9 ай бұрын
11 ай бұрын
Жыл бұрын
Жыл бұрын
Жыл бұрын
Жыл бұрын
Жыл бұрын
Жыл бұрын
Жыл бұрын
Пікірлер
@larryblack17 7 күн бұрын
Cool tutorial. Any recommendations on frequency for rolling the Keys?
@SoranSuleiman 8 күн бұрын
Thanks Dean for this great walkthrough 👍
@theCMC 8 күн бұрын
You’re welcome!
@mjostno 8 күн бұрын
Wonderful, just what I needed!😊
@jimmyroels7604 11 күн бұрын
Your voice and your lips are not synched... Very difficult to watch like this.
@theCMC 11 күн бұрын
Sorry to hear that. It seems fine when I watch it 😢
@princesaleem5561 12 күн бұрын
Hello I want to add custom .exe file like calculator in kiosk option Please help me How to add another file in kiosk in windt 10
@marc974 15 күн бұрын
doesnt work for me, my user says AzureAD\User instead oof DOmain\User in DSREG command
@Sabs761010 22 күн бұрын
Hi dear IT geek; I have a question. If The Autopilot is supposed to be fully automated why you requires going to each computer to retrieve the hash ID?, Thank you.
@gaurabdawadi 23 күн бұрын
This was very helpful.
@MaartenBoonen 23 күн бұрын
Hi Andy, Great video and I believe it's definitely will bring added value but having it all in one spot and would be more awesome. Unfortunately it's not yet in our tenant so I cannot try but is this data not also available via the Datawarehouse oData link unde reports?
@blirt1653 23 күн бұрын
is Intune Suite worth it?
@blirt1653 23 күн бұрын
great vid btw
@theCMC 23 күн бұрын
I think it depends how big your Windows estate is. It can be but if you only need 1 or 2 components may be better getting the individual add-ons
@theCMC 11 күн бұрын
Btw you don’t need Intune suite to use device Inventory, just an intune licence
@AliAfshar-z9u 28 күн бұрын
Does Kerberos only work on the Azure AD and Hybrid environment? does it work in on-prem only environment as well? if yes can you explain how. Thank you!
@yehudakitay8324 28 күн бұрын
Any ideas we are getting this error and have tried everything we can find online "The term 'set-azureadkerberosserver' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again."
@TheRsymmons Ай бұрын
Might be a tad late to the party on this one. Am I right in thinking you still need to activate hybrid mode on your tenant in order to allow for cloud identities to connect to on-prem resources? Is there no way of syncing up the 2 without impacting some of the more convenient cloud management settings you would otherwise lose when enabling Entra ID cloud sync?
@geemcfc Ай бұрын
Please can you update this as the GUI has since changed.
@bdmceachran Ай бұрын
I am doing this right now for a customer of 55K Users
@dreadcorpse9904 Ай бұрын
i dont see that u are using winget in this video or u didnt integrate winget in intune
@danieldelindi4202 Ай бұрын
Thanks this has helped me But what about passwords on prem
@justindobner1823 Ай бұрын
What about profwiz?
@Rymat23 Ай бұрын
I tried to run the script, I am getting Entra ID prompt for authentication, but it fails.
@kevinjackson5191 Ай бұрын
Wish it were THAT simple. I've followed your steps and ticked all the boxes to show in theory that it works. Sadly it doesnt. When trying to access fileshares on a domain server from an autopiloted device with a domain/entra user logged into it, it asks for a pin but won't accept it. If i relogin with the password it works. Also when trying to connect to a shared printer on another domain server i get access denied. Any help would be appreciated
@ARXoom Ай бұрын
Ptiy dynamic groups don't work at stage2, very reticent to target All Devices in a scoped tenant setup
@mohamedgharbeya2627 Ай бұрын
Thank you for sharing
@bethesdaadk Ай бұрын
I believe that new Intune policies can suppress a non-autopilot join to AAC as being an administrator. Need to test. After several years of autopilot - the biggest drawback I've experienced is when a motherboard replacement is required (in my case, Dell) and the end result is a laptop in an only semi-attached state. You actually have to open up a support ticket with Microsoft from your M365 admin portal - and request that the new motherboard be de-registered from wherever it came from - and re-registered to your company. This can add multiple days in returning the laptop - which technically has been "fixed" to the end-user. Thoughts?
@patrick__007 Ай бұрын
Thanks for sharing Dean. Two questions about this topic: 1. When viewing the Managed Apps blade from the device it's showing me the old app instead of the new one? Is this just taking some time? 2. When viewing the Device install status from the new app it's showing "A superseded app failed to uninstall" and "The application was still detected after uninstallation completed successfully (0x87D1041D)".
@Cacbaa Ай бұрын
Can Windows use DUO instead of Hello?
@lee161a 8 күн бұрын
Do you mean DUO for Windows or DUO as an IdP? DUO for Windows protects smart card/password logons with MFA at RDP and console logons. If the user uses a password DUO will impose MFA on the logon attempt. However, no, it cannot be used to provide a comparable passwordless logon, not yet any way. Duo IdP could be used as a federated Identity Provider for Entra ID. If your devices are cloud joined, and you enabled Windows 11 web-sign-in, then under those conditions you might be able to use DUO. Web sign-in's use case is to provide passwordless sign-on, so newly deployed devices can be enrolled in Windows Hello. Web sign-in doesn't cache credentials, so devices have to be connected to the internet for it to work at all.
