Twittter Account

@IntuneSuppTeam @MSIntune Now that 26H1 shipped should we expect the 25H2 Windows Security Baseline to be available soon?

🎆 All done with the January (2601) @MSIntune UI extensions for all regions! 🎆 🆕 What's new docs: aka.ms/IntuneWN ▶️ What's new blog: aka.ms/IntuneWN2601 #MSIntune #AlwaysIntune #IntuneInspired

@TheITCloudGuy This is a nice feature. However for Windows it appears that the “byod” device already needs to be joined to a home tenant and you have to setup cross tenant access.This feature would be handy for vendor access for example however that can be a heavy and impractical lift for them

Remote BYOD under Cyber Essentials has been a real pain! Unmanaged devices often fail compliance and block access to corporate resources, making remote work harder than it should be. But Microsoft’s new Global Secure Access BYOD support lets personal devices register securely with Entra and access apps without full enrollment, giving IT more control and users more flexibility. 🔐#CyberSecurity #BYOD #MSFT #ZeroTrust learn.microsoft.com/en-us/entra/gl…

@seanhalfcourt This you? detroitnews.com/story/news/loc…

As a lifelong Michigander, watching the way Texas just falls apart when there’s a few centimeters of snow will ALWAYS be funny

@merill @awakecoding Won’t say on here, but let’s just say in highly regulated environments only allowing company owned devices is not uncommon

@Go_LARams @awakecoding I believe the context here was personal devices (ie 90%+ devices in an org) unless you give iPhones to all your employees.

Migrating to a new phone is fun except for the part where all the weird Entra ID accounts in Microsoft Authenticator don't transfer, forcing you to figure out how to re-login to avoid losing tenant access. In this case, the tenant is marked inactive so I can't even login

@merill @awakecoding No Apple ID doesnt = no apps, you can easily deploy apps via VPP whether optional through the comp portal or required directly through Intune. There actually is a pretty decent reason to not allow Apple ids, main one being VPP still doesnt support in app purchases for managed ids

@Go_LARams @awakecoding LOL, at that point why pay $1000+ for a phone that can't use apps 😂

@merill @awakecoding What if you aren’t logged in with an Apple ID?

@Go_LARams @awakecoding They are already syncing all your passwords

@merill @awakecoding iCloud/Apple ID’s aren’t necessarily appropriate for all environments though soooo…

@awakecoding Turn on synced passkeys on all the tenants you own. They get synced to iCloud and will appear on all your devices through iCloud. No more Authenticator, no more multiple prompts, etc. Things will just work (Except with RDP sessions of course)

@DanielatOCN @imog In some ways yes, however anecdotally I certainly do that, there’s no reason for our users to have use or maintain an Apple ID so I block it, and even if they did I certainly wouldn’t want them storing work stuff in their iCloud.

@Go_LARams @imog Well that’s just speculation right…?

Backup and restore for Microsoft Authenticator will no longer require a personal Microsoft account! > ourcloudnetwork.com/microsoft-to-r… 🎉 In September 2025, Microsoft will automatically backup users' Microsoft Authenticator credentials to 𝐢𝐂𝐥𝐨𝐮𝐝 & 𝐢𝐂𝐥𝐨𝐮𝐝 𝐊𝐞𝐲𝐜𝐡𝐚𝐢𝐧 and remove the iCloud & Microsoft personal account backup option! The backup options will then be directly managed from the iPhone settings panel, hopefully addressing some enterprise concerns of mixing personal and corporate data! #Entra #Authenticator #Microsoft

@imog @DanielatOCN Plus don’t most larger orgs block logging in with Apple ID’s and using iCloud? This doesn’t seem to have much enterprise benefit

@DanielatOCN This doesn't change anything, except the storage method. By going to iCloud it doesn't require a personal account for backup. It still won't restore the work accounts, which will need recovered. It will restore the names and 3rd party accounts, as it does currently.

@NathanMcNulty @CBRB_rad Do these policies work for Entra FIDO2 passwordless PIN’s? Some gov security policies mandate some of these.

