User Profile
Alber
Iron Contributor
Joined 5 years ago
User Widgets
Recent Discussions
How to remove MDE managed devices in MEM?
Hi, I had two windows server VMs with MDE(Microsoft Defender for Endpoint) onboarded. For test purpose, I turned on the security settings management in MDE to let MEM deploy some security policies to them. It worked fine. I got corresponding device entries in AAD and MEM and was able to manage the VMs like other Intune managed devices. After I deleted the VMs, I found the device entries are somehow lingering. For MDE, I knew there is a data retention time which is 30 days in my case. I waited for a month and the VMs do disappear from MDE. But I can still see them in AAD and MEM till now. I can't do anything to them in MEM, while I can temporarily delete them in AAD and see them respawn next day. According to the doc, there is a way to solve this problem, but I can't see how. https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration#frequently-asked-questions-and-considerations Does anyone know what "be removed from the scope of Configuration Management in the Security Center" means and how to perform it? Thanks for reading this post.Re: Does Windows Autopatch support DIY build PCs?
Hi RichardLian According to the docs, a duplicate serial number is not accepted by Autopatch. I guess I registered the two devices (with the same serial number) before the check mechanism be added. Now I still have one of them stay in Autopatch and works fine. Really wonder why we need serial number, model and manufacturer of a device to use Autopatch. Nonsense to me.Does Windows Autopatch support DIY build PCs?
Hi, I have some DIY build PCs enrolled and managed by Intune. They don't have effective values (but not blank) of serial number, manufacturer and model. Looks like following pic in Intune portal: (For all the DIY build PCs I got similar values of serial number, manufacturer and model. Like "SystemSerialNumber", "System manufacturer", "System Product Name", "ToBeFilledByO.E.M." and "To Be Filled By O.E.M.") I tried to register 2 such PCs with Windows Autopatch and succeeded. But today one of them disappeared from Windows Autopatch portal, either in Ready or Not ready tab. The other one is fine. I can still find the missing one in "Modern Workplace *" AAD groups, and the corresponding policy assignment seems OK. Following pic are from the missing one: (membership of "Modern Workplace *" AAD groups) (corresponding policy assignment) I guess it's a bug for Windows Autopatch to handle such DIY build PCs. How could I solve it? Will there be an offical fix for this? If unfortunately it's not a bug, I wonder why. Current device records in AAD and Intune for such DIY build PCs should be enough for Windows Autopatch to work, doesn't it? Any opinions are welcome. Many thanks.Re: Can't remove 2 advisories
phull89 I think it's OK to enroll your tenant in Windows Autopatch with these advisories. During the enrollment, Windows Autopatch service try to modify the corresponding CA policy. In my experience, they will be fine. (Just remember to check CA policy after enrollment to be sure.) For Co-Managed issue, I think it's OK if you do follow the documents. Hope this helps.
