User Profile
treestryder
Steel Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Turn on Windows Narrator for all users?
Is there a way (registry setting, command, script, Intune policy, etc) to turn Windows Narrator on for all users? I'm aware of the keyboard shortcut for individuals, but we have dedicated devices currently running JAWS and finding this setting is a first step in possibly replacing them.430Views0likes1CommentAre Defender Device Groups the only way to target Web Content Filter policies?
We are moving from Cisco Umbrella to Microsoft Defender's Web Content Filtering. We fully understand that they are not a 1 to 1 match. We have accounted for the differences with one exception. We have an Entra group of PCs where we need to block additional Web Content Categories. I suspect they will later require additional custom indicators to be blocked. And, if this is successful, I can see additional groups of PCs needing their own content filter settings. I could be wrong however, my understanding of Defender Device Groups is that they configure many other aspects of a PC, including RBAC within Defender. If true, attempting to keep those configurations in sync (especially when we are not aware of what all they might be) could be difficult. With my limited understanding of them, they feel like overkill for assigning additional filters to a subset of otherwise identical PCs. Are Defender Device Groups the only way to target Web Content policies? If it matters any, we are Autopilot enrolling PCs to be Entra Joined and Intune managed. Bye-bye on-prem AD, Configuration Manager, old-skool drivers, and someday... old-skool apps.2KViews0likes3CommentsCataloging Modern PC Management Ready PCs, Peripherals, and Software
I have started a shared spreadsheet for the community to share their experiences with "Autopilot Ready" PCs, Peripherals and Software. My hope is this will help admins find the rare gems and push OEMs to get with the times. Please contribute your own findings to the spreadsheet and discuss suggestions here. https://1drv.ms/x/s!AgG_boPR-xfWjN9i2Z_y_8ErM6t--AWhat is the procedure to reassign an Intune managed AAD joined Windows 10 device?
We have begun down the Intune and AAD path and have encountered our first user transition situation. A new employee is replacing a former employee and inheriting the former employee's laptop. In the past, we would remove the device from Active Directory and re-image it with SCCM. However, this former employee's laptop is only managed with Intune and is only joined to Azure AD. What is the procedure to wipe and redeploy an Intune managed AAD joined Windows 10 device? How do we ensure that the laptop is wiped clean and its ownership updated? Following old habits, some would also like the laptop to be renamed to match its new owner. Is this possible or should this practice be given up? Thanks in advance.40KViews1like9CommentsWiFi Device Configuration Profile - Error WindowsWifiEnterpriseEAPConfiguration 0x87d1fde8
After assigning our first WiFi Device Configuration Profile, most of our devices are now non-compliant, with the following error... SETTING: WindowsWifiEnterpriseEAPConfiguration STATE: Error SOURCE PROFILES: Source Profile WiFi PeckhamData ERROR CODE: 0x87d1fde8 ERROR DETAILS: Remediation failed When researching this error, I found an older blog post about how to create a custom OMA-URI policy to deploy WiFi settings... Deploy Wi-Fi profiles to Windows Phone devices with Microsoft Intune OMA-URI policy In this article, there is a reference to the error we are receiving. There is an undocumented value which requires for the hex value of the Wi-Fi name. This value should be added before the SSID name (see example below). If this value is not configured, the Wi-Fi profile will function but Microsoft Intune will report this as an error (0x87D1FDE8) non-compliant. Could it be that the new(er) WiFi Configuration Type is not properly configuring the "hex value of the Wi-Fi name"? And, if this is a bug, how would I report it? Any help would be greatly appreciated.37KViews2likes3CommentsHow does one deploy through Intune the "Microsoft.Office.Desktop" Appx Package?
Knowing that there is the Office 365 ProPlus Click-to-run installer template within Intune, I wonder if there may be a way to deploy Office through the Store for Business. We are finding Office to be pre-installed on some new Windows 10 devices. These have not been installed using the MSI or Click-to-run installer, but as an AppX (MSIX?) package. Get-AppxProvisionedPackage shows the display name to be "Microsoft.Office.Desktop" and the Store app shows that it has Add-ons for each installed component of the Office suite. For our devices which do not already have Office installed, how would one deploy through Intune the Microsoft.Office.Desktop Appx Package? Maybe, I am getting ahead of Microsoft on this and it will eventually show up as an option in the Store for Business.882Views0likes0CommentsHow does one build an Intune AutoPilot ready device, using SCCM, without it becoming Co-Managed?
I would like to build devices using SCCM, much like they arrive new, for Intune AutoPilot deployments. This seemed simple enough. I created a generic Task Sequence, Then wrote a script which uninstalls the SCCM Client, gathers the device's hardware ID and then, runs "sysprep /oobe /shutdown". This script runs after the Task Sequence completes, using the Task Sequence Variable "SMSTSPostAction". All of this works beautifully, until the machine is joined to Azure AD via AutoPilot. My first sign of trouble was that the Intune Policies would not apply. I then found this message when looking at the device in Intune: Co-management <UserName>'s Windows PC is being co-managed between Intune and Configuration Manager. Configuration Manager agent state is shown below, if the state is anything other than “Healthy” there are a few steps that help with this. Configuration Manager agent state Could not connect Details The Configuration Manager client is currently unable to reach the Configuration Manager management point. Make sure the client can communicate with the server. For more information on client communication issues, see the CcmMessaging.log, LocationServices.log, or ClientLocation.log files on the Configuration Manager client. We did have Co-Management turned on, for a brief moment, in our AutoPilot journey. We quickly found that it complicated things and then followed instructions in someone's blog post to turn it off. Possibly, something went wrong turning it off? What I do not understand is why Intune thinks these devices are managed by SCCM. My best guess is that the SCCM client uninstall leaves behind cruft which the MDM system is reporting back to Intune. Is it possible to create devices, ready to be AutoPiloted and only managed by Intune, using SCCM? If so, how? Thanks. This is also a ServerFault Question.Solved
Groups
Recent Blog Articles
Re: Enable Windows standard users with Endpoint Privilege Management in Microsoft Intune
I would like to see the "need" for local administrator access eliminated. I have never needed root access to my phone. Through simplifying our configurations and attempting to manage everything t...0likes0Comments