Required Apps assigned to dynamic group are being skipped during pre-provisioning?
I have a few dynamic groups based on a group tag that gets assigned to the device during Intune enrollment. Each of those groups have a different set of applications that are installed on them. One of those dynamic groups just doesn't want to detect the required applications. There are supposed to be 5 apps. During pre-provisioning, it just jumps straight to the reseal page. If I let the device sit at the ESP page, the apps are installed in the background as if they aren't being tracked. If I quickly seal the machine before other apps are installed and unseal, it works like normal (tracking each of the apps and installing them). I can confirm the following: The device is in the proper dynamic group The Autopilot deployment profile and ESP settings are correct All of the applications are Win32 packages and install successfully during ESP This same setup works with my other dynamic groups fine. And it has worked previously with the trouble group before. I didn't change anything I tried: Removing and re-registering the device I'm about to delete and recreate the dynamic group or try to create a static group and see if I get the same results. Everything looks fine and I haven't been able to find something in the logs that points to why it doesn't see the apps as required. Again, if I let it sit, the apps install in the background fine. It's just baffling since my other dynamic groups work fine. Has anyone seen something similar?dynamic group based on assigned license
Hi, is it possible to create a group with users based on a assigned license? So i want to include all users into this specific group who has e.g. an E3 license assigned, but not an E5. It seems, that the only way is to use the a ServicePlan name, not a SKU name, isn't it? Even better would be a dynamic membership rule based on the SKU, not on a ServicePlan. What i tried to do: 1. Get-MsolAccountSKU to find out the SKU name 2. Created a dynamic group without knowing which syntax to use :D 3. Used this dynamic membership rule as a workaround: (user.assignedPlans -any ((assignedPlan.service -match "NAME") -and (assignedPlan.capabilityStatus -eq "Enabled"))) (I found the ServicePlan names via Get-MsolAccountSku | Where-Object {$_.SkuPartNumber -eq “ENTERPRISEPREMIUM”} | ForEach-Object {$_.ServiceStatus} Thank you ina advance. Patrick :)
Autopilot enrollment via MDT
Hi all, Within our organization, we’re implementing Microsoft Endpoint Manager to manage devices like laptops. The situation is as followed: laptops are currently unmanaged and we’re trying to find a user-friendly way to enroll these laptops in MEM. Options to add a ‘Work or School account’ aren’t an option as users only have a ‘user account’ without admin rights. On the other hand, we’d like to take this opportunity to enroll a new (clean install) image with configurations and software from MEM. After installing the OS with MDT and the offline JSON profile the device boots with the expected OOBE screen, ready to enroll in MEM. After entering the credentials the device is enrolled in AAD. Based on some rules the device is added to a dynamic group that is assigned to the ESP and configurations… probably AAD detects the membership too late which returns in a half-baked configuration. We prefer to enroll without any manual interactions such as installing a provisioning package or running a PS-script from the OOBE-screen. Any suggestions so devices will get their ESP and configuration profiles that are assigned to the group as pre-provisioning isn’t an option with offline Autopilot profiles? Used resources: https://docs.microsoft.com/en-us/archive/blogs/mniehaus/speeding-up-windows-autopilot-for-existing-devices https://docs.microsoft.com/en-us/mem/autopilot/existing-devices Thanks in advance!