@CBRB_rad I file this under lack of understanding because we can make this act exactly like a password if we want to Hello supports policies that enforce upper, lower, number, symbol, etc. in an even more granular way than we ever could with passwords ;) learn.microsoft.com/en-us/windows/…

BuT HeLLo FoR BuSiNeSs IsN't SeCurE

@BruceSaaaa We do have a standard for iOS, it’s very handy, is it absolutely necessary and relied on, not really, but at minimum it’s good for OCD.

Why do we care for Windows device names when Macs, iOS and Android come into #Intune with all sorts of crazy names? Why do we regulate 1 platform and everything else is whatever? Asking for a friend 🥴

@NathanMcNulty Yep exactly, that’s why I combine ConfigMgr OSD with autopilot. I love autopilot, however until Intune can install Windows on a bare metal machine they’ll have to pry ConfigMgr from my cold dead hands.

OEMs not doing what they are supposed to directly affects how reliable Autopilot can be for organizations This is why I loved OSD, because I could ensure my clean image was laid down For reference, good information about this issue in this thread: x.com/rucam365/statu…

If you find Defender for Endpoint missing in 24H2, let @JasonSandys know OEMs were notified a long time ago, and shocking, they haven't fixed it This is why Intune and other solutions should automatically remediate as part of onboarding Don't trust OEMs..

@KiPos_info @JankeSkanke That’s always been my experience too

@JankeSkanke That was always the case when actually upgrading (instaed of enabling)

If you are using OSInstallDate in your reporting somehow, be prepared to get some surprises.. Updating to 24H2 will update the date, and OSInstallDate is now when you updated to 24H2 and not when your machine was first installed. #Windows11 #Reporting #24H2

@NathanMcNulty Holy cow finally! Had a ticket open a while back and the tech claimed he didn’t even have access to internal release notes, like really??!

We finally have some release notes for the Global Secure Access client! Looks like Windows only for now, likely others to follow They are rapidly adding new features, so if this is on your roadmap (it should be), this is a great page to bookmark :) learn.microsoft.com/en-us/entra/gl…

@orangeminion @Mister_MDM Same, then autopilot kicks in at OOBE

@Mister_MDM When a colleague leaves the device is fully wiped with a NIST compliant tool, removed from AD,AAD,Intune and SCCM. When needed for a new colleague a full rebuild with via an SCCM task sequence, which only takes 40 mins

When we need to reset an existing device before we hand it over to a new employee, what option do you choice? Feel free to comment as I am writing " something" #Intune #Msintune #Windows #windows11

@merill This is exciting! Merrill, are you able to tell if either private access and/or internet access will be included for E5?

⚡ Check out this new Microsoft Entra blog post 👇 Microsoft Security Service Edge now generally available techcommunity.microsoft.com/t5/microsoft-e…

@merill The whole 10 user limit per workstation is what stops many shared computer environments. Now if you could go completely passwordless in Hybrid that would be nice.

According to CISA "90% of all cyber attacks begin with phishing". What's stopping you from deploying Windows Hello for Business and protecting your users from 90% of these cyber attacks?

@Mister_MDM What’s the advantage to this new method if you currently use self-deploying mode exclusively with no user assigned devices?

With #WindowsAutopilot Device Preparation being enabled for all tenants, it’s time to examine one of the significant differences between Autopilot and Autopilot Device Preparation (ADP) I will explain why the hardware hash is NO LONGER required when enrolling your Windows device with Autopilot Device Preparation and how it works now. Please read this blog for all details! call4cloud.nl/2024/06/autopi…

@CommanderApaul @marcusmhill So you depend on manual processes performed by 2nd level techs to prevent 10GB of data loss. This should have been automated. You need to remove them from the equation here. There are 16 different ways of preventing this from happening and instead you run to Twitter to trash them

@marcusmhill Deskside deployed it without QAing the SCCM client so it never got the OneDrive redirect action. 🤣🤣

Corporate wants you to tell us the difference between removing a user from the first picture, and the second picture. Deskside: They're the same picture. And that friends, is how a "remove unapproved admin rights" request turned into a 10GB data loss.

K9 Kobe is happy to be back at home with his family and starting his healing journey. Please continue to send hugs, pets, and prayers his way! #K9Kobe #TeamRCSD