Re-Enabling Lost Devices
When I attempt to disable lost mode, the status is stuck on pending, and the device itself is still in lost mode. In order to troubleshoot this, I've connected the device to LTE via an activated SIM, which did not resolve the issue. I'm able to restore the devices, but I'd like to back up the data before I wipe them. I have a number of devices, iPhones and iPads, that I'm working on. Any ideas as to next steps?
Intune auto pilot international settings
Hi everyone, I'm trying to achieve the following for new computers in autopilot: Set time zone to my time zone Set system locale, culture and windows home location to my country Set a language list to use en-US and my country's language Make sure that my country language is installed on the compute In MECM this is the Apply windows settings which looks like this: The end result I'm looking for is this: I searched the web and also found the Copy-UserInternationalSettingsToSystem, but this is for windows 11... We are still deploying windows 10. I found and tested multiple options such as deploying the LXP and using several powershell commands to apply what I need but it doesn't exactly work. This is my autopilot profile: Is there a way to use some unattended file or any other way to configure the operating system to our international settings? Rahamim.Microsoft Bitlocker Management from Intune
Howdy Folks! I guess everyone is doing well with the Microsoft as all of you might got inspired much from the session last week held in Las Vegas(Microsoft Inspire)!! Though I missed it everyone badly as I didn't get chance to visit but the questions keep peeping on my head!! Now with the BitLocker issue where I guess someone can answer this as well, So my query is straight as I need to disable or hide this option of getting the Recovery Keys from the End User level as it is a vulnerable for the Admins to provide the Recovery Keys for OS Encryption Disk like given below with an example Bitlocker Keys Available from end user level using my apps.microsoft.com Is there any option from the administrator level from Azure Portal to hide this Keys from the end user side?? Please help me out as customer is seeking help for this!!
MAM | App seeking permission to access contacts
I created MAM policy and marked few of our corporate applications as protected. Now when trying to open OneDrive App (protected) and access a file, it prompts for permission to access contacts. Is there a way we can avoid this prompt as we don't want our apps to access contacts.Upgrading Windows 11 on Co-Managed Entra Joined Devices with Intune
Dear Support, All of our Windows 10 devices are managed through SCCM and Microsoft Intune, with shared workloads piloted through Intune. Below are the details from one of our testing devices, Here is the testing device details, Co-management configuration settings: As per the instructions provided , I have created a profile under "Update rings for Windows 10 and later" and manually synced it from the company portal, Intune device console, and Account or Work School > Info > Sync. However, I do not see any prompts or progress regarding the Windows 10 upgrade. I verified in event viewer, Application and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider -> admin, I see there was an error “MDM Session : OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x801901ad)” I checked in google the error message indicates that, the device was unable to sync because of network connection issues so restarted the device to see if this error get rid from the event viewer but I got another issue in event viewer , “MDM ConfigurationManager: Command failure status. Configuration Source ID: (E97E6844-D6DA-4626-8E08-2981CAC4E66F), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified Not sure whether because of this error windows 11 upgrade is failed? Dsregcmd /status , WUfB Policy registry entries and values: Could you please assist in providing guidance on how to upgrade Windows 10 for hybrid devices?Pros and Cons of Using Microsoft Endpoint Manager Policy Sets Feature
What else can be a great feature in Microsoft Endpoint Manager other than bundling up all the policies and create that “Golden Image” type policy and assign it to the Device or User groups so from an Administrators perspective, you don’t need to individually assign groups in to policies and apps and managing this will be super easy. A great MEM function which is still in Preview though, but I already see great benefits as well as some caveats using it. Benefits of Using Policy Sets Most of the organizations when they move from SCCM or from their current management solution to MEM/ Intune, they look for similarities so things can be managed without an additional hassle. In a world where you don’t have MEM Policy Sets feature, you would have apps – each app assigned to a group, device profiles – each one assigned to group/s, Compliance policies – each one assigned to group/s etc. It is an overwhelming task to make sure every policy that’s created, every app that has been added has been assigned to the group/s etc. The main usage of Policy Sets is very simple to understand. It’s basically bundling up the policies, apps, configuration profiles etc. in one place and from that point onwards, if you have your set of users/ devices that needs to be assigned to those, rather than going to each policy and assigning them, you can go other way round. Assigning the Policy