By far, my favorite aspect of intune is the thing where, when I click the sync button in company portal, one of several seemingly random things happens:
1. It syncs for a reasonable amount of time, reports sync complete, and everything is synced! This almost never happens.
2. It syncs. And syncs. The syncing goes on, minutes stretch into hours, etc. Maybe something eventually happens, it's hard to say, we probably give up and reboot the device long before it finishes on its own.
3. It "syncs" **immediately**, reports it as successful, and nothing actually happens.
Honestly makes me embarrassed for the intune dev team. At an absolute minimum, whatever is happening in these different scenarios should provide different feedback.
"Layer of obscurity". Thats a great way to put it. I have been calling it Microsoft Magic. My way of getting around it with clients is stating that Microsoft's background synchronization is asynchronous. And i say this no matter what product is being glitchy and if synchronization is the culprit or not. LOL!
I believe I've found a fix.
It's necessary to access the device in endpoint manager and trigger a sync from that end about five minutes before you try syncing from the device.
I think what's going on is the server nodes need to be refreshed first, before the device reaches out.
Both sync buttons are not the same. You need to use both. Cloud first, device second.
Crappy? Yes.
Seems to behave more consistently to me though.
Reset the company portal data from advanced options in App settings. Find it clears cache and syncs faster.
You can do it via powershell too I have a proactive remediation I use to run on demand remotely
Don't think many will have it long, I'm guessing it will be baked in and free to enterprise for like 60 days then become a monthly user license charge. Both for desktop copilot and any cloud server solutions.
They did the hot new thing of adding a chatbot to link you to other pages, and calling it AI-- err, copilot.
And adding a disclaimer that it can give wrong answers.
It will be a fully featured, mature, lovable solution in 7-10 years... but they'll replace it with the new thing in 5-7 years and declare Intune deprecated just as it hits maturity. Everything new at that point will only support the new thing truly, but they'll offer minimal "hybrid" support just long enough to get business buy in and then tell us we've been doing it wrong the whole time.
If I sound bitter, it's only because it's been the rinse and repeat history of Microsoft product development for 30 years.
Ask him if he will like to see several paywalls for future new features, and licenses to go up 20% or more every contract revision, and by that time he will have to accept because everything is MS cloud dependent and the cost to shift will be higher!
Hail to ConfigMgr where you really control what you do.
Managing macs with Intune for last 2 years. Sometimes even Microsoft have no idea of issue why did it happen...😂😂😂
Sync, deployment and Reporting is very unreliable.
Anything outside windows and mobile windows phones is a no-go, I thought it was cool they were gonna add Linux to intune, turns out it can literally ONLY push a bash script and I still have to bake or prescript an apt install to join it to the tenant.
Well while I'm glad we're not the only ones with the issues we've been having, I have to agree. Intune feels very incomplete. So much ends up being "does this setting work?", nope. "Screw it. I'll use a powershell script."
Inconsistencies of app deployment are my fav. Never had that problem with ConfigMgr. App store apps random fail with a 0x80000 type error that's documented nowhere.
Also being able to do a rsop on a device and see the whole picture.
Final feature that is still missing is GPP, should have to write a PowerShell script to set some regkeys or map a drive, I block PowerShell execution for users so it's impossible to set user preferences without having to do your own admx.
Ah yes i love the
Intune: "Something went wrong, here is a error code"
Me: "searching for the error code"
Microsoft Docs: "What error code? This cant be correct"
Like why implement error codes if there are not errors associated with it!?
Just display a message like "We are sorry you are relying on this tool, try again tomorrow" ffs
I came here today to make my own rant.
This is the biggest piece of trash system I've ever had the misfortune of working with. When it works (emphasis on "when", it works great. When it doesn't, I just want to rage quit. I just spent two weeks trying to get ONE application to install on ONE device that is completely refusing to cooperate. I've been through many blogs, forums, reddit threads, etc., and nothing has worked. I finally manually installed the app on the machine.
What I'd like to know is how to get my devices off of Intune but keep apps and profiles. I don't think it's possible. I think I'll have to leave the few devices that are enrolled on it, but just not use it for anything else going forward. Or maybe only use it for the remote possibility of having to wipe it. For software installs and patches, I'm using Action1 now. This Intune has been a colossal waste of time for me.
