Windows hello for business for Hybrid Entra Join
Environment: -No UPN matching between onprem AD and Azure, Third party federation and User provisioning . -Hybrid Entra Joined devices -Enrolled to Intune using device credentials as SCCM is setup with co management (Cloud Attach). Question: Whether setting up Windows hello for business (Which was working before enrollment) using GPO / or Intune. An error is returned. Pin: "this sign in option is only available when connected to your organization's network" "Fingerprint and Face" "The option is currently unavailable" Multiple methods to setup WFH was attempted and none worked so far. -Devices -> Win 10 -> Enrollment -> "Configure Windows hello for business" -Using Custom settings as described here(CSP or GPO): https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/configure -Biometrics devices updated/ Windows updates installed/ All devices and users affected in the organization. -What could be the issue? Any best effort to get the windows hello for business working again?Upgrading Windows 11 on Co-Managed Entra Joined Devices with Intune
Dear Support, All of our Windows 10 devices are managed through SCCM and Microsoft Intune, with shared workloads piloted through Intune. Below are the details from one of our testing devices, Here is the testing device details, Co-management configuration settings: As per the instructions provided , I have created a profile under "Update rings for Windows 10 and later" and manually synced it from the company portal, Intune device console, and Account or Work School > Info > Sync. However, I do not see any prompts or progress regarding the Windows 10 upgrade. I verified in event viewer, Application and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider -> admin, I see there was an error “MDM Session : OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x801901ad)” I checked in google the error message indicates that, the device was unable to sync because of network connection issues so restarted the device to see if this error get rid from the event viewer but I got another issue in event viewer , “MDM ConfigurationManager: Command failure status. Configuration Source ID: (E97E6844-D6DA-4626-8E08-2981CAC4E66F), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified Not sure whether because of this error windows 11 upgrade is failed? Dsregcmd /status , WUfB Policy registry entries and values: Could you please assist in providing guidance on how to upgrade Windows 10 for hybrid devices?
After enabling co-management users get prompt
Hi, I Enabled co-management, computers registers in AAD, enrolls in Intune, it seems that everything works - intune status - co-managed. But users get prompt that there is a problem with work or school account and they have to login. Until user logins there is also an mdm sync error under info button in work or school account. Then user logins sync error disappears. Why there is such prompt? I thought that sccm would enroll devices with device credentials and that would be enough? MS documentation states that co-management supports: "Ability to enroll devices without user interaction". 2fa isn’t used. What I am missing here?
Migration tool
hi, I heard of about this tool : https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/migrate-import-data , which is supposed to migrate the SCCM content to Intune. You say that it migrates policies/packages/CIs/VPN or Wifi profiles, and stuff like this : I understand there are some limitations, explained in the documentation, but are you not afraid that vast majority of users will not be able to use this tool in a prod way, because of the various current Intune limitations like no PS script support yet available, not all GPOs are existing in the "LocalSecurityPolicies" CSP, packages that are EXE-based or contains several MSI files, and so on... ?
Greater visibility of errors
Are there any plans to give the community greater visibility to errors that we see in stand alone intune? e.g instead of seeing that an error occurred. It would be nice to see what the error was, and what service is affected within the tenant rather than just a generic error code. If we could have access to reporting tools and logs, then it would greatly help speed up the process when it came to troubleshooting issues that arise from time to time.SCCM/Intune
If we moved to an integrated SCCM/Intune platform, would we be limited by features within the SCCM environment in regards to features we can implement? or has the intune features cycle and the SCCM integration aligned better so that the SCCM/Intune integrated environments isn't lagging behind the stand alone intune platform? Would moving to the integrated platform provide us with better logging for troubleshooting diagnosis for example or give us better visibility as to when there are issues in the environment?
