UPN Not getting updated on Azure
Hello team, Infrastructure: we are currently supporting Windows Autopilot (Entra Hybrid Joined). As expected, we see two device objects in Azure for each device we provision. One for Entra joined and another one for Entra Hybrid joined. Issue: Sometimes we receive requests to change the primary user of a device in Intune. When we change the primary user in intune, the new UPN is getting updated only on "Entra Hybrid Joined" object in Azure. If I check the "Entra joined" object, we still see the UPN of whom initially provisioned the device. It is not possible to update the UPN in Azure or delete the object. Due to this issue, the azure device limit has been reached for many service desk persons who help employees to setup the devices on behalf of users.
do you need to ad join devices for intune to work
Hi I currently have devices joined on prem and managed by gpo and would like to manage them by intune. I think best path is hybrid ad joined. All users either use VPN or are directly on prem. Will configuring a SCP and gpo to make them hybrid join require SSO? They will all authenticate to the domain controller. So why would i need SSO? After I get them hybrid joined, do i need to install intune connector too? right now they are registered to azure ad and password hashes are synched, and i dont care if users are promted for a password to use 0365. Thanks
Move Hybrid Azure AD Devices to Intune
Hello, we have already a lot of devices on our azure active directory (AD) registered. We want move them to Intune / Autopilot without generating hardware hashes. Is it possible? To move existing Azure AD Devices to the Microsoft Intune Center? And how we can solve this problem? Thanks a lot Best Regards NYGIA - 2.0 - Get Intune Assignments
GIA - Get Intune Assignments Hello everyone I just released a new version from my App. Release GIA v2.0 - Get Intune Assignments · sibranda/GetIntuneAssignments (github.com) It's a C#.NET application developed for Intune to query MS Graph Information from Intune Assignments who target the Azure Ad Groups. You can export the data to CSV file if you wish. In this new version you can get information from the following types of assignments: Adm Templates; Applications; App Config Policies; Autopilot Configurations (new on 2.0); App Protection; Conditional Access; Compliance Policies; Configuration Profiles; Settings Catalog; Endpoint Security Policies; Enrollment Restrictions (new on 2.0); iOS App Provisioning (new on 2.0); Policy Sets; PowerShell Scripts; Proactive Remediations (new on 2.0). All this from a Graphic Interface with just a few clicks. Release GIA v2.0 - Get Intune Assignments · sibranda/GetIntuneAssignments (github.com) Please send me any feedback you want. This can help me to fix bugs and make better solutions to help everyone.
Unknown filter (Notes eq 'bc3e5c73-e224-4e63-9b2b-0c36784b7e80') in Intune
Hi, While working with Intune Graph API, I noticed a weird filter in the endpoint.microsoft.com used in their API calls. $filter:(Notes eq 'bc3e5c73-e224-4e63-9b2b-0c36784b7e80') I am trying to sort the devices in the response by their enrolledDateTime. I used the orderBy parameter in the request, but I couldn't get the desired response. $orderBy:enrolledDateTime When I used the above filter along with the orderBy parameter, the devices in the Graph API response were sorted. I couldn't find any data on the specific filter. It seems like the filter is hard coded into the website. Could you please provide any information about this filter used in the endpoint.microsoft.com API calls ? GET https://graph.microsoft.com/beta/deviceManagement/managedDevices Thanks. Intune_Support_TeamisManaged but mdmdDisplyaName (blank)
Hola! Would like to understand difference between "isManaged" and really getting managed by an MDM, in this case MEM. isManaged = True I'm onboarding devices to MEM Intune, currently only worried about Hybrid devices. Hybrid environment (AD Connect configured), MDM Enrollment GPO deployed. After 3 weeks only 262 out of 462 units have enrolled to MDM, needle is not moving at all. Might be a lot of options. For now I would only like to understand what does it mean that an Azure AD "Device" object has the "isManaged" attribute set to True when not already enrolled to intune, is this a clue that it has started the procees? is it just nothing? Thanks in advance for feedback and/or comments. Best regards, Manuel
Decrease Maximum Number of Devices Per User
Hi All, Currently in our Azure AD tenant the "Maximum number of devices per user" is set to unlimited. I want to decrease this number to 20 a per MS recommendation. The problem I have, that I could not find any information on, is this. There is one account that have Enrolled and is the Primary User on about 180 devices. My question is, without removing the Primary user or changing this account from being the primary user, what will happen to these devices when I decrease the Maximum number of devices per user to 20? Will any of those devices become stale, require a new sign in or an update on the user side? Thank you.Best practice for Win10 local admin user when computer offline
I have question about your best practices for organizations. Scenario: You have only Azure AD joined - Windows 10 computers, with Intune MDM management. Only one user is using Windows 10 PC device, and has local admin rights. Additional Azure AD users are deployed as local administrators to the device. There is also Bitlocker encryption and secure boot implemented. Challenge: What if user forgets the password (or user is no longer active in organization), and device goes offline (example network card driver issue), how can other users / Azure AD users, login to the device, to fix the issue on local windows? Possible solution would be to deploy always additional local windows account, with admin rights, but this always has sign-in disabled (since Intune enforces this). What do you recommend?