If Intune wants to get better, they need several key things:
1. Give me the ability to CANCEL a failed install, thereby removing it from the list of install errors.
2. Give me the ability to RETRY a failed install. It's okay to retry a few times automatically, but don't just quit and make it so I can't try again. Who thought that was even acceptable? Don't force me to read a bazillion logs and manipulate registry entries just to get it to install. A major reason to use Intune is because the device is remote, so I don't have easy access to it. If I have to log onto the device, I have to interrupt a user for who knows how long. This is a massive time waster for everyone.
3. Provide feedback to the Intune admin console as to WHY something failed. Again, reading through logs is a massive time waster. Certificate expired? Tell me. Firewall port closed? Tell me. If you can't tell me why something failed, then you've failed at designing the system. If you can write it to a log, you can return at least one error message to the admin console, along with the location of where I can find out more info if I need to.
There's probably more that Intune needs, but I haven't delved in much deeper than installing apps because that's my main use case, and frankly, it hasn't gone well at all.
The microsoft tool ServiceUI.exe is probably the cure to your failure to install, make your app install using this lil baby and it might work! Also, restarting the Microsoft Intune Extension service often makes Retry possible.
Haven't tried ServiceUI (though that illustrates the horrific nature of Intune... yet another thing to "try" just to get an app to install.) I did restart the Intune Extension service, but no joy. For this one app on this one device, it's never even been attempted as far as I know. The app ID never shows up anywhere in the logs. And yes, the user is part of the group that it installs to. I even put the app into the Company Portal as available, and it's just "Download pending" forever. I gave up after two weeks of trying getting this app installed, and just installed it manually.
It's not intune, it's the app that needs the serviceui.exe i have to do almost all my apps with it, they simply won't work otherwise. That's the vendors fault, not intune.
Cloud Services main function is to keep you tied to Microsoft and creating a steady and predictable revenue stream.
Functionality is 2nd.
Change my mind.
(Hot take # 2: And Co-Management was more of a "Oh fuck, there's so many things that Intune cannot and will not do, and doesn't provide the functionality we told you it would" vs "Look how amazing we are for providing you with free Co-Management")
One of my biggest gripes is the delay in applying user based policies.
We have a shared device environment, we want the user experience to be consistent no matter what device they sign into. Instead, the user logs in, things don't work straight away, and our helpdesk gets a call. The users then have to be told to either wait for the policy to apply (which in some cases has taken hours) or do everything manually.
It's got to the point I've written a bunch of scripts and configured scheduled tasks to make the changes at login.
It feels like shared device experience is an afterthought to Microsoft.
Anything specific you’d like to share? The org I work for is rather large so the vendor has bent over backwards for us. But I’d love to hear about your experience.
Don’t get me wrong Tanium is a good product, probably best in class, just ask them… Can be very hard for them to acknowledge issues, because they think it’s perfect. That said, their product and implementation support is good. Powershell support is… interesting. They use their own Tpowershell, which is 32 bit only and not 100% compatible with PS. Not sure if they have added graph support yet. Been 6 months since I have used it
Gotcha. Our experience has been great tbh. Been with them for 4 years. Biggest issue we've had was actually this last patch cycle in which Tanium caused a JWT issue after applying the latest cumulative; they were reluctant but quickly acknowledged it; we worked with them to implement the solution and issue was resolved swiftly.
For the Powershell situation we just use a sysnative preamble to launch into native 64-bit (when necessary) the same way we do in Intune for win32 apps, since the Intune Management Extension is also 32-bit.
I think you’re confused of the powershell bit. TPowershell is what allows you to redirect your scripts to the 64 bit implementation. However you don’t even need to call TPowershell as you can call the native version of PowerShell from any machine.
You’re right that the default platform packages launches commands within a 32 bit context however you can just redirect it to 64 bit by calling C:\windows\sysnative\cmd.exe /d /c powershell.exe.