@axiomvicarious Ай бұрын
Was hoping this would help me with deploying applications, but for some reason our Intune environment is unable to run any install commands. It can't run powershell.exe. Requirement and post-detection scripts run just fine, but from install command it just does not work. Tried running cmd.exe as well and that doesn't work either. Great video though, very informative!
@miravida9778 2 ай бұрын
after following your turtorial, i still havd AzureAdJoined: No even after 24 hours. What did I go wrong? any tips that I can check?
@paulwoodward8265 2 ай бұрын
Great stuff. It shows what Microsoft could have delivered with Autopilot. And remote admin - fantastic. Seriously, why is the native experience so bad compared to this? Can't Microsoft afford to hire any decent designers or devs? And look at the ZeroTouch App Center, or whatever it was called. Makes Company Portal look pathetic. Which it is. Even after the redesign, CP is just awful.
@MuhiTube 2 ай бұрын
Autopilot is quick and dirty! I am not a fan of the autopilot/autoinstalled bloatware! Microsoft should include more/granular profil options to remove all the bloatware!
@gregorydamon8569 2 ай бұрын
Yeah, but in a hybrid environment you have GPO, client apps, SQL servers, certificate authorities, etc. You're over simplifying it.
@theCMC 2 ай бұрын
None of those are reasons to stay on-prem for eternity, but this video isn’t about saying no to domain join completely. Just don’t do Hybrid Autopilot.
@DomClimbs 2 ай бұрын
do you have to do this on every machine?
@thesau1595 2 ай бұрын
When i enable coexistence intune mdm What value should i expect on tenant overview Office 365? Intune? Office 365 + Intune?
@Derrick-d1z 2 ай бұрын
Hi, thank you for sharing this very useful process. My have a slightly different use case which has to do with sales onboarding ie training planned for new starters in sales. I do not have to assign any apps and permissions as that would have already been done. How would you adapt your scario in my use case, just using forms, planner, lists and power automate?
@davidmach2350 2 ай бұрын
Hello I have before send warning with text: Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certficates, or conflicting or unsupported encryption capabilities. Name of my user Continue will encrypt and send the message but the listed recipients may not be able read it. I can send unencrypted (with sign) and we must send both some request for agree (send an S/MIME receipt). So it doesnt work in my case. Anyone please help
@poremich 2 ай бұрын
I have the same issue
@MrBacknack 2 ай бұрын
Why not moving to HAADJ then to AADJ ?!
@theCMC 2 ай бұрын
That’s the MS approach. If it works for you then great! It needs a wipe and load between the HAADJ and the AADJ though.
@MisterGolda 2 ай бұрын
Great video! Does Whatsapp retain its first time setup? Or do every user keep running the first time setup of WhatsApp?
@harvey7241 2 ай бұрын
hello CMC, thanks for this information. quick question. if we have hybrid environment where on prem AD is synced with Azure AD. and devices/users entra hybrid joined (domain joined and AzureADjoined). can i implement the whfb cloud trust model thru intune? i mean if its not configured thru GPO settings. will those GPO settings override and disable it? even if its enabled thru intune?
@fsfernandes20 2 ай бұрын
GPO takes precedence over Intune as per the documentation
@admalvinanticamara5731 2 ай бұрын
Hi, can you also cover the ESP configuration part and its best practices? Thank you in advance
@logicalAllyKat 2 ай бұрын
Is there a Video on why you're not a fan of Hybrid Azyre AD Join?
@theCMC 2 ай бұрын
Yes. This should help explain: kzbin.info/www/bejne/goKsnmp4a5aUarcsi=oCXxT1qtY3XUFPkp
@logicalAllyKat 2 ай бұрын
@@theCMC Thank you!
@dannyonnet86 2 ай бұрын
Very useful
@mattcauson6887 2 ай бұрын
would anyone share the folder structure ?
@JoseCobo-m8z 2 ай бұрын
Great content I subscribed!!!!
@xkorbekx 2 ай бұрын
is there a downside to replacing the app package file to update the app rather than creating a new app with the updated version?
@n3lka 2 ай бұрын
Anyone have an issue with dsregcmd besides me?
@Soqotra3 2 ай бұрын
Thanks a lot!
@safetmemic 2 ай бұрын
Did you notice that the button for emergency calls not working at the moment when a user need to type in passcode to logon through managed home screen?
@shadisaliqa4591 2 ай бұрын
if your klist is empty you must follow the guide end do this : AES256_HMAC_SHA1 must be enabled when Network security: Configure encryption types allowed for Kerberos policy is configured on domain controllers.
@JosePintoRibeiro 3 ай бұрын
screen is unreadable even in HD. I am on a iMac Pro.
@theCMC 3 ай бұрын
Jose, I’m planning on updating this video which will improve the presentation of this.
@PhrostyGaming 3 ай бұрын
Just a note, that if you are using ADFS, make sure to include your ADFS URL in Internet Options > Security > Local Intranet > Sites > Advanced, this way you will receive kerberos tickets from your ADFS applications as well.
@wonsztibijski3835 3 ай бұрын
Is it possible to login with FIDO2 into these type of devices?