Visit my blog on the above topic @
aka.ms/anilabraham for other blogs
What happens when you rebuild a machine from a Task Sequence in SCCM while it has an Autopilot profile assigned on the Device Management portal.
Here is the scenario: –
I have a Task Sequence to build machines from SCCM and to join to On-Premise domain
I have no unattend.xml applied as part of the TS in my lab but for the default options I choose to join domain and OU to add the machine to, in the TS.
The machine gets built successfully from SCCM and the domain is set up for Hybrid Azure AD join which it does successfully.
Co-Management is setup in SCCM, and the configuration is set up to enrol automatically to Intune which happens successfully too.
I have an Autopilot Profile as below, applied to an AAD group which this machine is a member of, by way of direct membership.
The machine then gets assigned this profile
I do this as I am in the process of migrating to Autopilot, but some machines still might need to be built from SCCM.
I now rebuild the above machine from SCCM using the same Task Sequence. The build process goes through fine and once the machine reboots after applying the image and config, all looks good until you try logging onto the machine.
As it boots after the build, I noticed the OOBE goes through a network config that you see with deployment of Autopilot devices and once the machine comes to the logon screen the machine has the name from the template set in the Autopilot profile. End result is a machine that you cannot logon to with domain credentials as the machine has been renamed after joining the On-Premise domain.
As you can see the machine is named as in the naming template I had given in the Autopilot profile.
Is this expected behaviour? If so, how do you handle the situation of where customer wants to be ready with Autopilot so that if they wipe the device from Intune it goes through Autopilot but otherwise build from SCCM follows the conventional process.
The answer is, as it stands, this is an expected behaviour if you have a device that is registered with Autopilot and assigned a profile that includes a naming pattern, and the device is deployed using an unattend.xml.
The only workaround is to remove the naming pattern from the profile or remove the profile from the device.
The point to note with the profile is if you have the option “Convert all targeted devices to Autopilot” selected, when you build machines from SCCM and it gets added to Intune, it automatically add this machine to the autopilot devices list when the machine becomes a member of the group to which this profile is targeted. Subsequently if you build the machine from SCCM Task Sequence afterwards, you will face this.
INTUNE : REPORT ALL DEVICES THAT ARE NON-COMPLIANT BECAUSE THEY ARE INACTIVE
This is me bringing another blog to this location. Sometimes when you browse to the Intune for the data that you are after, they don’t seem to give you precisely what you need. Been there before ? Here is an example of how to be clever and the basics of accessing and filtering data in Intune using Intune Graph API.
Deploy and Manage Google Chrome polices from Intune on Windows 10 devices.
While this is not a new post, attempting to bring all my blogs under one umbrella. So if you are looking to manage Google Chrome deployments using the ADMX published by Google.
Note:- Google might change the admx periodically to accommodate new features and changes to product, this article might not refer to the latest of the admx files, but intention is to give an idea of how technically you can manage Google Chrome from Intune on a Windows 10 device using the admx.
Please visit:- https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/deploy-custom-gpo-via-microsoft-intune/ba-p/714794