438 votesMike M commented
We're unable to continue with Windows 10 deployment because there is no viable solution to Shared computers. Kiosk mode is very niche and is not a shared computer experience.
I can confirm that we have this on our plan for early in 2020/ Thanks for your patience!
290 votesMike M commented
I find that Retire, Wipe, and Freshstart typically kick off at a reasonable pace. So long as you're staring at the machine, it is usually initiated within a minute or two. I wouldn't trust doing it blind if there was a security breach though. What is worse, is what you're left with after you've initiated one of these actions on a device.
If an office (From Intune) installation fails for unidentifiable reasons (zero logs, useless 0x0 unknown error codes), short of re-installing windows, you're in for a bunch of waiting and failures.
Retiring the device, and waiting for re-enrollment is the only other option you have. Often required installs, and Available installs for the same office deployment conflict they do not reflect the installation of one of the other as present... Company portal is rarely accurate, and re-installing office from the portal can take days if it's even successful after that.
When you retire a device, it doesn't remove everything from the device, often there will be a user account signed on which will prevent Hybrid AAD Joined devices from re-enrolling. The Work arounds FAQ for our helpdesk reads like War and Peace.
Additionally Wipe/Fresh Start processes often results in an unusable PC. Brand new Business class Dells do no re-install windows with the required basic NIC drivers. Isn't the point of Autopilot and windows 10 to have disposable easily redeployed devices? Microsoft and OEMs are not delivering a usable product.
We abandoned SCCM in favor of the Modern Deployment, but it's barely usable in its present state. I still think/Hope MDM is the future for Windows management, focus less on features right now, and focus on core functionality!