Does this support Windows 10. Looking at maybe this is the route we can go to get our migration to intune and use it to do feature update to win11
@getrubix7 сағат бұрын
It does
@vagabondghost4939Күн бұрын
I tried this but somehow it is not detecting the personal teams therefore it is not running the remediation. Manually it is detecting that teams is installed.
@vagabondghost4939Күн бұрын
How can i remove Teams personal during autopilot setup, also from existing devices... I just want to keep corporate Teams installed...
@getrubixКүн бұрын
Check out this video for removing Teams personal: kzbin.info/www/bejne/joeciWOfpJWFf6c
@joextreme2 күн бұрын
Does GPO stay affected to the machine when Entra joined, same for mapped network drives?
@getrubixКүн бұрын
Depends on the GPO. There are some considerations that are involved in the Intune config side before moving
@bayer0482 күн бұрын
Fantastic Job Steve!
@getrubix2 күн бұрын
Thanks
@trishitbose8232 күн бұрын
Amazing Video, now I could implement this in our environment and users can access file share without a password entering
@trishitbose8232 күн бұрын
@getrubix could you assist me here as i get this error message while testing it out The system cannot contact a domain controller to service the authentication request. please try again later. This message shows up on the pop up box of Windows Security , enter network credentials. we have AzureAD joined devices and the user identities are created on on-premAD and trying to access the print server
@spitzer6662 күн бұрын
what would be the Enrollment profile name under Hardware ? Can we set the profile and Tag details as well ? Thanks.
@getrubix2 күн бұрын
Yes the tag can be set in the configuration
@ppetrix2 күн бұрын
Niceee. But if source user has OneDrive with backup activated so he has many files on desktop but they are on demand. Is this will be a issue¿ how do you see this done ? Should I unlink the OneDrive prior to the script? Is not an option to set OneDrive to keep on device because is over the hdd size. I have much to think about 😂
@getrubix2 күн бұрын
There's a lot to consider- feel free to hop in the discord server if you haven't already to discuss. discord.gg/getrubix
@Twenty10352 күн бұрын
Does this solution take a device from Entra Hybrid Domain Join to Entra Join?
@getrubix2 күн бұрын
Sure does :)
@Spint3rz2 күн бұрын
Is there configuration needed in the script? I don't understand how it auto detects the entra ID settings to join to intune... Does it need an account hard-coded to do the join or does it use some service account
@getrubix2 күн бұрын
There is configuration involved. To join the new tenant, a provisioning package is used. I'll be going deeper into the solution in upcoming videos.
@Spint3rz2 күн бұрын
Thanks
@Spint3rz2 күн бұрын
Also curious, how it might handle a situation where the desktop and documents are redirected to the file share on a domain joined.... Will it move those back local?
@MrMarcLaflamme3 күн бұрын
Does this tool work for Hybrid to Cloud?
@getrubix2 күн бұрын
Yes
@MrMarcLaflamme2 күн бұрын
@@getrubix oh awesome. 👏
@MikeEckerle-e1w3 күн бұрын
would this take a device from hybrid to entra joined?
@getrubix2 күн бұрын
Sure does
@ppetrix2 күн бұрын
What about a hybrid to another tenant entra join only? I need to migrate pc with the user to other MS tenant that will be cloud only. Tnx for your videos.
@TheRancid113 күн бұрын
Hello, thank you for the video. was the part two relised ?
@getrubix2 күн бұрын
It seems like it went by the wayside. I do have it planned to get a follow up created.
@madhusunke11023 күн бұрын
if i remember correctly, Microsoft don't support to remove device from domain and then join to Entra ID.
@getrubix3 күн бұрын
They sure don't.
@CujoSR3 күн бұрын
This is exactly what I need for a few of my clients as wiping and restoring is not an option. What are the gotchas for this use case since the script is meant for tenant to tenant migration?
@getrubix3 күн бұрын
It has been refactored to do more than just tenant to tenant. If you want, you can register for the August 5th beta access at discord.gg/getrubix
@Iwannalearncsharp3 күн бұрын
Thanks, dude. This really helped.
@MrPdlux3 күн бұрын
Is this a free tool from MS?
@getrubix3 күн бұрын
This is an open-source (free) community tool created by me. The latest version is going into beta access on Monday August 5th. You can register in the GetRubix discord server discord.gg/getrubix
@MJ_DA3 күн бұрын
Is there an option to assign a group tag in the migration script?
