Windows Office Hours: February 20, 2025

Is it expected that the Company Portal app on android does not support signing in with an NFC FIDO key? It seems to only work with keys that get plugged in to USB. NFC works fine on iOS tho.

At my organization, our concerns about migrating our fleet to Windows 11 have never been about unsupported devices, it is usability issues for both the tech savvy and those that do not easily learn new technology. As Windows 10 EOL is approaching and many problems remain, I'd like to hear what the Windows 11 team is doing to bridge the usability gap between the two operating systems. Namely, there are still huge differences in the Start Menu, Taskbar and Systray. The lack of continuity in function will create a huge loss of productivity and an added burden on our Help Desk. Here are a few specific items I know are barriers: users do not see All Apps when clicking the Start Menu without clicking an extra button, missing toolbars on taskbar (e.g. Desktop), no option to always show all icons in Systray, no option for two row Taskbar, centered Start Menu and Taskbar icons by default. It would be easy to update if Windows 11 included an option to use the Windows 10 Start Menu, Taskbar, and Systray. This is possible with 3rd party tools, but it should be an option built in the OS. What is the team doing to minimize these usability issues, address missing features from Windows 10, and overall create an experience that minimizes friction for those that are not tech savvy before Win 10 EOL? I’ve asked this once before and “re-train your users” was the only answer. That doesn’t come close to addressing any of the concerns. Many of those issues require several steps to get to the same place instead of one. That loss of productivity is regular and recurring—not something addressed by training. I know you’ve added other security features, but not being able to show all apps in the system tray for our savvy users is a security risk. It is also unhelpful and an added inconvenience when apps that have been set to be visible have to be re-done after that app updates. I know that software publisher could do something different, but one setting in Windows means we don’t have to address that problem with several other software vendors. And, this was there in Windows 10. Simply bringing over the Windows 10 Start Menu, Taskbar and System Tray from Windows 10 would have led us to update all our devices two years ago. To make all of these matters worse, updating from Win 10 to Win 11 does not bring over preferences set in Win 10. I implore the team to delay EOL on Windows 10 until the transition process has more continuity and is less disruptive.

Welcome to February's session of Windows Office Hours! We'll be here for the next hour reviewing and responding to your questions here in the Comments section. Let's get started! 🤔❓⌨️🖱️

Hi,

As per article KB5025885 Step 4 'Apply the SVN update to the firmware' of the Mitigation Deployment Guidelines refers to enabling a self revocation feature, which is straight forward.

However, there is no additional information how to query if the feature has been successfully applied! Even the support KB5016061, does not include event log listed, which by the way is 'ProviderName: Microsoft-Windows-TPM-WMI Event ID: 1042'. The Event ID will indicate that the command was successful, which is great, but i am hoping to be able to query this directly on the UEFI DB if possible.

The reason:

• I am deploying this to a Tenancy via Intune 'Detection and Remediation' script pair and will need to be able to query, in the Detect script, devices that have the SVN enabled after a device OS reset!
  (an OS reset after applying the referred secure boot changes, in the above articles, clears the event log and any query targeting an event ID is irrelevant)

For example:

• I can query (ps command below) the PCA 2011 certificate revocation directly on the UEFI dbx (very helpful for a device after OS reset as the event log is cleared):[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI dbx).bytes) -match 'Microsoft Windows Production PCA 2011'

At this time i have not been able to find a similar solution to query whether the SVN feature if it is ENABLED or still needs to be enabled.

Any assistance will be appreciated.

Thank you

What is the Difference between parameters User Agent and browser in sign-in logs?

Based on what factors user id is decided as risky user?

What are the most common and special case to suspect the user sing in as suspicious? in both sign-in and audit logs.

We have hybrid joined Windows 10 Enterprise devices. We have been using a feature update to Windows 11 23H2.  I am seeing in some cases users that are syncing with Intune for polices they are not getting Quality updates.  When I check for updates it displays "Download and Install". It seems to ignore the fact the device is managed by Intune.  I had a case open for months with support and they shared if I delete 

DECISIONENGINEPATCH" of key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Settings

This will reset the Windows updates, and it will start to download the patches. That is great but I have devices that this needs to happen every month. 

Is there something else that I can do?

Hi there! We're seeing continuous error popups on multiple Windows 11 23H2 systems in our organization. We have an on-prem 2019 AD and have been using the CIS Win11 v2.0 GPO without any issues until recently. We'd really appreciate any insights you can provide to help us resolve this. Thanks a lot!

Errors Encountered:

"The SearchProtocolHost.exe error "The instruction at 0x00007FF75424610B referenced memory at 0x0000000000000000. The memory could not be read,""
Outlook Notification: "Windows search exited without properly closing Outlook data file" appears for some users.
Event Viewer Access: When the error popup appears, attempting to open eventvwr.msc from Run shows "not enough memory," but it can be opened from the Start menu.

Observations:
Temporary Workaround: Unlinking the CIS GPO resolves the issue. We are using CIS Win11 v2.0 GPO for a long time without issues. This GPO has all the CIS guidelines except BitLocker, LAPS, and Windows Update policies.
Timeline: Issues reported by some users in early January, with more reports in early February.
Search Index: The search index shows as paused, and the Search Index Troubleshooter reports recent crashes of SearchProtocolHost.

Troubleshooting Steps Taken:

Group Policy Settings:
Disabled Policies: Windows Defender, Memory-related, Search-related, Device Guard
Despite disabling these policies separately, the issue could not be isolated.

Reset Windows Search:
Stopped the Windows Search service, deleted the search index database (Windows.db), and restarted the service.

Rebuild Search Index:
Attempted to rebuild the search index through Settings.

Windows Updates:
Ensured the system is up to date with the latest patches and updates.

System File Checker (SFC) and DISM:
Ran sfc /scannow and DISM /Online /Cleanup-Image /RestoreHealth to repair corrupted system files.