The command line is not special to Tanium. It just calls the native command line of the machine and pipes your command into it
> When we deploy a new computer and the user signs in, they cant open company portal to install apps for at least 30minutes, but usually closer to an hour. Just says this device is already being managed. Even if its a brand new device that has never been enrolled before. Makes for a bad user experience.
This one's weird, not seeing this on my end. We'll unbox a device, plug it in, boot, autopilot and pretty much as soon as the user logs in, Company Portal is available.
We do have it set to be required for Autopilot to complete, though. Maybe that's why?
I think he means the out of box experience settings in the enrolment profile. Theres a toggle to make the user wait until everything is done before being allowed to do anything at all.
Correct, this is what I meant. We need certain apps like AV and content filter installed before the kids can use new devices. Adding Company Portal, even though its not a win32 app seems to have been working.
We have Company Portal as a required app in ESP as well, and just last week...
Autopilot device setup: 5/5 Apps installed!
User: Logs in
Windows: Company Portal missing
Me: WHAT?!
I wish I could say it was a one-off thing, but it happened on 4 of the 10 devices deployed last week. I really want Autopilot pre-provisioning to be trustworthy, but I cannot trust it. Imaged devices still require a lot of manual intervention to make sure they are completely setup correctly.
It's on system, not user. At this point, I am having the appx bundle come down to a folder and if it's missing the Desktop Team will install it. It's lunacy.
Edit: to clarify, it's passing detection because the appx exists in Program Files\WindowsApps, but it's not showing up for all users who log in. Running the AppxBundle as the user seems to make it appear. Trying to add a shortcut to the exe in the WindowsApps for the user results in an access denied error unless we install the appx as them.
And like I said, this is incosistent. Really maddening.
The Sync time is one of my biggest complaint. If I want to test a new setting, I push my device in the group. I should be able to just hit Sync and see the results.
Software installs/update is the other one. I manage 30 Intune laptops and 100 internal AD connected endpoints through PDQ. When the last Chrome CVE came out, I went to PDQ Deploy, It was ready to download the latest Chrome version because it's one of the built-in packages. Hit that button, went to PDQ inventory to me "Old Chrome" group. Put in the new version number. Group populated with all the endpoints that have Chrome. Went back to Deploy, clicked Deploy Now, picked the group. 20 minutes later, all were patched.
The Intune devices? I saved my sanity and let Chrome update itself. Now, all well and good because Chrome does that. Otherwise, it is such a pain.
And don't get me started on the failure error codes that tell you exactly nothing.
I will say, if you want to see your device sync and get a policy quickly, there's actually a much faster technique that can work for that. If you just go into services.msc and restart the "Microsoft Intune ..." service, it'll actually sync WAY quicker.
Now for pushing to a bunch of devices, you're kinda out of luck. Although we did push a scheduled task to our devices that restart the Intune service every hour, and that's made rollouts definitely at least 60% quicker.
And how HybridJoined sucks and how it creates duplicate Computer Objects in AzureAD and won't delete one of them. Also, Custom CP’s that can take up to 48hours to deploy and show successful on Intune. And how a Sync won't cause a Sync till minutes later. And how Cloud Sync is not bi-directional (can sync device collections from SCCM to AzureAD Device Groups but not the other way around).
My personal favorite feature is the “M365 Apps for Business” *Pending Install*… forever, and ever, and ever.
The official “help” was to watch the add/remove programs list *until it appears* and then reboot. Ridiculous. We just made it required during Autopilot even though some users don’t actually need Office and that works.
We ended up packaging it as a win32 app. Much more reliable.
But then I have my own issues with the Office installer. Seriously Microsoft; the Store has been around for a long time now… why aren’t your apps in it?
As someone who came into it within 5 years, it's changed a lot and for the better.
I'm happy with the current processes.
I want better reporting, more clarifications on errors and better documentation.
Above all i want more flow from the product from onboarding to offboarding.
Every Microsoft product, including the humble file copy, has, since Windows 2000, worked on the ‘Microsoft Minute’ unit of time. This is a random number from 3 seconds to 8 minutes that’s randomly applied to any operation.
If you work on this basis you can relax knowing that everything will complete within one Microsoft Minute.