Set to the group/s. Also this is a great feature to set up that SOE level and maintain it as one single entity. You always have the ability to do modifications as you go. As an example, you can maintain 3 policies for Windows, iOS and Android devices which are manages by MEM. At this stage, below are available to configure in Policy Sets Apps App configuration policies App protection policies Device configuration profiles Device compliance policies Windows autopilot deployment profiles Enrollment status page Caveats of Using Policy Sets Microsoft have already identified some known issues with Policy Sets which is basically stopping the administrators to think twice before using it. In high level, Some policies can’t be applied to User groups Some apps which will be required by special devices/ users must be added separate to the policy sets Even in this form, the goal of creating that Super Policy and add all the policies and Apps that needs to go in and then assigning groups (Device or User) is bit dicey as if you assign a device group to the Policy Set object, the underlying policies that needs to be assigned to a user policy will not work. So to overcome this you would introduce chaos by direct assigned policies which are not a part of the policy set. According to https://docs.microsoft.com/en-us/mem/intune/fundamentals/policy-sets#policy-sets-known-issues, below are the Policy sets issues new to version1910 The following app types are currently supported by policy sets: iOS/iPadOS store app iOS/iPadOS line-of-business app Managed iOS/iPadOS line-of-business app Android store app Android line-of-business app Managed Android line-of-business app Microsoft 365 Apps (Windows 10) Web link Built-in iOS/iPadOS app Built-in Android app Setting a policy set assignment of All Users to Autopilot Profile is unsupported. Policy sets have the following enrollment restrictions and Enrollment Status Page (ESP) issues: Restrictions and ESP do not support virtual group assignments. Restrictions and ESP do not strictly support exclusion group assignments. Restrictions and ESP use priority-based conflict resolution. Restrictions and ESP might not be applied to the same users as the rest of a policy set’s payloads if the restrictions and ESP are also targeted by a higher priority restriction and ESP. The default restrictions and ESP cannot be added to a policy set. MAM policy types that support policy sets include the following: MAM WIP (Windows) MDM targeted managed app protection MAM iOS/iPadOS targeted managed app protection MAM Android targeted managed app protection MAM iOS/iPadOS targeted managed app configuration MAM Android targeted managed app configuration MAM policy types that do not support policy sets include the following: MAM WIP (Windows) targeted managed app protection MAM processes policy set assignments as direct assignments for the following policy types: MAM iOS/iPadOS targeted managed app protection MAM Android targeted managed app protection MAM iOS/iPadOS targeted managed app configuration MAM Android targeted managed app configurationIf a policy is added to a policy set that is deployed to a group, the group would show as directly assigned in the workload, not “assigned via the policy set”. As a result of this, MAM does not process group assignment deletions coming from policy sets. MAM does not support deployment to All Users and All Devices virtual groups for any policy types. The Device Configuration Profile of type “Administrative Templates” cannot be selected as part of a policy set. The Verdict I believe Policy Sets are still in Preview because of this situation as they have these known issues than the usages. Everyone’s requirement is not he same and If you can tackle the caveats, you can still use the Policy Sets, but since this is out there for a while now and because Microsoft has identified the issues, they may working on a better version of this that we call can use without any hesitation. https://shehanperera.com/2022/04/28/mem-policy-sets-1/Save the date: Ask the Experts - Securing Windows Devices with Microsoft Endpoint Manager
Save the date and get answers to any questions you have around securing Windows devices with Microsoft Endpoint Manager in this special Ask the Experts event! This event will take place on Teams Live Events. At (or just before) 9:00 a.m. Pacific Time on Tuesday, October 27, 2020, visit https://aka.ms/MEMATE/SecWin to join the meeting. We'll have members of the engineering and product teams on camera and on chat to help answer your questions large and small, including: Matt Shadbolt Mike Danoski Laura Arrizza Tyler Castaldo Aasawari Navathe Lance Crandall Dave Randall Dilip Radhakrishnan Mahyar Ghadiali Sameer Yadav Shiv Patel Matt Call We hope you can join us for a great discussion!Import iOS Devices in Apple Business Manager
Hello, Is there a way to bring the existing enrolled iOS devices (enrolled using Apple Configurator) to Apple Business Manager. As we know certain features such as blocking of configuration profile changes is only applicable to devices enrolled through Apple Business Manager.Announcing the public preview of Windows Autopilot for HoloLens 2
Microsoft is now bringing Windows Autopilot capabilities to every HoloLens 2 and Microsoft Endpoint Manager customer, allowing administrators to pre-configure new devices and set them up for productive use. Get all the details in Yannis_Lempidakis's post on the Windows IT Pro Blog.
