Event banner
Event details
- Heather_Poulsen
Community Manager
Welcome to Office Hours for June 2024! Love seeing all the questions so far. We're here for the next hour to help you with your configuration, deployment, and security questions.
- Is there a way yet in Entra/Intune to see all the apps, policies etc. assigned to a group please? Thank you 🙂
- Phil_Urban
Microsoft
There isn't a native way to view this information. However, there are some community solutions out there. For example, check out Martin's blog here: Group-Centric documentation for Intune (Part 1) – mAnimA.de
- Joe_Lurie
Thanks Phil_Urban, and thanks for the question HeyHey16K . You can use PowerShell to get this as well. See this Tech Community blog for more information: Use PowerShell to retrieve all assigned Intune policies and applications per Azure AD group! - Microsoft Community Hub
- When will Intune stop honouring the traditional AV templates (in the Endpoint Security blade) that were superseded by new AV templates about 1.5 years ago please? Thank you 🙂
- Phil_Urban
We don't have any plans to about the retirement of legacy policies to share at this time. Generally, announcements are made well in advance about the deprecation of functionality in Intune.
Can you expand on the specific functionality/configurations you are referencing and how deprecation would impact your processes?
- Hey Phil, thank you for your reply :) We had our AV settings configured using the default Intune templates (under configuration policies), then MS released the Endpoint Security blade, so we moved everything to those AV policies, then MS released even newer AV policies within the Endpoint Security blade (based on Settings Catalog). Haven't finished migrating everything across to these newest AV policy templates, so was trying to gauge EOL deadlines JIC it was any time soon 🙂
- In Intune is there a way to automate the extension on the "pause updates" on the update rings please? Currently "pause updates" expires every 35 days and we have to (remember to) manually extend it again ourselves? Thank you 🙂
- EricMoeThis is a function of WUfB: https://learn.microsoft.com/en-us/windows/deployment/update/waas-configure-wufb, the pause is a period of up to 35 days. So this is a limitation of how the pause is configured versus a limitation in Intune. If you are skipping monthly updates, you are putting your devices at a security risk, so please be careful with extending beyond a month.
- Hey Eric, thank you for the reply. Unfortunately, we have a handful of devices we need to exclude due to a legacy app they run. It's a temporary measure not long-term. We just have to remember to extend it every 30 days if it cannot be automated....
- I am running into an issue where hybrid joined devices are stuck in the "in progress" for device enrolled in Windows Autopatch. The fix seems to be doing a manual sync from the device using the following steps Click on the Start menu. Select "Settings". Click on "Accounts" in the left-hand menu. Under "Accounts", you should see "Access work or school". Click on domain.com or use the arrow if it is there Click on Info Scroll down to "Device sync status" Send me an error that is present Click on Sync We use Zscaler for our VPN and it seems that it is blocking the device from checking into Intune. When doing the manual sync if it gets an error I am restarting the tunnel service on the device. I am wondering if there is a way to do the sync remotely using something like PowerShell? Is there a log file that would document the issue with not being able to sync to Intune so I can work on it from that direction?
- EricMoeIt sounds like one or more Intune endpoints are not open through your network/VPN. Check out this page https://learn.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints?tabs=north-america where you can confirm that the endpoints for Intune are open. The sync can also be initiated from the Intune side (locate the device, select Sync Settings) but if the network destination is unreachable by the client, it won't be able to sync policy. Check your VPN configuration and verify the destination addresses are reachable.
- DaveD-MS-CETSAutopilot also has some networking endpoints of it's own, so building on Eric's response, it's worth checking that these are available during enrolment https://learn.microsoft.com/en-us/autopilot/requirements?tabs=networking#networking-requirements
- In the different possibilities offered in the user experience at the Windows update for business in intune, all updates are installed automatically, none of the options allow automatic downloading, and installation on demand. This causes problems especially when drivers are installed (disconnection, flickering, etc.) and therefore a very poor user experience. Is there an option that could better manage installations during working hours? Thanks.
- Whether intune or other, there really should be something to alert the end user that an install is happening. The updates that supposedly don't require a restart in most cases do. Programs quit working correctly, sometimes work is lost, and productivity definitely is affected. Even if you don't provide an opt out opportunity, it would be beneficial to provide a 5 minute warning at least, or an option to delay if they are in an important meeting or trying to meet a critical deadline. These quiet installs are a big problem and cause most of our help desk calls. Loss of network connectivity, programs not responding correctly, etc..
- Can you tell me how to give a warning 5 mins before or give the possibility to postpone please?
Two questions.
- What IPs and FQDNs need whitelisted, in order to ensure Autopilot is able to reach a custom oobe message like "Welcome to Contoso" and proceed through enrollment under a tenant, rather than simply asking the user to sign in to a Microsoft account, displaying the license agreement, etc?
- Is the same functionality available per enrollment profile (not just tenant wide "Company Branding") for Windows 11, as Windows 10? If not, why not? And are there plans to implement that in the coming months as 10 begins to sunset?
- Hung_DangYou can find the list of networking requirements for Autopilot at https://learn.microsoft.com/en-us/autopilot/requirements?tabs=networking#networking-requirements. Company branding should also be available for Win11 as in Win10.
I'm reviewing our branding(s), looking to build out another today, even as a test. Right now I found when I build a VM, assign it to the right groups for our sister company, I see the wrong company name, because it's Windows 10? From my understanding we have none of the above working for Windows 11. Though the ESP, app download et al are segmented appropriately. Please expound and I will compare and contrast.