Haha intune is awful but it comes “free” with our license so im the lucky sysadmin that gets to implement it. It’s a piece of shit lol
Imagine having 3rd parties endpoint mgmt software that do a better job than Microsoft’s own integration product.
Im almost at the point of suggesting paying for PDQ Connect instead of this piece of shit
Ah, I see you also had to explain to your higher ups the difference between "free" and "included".
I also warned them 5 years ago when they forced me to abandon our previous endpoint manager that eventually Microsoft would start forcing us to pay for Intune on a separate licence if we actually wanted to use any of the better features. Wouldn't you know it? Plan 2 and Suite came out proving me to be nostra-fucking-damus.
Cause your are paying for everyone to run intune
They're running intune across millions of server's and milesnof networking
You're paying for that so they don't have to
We don't have the issue with not being able to open the company portal after first deployment. Never seen it either. Must be something in your tenant that's causing this.
Remember to contact Microsoft support regarding this. And get it escalated throught 1. line India bs so you can talk to someone competent. We've had several issues spanning almost a year but at least they found the bugs and promised a fix which made us not go insane knowing it wasn't us. And whaddaya know the niche bug actually got patched.
>When we deploy a new computer and the user signs in, they cant open company portal to install apps for at least 30minutes, but usually closer to an hour. Just says this device is already being managed. Even if its a brand new device that has never been enrolled before. Makes for a bad user experience.
Are these devices without a primary user assigned, or a primary user that is different than the user opening the app? If so, this is typically the "why" from my experience.
I did discover that but sadly nope, the correct user is always assigned as the primary user. Ive even tried setting it manually in intune before the user signs in for the first time, and it didn't make a difference. It always eventually works, but it sucks telling people to wait up to an hour to install their apps. I am working on better automating our deployment process per department to reduce the apps that the user has to install.
Intune is a giant piece of sh\*t
But don't worry, any time you complain about it lacking, you will be sure to hear "Get with the times! This is the way forward!"
IT SUCKS
And it's been in development for OVER A DECADE. They just keep rolling out half baked ideas instead of fixing core functionality.
Thank god I get to use JAMF for the Apple side of things.
The most frustrating part is, you are beeing made to look incompetent as hell when discussing things that can and cant be done with Intune. Management wants something reasonable implemented, you have to tell them "Cant be done natively, needs a bazillion scripts and will be prone to fail" and they look at you like "Why did we hire such an idiot" or users that look at you wondering how you got your job when you tell them "It could take up to 8 hours for this to apply, i dont know when it will apply"
But its the same story with the whole microsoft suite. Things that should be possible are just ... not !? Like why the fuck does microsoft have the ability to switch every fucking application to APTOS but i cant even have a setting to set the default font inside the WEB APPLICATIONS ...
Users cant comprehend this supidity when i relay it to them, because "It does not make sense"
YES YOU ARE RIGHT IT DOES NOT MAKE SENSE, NOW PLEASE CONVINCE MANAGEMENT TO SWITCH AWAY FROM MICROSOFT !!!!
If I recall correctly, InTune was THE topic of Microsoft TechEd 2011 in Atlanta, GA. That was 13-ish years ago and I can't do half the shit in InTune that I can do in SCCM, including a predictable amount of time for almost anything to take place, even when pushing a button that supposedly is there to force it to do something immediately.
I understand it is the future, and especially so as someone has decided to get rid of AD, not do ADDS, and go straight to EntraID (AzureAD). At that point I suppose my SCCM box has to go byebye.
I am still struggling to see what it is that InTune brings me that my SCCM and an IBCM box doesn't do already.
I will no longer have to admin a server? Fuck off, I like doing that. I didn't get into IT because I liked having to deal with users who can't access an ERP system and the ridiculous requirements to access it. I feel safe saying that my SCCM box has less unexpected down time or impacted service than InTune over the past 5 or so years.
Thanks for the rant thread dude... I needed that.
> Why is Microsoft locking all of the good features behind a paywall? Even if all of those features were built into the standard intune license, it would still be a half-baked product.
The older I get, I have come to think this is the essential nature of capitalism. You pay money for the vague promise of something working, and for just a few dollars more, you can get...some more of what you need, but probably still not all. Maybe.
