This is a very helpful video series! Thanks for putting it together. One thing I wish there was is an ability to export a concise report of all policy settings being applied so we can evidence this data to our Security teams and/or Legal department.
Awesome! Would love to see a demo of all the different ways to reset/wipe a device and what they actually do in practice. Any plans on a video to check out the graph rest api and PowerShell? I’m currently trying to remove hundreds of devices with PowerShell based on the model name received from the rest api. It’s very intriguing to say the least.
Hi, one additional questions to the policy sets. Do you have any idea why an administrative policy can't be added to a policy set? I have create a policy for the known folder move and this one is of type Administrative. If i try to add them i can't
I would love to see a video on covering ESP failures. I know Niehaus posted a newer-ish method on his blog but yeah I think it would be pretty awesome to dive into that.
@@MikkelKnudsen been some updates since that post but you can collect device logs via Intune now. This will allow you to browse the .cab files and sift through event viewer.
We do have some issues with assigning Configuration Profiles to Policy Sets - with Settings that doesnt seem to apply. We do assign our Policy Sets to Dynamic Device Groups - is that supported, or is that why we do have some issues?
Hi Steve, Adam, i'm fighting currently with intune to deploy two FW rules for Teams. I can only create a block rule not an allow rule. Di you every thought about to create a video with the different options to deploy FW rules either with intune directly or with OMA-URI?
what happens to settings already configured within a user policy set? for instance i already configured the same thing on an configuration profile an assigned it to the same group.
Hello Steve, Hello Adam, I would like to do auto config with teams on android but I don't know how to do it, especially at the configuration value level I can't find the corresponding key can you make a video about it? thank you
Does anyone else's experience the following: When creating a policy set, at the section for selecting apps, LOB or Intunewin applications are not shown.
Found my answer below: The following app types are currently supported by policy sets: iOS/iPadOS store app iOS/iPadOS line-of-business app Managed iOS/iPadOS line-of-business app Android store app Android line-of-business app Managed Android line-of-business app Office 365 ProPlus Suite (Windows 10) Web link Built-in iOS/iPadOS app Built-in Android app Source - docs.microsoft.com/en-us/intune/fundamentals/policy-sets
How do you target a device policy to a specific device, without manually adding the device into a group? Let's say you have a user with a Win10 desktop and a Win10 laptop, and the laptop should have different policies than the desktop?
Dynamic groups. You can use various attributes from the device to add it to the group. docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
@@IntuneTraining We do use dynamic groups with the ownership as criteria. The problem is you can't mix device and user groups together when doing inclusion/exclusion. So if you have something assigned to All Users, but then you want to exclude a corporate iPad, Intune won't let you do that.
What should be a great feature is ruined because it doesn't LOB and W32 apps, and doesn't support Administrative templates configuration profiles. It's basically useless in it's current form. I was hoping that would get sorted before it came out of preview, but obviously not. :(
Do you actually answer any question at all?? By default the amount of machines that can be enrolled into intune is 5 which can be increased to 15 which is weird because as an admin I would need to enrol hundreds of machines how do we achieve that as the maximum is 15??
as Kongo, mentioned if you are a DEM you are able to join 1k devices, On that note, if you are doing Autopilot Profile then as long as you select to Join as: "Azure AD Joined" and the actual user logging-in, has an Intune License, then that should also do the trick and help you out
@@TheRealExbit I would assume so, since that device has to be enrolled one way or another . Unless if that kiosk never joins any tenant... Furthermore If you go to the AAD profile for any given user then find the Devices that person has , this will tell you how many devices licenses has been joined to get a better understanding of the count. This will help you create some testings and such ...
This is a very helpful video series! Thanks for putting it together. One thing I wish there was is an ability to export a concise report of all policy settings being applied so we can evidence this data to our Security teams and/or Legal department.
Awesome! Would love to see a demo of all the different ways to reset/wipe a device and what they actually do in practice.
