Net Customer Adds - encouraging the wrong culture?
We're a Microsoft Partner that focuses on delivering excellent service to our SMB clients. This involves making sure they're as secure and compliant as they can be, and that they understand how to use the vast array of modern workplace tools to maximum advantage. Our primary Solutions Partner Designation is therefore Modern Work (SMB). Our staff are keen on learning so we have maximum points for intermediate and advanced certifications. We are continuously helping our clients to exploit the modern work tools so deployment scores are excellent. We also help our clients ensure those tools are adopted into the everyday flow of work so usage growth is huge. BUT, given our focus is implementing more Microsoft workloads into existing customers, rather than adding more customers, our Net Customer Adds score is 0, putting our designation at risk (as you have to score points in every area to renew). I do feel we're effectively being penalised by Microsoft for concentrating on helping clients get the most out of their offerings, rather than just selling licenses. And after raising this with them, it sounds like there's nothing we can do other than simply keep our fingers crossed that a month of high net customer adds drops off the rolling 12 month window before our renewal date for us to maintain our designation. The skilling, deployment, and usage requirements all make sense as they're about providing a good service and ensuring adoption by the end customer, but net customer adds clearly puts selling over service which isn't our culture or business model (or that of many smaller partners). In chatting to other partners, many are choosing not to renew their SPD's for similar reasons so I'm hoping the relevant decision makers will listen to this feedback and review the scoring. What do you think?Microsoft Technical Takeoff 2026: Windows + Intune
Mondays in March. Deep dives. AMAs. Windows, Intune, Windows 365, and Azure Virtual Desktop. Join us for Microsoft Technical Takeoff 2026 for Windows + Intune! This virtual technical skilling event takes you deep inside the latest features, capabilities, and scenarios for commercial organizations and the IT professionals that support them. Skill up and get answers to your questions from the engineering and product teams behind the features. How do I participate? Create your own agenda. Select “Add to Calendar” on a session page to save the date, then click the “Attend” button to save your spot, receive event reminders, and participate in the Q&A. If you can’t make the live session, don’t worry. You can post your questions in advance and catch up on the answers and insights later in the week. All sessions for Tech Takeoff will be recorded and available on demand immediately after airing. Don't see the "Attend" button or the ability to post Comments? Make sure to first sign in on the Tech Community! MONDAY MARCH 2 MONDAY MARCH 9 MONDAY MARCH 16 MONDAY MARCH 23 7:00 AM Let's talk Windows and Intune: 2026 edition 7:00 AM The latest in security for Windows 365 and Azure Virtual Desktop 7:00 AM Why smarter Windows management starts with Intune 7:00 AM AMA: The latest in Windows hardware security 7:30 AM The latest in Windows 11 security 7:30 AM Secure Boot certificate updates explained 7:30 AM Reporting at scale with Windows Autopatch update readiness 7:30 AM Zero Trust DNS: Securing Windows one connection at a time 8:00 AM Uplevel business continuity with Windows 365 Reserve 8:00 AM Feedback wanted: App management in the enterprise 8:00 AM User experience updates: Windows 365 Boot and more 8:00 AM AMA: Secure and manage AI and agentic capabilities in Windows 8:30 AM Hotpatch updates demystified: answers to real-world questions 8:30 AM Ready day one: how to get Windows users up and running fast 8:30 AM AI roundup: Intune agents for outcome-oriented innovation 8:30 AM Deploy and manage Windows 365 with Microsoft Intune 9:00 AM Zero Trust in action: securing endpoints with Intune 9:00 AM Making the most of your Intune data 9:00 AM AMA: Getting the most from Security Copilot in Intune 9:00 AM Unpacking Endpoint Management: Live from Tech Takeoff 2026 9:30 AM AMA: Windows Autopilot 9:30 AM Windows 365 reporting and monitoring updates 9:30 AM Manage Apple devices at scale: Intune security best practices 9:30 AM Azure Virtual Desktop for hybrid environments 10:00 AM The AI‑powered admin: emerging trends in endpoint management 10:00 AM Least privilege on Windows with Endpoint Privilege Management 10:00 AM Click less, manage more: simplify app deployment with Intune 10:00 AM Protect users, stop attacks: Passkeys on Windows 10:30 AM Eliminating NTLM in Windows 10:30 AM Windows 365 Frontline expands with Cloud Apps and more 10:30 AM App Control for Business: same roots, new playbook 10:30 AM AMA: AI and agentic features for Windows 365 11:00 AM One platform, many industries: smart Android management with Intune 11:00 AM From panic to productive: point-in-time restore in Windows 11:00 AM Intune timing demystified: what really happens behind the scenes 11:00 AM Transitioning to post-quantum cryptography 11:30 AM Resiliency with Windows 365 and Azure Virtual Desktop 11:30 AM The Intune playbook for iOS management at scale 11:30 AM Migrating from VDI to Windows 365 11:30 AM Resilience for the modern era: Windows quick machine recovery This event will feature AI-generated captions during the live broadcast. Human-generated captions will be available by the end of the week.