@getrubix3 күн бұрын
100%
@MrSausageT3 күн бұрын
This looks awesome. Just a question, what happens to any local user data? Desktop, pictures, documents. I assume if it’s the same profile this will still reside in the original places?
@getrubix3 күн бұрын
Yes, everything stays the same :)
@nomerllano88773 күн бұрын
Hi Steve, our organization uses OneDrive KFM. Will this still work OK with profiles that have OneDrive backup enabled?
@getrubix3 күн бұрын
Absolutely
@nomerllano88772 күн бұрын
@@getrubix Thank you!
@alexk78373 күн бұрын
Good stuff. Do you disable hello or keep it?
@getrubix3 күн бұрын
Either way works
@alexk78373 күн бұрын
would it take care of the autopilot enrollment mfa prompt as well?
@getrubix3 күн бұрын
Yes
@tupac.s4 күн бұрын
Excellent. Looking forward to what comes next. 🙃
@paulwoodward82654 күн бұрын
Nice one!
@henverrrodrigo4 күн бұрын
Excellent Steven, looking forward to the hybrid!
@denysutkin4 күн бұрын
You are just a MAGICIAN. I look forward to your new videos every day! Thank you very much for this and your time!
@akverma69734 күн бұрын
Thank you so much for making appliation packaging smooth.
@getrubix4 күн бұрын
You are so welcome!
@tony1611884 күн бұрын
Any options to move from hybrid with co-managed ....to Entra Joined with Intune ... retaining user profile ?
@getrubix4 күн бұрын
Yes 💯
@russmansoori59875 күн бұрын
My client side script will not write to registry when ran from intune
@getrubix4 күн бұрын
That's no good- if you want, hop into the Discord discord.gg/getrubix to troubleshoot
@arielfunches34095 күн бұрын
Can the background music be removed/or muted???
@gezmonder2 күн бұрын
What's the difference?
@dontknowyet75035 күн бұрын
is it applicable for new device setup or existing devices too?
@getrubix5 күн бұрын
It can be applied to existing Macs
@dontknowyet75034 күн бұрын
@@getrubix my bad there was space in system extension. thank you very much helped alot
@dontknowyet75034 күн бұрын
i would like to also know what happens if local and entra ID password is different? whats happens when password is expired
@MrMarcLaflamme5 күн бұрын
When I saw this pop up I thought it was an official MS thing that was being enabled in Intune. It's still odd that there isn't a proper supported method. I'm very impressed that you've been able to get this to work so well though. I will be eagerly following this to see about going from hybrid to cloud native. Thank you!
@getrubix5 күн бұрын
Thanks- beta should be ready within a week!
@littletoes66225 күн бұрын
I have the similiar issue following the process. Can you help me fixing this issue on priority plz. Hi, I have followed the instructions and tried to block the MS store block on windows 11 pro, however after applying OMA URI I got an error code (Policy [./Vendor/MSFT/AppLocker/ApplicationLauncherRestrictions/storerule001/StoreApps/Policy] Error -2016345707) Kindly suggest if you have some remediation suggestions on priority.
@getrubix5 күн бұрын
I will look into this.
@littletoes66225 күн бұрын
@@getrubix thanks for ur response, I will look forward to resolution
@dansharp26405 күн бұрын
I’m excited to see version 7…. I had some occasions with 6.2 that left the pc in limbo if the user authentication to the destination tenant failed.
@getrubix5 күн бұрын
Yep- hopefully we'll solve that
@jbreezecoleman53456 күн бұрын
Thank you so much for this amazingly detailed video!!! I guess I am still stuck in the "OG" Autopilot mindset, because I am confused as to how will Autopilot V2 know to enroll my new device to the correct device group (W2), withOUT me uploading the hardware hash and assigning it to a device group in order for the policies and profiles to attach to it. How will this "Intune Autopilot Confidential client" Know how to recognize my brand new laptop, apply the apps and policies to it without knowing its Identification(hardware hash)? This is where Im still lost
@getrubix5 күн бұрын
Thanks- it's a VERY different mind set, but I will say this; unless there is a reason you cannot use V1, I would continue to do so until V2 becomes more fleshed out.
@jonathang85716 күн бұрын
Appreciate all the info about V2! Couple of questions - We really like having the device name template with V1, which I know isn't available in V2. There a way to set this via Intune or suppose could come up with a PS script for this? Secondly, for the corporate identifiers, appreciate the info on the automation for importing exiting devices but wondering if OEMs could automatically add devices you purchase to this, as they do for V1?
