This is an excellent interview. Please do more “case studies”like this talking about their experiences with Intune. It’s one thing hearing dont do haadj, do AAD join only from Microsoft and a bazillion MVPs, but it’s really helpful hearing from front line engineers and architects talking about their real world experiences. ❤
Loving the Intune vids, keep them coming :) Started with Intune ourselves at work since a few months ago, and those videos have been such a great help. Even though this time it was just someone talking about his experience instead of a tutorial/guide, it still helps a lot because we can compare it to our progress to see if we're on the right track or not :)
Could someone direct me to a doc or elaborate when he says "Remotely elevate using their internet connected azure account" I am not familiar with. it starts at 20:50
In our case, we assign local admin to Azure accounts using the "Azure AD joined device local administrator" role. When the user attempts to elevate an action and it prompts for admin, a helpdesk associate with the above local admin role provides credentials in real time and completes the action (via remote assist). UAC will need to be configured properly depending which remote assist solution you intend to use.
@@LonicaMewinsky oh this sounds awesome. Is there any documentation on this. We are in the planning and pilot stages of removing local admin accounts. Something like this would be great.
@@JessieS In Azure go to Devices then settings, it will list a link to the local admin role. I have two setup, one group that is always on, for support techs and then another role that is tied to PIM, for staff that doesn't need the local admin all the time, that kinda works, it has some latency that is unwanted.
For your DO connected cache servers, configure them using DHCP options. Clients automatically find their cache server from DHCP. No need to have dozens and dozens of device configs. Plus it also works with users who travel between sites.
Great video, I like the no Admin PW idea, I could see the move to remove the local admin we push out as we already have it via Azure local admin on 144k Win 10 Intuned devices. @IntuneTraining, can you please make a video covering installing apps that have no Silent switches?
If an app has no silent switches, reach out to the vendor and tell them you wont use it until they fix their crappy installer. Failing that, make the installer "available" for install via the Company Portal and set the install scope to "User". If the installer requires UAC / admin elevation and the user isn't an admin, refer to the top suggestion. - Ben
@@IntuneTraining thanks, yeah I beat up vendors all the time. Most give in and make or send us a better installer. Edu has it's challenging parts like never ending supply of crappy software.
Thanks to all who push back on software vendors. More than a /silent switch, I would like to see all software in the Microsoft Store and drivers in Windows Update. #ShouldBeUWP
@Intune Training Thank you for all these nice videos, could you please create a video about how to handle Drivers and Firmware for devices with Intune, when looking at MMD (Microsoft) only four OEM manufacturers are supported (Dell, Lenovo, HP and Microsoft Surface), where Microsoft Surface can automatically update drivers and firmware via Windows Update, Dell it's possible to use the Dell Command Update tool and for HP and Lenovo they tell us to package drivers and deploy with Win32 Apps... What are the best practices for you?
I would really like to see a video about getting existing devices hardware information and importing them into autopilot or retro fitting them as Tim Watson was talking about . I know how to do it with a single machine one at a time but am interested in seeing doing it in bulk. Does Microsoft have any ready made scripts to do this or would I have to create a powershell script and deploy it with sccm and have it create one hardware csv file for multiple machines? Not really sure the best way to try and do this so it would be cool if you had any pointers on doing this. Thanks
Typically Known folder move (KFM) with onedrive is the way to go moving forward, tack on Enterprise State Roaming (ESR) and you have a sweet spot. It does require some user training on what folders are backed up.
We abandon them, relying on OneDrive/KFM and Enterprise State Roaming. It's a well-understood policy that there is no expectation of manual data transfer or recovery. At this stage we still have cursory checks to ensure we're not losing anything through an in-place reset.
Anyone able to help me I’m trying to push down a new version of the app on Intune,but the file path I chose is being used by the old version which was installed manually what do I need to do to push the new version and remove the old one . I’m new to all this And I’m trying to understand how the packaging system all work :( . Any help will be greatly appreciated
What do you mean EXACTLY by retrofitting? Also SCCM is dead, every hour you spend on it is a waste of your life. Users can self provision devices in the same way they unbox phones. Your job is heading to a dead end.
The retrofit process is described in fair detail immediately after it's mentioned at 35:44. Essentially, collecting hardware info, adding the hardware info into Autopilot, and resetting the device in-place. It's "easier said than done," but SCCM will make things much easier in our capability to collect information on the existing devices, such as applications list and even hardware tuple that goes directly into Autopilot. Regarding SCCM's lifecycle, it's mentioned in the video that Intune is the successor in that environment, and it is being migrated away from. Hope this helps.
sup guys!! awesome series looking forward to more
Great insight Tim Watson, thanks!
Im working on a project very simular to this guy. I got 6000+ devices over 20 countries
This is an excellent interview. Please do more “case studies”like this talking about their experiences with Intune. It’s one thing hearing dont do haadj, do AAD join only from Microsoft and a bazillion MVPs, but it’s really helpful hearing from front line engineers and architects talking about their real world experiences. ❤
Loving the Intune vids, keep them coming :) Started with Intune ourselves at work since a few months ago, and those videos have been such a great help. Even though this time it was just someone talking about his experience instead of a tutorial/guide, it still helps a lot because we can compare it to our progress to see if we're on the right track or not :)
that was FIRE!