Domain Join Configuration Profile suddenly erroring out.
Good morning, I have never posted on here, so I hope this goes through. I have been working on getting HAADJ Autopilot setup in my organization the past few weeks and it has been going well so far, except for yesterday. In my testing I have successfully deployed a few machines using HYAAD Autopilot process with not many issues. Yesterday I pre-provisioned a laptop with no issues, it domain joined and Entra joined and I was able to reseal. A few minutes later I tried a different machine and then it didn't work on that machine. Since then I have been trying multiple machines, and it seems to not be working now at all. I am not sure what broke or changed in my environment that caused this to change. I am very new at Intune and picked up this environment from a team that left a few months ago, so it is a miracle I have gotten this far by myself, but now I am at a complete loss. This just broke on me and I have no lead as to what may have caused this. Please if anyone has ANY ideas on where to start for this please let me know. Google has not been much help. This is what I see when I check the report on the domain join config profile:Microsoft #IntuneForMSPs resource guide
Welcome to your home for all things #IntuneForMSPs! Our goal is to help you grow your Microsoft Managed Service Provider (MSP) business by combining productivity apps, intelligent cloud services, and the world-class security of Microsoft 365 with the multi-tenant management capabilities of you, our partners. Join us for #IntuneForMSPs community meetups to hear first-hand experiences with configuring and managing customer tenants, gain best practices, and get answers to your questions, live and on demand. Upcoming monthly #IntuneForMSPs meetups: Advanced automation and PowerShell for Intune - March 17th, 2026 at 8:00 a.m. PT (3:00 p.m. UTC) Past #IntuneForMSPs meetups – now available on demand! Planning your customers' Intune migration - February 17th, 2026 Getting started with Microsoft #IntuneForMSPs - January 20th, 2026 Jump to: Marketing and business development | Demos and tutorials | Multi-tenant management partners | Application packaging partners | Microsoft communities | Select content from Microsoft MVPs In the spotlight Download the Business Premium best practice deployment guides: Identity and access controls best practice deployment Device enrollment best practice deployment Email & App Protection best practice deployment Device security best practice deployment Data security best practice deployment Marketing and business development Start by joining Microsoft Partner programs AI Business Solutions for Partners Microsoft Security Partners Join the Partner Skilling Hub for Free Go to Microsoft Partner Skilling Hub Create your free account Select Solution areas of interest Intune content: AI Business Solutions, Security Recommended modules Implement with impact: Endpoint Management with Microsoft Intune | Microsoft Partner Skilling Hub Implement with impact: Implement Identity and access management with Microsoft Entra - Modules Download this customizable campaign in a box Protect My Devices BoM Demos and tutorials Whether deploying solutions for yourself or for your customers, these resources can help you with prescriptive ‘do this next’ guidance to get you up to speed quickly. Download the Business Premium best practice deployment guides: Identity and access controls best practice deployment Device enrollment best practice deployment Email & App Protection best practice deployment Device security best practice deployment Data security best practice deployment Follow along with the companion videos: Achieve greater security and productivity with Microsoft Intune and Microsoft 365 Explore click-through interactive guides for more advanced instruction: Microsoft Intune guided demos Topics include configuring app protection policies, configuring Conditional Access, updating Windows from the cloud, configuring corporate devices, deploying and managing line of business (LOB) apps, enabling Universal Print, accessing corporate resources on personal-owned devices, setting up Windows Autopilot for new device delivery, and reducing bandwidth consumption with Delivery Optimization. Multi-tenant management partners Microsoft Intune is proud to collaborate with leading global providers