Thanks for the video, I did originally just rename the built in local admin, but thought I'd come back to this and create a separate account like yourself.
Great video as usual, but what license is required for scripts and remediations? I own Microsoft 365 Business Premium. but the remediations is not accessible to me. Only Scripts. Or what extra license do I need for have the extra feature?
Thanks! and what a great question, I should be mentioning that in the video, will try to think about it next time; the licenses are: (taken from this link: learn.microsoft.com/en-us/mem/intune/fundamentals/remediations#prerequisites ) Licensing Remediations requires users of the devices to have one of the following licenses: Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5) Windows 10/11 Virtual Desktop Access (VDA) per user
Excellent kindly let me know how to know global administrator is added as local administrator and members of global administrators will able to login on windows computers. Intune administrators will be added as local administrator on windows devices
Go back in the video to 00:19:26 and choose "Users/Groups" (instead of Manual as I do in the video), and then you can click on "Select users/groups" and browse your Entra ID for the user or group you want to add to the local administrator's group.
Hi another great video. I just got one question Im trying to add another keyboard layout through powershell script but even on policy dashboard it showing successful but deployment is not working any idea why?
Thanks, hmmm not sure, but adding another keyboard layout is a USER setting, do you deploy the script running under USER context? If you for example have it running under SYSTEM context you will get success but no user will see the new keyboard.
thanks, it can take a cycle to get it, but if longer than 8 hours and device is online and all it is strange. If you open the LAPS 'policy' and then click Report and check 'Check-in status' what does it says there? empty?
@@IntuneVitaDoctrina From the EventViewer on the affected device(s), I can usually see right away the ID 10013 "LAPS failed to find the currently configured administrator account" I'm using a slightly different PS script (same detection + remediation) to add my own local admin account, but I've noticed that on some reinstalled devices (via Intune Autopilot) even if the name of the devices is changed, the script is not running on some of these devices, weird. Note: I've also remember that some devices are shared, so I don't know if the Intune scripts running is affected by this scenario.
Great video Instead of creating the policy for adding the account to local administrators I would add another line to the script to directly add the new local account to local admins group.
Thanks Mohammad, I agree with you 100% to extend the script and add to the admin group instead, I think I even mentioned that in the video, but the main purpose to do it by Intune was to show that specific feature, but I'm all with you that it is better to solve all in one place, the script!
@HeyRadu thanks, yes that is 100% the line that could had been added to save some trouble later (trouble I by purpose added to show one more Intune feature) :)
Hi Umesh, that was on my list, and then fell off, thanks for the reminder, it is going back to the list and I got Windows 365 video I want to do before and one Scheduled Task video and also iPhone/iPad management which would be a longer serie to cover all the aspects of management of those devices, it's coming but cannot say when :)
Amazing video ! as usual !! great description and details !
Thank you so much, love to read comments like this :)
excellent video 🎉 congratulations and thanks for sharing it with the "errors" and necessary steps for the success.
Thank you so much for your comment :)
Great video. Keep up the good work
Thank you very much Arison!
Thanks for the video, I did originally just rename the built in local admin, but thought I'd come back to this and create a separate account like yourself.
Thanks for taking time to comment!
Rename helps a bit, but yeah "hackers" know the SID of the account so they will still find it.
Great video as usual, but what license is required for scripts and remediations?
I own Microsoft 365 Business Premium. but the remediations is not accessible to me. Only Scripts.
Or what extra license do I need for have the extra feature?
Thanks! and what a great question, I should be mentioning that in the video, will try to think about it next time; the licenses are: (taken from this link: learn.microsoft.com/en-us/mem/intune/fundamentals/remediations#prerequisites )
Licensing
Remediations requires users of the devices to have one of the following licenses:
Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
Windows 10/11 Virtual Desktop Access (VDA) per user
perfect as usual thanks
Thank you so much Seifeddine for the support
Excellent kindly let me know how to know global administrator is added as local administrator and members of global administrators will able to login on windows computers. Intune administrators will be added as local administrator on windows devices
Go back in the video to 00:19:26 and choose "Users/Groups" (instead of Manual as I do in the video), and then you can click on "Select users/groups" and browse your Entra ID for the user or group you want to add to the local administrator's group.
Hi another great video. I just got one question Im trying to add another keyboard layout through powershell script but even on policy dashboard it showing successful but deployment is not working any idea why?
Thanks, hmmm not sure, but adding another keyboard layout is a USER setting, do you deploy the script running under USER context? If you for example have it running under SYSTEM context you will get success but no user will see the new keyboard.
Great video, any idea on why some devices never receive the LAPS policy and how to force this ? Thank you.
thanks, it can take a cycle to get it, but if longer than 8 hours and device is online and all it is strange. If you open the LAPS 'policy' and then click Report and check 'Check-in status' what does it says there? empty?
@@IntuneVitaDoctrina
From the EventViewer on the affected device(s), I can usually see right away the ID 10013 "LAPS failed to find the currently configured administrator account"
I'm using a slightly different PS script (same detection + remediation) to add my own local admin account, but I've noticed that on some reinstalled devices (via Intune Autopilot) even if the name of the devices is changed, the script is not running on some of these devices, weird.
Note: I've also remember that some devices are shared, so I don't know if the Intune scripts running is affected by this scenario.
Always beginner-friendly!
Thanks, yeah we are all beginner until we have worked a bit with it :)
Great video
Instead of creating the policy for adding the account to local administrators I would add another line to the script to directly add the new local account to local admins group.
Thanks Mohammad, I agree with you 100% to extend the script and add to the admin group instead, I think I even mentioned that in the video, but the main purpose to do it by Intune was to show that specific feature, but I'm all with you that it is better to solve all in one place, the script!
@@IntuneVitaDoctrinais this the PS command ?
Add-LocalGroupMember -Group "Administrators" -Member "JBNAdmin"
@HeyRadu thanks, yes that is 100% the line that could had been added to save some trouble later (trouble I by purpose added to show one more Intune feature) :)
Genio da informatica.
Grazie mille
Hi, When will you make a video for iPhone management using Intune?
Hi Umesh, that was on my list, and then fell off, thanks for the reminder, it is going back to the list and I got Windows 365 video I want to do before and one Scheduled Task video and also iPhone/iPad management which would be a longer serie to cover all the aspects of management of those devices, it's coming but cannot say when :)
what is the use of Laps and it is free. if we use Account protection what is the disadvantages
LAPS is free, I would say the use is if you want a unique password of local administrator account per device.
Excellent videoes 🎉❤❤❤❤
Thanks a lot Ashwini for your support