Great video. Wish Tim explained a bit how they made that direct jump from on-premises to Intune
Could someone direct me to a doc or elaborate when he says "Remotely elevate using their internet connected azure account" I am not familiar with. it starts at 20:50
In our case, we assign local admin to Azure accounts using the "Azure AD joined device local administrator" role. When the user attempts to elevate an action and it prompts for admin, a helpdesk associate with the above local admin role provides credentials in real time and completes the action (via remote assist). UAC will need to be configured properly depending which remote assist solution you intend to use.
@@LonicaMewinsky oh this sounds awesome. Is there any documentation on this. We are in the planning and pilot stages of removing local admin accounts. Something like this would be great.
@@JessieS In Azure go to Devices then settings, it will list a link to the local admin role. I have two setup, one group that is always on, for support techs and then another role that is tied to PIM, for staff that doesn't need the local admin all the time, that kinda works, it has some latency that is unwanted.
@@christophercass5713 gotcha thanks!!
For your DO connected cache servers, configure them using DHCP options. Clients automatically find their cache server from DHCP. No need to have dozens and dozens of device configs. Plus it also works with users who travel between sites.
Definitely looking at the DHCP 235 option now. That'll get us over the finish line I think. Thanks sir.
Thank you!
Great video, I like the no Admin PW idea, I could see the move to remove the local admin we push out as we already have it via Azure local admin on 144k Win 10 Intuned devices. @IntuneTraining, can you please make a video covering installing apps that have no Silent switches?
If an app has no silent switches, reach out to the vendor and tell them you wont use it until they fix their crappy installer.
Failing that, make the installer "available" for install via the Company Portal and set the install scope to "User". If the installer requires UAC / admin elevation and the user isn't an admin, refer to the top suggestion.
- Ben
@@IntuneTraining thanks, yeah I beat up vendors all the time. Most give in and make or send us a better installer. Edu has it's challenging parts like never ending supply of crappy software.
@@IntuneTraining *cough* HP!
Thanks to all who push back on software vendors.
More than a /silent switch, I would like to see all software in the Microsoft Store and drivers in Windows Update.
#ShouldBeUWP
@Intune Training Thank you for all these nice videos, could you please create a video about how to handle Drivers and Firmware for devices with Intune, when looking at MMD (Microsoft) only four OEM manufacturers are supported (Dell, Lenovo, HP and Microsoft Surface), where Microsoft Surface can automatically update drivers and firmware via Windows Update, Dell it's possible to use the Dell Command Update tool and for HP and Lenovo they tell us to package drivers and deploy with Win32 Apps... What are the best practices for you?
The title of this video scares me... now watching in fear haha
I would really like to see a video about getting existing devices hardware information and importing them into autopilot or retro fitting them as Tim Watson was talking about . I know how to do it with a single machine one at a time but am interested in seeing doing it in bulk. Does Microsoft have any ready made scripts to do this or would I have to create a powershell script and deploy it with sccm and have it create one hardware csv file for multiple machines? Not really sure the best way to try and do this so it would be cool if you had any pointers on doing this. Thanks
I don't have the SQL handy, but if they are managed by Configuration Manager, it has already collected the hardware info for you.
Currently in the process of going from mobile iron to intune.
What is the best way and tool to Manage Hybrid and AAD joined device?
my organization is nowillingng to spend much oWindowsws Admin Center and Azure Arc
How did you move the user profiles from old user to new AAD User or did you abandon it?
Typically Known folder move (KFM) with onedrive is the way to go moving forward, tack on Enterprise State Roaming (ESR) and you have a sweet spot. It does require some user training on what folders are backed up.
Alternatively a tool like ForensIT or Laplink will also work if you want to preserve everything
We abandon them, relying on OneDrive/KFM and Enterprise State Roaming. It's a well-understood policy that there is no expectation of manual data transfer or recovery. At this stage we still have cursory checks to ensure we're not losing anything through an in-place reset.
Anyone able to help me I’m trying to push down a new version of the app on Intune,but the file path I chose is being used by the old version which was installed manually what do I need to do to push the new version and remove the old one . I’m new to all this And I’m trying to understand how the packaging system all work :( . Any help will be greatly appreciated
Go join the WinAdmins community discord server I'm sure someone in the #intune channel would be happy to help! aka.ms/winadmins
You pay $250 To have CDW attach the Hash ID to your tenant? That’s crazy 😂😂😂.
Hope you meant $2.50 .
Yes $2.50
Stop eating on video
What do you mean EXACTLY by retrofitting? Also SCCM is dead, every hour you spend on it is a waste of your life. Users can self provision devices in the same way they unbox phones. Your job is heading to a dead end.
The retrofit process is described in fair detail immediately after it's mentioned at 35:44. Essentially, collecting hardware info, adding the hardware info into Autopilot, and resetting the device in-place. It's "easier said than done," but SCCM will make things much easier in our capability to collect information on the existing devices, such as applications list and even hardware tuple that goes directly into Autopilot.
Regarding SCCM's lifecycle, it's mentioned in the video that Intune is the successor in that environment, and it is being migrated away from. Hope this helps.
*ConfigMgr.
Being annoying on the internet is a dead end.