Marking as noted, meaning we are aware of the request and it’s been discussed. If we take any action, we’ll update the status,
Win32 application dependencies are in place but please extend it also to line of business apps. Or at the bare minimum MSI deployments.
Or make it possible to select application dependencies please.
Same issue at a customer of ours. A VPN profile that has the same error. The device shows up everywhere as compliant but still the error keeps popping up....
Same issue here. We have device used by multiple users. We had to turn of compliancy policies for those devices in order to get them compliant for Conditional Access based VPN.....
How can it be that device based conditions (like bitlocker encryption) are checked and reported per user? And even worse how can a device condition triggered by 1 users have this much impact on another user after it has been remediated under that other users account? That doesn't make sense at all in my humble opinion....
For Win32 apps dependencies are now available. So I believe this is completed. On the other hand, I would love to be able to also use a line of business MSI application as a dependency.
Dependencies and prereqs are much needed features!
I would love also to be able to ad 'cost' to the deployment of apps so the applications that are most important will install first.
This is absolutely a big issue...... offcourse this should be something to think about when designing the enviroment. But.... if that hasn't been done before, we should have the option to change this afterwards....
Assinging profiles is a major headache without dynamic groups,
On the one hand we want less administration to enroll devices. But this way administrative efforts are more than doubled. We need to be able to eleminate human error in this process as much as possible.
I can confirm that we have this on our plan for early in 2020/ Thanks for your patience!
@Cathy, that would indeen be briliant! I can imagine however that in some cases (testing for example) you have to be able to exclude devices.
Isn't this available allready? I believe it is. Disable manual unenrollment it is called if I am not mistaken.
@Jelle, the problem here is that the previous install isn't a msi install but a click to run install. That won't be installed by the click to run installer. It should alter the install from business to pro plus, but that won't work either.... it keeps telling you there isn't a license available.
So yes that option is there but it doesn't work if a click to run variant is installed.
Believe me I tried.
Another thing is that you cannot alter the installation. In this case the customer didn't want Access to be available on the device.
The only way is to uninstall it with a cleanup script and reinstall it using the build in functionality of intune.
You can deploy AirPrint settings for Mac and iOS – https://docs.microsoft.com/en-us/intune/air-print-settings-ios-macos
You can configure some printer settings under device restrictions for Windows 10 – https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10
But I’m hearing from a few people that this still doesn’t really help users get to local printers, and that seems the original intent. (@Henrik, if you’re getting this, please weigh in!)
We won’t call this one complete. I’m switching this to “noted”, meaning we know you want it. Thanks again for the feedback!
I would love to see the possibility to map a existing printer that resides on a print server (much the case in FollowMe printing solutions). Also installation of specific drivers should be possible in my opinion.
@Anonymous: Hybrid cloud printing nice but has far to much restrictions. Especialy if a customer has specific tray layouts (in the case of company branded paper and so on). It is a start but in my opninion not ready for Enterprise implementation.
Found this solution: https://www.printix.net
I would love to see Microsoft implementing something like this. In modern management and movement to the cloud, potentialy the biggest hurdle to take are printing solutions/print servers. Maybe the team get's ideas from this solution?
Printer deployment is (was) after Win32 application deployment the biggest issue for not managing devices from the cloud. The problem with printers is that they are the last local devices in an organisation. Hybrid Cloud Printing could be a nice solution but wouldn't it be even nicer if you, besides the printer, didn't need any onprem infra to allow users to print?
In the meantime it would be nice if we could deploy drivers to clients for the printers needed. Mapping printers can allready be done, but if there is no driver pressent Windows will not be able to print to the printer.
I can confirm this is being worked on now and should be delivered sometime this year.
In our case our customer has bought 100’s of Android devices. They need to be enrolled before they are handed to the users. Now what we have to do is, create a google account per device, log on to the play store, download the company portal, enroll the device. That is far to much work to get a device enrolled!!
IfnI take a look at the android for work partners at google, microsoft isn’t one of the partners.
iOS has DEP to bulk enroll. We need something like that for Android
As of the week of August 27, you can use a template to control how the machine will be automatically named. So not exactly static, but gets you away from total random. From the discussion, sounds like not total random was good enough for some, but not all, so I will switch this back to “noted”.
more detail about what we released in August:
When you create an autopilot deployment profile, you can designate a name, which must be 15 characters or less, and can contain letters, numbers, and hyphens. Names can’t be all numbers. Use the SERIAL macro to add a hardware-specific serial number. Alternatively, use the RAND:x macro to add a random string of numbers, where x equals the number of digits to add.
It’s only available with the Windows Insider build for now.
@dieter, not if you use (part off) the serial + a few letters for the computer name. As I said, the manufaturer allready created a unique nr. for us, so why bother designing your own? In most cases the CMDB allready has the serial nr noted. Only thing is the user perspective, thats why I build a small app. The user clicks that and all of the info for the helpdesk is there.
I can't realy think of a situation where tuis wouldn't work. I won't put a user id in a computername because of regulations in europe. Most of my customers have indeed got stickers on the devices. When I ask them why, I Always get the awnser… because it is easy.... My reaction then is.... Why? You design something yourself….. You spend time on all devices to register the sticker in the CMDB..... You put the sticker on the devices.... That all is precious time in my opinion. I believe with autopilot, IT shouldn't touch the device anymore at all.
@Dieter, the autopilot profile is assigned to a device. So every time that device gets reset it wil get the same name.
I recon then that this could be a working solution for you.
For me the solution is great! I always use a few letters and then the serialnr. of te device. Why would I think of a solution to create an unique ID for a device if the device allready has one. Every customer of ours where we design and implement the modern workplace is asked this exact question. Why invest time in something a hardware vendor allready has a solution for? Okay the serial isn't the most user friendly name but hey when do users realy need them. Most of the times you can find devices based on the username also.
I had only 2 customers that had a realy good reason for doing it themselves. But they are also looking into the possibility to use the serial or part of the serial number.
And since the week of August 27 it is possible to define device names through autopilot profiles, also by use of %serial% or random digits. Usage is described with the feature.
Thanks, @Nathan. If there’s consensus that Known Folder Move meets the requirements of this request, I can call it “started”
“We are working to integrate the ADMX/ADML packages KFM with Windows Intune later this year.”
By the way it would be even nicer if this functionality would be available through the regular device configuration profiles.
Thanks @Nathan! That is for sure what we are looking for. In my opinion this thread can now be set to started. I would love to test this as soon as something is available!
I would like this also. But do you have powershell scripts assigned to devices? Because in the article https://docs.microsoft.com/en-us/intune/intune-management-extension it is stated that:
PowerShell scripts can't be applied to computer groups.
PowerShell scripts are executed on devices only when an Azure Active Directory (AD) user is signed in to the device.
Otherwise another thing would be to make that possible at first.
Also for iOS this is not working as expected. The 10th time the device gets locked. The 11th time is not even possible so a device Wipe is not taking place at all.
Yes please. A must have if you would like to use Windows Autopilot if you ask me.
It would be nice if Microsoft could elaborate on this. Besides the technical question customers of ours would like to know more because of financial planning.