve drivers via Intune + Windows Update for Business deployment service (WUfB-DS) Each approach has its own pros and cons: Automatic driver updates are great for keeping everything up to date with minimal effort, but they come with risks. We’ve seen networking components randomly break after an update, or newer GPU drivers triggering application compatibility issues. Definitely not zero-risk. Manual approval, on the other hand, gives you control and helps avoid surprises, but it also introduces operational overhead: identifying needed drivers, testing, scheduling approvals, and communicating with users — all of that takes time and effort. We’re debating internally whether the automation risk is worth the convenience, or if the manual path is the only safe option in an enterprise setting. So I’m curious: How is your company handling this? Are you letting Windows install driver updates automatically? Or are you manually controlling which drivers get deployed — and if so, how are you handling the process and workload? Would love to hear your thoughts, especially if you’ve found a good balance or process that works well in production! Thanks in advance!How to Seamless Transition from Local Active Directory to Microsoft Intune?
Our organization currently operates with a Local Active Directory (AD) setup, using Azure AD Connect to sync directories with Azure Entra. All organizational devices are domain-joined and managed via Local AD. We are planning to transition device management to Microsoft Intune while ensuring a seamless process with no user intervention and no loss of user data. What are the industry best practices for achieving this transition?
Restrict User Access to Specific Devices and Location Using Intune & Conditional Access
We have a customer requirement to restrict user sign-ins using Intune and Azure AD (Entra ID) Conditional Access. The goal is to allow access only from specific, managed devices and only from a specific geographic location. For example, users should be able to access corporate resources only when signing in from compliant/managed devices and only when located in Mumbai What would be the recommended approach or best practice to achieve this using Conditional Access and Intune? Any guidance on configuration, limitations (e.g., location accuracy), or real-world experiences would be appreciated.
What are the system requirements for hardware-accelerated BitLocker announced in ignite 2025?
Microsoft has recently announced hardware-accelerated Bitlocker (Ref. Link: https://techcommunity.microsoft.com/blog/windows-itpro-blog/announcing-hardware-accelerated-bitlocker/4474609) I would like to know system requirements (Specifically Hardware) that supports this functionality. The article also says below "Coordinate with your suppliers and keep an eye on listings from us and other vendors as PCs become available on the market." But I am unable to find any link for the listing from Microsoft. Does it support all the devices that has TPM 2.0 or does it require any other hardware?Scheduled deployment of Applications from Intune
Does Intune natively support scheduled deployment or rollout of applications to Windows end-user devices? i.e. like other MDM products (SCCM, Ivanti EPM etc..) you can add a specific time and date when you want to deploy the application package to targeted devices. Thanks, Amag
Win 10 Security Baseline: Issue with WHFB
Hi, I activated the Intune Win 10 security baseline on a set of devices. I know experience an issue with WHfB. My face and fingerprint is not recognized, rsp. the login process is giving an error, saying that I cannot be identified. One user reports, that when away from company WhfB works as expected, asking for face or fingerprint and as second factor a PIN. I have another policy in Intune that is giving MDM policies precedence over GPO, so I cannot understand why it works for that one user when outside of company. What settings in MDM security Baseline could possibly be the cause resp. be responsible for broken WHfB?
Company Portal Installation failing due to missing Microsoft.UI.Xaml.2.7
Dear All, We are deploying Company Portal App as Microsoft Store app (new) from Intune on Hybrid Domain Joined devices. While some devices are successfull to install company portal, some device are failing. I did review of events in, below locations subfolders. Event Viewer -->Applications and Services Logs --> Microsoft --> Windows --> Appx Deployment Event Viewer -->Applications and Services Logs --> Microsoft --> Windows --> Appx Deployment-Server. Event Viewer -->Applications and Services Logs --> Microsoft --> Windows --> Appx Deployment-Server-Undocked Event Viewer -->Applications and Services Logs --> Microsoft --> Windows --> AppxPackagingOM During the review I found error 0x80073cf3: Package failed updates, dependency or conflict validation. This is the reason for Company Portal App failed installation. This is due to lack of Microsoft.UI.Xaml.2.7 installed on the device. If i execute below commands 1 after another in the command prompt, Installation of Company Portal gets succeeded. Winget Install --accept-source-agreements --accept-package-agreements Microsoft.UI.Xaml.2.7 Winget Install --accept-source-agreements --accept-package-agreements Microsoft.CompanyPortal My question is how can i add the Microsoft.UI.Xaml.2.7 as a dependency app for Company Portal App, especially when the app type is Microsoft Store app (new) ? I do not want to deploy Company Portal as win32 app and also deploy the Microsoft.UI.Xaml.2.7 as win32 app, because in this method of deployment i always have to create new win32app when a new version is released. Does anyone came across same situation and have any thoughts ?Company Portal | App installation issues
Anyone else experiencing issues with downloading apps from company portal? Win32 apps, pressing install and just spins on “download pending… your device is syncing and will begin downloading your app shortly” Experiencing this issues with 2 different tenants. In 2 different countries now.Domain Join Configuration Profile suddenly erroring out.
Good morning, I have never posted on here, so I hope this goes through. I have been working on getting HAADJ Autopilot setup in my organization the past few weeks and it has been going well so far, except for yesterday. In my testing I have successfully deployed a few machines using HYAAD Autopilot process with not many issues. Yesterday I pre-provisioned a laptop with no issues, it domain joined and Entra joined and I was able to reseal. A few minutes later I tried a different machine and then it didn't work on that machine. Since then I have been trying multiple machines, and it seems to not be working now at all. I am not sure what broke or changed in my environment that caused this to change. I am very new at Intune and picked up this environment from a team that left a few months ago, so it is a miracle I have gotten this far by myself, but now I am at a complete loss. This just broke on me and I have no lead as to what may have caused this. Please if anyone has ANY ideas on where to start for this please let me know. Google has not been much help. This is what I see when I check the report on the domain join config profile:
