Event banner
Event details
- With upcoming end of support for windows 10, are there any plans to implement features or guidelines that will make the transition/upgrade to windows 11 as smooth as possible?
- Joe_Lurie
Microsoft
justCasper We already make this smooth with Intune and Windows Update for Business or with Windows Autopatch. Are you looking for a different solution?
In addition to the questions posted on this page, we also answer questions posted in reply to the event on LinkedIn and X (Twitter). Here are the questions we answered today:
From X -- What can you do with BitLocker management in Intune? - answered at 17:00
- Missed the live stream. Microsoft releases a security baseline for Windows, but typically a ton of those settings are missing or need to use custom oma-uri. Shouldn't security baseline settings have day 1 support?
- Mike-DanoskiThe new windows 11 security baseline will be available in Intune within a week or so. We've been working very closely with the windows team to make sure that we have full support of all the settings that are called out in the baseline as well as adding new MDM controls for some of the settings that were previously only available in GPO. We've moved the baselines over to the same mechanisms that run the settings catalog so updates and new settings should be much quicker going forward.
- Any plans to make remediation built into the Company Portal app deployment? If Company Portal ever gets removed, it never reinstalls automatically. If a device has no other apps, it should always have Company Portal to be able to manage the other app installs.
- Max_SteinThanks for the feedback! Please add this to our Feedback portal with your scenario, so we can get this captured with the appropriate feature teams in Intune! https://aka.ms/IntuneFeedback
- not the best idea but could you perhaps have a group that is "company portal users" for example have a policy that installs that. If, somehow it was uninstalled, you remove them from the group and readd them which should trigger the app being reinstalled? Seems like a remediation script as you ask for would make far more sense though.
- We have applications pushed via Intune to a device that runs scripts or commands on the computer but get blocked due to the application running at user level. (users get blocked using cmd and PowerShell) is there a way to allow the applications but still Deny access to the user? At present I have restricted PowerShell to only remotely signed but it's not ideal on student computers.
- Max_Stein
Hi, Derek! Not sure if you're encountering issues with more than one app, though our App Assure team may be able to help here and can assist though your app deployment blockers.
- Not sure this is helpful but on the off chance that it is.... I have had to put this line at teh beginning of some of my scripts Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -scope Process -Force then at the end Set-ExecutionPolicy -ExecutionPolicy Restricted -scope Process -Force not sure it is needed at the end since the process will be ended but it felt right to reset the value at the end.
- is there a plan so that you don't need to need to know KQL to use the advanced analytics query? I would love for our helpdesk users to be able to access these queries but I don't want to expect them to learn how to write queries. A GUI version with drop downs etc would make this much more accessible.
- Joe_Lurie
AntonDobschensky This is a great question, and is actually answered in the Enterprise App Management and Advanced Analytics AMA that was held right after this one. Click here and go to 51:00 minutes.
- Can we give this 1000 likes. Why there is this love of KQL all over Azure is beyond me. It is not something so super simple that the front-line staff can play with and find what they need. I don't need my higher end staff becoming DBAs either and learning stuff like this. It should be far more useful than it is. If you are not in it all the time it is next to impossible to find what you need. Old style event logs and event viewer had at least enough info that you could find stuff.
- Are there any plans to allow more bulk modification of device information in the portal? For example, I want to update the device category on multiple devices. Trying to build and test Graph/Powershell scripts is extremely time consuming and can be catastrophic if an admin makes a mistake. (Which we all do.)
- Max_SteinThis is something we've heard from other customers, and we'd love to get your feedback! Feel free to add your vote/comment to this existing feedback idea: https://feedbackportal.microsoft.com/feedback/idea/038f15e3-57e9-ed11-a81c-000d3ad924d4 so we can capture your scenario for future consideration. Thanks!
- When is Win32 app supersedence going to get the option to "automatically upgrade any superseded versions of this application" that has existed in Config Manager for years? Example: Notepad++8.6.4 is deployed as available for enrolled devices. Notepad++ 8.6.5 is released. We create a Notepad 8.6.5 app, have it supersede the 8.6.4 app, and deploy it as available for enrolled devices. I want devices with no Notepad++ installed to see version 8.6.5 available in Company Portal (which happens now), but I also want that deployment to forcibly upgrade the devices with 8.6.4 (which does not happen now).
- Joe_Lurie
Joe_Friedel Make sure you watch the AMA on Enterprise App Management where we talk about Supercedence. With EAM we are developing a "guided upgrade" experience, but are also looking at a "set-it-and-forget-it" experience. No timeline on the set-it-and-forget-it (or automatic upgrade) but it's something we know is important and are investigating the best way to offer it without breaking your existing processes.
That concludes this AMA! Thanks for joining us, and we hope you enjoyed this session. If you missed the live broadcast, don’t worry – you can watch it on demand.
Stay up to date on the latest in Intune! Bookmark the Microsoft Intune Blog and follow MSIntune on X and LinkedIn. Want more tips, tricks, and insights from the experts? Tune in to new episodes of Unpacking Endpoint Management series each month here on the Tech Community.- Any plans to increase the range of local built-in groups that can be managed...we found adding users the Network Configuration Operators problematic
- Joe_Lurie
RussJ70 We have no plans today to increase which local groups can be managed on the devices, but it's a good question. Please add feedback to https://aka.ms/IntuneFeedback and also use the Send a Smiley/Send a Frown in the console