of multi-tenant Intune management solutions. These companies are building innovative capabilities on top of Microsoft Intune, Microsoft Security, and the broader M365 platform. Their companion solutions allow MSPs to: Centrally view and manage all customer tenants and action items through a unified partner dashboard. Take action across environments, leveraging Intune for device management, cloud security, and compliance. Standardize security settings, automate onboarding, and ensure policy consistency at scale-no more repetitive, manual tasks or risky policy drift. Importantly, this is a collaboration. These solutions are independent companions, offering their unique workflows and advanced automation features alongside the Intune platform. Click the image below to watch the Microsoft Intune multi-tenant management video with Jonathan Edwards. Nerdio overview Nerdio brings deep automation and analytics to Intune, Windows 365, Azure Virtual Desktop, and the broader Microsoft cloud. MSPs benefit from multi-tenant dashboards, global policy insights, role-based access, centralized app deployment, and automatic policy versioning with rollback and drift correction. Nerdio’s tooling is designed specifically for MSPs and scales from small teams to large enterprise portfolios. Get more details at Nerdio’s landing page: aka.ms/IntuneforMSPs/Nerdio. Nerdio knowledge hub inforcer overview inforcer empowers MSPs to standardize Microsoft 365 and Intune policies across all tenants, automate environment configuration, monitor compliance in real time, and reduce risk through policy drift detection. Its reporting and automation features free teams from manual, error-prone scripting and help deliver consistent, secure customer experiences, setting MSPs up to deliver advanced AI services to their customers. Learn more at: aka.ms/IntuneforMSPs/inforcer Inforcer resources Application packaging partners Migrating applications from Configuration Manager and other on-prem solutions to Microsoft Intune cloud native remains a challenging and time consuming undertaking, especially when dealing with complex line-of-business, legacy, and custom home-grown applications. Some organizations pursuing a full cloud-native management vision are encountering blockers related to application compatibility, re-packaging, and the scale of existing app estates - all while trying to maintain business continuity, device compliance, and preparing for the AI Copilot era. To address the complex realities of app migration, the Microsoft partner ecosystem has stepped up with specialized offers designed to reduce risk and accelerate cloud adoption. As part of this initiative our Microsoft partners Rimo3 and Robopack are offering no-cost, time-limited app migration service to all Intune customers who are looking to move from ConfigMgr to Intune. These services can help IT teams automate assessment, package conversion, and remediation for various app types, helping organizations realize the full value of Intune faster and with less disruption. Please note: These app migration service offers are made directly by partners, are subject to their terms, and Microsoft makes no guarantees or commitments regarding their availability or outcome. Application packaging partner solution overviews Rimo3 helps IT professionals modernize, migrate, and manage applications at enterprise scale. The platform eliminates manual effort by automating packaging, validation, and patch testing. With patented IP, Rimo3 ensures every app is compatible, secure, and visible for dependencies and update readiness before deployment. Automated, unattended workflows reduce migration timelines from months to days, while contextual patch validation minimizes production risk. Rimo3 keeps environments evergreen with zero-touch app management and enhances Microsoft Intune with bulk operations, advanced controls, and unified reporting. Learn more at: aka.ms/IntuneRimo3Package Robopack is a cloud-native Intune app lifecycle platform that lets you package, deploy, and keep third-party apps updated, across one or many tenants, with phased control and PowerShell App Deployment Toolkit (PSADT)-based customization. Start with a self-service migration readiness report, mapped to the library of 41,000 pre-packaged, fully documented apps ready to go, or upload your own apps to be analysed and converted. Robopack Radar discovers apps installed across your estate, allowing you to quickly migrate to Intune and uncover Shadow IT. Learn more at: aka.ms/IntuneRobopackPackage Microsoft communities Microsoft 365 Blog small and medium business-related posts Microsoft 365 Partner LinkedIn channel Select content from Microsoft MVPs Essential Intune reading list: MVP community content for 2025 - Microsoft Intune BlogEdge for Android Smartscreen
Hi All I hope you are well. Anyway, is it possible to configure Edge for Android Smartscreen to: Prevent end user bypass Block potential risky downloads I can see various methods and guides pointing to Edge App Configuration policies but just cannot seem to get the this to work on Android Enterprise Fully Managed devices. Any help would be great. SKControlling Excel Add-ins and Microsoft Store App Installations
We have a requirement to block users from adding add-ins to Excel and Installing certain application directly which utilize Microsoft Store apps. Below are the two scenarios we need to address. I would appreciate any guidance or recommendations on how to implement these controls. 1) Blocking Excel Add-ins from Microsoft Store Users are currently able to add add-ins such as “Claude by Anthropic in Excel” directly from the Microsoft Store apps. For example, if a user accesses the URL: https://marketplace.microsoft.com/en-us/product/saas/wa200009404?tab=overview they can proceed to add the add-in to Excel. So, We need a method to prevent users from adding Office add-ins from the Microsoft Marketplace or external sources. 2) Blocking Installation of Microsoft Store Apps (e.g., WhatsApp) We are currently blocking Microsoft Store apps on OS level. However, users can still download and install applications such as WhatsApp directly from the vendor website, which utilize Microsoft store apps in backend: https://www.whatsapp.com/download We are considering configuring the Intune policy “Only Private Store is enabled.” However, we noticed that enabling this setting prevents users from accessing certain built-in applications (e.g., Notepad). Is there any other way to block access Microsoft Store apps directly? Thank you in advance for your assistance. DilanReplacing Complex GPO Item-Level Targeting with Intune
Hi All, I’m looking for some advice on the best way to handle this scenario. We’re running a hybrid environment and currently have a GPO that creates 1,000+ registry entries across 150+ user groups using item-level targeting with security groups. Now we need to move this over to Intune, and that’s where things get tricky. Intune doesn’t really offer the same item-level targeting flexibility as GPO. So far, the only workable option seems to be creating 150+ platform scripts or Proactive Remediation scripts, which obviously isn’t ideal from a management perspective. I’m thinking it might be much easier long-term to create one large PowerShell script that checks the logged-in user’s group membership and then applies the appropriate registry settings dynamically. Has anyone dealt with something similar? Is there a cleaner or more scalable approach in Intune? Thanks in advance! Dilan
Intune - ASR Rules - exclusion
Hello, please can anybody give me an advice about Intune exception? We are using N-Able client for computer management and Intune ASR is blocking it. I tried to add exception in rule setting but it has not helped so far. I am getting defender popup with info that risky action blocked Your admin blocker this action. Blocked app or process - winagent.exe Blocked by - surface attack reduction Rule - Block using of copied or personified system tools. There is my exception but it did not helped. Thank you.
What are the system requirements for hardware-accelerated BitLocker announced in ignite 2025?
Microsoft has recently announced hardware-accelerated Bitlocker (Ref. Link: https://techcommunity.microsoft.com/blog/windows-itpro-blog/announcing-hardware-accelerated-bitlocker/4474609) I would like to know system requirements (Specifically Hardware) that supports this functionality. The article also says below "Coordinate with your suppliers and keep an eye on listings from us and other vendors as PCs become available on the market." But I am unable to find any link for the listing from Microsoft. Does it support all the devices that has TPM 2.0 or does it require any other hardware?
