I just want to know 1 thing. what do i have to do to simply enable default (i.e. how it would be set for a consumer account out of the box / sync everything and don't restrict anything...)?

Thanks for the info mate!

Your graph series are absolutely great 👍

for some reason in my tenenat im running into the issue when I try to update the diagnostic settings and send the logs to the workspace I get the error: Authorization Failed, client with object xxxx, does not have authorization to perform action Micrsoft.Insights/register/action over scope xxxxx. I do have the correct role from my understanding: Log Analytics contributor, Security Admin, I even tried monitoring contributor. can you tell me what I may be doing wrong I even ask my admin to give me perms at the subscription level as well and I still can't send the logs

Can't see the video around autopilot provisioning yet - Does it exist? Keen!

Hi Steve, I know it's a long time since you have posted it but I was not able to find the script anymore from the getrubix website and github, maybe can you post it again.

Dumb

I'm getting this error: PS>TerminatingError(Invoke-RestMethod): "The remote server returned an error: (400) Bad Request." 2025-01-23 16:22:32 PM - Error setting primary user: The remote server returned an error: (400) Bad Request. The script gets completed. 1. Machine is removed from domain 2. Files are migrated to the new profile 3. The device is azurejoined as per dsregcmd/status The device is not showing in Intune

Great Video Steve! How do you get rid of all the bloatware during the AutoPilot deployment?

AGREEE😥

If the source tenant and destination tenants aren't using autopilot is this still usable?

Got my W365 pc logging in automatically on my thin OS (RepurpOS). Very elegant solution. Thanks for the great content!

Any experience using W365 as a pseudo PAW / Jumpbox? Like a cloud accessible admin workstation with access to on-prem?

Steve, recently found your channel and have really been enjoying it. Subscribed-- totally worth it. Curious if your user profile was syncing Known Folders to OneDrive, would that still be the case post-migration?

Just to confirm, once you flip the switch from Report-Only to On, will it stop reporting?

Hi Steven, is it possible to use your tool to migrate the workgroup (non-domain joined) computer to Intune without losing the data?

Would you be able to show an App Registration using a certificate ??

Why no backtick on that last PATCH command $ sign?

Are enterprises ditching AD and going cloud only or are companies sticking with classic AD joined computers?

yeah but how do you get Autopilot to join to your Active Directory domain? Otherwise its just a workgroup joined computer with you logged in with your M365 corporate account.

Where or how does the install.xml get uploaded to Intune?

Have you done any videos regarding Apple MAC OS Automatic device enrollment videos?

This is great, thank you. Quick question. You did a basic setup, but when the Cloud PC started up, you had a custom desktop background image. How did that get applied?

Great staff as usual!!

I hope that with the new MS "thin client" cloud mini PC, it can be configured to power on and go right to a users assigned W365 cloud pc.

please create video Azure virtual desktop terminology, how works like diagram, how to setup for minimum start, how intune will manage host sessions, custom images, fxlogic, policy, if user is 100 how plan azure desktops , what is buffer

Great content! Love the concept of cloud PC and the ease of configuration and management. However, we have seen inconsistent performance issues over a few of the license SKUs that are preventing us from further rollouts. If you want users to be able to simply join a Teams call with audio and camera without doing anything else, you'll need to go higher than 4 vCPU and 16GB ram in my experience. This could quickly limit smaller companies to be priced out of the service altogether.

I'm all for using the 'modern approach' to gather this data. But the number of complicated steps to get from here to there is crazy. In SCCM, it was enable software metering, create an EXE rule and wait for data to collect and use a SCCM built-in report or if you are fancy, write your own SQL query to extract the data. Another side gripe: If you were are a SCCM engineer/admin with full admin permissions, you could do anything within the SCCM site. If you want to set up software metering for example, you could with just the few steps I mentioned. Once your SCCM site is set up and running, there's no real need to do much in the Active Directory space. In corporate environments (at least mine) there is a clear divide between Intune admins and Azure admins. Intune admins don't mess around in the Azure space and vise versa. Except now Intune relies heavily on Azure for things like software metering. This means that us Intune admins have to 'plead our case' to the Azure admins to do work for us. Maybe this is just a problem at my workplace? I don't know. Either way, just a real slow down in my case to do a quick POC. I love the content, please keep posting!

Thanks!

Thanks for this Steve. I'm trying to set this up as you did only deploying Autopilot Branding and Company Portal but when the OOBE up to login to the tenant, I'm able to login and it gets to the Apps and skips stating 'no setup needed'. I'm currently testing on VirtualBox with Windows 11 Pro 24H2. Any ideas why this wouldn't be deploying the apps during OOBE?

Thank you for sharing this precious knowledge. I needed to try many times but finally worked and it's awesome.

interesting that MS categorize AP as an security feature

you never use the official autopilot dynamic query?

HI do you have a video/blog on how to convert all targeted devices to ap using ps script?

No macOS support is a no-go for third-party application packaging. Patch My PC has started a private preview for macOS. Hopefully, this will move to public preview as soon as possible.

dang doesn't support macOS. no surprise there I guess

Thank you. User should sso into CP by default? Can you please share AP branding script app?

i think this would solve my problem with v7 migrating hybrid to same tenant. mine gets stuck after a reboot after unjoining the domain. wil give this a try. need this to the remaining 2.5k hybrid devices

Hey Steve, where is the 5 part video on group tags , I cant find it.

always funny

Is a conditional access policy required to trigger an app protection policy.

Learned a lot from you. Great guy and great series! Thank you very much! <3

Okay, for my org we are small. How would I be able to get the device hash if we was to just order the device from an amazon or get it from a local store near the user(international user). Would we need to pre-provsion the device, then ship it to the user?

I never understood the toggle to allow or disallow pre-provisioning. If it's enabled and you don't need to use it, who cares? But if you need to use it, you need to remember to turn it on in the profile first. Is there some security risk I'm not seeing? I also wish device name templates could be more customizable (like variable suffix or prefixes based on certain parameters such as location tags or something...) Regarding Skip User ESP. I thought this was only necessary (or useful) when doing Hybrid AP (at least according to the blogs I've read that covered it). You're the only one I've come across so far that recommends skipping it for regular Entra join AP. I'm not saying you're wrong for recommending it, just really curious as to how beneficial it is when doing Entra joined AP. Finally - that damn "Only fail selected blocking apps in technician phase"... still don't get it... not sure I will ever get it!

Interesting, when you are running your creat vm script from ark WAC, does that need to be local or can scripts be stored in azure so you have a central script repostory for all hyperv? Thansk

We are looking to start using Autopilot more but we have lots of different sites and each site has its own computer name convention, what's the best approach to handle this, have multiple deployment profiles or update the name after??