Event banner
Event details
Apologies if this was asked and I missed it... Can we please get a way to reverse view (and add/remove) which resources/configs have been associated to a group? I want to be able to browse to a group in Intune and see all the items its been assigned. It's a bit like the old AD Users and Groups where we could add a user to a group BUT we could also add a group to a user.
You could even get clever with this and create graphical representations of "builds" (configuration and resource sets). I tend to diagram it with a mind map-like style.
- Jason_Sandys
Microsoft
I thought we had already released something that did this but apparently not. To my knowledge, there is a feature on the near term roadmap that should fulfill what I think is your requirement here.
- It looks like Intune data warehouse only has summary data, can you confirm this, and if so when will more detailed data be added, for example per-device compliance status at the setting level not the policy level?
- What is the best way to get Intune data from graph into some sort of database we can use the data to work with (like running jobs based on inventory data)? would it be Azure data factory?
- any thoughts on putting links to github repositories or similar for scripts and remediation libraries in-app rather than admins having to research and find those libraries and vet them themselves?
- Jason_SandysHi Richard. Without getting into a ton of details here, yes, this is/was a fairly common (heated even) topic internally but concerns for security, safety, and privacy typically dictate our path which at this time does not include any sort of official repository that includes community contributions. As for an official repository maintained by us with contributions only by Microsoft, the overhead involved is difficult to justify vs. actual product development.
- Autopilot Device Preparation seems like a good evolution especially in removing the pre-registration of devices, but we need self-deploying mode for shared machines. Any timeline for when it might be supported in that service?
- Jason_SandysHi Jamie. Enabling additional scenarios for the new Device Prep profile is something under deep investigation. There's nothing specific to share on this at this time though.
- SO, are we ever going to get Google Chrome browser deployment in Intune. Also are more Apps going to be added to the Microsoft App deployment market?
- Eric are you saying you cannot deploy chrome with Intune? I am fairly certain you can, at least with Windows devices (have not tried Android or iOS yet personally. However as an App we deploy Chrome and have not seen issues AFAIK.
- You can deploy by building the App package. But I was referring to making it available in the Microsoft market, just like they have Firefox, so that it will automatically update itself when there's an update.
- Is it possible to assign an autopilot profile to a device from https://admin.microsoft.com/ without being an Intune Admin? Group assignment is overkill for single device assignment
- Graph API is your friend here. I have done many this way. Happy to connect and share code, there are also many examples out there.
- you can create a powerapp that can do that using graph api
- Thanks for the info. Do you know what roles are needed to do it this way?
- Servers in Intune would be nice, but Servers with Entra ID for Hybrid servers especially is a must, that has got to get to the top of the list IMO.
- Jason_SandysWhy? What challenge does this solve or address for you? What's the scenario?
- OK well in a Hybrid world, for example (think smaller not necessarily massive org with money and power) On-Prem servers have to be local machines and not Entra Joined. Any apps (especially legacy) might use UNC paths to shares, for example. Entra Signed in users on Entra Joined Devices cannot auth to those shares, cannot rdp or use other services with their entra credentials. If they use Hello for auth cloud works great, on-prem and legacy do not work at all. Sure there is Hello for Business, but that is a lot of overhead to set up and manage correctly especially for SMBs or orgs with just a few critical legacy systems. Some legacy stuff, might indeed be critical and only used by 1 dept or a few people, but not "big enough" or worth the cost of moving it to the cloud or retooling it even, but it IS important still. Those legacy systems like that hamper the ability to go cloud only. Windows Server Azure Edition works great and users can login with credentials from entra, audit logs match, great for compliance, yet this does not extend down to hybrid, complicating compliance as well. So, since those systems are in use (maybe dev, maybe qa, maybe internal use, etc) they have to be individually managed, their LAPS controlled differently, their Malware/endpoint protection managed separately, apps installed/updated also, managed separately. see what I mean? I tried to explain it in a way that would make sense, I hope it does.
- Are you working to integrate other OEM partners than HP and Dell ? What is the future of Partner Portals ?
For Shared multi user devices, what is the best way/best practice to clean up stale profiles? Shared PC mode doesn't always seem to work deleting inactive profiles.
also We had CMtrace deployed to all devices when using SCCM, however now we no longer use SCCM we don't have access to cmtrace. Could it be added to the store?- Mike-DanoskiAre you referring to Windows user profiles themselves or something else?
- Yes, Windows user profiles. (Education scenario with many shared devices)
- download cmtrace package it using PSADT and deploy it via intune as an app
- Thanks for Reply Rich. Do you know of a download location for cmtrace other than getting it from SCCM Site server?
