How is your company managing driver updates via Intune?
Hey folks, I’m currently reviewing our driver update strategy for Windows 11 devices managed via Intune. As you probably know, using Windows Update for Business (WUfB) gives us two main options for driver updates: Automatically allow drivers via WUfB Manually approve drivers via Intune + Windows Update for Business deployment service (WUfB-DS) Each approach has its own pros and cons: Automatic driver updates are great for keeping everything up to date with minimal effort, but they come with risks. We’ve seen networking components randomly break after an update, or newer GPU drivers triggering application compatibility issues. Definitely not zero-risk. Manual approval, on the other hand, gives you control and helps avoid surprises, but it also introduces operational overhead: identifying needed drivers, testing, scheduling approvals, and communicating with users — all of that takes time and effort. We’re debating internally whether the automation risk is worth the convenience, or if the manual path is the only safe option in an enterprise setting. So I’m curious: How is your company handling this? Are you letting Windows install driver updates automatically? Or are you manually controlling which drivers get deployed — and if so, how are you handling the process and workload? Would love to hear your thoughts, especially if you’ve found a good balance or process that works well in production! Thanks in advance!
Microsoft Managed Home Screen: Unwanted Samsung One UI 8.0 Elements Appearing
Hello Tech Community, Our organization is currently deploying a configuration in Microsoft Intune using a Corporate-owned dedicated device enrollment profile. We’ve applied a device restriction policy to configure Samsung tablets in Multi-app Kiosk mode, with Managed Home Screen set as the launcher. Instead of using an app configuration policy, Managed Home Screen is configured through the device restrictions policy. We’ve left the device navigation options unconfigured, which should hide the following UI elements: Android Overview button Android Home button Android App drawer Once all policies and required apps are installed, Managed Home Screen successfully acts as the launcher for end-users to sign in. Overall, this works well; however, we’ve encountered an intermittent issue: After multiple lock/unlock cycles, the navigation bar sometimes reappears, showing the Overview, Home, and App Drawer buttons. This allows users to access background apps that are not exposed through Managed Home Screen, which defeats the kiosk experience. Device details: Samsung Galaxy Tab S10 FE Android 16, One UI 8.0 Managed Home Screen version: 2.2.0.107721 Has anyone experienced this behavior or have recommendations to prevent these UI elements from reappearing? I’ll gladly provide additional details about our configuration if needed. Thank you!
Delivery Optimization breaking Windows 11 update downloads?
We started seeing Delivery Optimization–related issues with Windows updates after upgrading devices to Windows 11 24H2. In our SCCM environment, Windows updates begin downloading but consistently fail or stall partway through the download. In many cases, the download restarts multiple times and eventually errors out. This behavior is consistent across multiple devices and different boundaries. These same devices were patching normally prior to the 24H2 upgrade. Since moving to 24H2, patching has become unreliable, especially for larger updates. From what we’re seeing, this doesn’t look like a traditional content or boundary issue. It feels like Delivery Optimization is failing mid-transfer or not resuming downloads correctly after the OS upgrade. So far we’ve checked the following: - Boundaries and boundary groups are unchanged - Content is available and distributed correctly on DPs - No recent SCCM site or infrastructure changes - Network connectivity looks normal On the client side, we’ve been reviewing: - DataTransferService.log (downloads start but fail or restart mid-way) - DeliveryOptimization logs (showing repeated retries / stalled transfers) - CAS.log and LocationServices.log (content location looks normal) - WUAHandler.log (update detection looks fine) Overall, detection and policy seem healthy — the issue appears during the actual download phase. Has anyone else seen Delivery Optimization downloads stall or fail during Windows patching after upgrading to Windows 11 24H2? If so, did you find a specific DO setting, policy change, or workaround that stabilized patching?Entra ID LAPS and BitLocker on Hybrid AD–Joined Devices
Hi All, We have Hybrid AD–joined Windows devices with BitLocker managed on-prem via GPO and BitLocker recovery keys already escrowed to Microsoft Entra ID. If we enable Windows LAPS in Entra ID (cloud LAPS), will this have any impact on: Existing BitLocker recovery keys stored in Entra ID, or Current/future BitLocker configuration and escrow behavior? Is there any dependency or interaction between Entra ID LAPS and BitLocker on hybrid devices? Thanks in advance DilanWindow 11
Hello I am using windows 11 few weeks ago I received windows update after update my windows started asking Bitlocker key i didn’t used Bitlocker my computer is stuck almost 2 weeks I don’t know what I do I didn’t used Bitlocker I buyed HP company alsmost 2 years. please help me to find solution without bitlocker key i can’t access my computer. thank youDeploy an application to Windows devices with specific serial numbers
I have a total of 200 new laptops which I would like to deploy a specific application using InTune. I have the serial number of all the laptops. These laptop are only identifiable by the serial number only and cannot use anything else. I've been searching for solutions but articles are not clear. Can someone please advise if this can be done? If so, can you guide me to a good article or with some points? Thanks in advance
Configuration profile to set File and browser preferences in Outlook Options > Advanced
Hello, Wondering if anyone has found a way to set these settings in Outlook (classic) via Intune. We do not want hyperlinks from Outlook opening with Edge and likewise we do not want email attachments for office files opening in the browser, we want them to open with the office apps.Deploy Office 365 and uninstall stand-alone office at once?
Does anyone have a process to push Office 365 while removing older versions of stand-alone office (2016 or 2019) as part of that process? The deploy packages for Office 365 can have a remove option in the configuration file, but that always fails when an older stand-alone version is already on a machine. Our current Windows management tool allows for pre or post scripts, but I do not see that as an option for Intune. I could write a pre-install powershell/batch script if that were allowed.
