Please can you update this as the GUI has since changed.

I am doing this right now for a customer of 55K Users

i dont see that u are using winget in this video or u didnt integrate winget in intune

Thanks this has helped me But what about passwords on prem

What about profwiz?

I tried to run the script, I am getting Entra ID prompt for authentication, but it fails.

Wish it were THAT simple. I've followed your steps and ticked all the boxes to show in theory that it works. Sadly it doesnt. When trying to access fileshares on a domain server from an autopiloted device with a domain/entra user logged into it, it asks for a pin but won't accept it. If i relogin with the password it works. Also when trying to connect to a shared printer on another domain server i get access denied. Any help would be appreciated

Ptiy dynamic groups don't work at stage2, very reticent to target All Devices in a scoped tenant setup

Thank you for sharing

I believe that new Intune policies can suppress a non-autopilot join to AAC as being an administrator. Need to test. After several years of autopilot - the biggest drawback I've experienced is when a motherboard replacement is required (in my case, Dell) and the end result is a laptop in an only semi-attached state. You actually have to open up a support ticket with Microsoft from your M365 admin portal - and request that the new motherboard be de-registered from wherever it came from - and re-registered to your company. This can add multiple days in returning the laptop - which technically has been "fixed" to the end-user. Thoughts?

Thanks for sharing Dean. Two questions about this topic: 1. When viewing the Managed Apps blade from the device it's showing me the old app instead of the new one? Is this just taking some time? 2. When viewing the Device install status from the new app it's showing "A superseded app failed to uninstall" and "The application was still detected after uninstallation completed successfully (0x87D1041D)".

Can Windows use DUO instead of Hello?

Was hoping this would help me with deploying applications, but for some reason our Intune environment is unable to run any install commands. It can't run powershell.exe. Requirement and post-detection scripts run just fine, but from install command it just does not work. Tried running cmd.exe as well and that doesn't work either. Great video though, very informative!

after following your turtorial, i still havd AzureAdJoined: No even after 24 hours. What did I go wrong? any tips that I can check?

Great stuff. It shows what Microsoft could have delivered with Autopilot. And remote admin - fantastic. Seriously, why is the native experience so bad compared to this? Can't Microsoft afford to hire any decent designers or devs? And look at the ZeroTouch App Center, or whatever it was called. Makes Company Portal look pathetic. Which it is. Even after the redesign, CP is just awful.

Autopilot is quick and dirty! I am not a fan of the autopilot/autoinstalled bloatware! Microsoft should include more/granular profil options to remove all the bloatware!

Yeah, but in a hybrid environment you have GPO, client apps, SQL servers, certificate authorities, etc. You're over simplifying it.

do you have to do this on every machine?

When i enable coexistence intune mdm What value should i expect on tenant overview Office 365? Intune? Office 365 + Intune?

Hi, thank you for sharing this very useful process. My have a slightly different use case which has to do with sales onboarding ie training planned for new starters in sales. I do not have to assign any apps and permissions as that would have already been done. How would you adapt your scario in my use case, just using forms, planner, lists and power automate?

Hello I have before send warning with text: Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certficates, or conflicting or unsupported encryption capabilities. Name of my user Continue will encrypt and send the message but the listed recipients may not be able read it. I can send unencrypted (with sign) and we must send both some request for agree (send an S/MIME receipt). So it doesnt work in my case. Anyone please help

Why not moving to HAADJ then to AADJ ?!

Great video! Does Whatsapp retain its first time setup? Or do every user keep running the first time setup of WhatsApp?

hello CMC, thanks for this information. quick question. if we have hybrid environment where on prem AD is synced with Azure AD. and devices/users entra hybrid joined (domain joined and AzureADjoined). can i implement the whfb cloud trust model thru intune? i mean if its not configured thru GPO settings. will those GPO settings override and disable it? even if its enabled thru intune?

Hi, can you also cover the ESP configuration part and its best practices? Thank you in advance

Is there a Video on why you're not a fan of Hybrid Azyre AD Join?

Very useful

would anyone share the folder structure ?

Great content I subscribed!!!!

is there a downside to replacing the app package file to update the app rather than creating a new app with the updated version?

Anyone have an issue with dsregcmd besides me?

Thanks a lot!

Did you notice that the button for emergency calls not working at the moment when a user need to type in passcode to logon through managed home screen?

if your klist is empty you must follow the guide end do this : AES256_HMAC_SHA1 must be enabled when Network security: Configure encryption types allowed for Kerberos policy is configured on domain controllers.

screen is unreadable even in HD. I am on a iMac Pro.

Just a note, that if you are using ADFS, make sure to include your ADFS URL in Internet Options > Security > Local Intranet > Sites > Advanced, this way you will receive kerberos tickets from your ADFS applications as well.

Is it possible to login with FIDO2 into these type of devices?

Where is episode 4 on this series, please? I am completely stuck on this method as you say at the end of this you're going to continue with next steps?

Thank you! This is great!

No MS voice access, MS voice typing (W+H), and MS Win Edge (voice search) all sucks balls because Windows sucks balls staying working with your mic. Jumped ship to Dragon NaturallySpeaking

While creating suplemental policy audit mode is off and i am unable to turn it on and lastly supplemental policy xml does not open nor I can see the policy in document folder. Please help

Great video and the steps how to deploy apps thank you for sharing your knowledge !!

How do you prompt the add mac to your organization? It jsut does onto Accessibility and Migrant Assistance instead.

I am using Windows 11. Voice to text. Right now. Work's pretty cool.

How about Quest - On Demand Migration? that does it all.

do we need to enable Write device option on ad sync on hybrid Azure AD joined devices to work with Windows Hello Business? in our case after doing all the steps still Windows Hello Business does not work. Also please let me know is there any other consequence in enabling device write back on hybrid ad setup

Has this changed some, or is it my licensing different that I don't see any options for Devices.

Thanks for this video, I am still trying to understand if the Entra PWD will change the local Mac account?

Tool is worthless without method of deployment

hate that this blocks even autodesk any product. Like wtf? Imagine you pay for those programs only to mark it as malware by windows