Windows Office Hours: November 21, 2024

Where can I find information on the future of WSUS for environments that are only on-prem with no internet connectivity for the clients?

Will Autopatch be fully available for A3 and A5 licensed users? As of now it seems like it's only partially available. 

I am moving from Trellix Disk Encryption to Bitlocker. I decrypted the machine from Trellix and then encrypted with Bitlocker. The Drive gets encrypted, however after a restart the machine is always asked for the Bitlocker key. I did notice in the System Information with Secure Boot enabled, PCR7 binding is not possible and PCR7 is not supported. I updated, TPM version, BIOS version and all drivers. Also ensured Modern Standby is enabled and secureboot too. Any ideas on how to resolve this issue? I see this on all machine in the environment. 

Welcome to Windows Office Hours! IT pros - we're here to answer your questions for the next hour so please post them here in the Comments. Experts from Windows, Intune, and customer experience teams are here to help. :) 

Is there a possibility of the Intune Remote Help program having the ability to allow unattended remote control like Remote Control in SCCM? 

Hi, is there a way to set Windows Services as Automatic via Intune (config profiles and other means?)

thks

Hi, 

is there a way to use the autopatch reports without having to put devices into rings.

We only use WUFB, but we would like to use the Autopatch reports since they seem to be better in some aeras.

Thks

Hello Microsoft Team,

In my company we have already a ring based system, where we manage our devices automatically and split them between different on-prem AD security groups.

We have enrolled our tenant with Windows Autopatch and created different Autopatch groups. 
For each Autopatch group we have assigned our own custom ring based AD security groups, and within Autopatch settings we are only using the deployment test ring (which is empty) and the deployment last ring (assigned with our own custom group).

Autopatch Group | Deployment Ring | Assigned AD Security group

Autopatch RING.0 | Autopatch RING.0 - Last | RING.0 - Test ServiceDesk Users
Autopatch RING.1 | Autopatch RING.1 - Last | RING.1 - Test IT Global
Autopatch RING.2 | Autopatch RING.2 - Last | RING.2 - Test Pilot Users
Autopatch RING.3 | Autopatch RING.3 - Last | RING.3 - All Production Users

From time to time we have the need to move some of the devices between different security ad groups (rings).
Is there a way (remediation script or another method) for Autopatch to check if the devices have been moved from the original autopatch group and if so, to un-register them and re-register the devices again in the current and correct new autopatch group?

Is Microsoft Update Health Tools supposed to be installed on Windows 11 24H2? I noticed my Intune remediation script (which runs if the "Microsoft Update Health Service" service does not exist) has recently run on every machine that has upgraded. That tells me that it was removed as part of the upgrade, which makes me wonder whether it is meant to be installed on this Feature Update.

(If you're not aware, the Microsoft Update Health Tools update is required for expediting security updates through Intune, as documented here).

Hello Microsoft team,

What is the best recommended path for the upgrade on the following Windows Client OS:

Windows 10:

1. Windows 10 22H2 PC to Windows 11 22H2

2. Windows 10 22H2 PC to Windows 11 23H2

3. Windows 10 22H2 PC to Windows 11 24H2

Windows 11:

1. Windows 11 22H2 PC to Windows 11 23H2

2. Windows 11 22H2 PC to Windows 11 24H2

I have Windows 10 22H2, Windows 11 22H2, Windows 11 23H2. I am trying to find the best recommended path to get them upgraded to the latest Windows 11 24H2. Please provide some clarity (if possible, can you guys come up with an article for upgrade strategy).

Thank you in advance.