@DineshKumar-u9o5u6 күн бұрын
Hi @getrubix, another fantastic post! Since we rotate the keys every 30 days, the outdated ones continue to populate on the Microsoft page. Can the outdated Bitlocker keys be cleared from Microsoft Portal via the script? When the end user is redirected to verify the Bit-locker keys when necessary, this could cause confusion with seeing a lot of them listed on the page.
@getrubix6 күн бұрын
Absolutely- I'll follow up soon
@AmitKumarVerma-l3d6 күн бұрын
Hi, I have followed the instructions and tried to block the MS store block on windows 11 pro, however after applying OMA URI I got an error code (Policy [./Vendor/MSFT/AppLocker/ApplicationLauncherRestrictions/storerule001/StoreApps/Policy] Error -2016345707) Kindly suggest if you have some remediation suggestions on priority.
@tianfreeze34729 күн бұрын
I used the intune remediation to remove personal teams ,but the user who has logged in will still exist teams personal, new user signing in the teams personal doesn't appearr anymore. it seems that Teams Personal under the user cannot be deleted? The detection script has always been able to detect the presonal Teams .
@getrubix7 күн бұрын
I'll take a look into this.
@gmpotu31229 күн бұрын
Nice video! Thank you.
@getrubix7 күн бұрын
Thank you!
@DineshKumar-u9o5u10 күн бұрын
This is a great script, but I have a question: is it reliable to compare the Event Time created and look for Event ID 845 in the Win-Eventlog for the "Microsoft-Windows-BitLocker-API" to see if it was successfully backed up to Microsoft? Instead of using the Registry setting. $EventProviderName = "Microsoft-Windows-BitLocker-API" $startDate = (Get-Date -Year 2022 -Month 7 -Day 20).Date $EventMessage = "BitLocker Drive Encryption recovery information for volume C: was backed up successfully to your Azure AD." $EventID = (Get-WinEvent -ProviderName $EventProviderName -ErrorAction 'SilentlyContinue' | Where-Object {($_.TimeCreated -gt $startDate) -and ($_.Message -match $EventMessage)}).id | Sort-Object -Unique
@ayyappacreations665410 күн бұрын
Please share the script
@getrubix7 күн бұрын
Here is the latest version of the script. github.com/stevecapacity/IntunePowershell/blob/main/Misc%20Intune/updatePrimaryUser.ps1
@paulwoodward826510 күн бұрын
Thanks for the pod! These are good tools & techniques. A great resource for sure! I just get the feeling that for this particular scenario, there are simpler ways to get it done, like Maxime says. A runbook could do all devices at once, whether online or offline.
@642super10 күн бұрын
Hey, I have set this up with AddDAys(1) so I can force a rotation of all keys. The runbook runs and says the key has been rotated but it's not changing. Is there a time on this or should it be instant? I'm using V2 of the scripts. Thanks
@twcz310 күн бұрын
Is this really working? I have tired to add my VM and the VMs identifier is uploaded. Maybe I am just missing something, getting the same error as if its a personal device.
@getrubix10 күн бұрын
What build of windows?
@ericr617011 күн бұрын
Question for you. We already have devices in production. Does turning on "Await final configuration" and setting up "local Primary account", have an effect on already set-up devices?
@getrubix11 күн бұрын
I believe it's for new deployments only but have not tested
@Coolximi11 күн бұрын
Hey Great insights like always !! Really like the client authentication to the function app. My only question in this case why would use a remediation script on the client that calls the function app and not run a run book that does graph api calls to intune to check if the device is win 11 or win 10 and based on that information update the group tag if required. Or am i missing something here ? regards maxime
@getrubix11 күн бұрын
Thanks! I think it could go either way.
@zafer498311 күн бұрын
Ok, a couple questions that I have not yet been able to resolve. Certain parts appear to no longer be working. The right click contextual menu doesn't seem to work, I have gotten it worken but by deploying to the current user not via this default user, which is a bit annoying! The other thing that doesn't appear to be working via this method is the Search Taskbar doesn't appear to be amending. Again ive got that working by editing the Current user but wondered if there was any advice you could give for running in this way now?
@getrubix11 күн бұрын
Yeah it seems in the latest build of Windows 11, those two pieces don't work any more :-/ I'll continue to look for a solution
@62128Kevin11 күн бұрын
Hello, for the local test why did you use SYSTEM account please ?
@getrubix11 күн бұрын
I always use system to simulate Intune deploying the script 😊