Any plans on a video to check out the graph rest api and PowerShell? I’m currently trying to remove hundreds of devices with PowerShell based on the model name received from the rest api. It’s very intriguing to say the least.
this seems more useful for assigned groups? my thinking is that dynamic group queries + filters will accomplish auto assigning of policies
Hi, one additional questions to the policy sets. Do you have any idea why an administrative policy can't be added to a policy set? I have create a policy for the known folder move and this one is of type Administrative. If i try to add them i can't
I would love to see a video on covering ESP failures. I know Niehaus posted a newer-ish method on his blog but yeah I think it would be pretty awesome to dive into that.
Agree. Generally troubleshooting Intune/Autopilot enrollment failures with possible options for logging would be awesome.
@@MikkelKnudsen been some updates since that post but you can collect device logs via Intune now. This will allow you to browse the .cab files and sift through event viewer.
We do have some issues with assigning Configuration Profiles to Policy Sets - with Settings that doesnt seem to apply.
We do assign our Policy Sets to Dynamic Device Groups - is that supported, or is that why we do have some issues?
Hi Steve, Adam, i'm fighting currently with intune to deploy two FW rules for Teams. I can only create a block rule not an allow rule. Di you every thought about to create a video with the different options to deploy FW rules either with intune directly or with OMA-URI?
Thanks!
Subscribed.
what happens to settings already configured within a user policy set? for instance i already configured the same thing on an configuration profile an assigned it to the same group.
Do you guys have a video on how to manage Android and iOS device OS updates?
so helpful
Hello Steve, Hello Adam,
I would like to do auto config with teams on android but I don't know how to do it, especially at the configuration value level I can't find the corresponding key can you make a video about it? thank you
Hi guys , can you make a video about ' OMA-URI '. I would like to set policies for the old Internet Explorer 11.
This might be useful:
techcommunity.microsoft.com/t5/intune-customer-success/support-tip-ingesting-office-admx-backed-policies-using/ba-p/354824
Microsoft needs to add VPP apps on the policy sets.
Does anyone else's experience the following: When creating a policy set, at the section for selecting apps, LOB or Intunewin applications are not shown.
Found my answer below:
The following app types are currently supported by policy sets:
iOS/iPadOS store app
iOS/iPadOS line-of-business app
Managed iOS/iPadOS line-of-business app
Android store app
Android line-of-business app
Managed Android line-of-business app
Office 365 ProPlus Suite (Windows 10)
Web link
Built-in iOS/iPadOS app
Built-in Android app
Source - docs.microsoft.com/en-us/intune/fundamentals/policy-sets
How do you target a device policy to a specific device, without manually adding the device into a group? Let's say you have a user with a Win10 desktop and a Win10 laptop, and the laptop should have different policies than the desktop?
Dynamic groups. You can use various attributes from the device to add it to the group.
docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
@@IntuneTraining We do use dynamic groups with the ownership as criteria. The problem is you can't mix device and user groups together when doing inclusion/exclusion. So if you have something assigned to All Users, but then you want to exclude a corporate iPad, Intune won't let you do that.
What should be a great feature is ruined because it doesn't LOB and W32 apps, and doesn't support Administrative templates configuration profiles. It's basically useless in it's current form. I was hoping that would get sorted before it came out of preview, but obviously not. :(
still in preview lol
Do you actually answer any question at all?? By default the amount of machines that can be enrolled into intune is 5 which can be increased to 15 which is weird because as an admin I would need to enrol hundreds of machines how do we achieve that as the maximum is 15??
Cihan Akgol what you need is a “Device enrollment manager”-account. This increases the amount to 1000 for the given account.
as Kongo, mentioned if you are a DEM you are able to join 1k devices, On that note, if you are doing Autopilot Profile then as long as you select to Join as: "Azure AD Joined" and the actual user logging-in, has an Intune License, then that should also do the trick and help you out
@@IvanRosaT does this also include Kiosk devices, where an AAD user would not be signing in?
@@TheRealExbit I would assume so, since that device has to be enrolled one way or another . Unless if that kiosk never joins any tenant... Furthermore If you go to the AAD profile for any given user then find the Devices that person has , this will tell you how many devices licenses has been joined to get a better understanding of the count. This will help you create some testings and such ...
@@IvanRosaT I can confirm, when added to autopilot via upload, using my intune administrator account, the Kiosk devices did not assign to a user.