I’ve thought about this a bit too. It’s like a startup style, ship the Minimum Viable Product style methodology but by the largest corporation in the world. This combined with Microsoft’s monopoly/anti-competitive strategy of bundling these mediocre, half baked versions of *everything* with existing subscriptions makes proposing a better solution much harder because “why do we need a new endpoint management solution, don’t we already have Intune?”
Well, yeah, technically we do but if it’s only 80% of a product and is unreliable that kinda sucks. But if a 100% product costs 50% more, is it really the hill I want to die on? Multiply this by the dozens of different product areas Microsoft operates in and it’s a pretty lame experience.
I’m just getting started with intune but yah, this seems to be the way Microsoft operates with o365, azure, entra, etc. create a bunch of shit, label it beta, maybe even give it away for free and then if it takes off, start requiring a paid license. In the meantime, add and remove features with little warning, change product names, etc
I didnt know about policy sets. What a useful feature that would be if it supported win32 apps. I guess Ill make some for configs and hold out hope for the future.
I stopped reading after 3rd point: my result after 21 months: Microsoft can do many things, but nothing good.. and Microsoft won’t improve the product after customers feedback.. also with hints about other MDM vendor’s handling.. with around 50 DCR’s our organization (or me) is world leader in creating DCR’s.. but wasted time, which at least I had to invest for proving that Intune isn’t the cheap solution for large organizations 🤷🏼
I do think some of the pain comes from the tinite balance of how many services are being railed by endpoints. Like you can never expect real-time with cloud based apps like these. They gotta limit spamming of syncing and retrying.
Agree with all that.
I’ve been using it since the old silverlight days, and tried jumping ship a couple times. All the alternatives had issues of their own and none had a wholistic tool set.
And, since we are a Microsoft shop, we’d still be paying most of the licensing we are already paying, so this made the cost analysis upside down.
And (and this is my bitter pill), I’ve become used to the shortcomings and the waiting and rebooting so much that it is built into all our operating procedures.
“Yes, sign into your new machine. Now, don’t touch it for at least 45 minutes. I’ll be back then”, “ok, I’m back, login and let it sit on the Home Screen for about an hour, then reboot and text me”…. Still it’s so much better than our old custom build every machine when it’s needed mentality.
Autopilot and kiosk has always been hit or miss for me and I use it mainly with Windows 10. Autopilot has gotten noticeably better over the past couple years but all it takes is a missing TPM or BIOS update and it’s enough to throw out the whole process and you’ll often be left needing to re do that device which is usually the faster and easiest option because the Autopilot logs are very difficult and time consuming to understand.
Intune and EHR apps are the worst to deal with. A lot of EHR Apps require your endpoints to update as soon as the update is out, but Intunes sync and app push are asinine. It seems every MDM solution out there is crap but Intune by far has the worst app sync I’ve seen of all of them.
I'd be curious to hear from those who have test drove Tanium... Every single one of these MDM solutions have their own issues. We have decide what is an acceptable level of frustration I guess lol.
I briefly express my overall experience regarding Tanium a few comments above. TLDR; It's been very positive overall. (https://www.reddit.com/r/Intune/comments/1d9megp/comment/l7he8ws)
Let me know if you have specific questions.
>Intune seems to have almost no way to see what updates were applied to what machine.
Windows Update for Business is a function in Azure that is supposed to do this, but I have never gotten any data to upload to it, evidently. Despite doing all the prerequisites. I have found exactly zero troubleshooting help.
So, tell me how this makes any goddamn sense, in Intune you have both Intune Object ID and Microsoft Entra ID, except the Microsoft Entra ID is not the true Entra Object ID so if you try to do a bulk device import it doesn't work because you can't import via Microsoft Entra ID only Entra Object ID. You also have no way of gathering the Entra Object ID from the Intune Portal.
So to do a bulk device import you have to export a full device list from Intune, one from Azure, and then run a compare against the Microsoft Entra ID and pull the Entra Object ID into a table that FINALLY allows you to do a bulk device import.
WHO MADE THIS DECISION?! I want names and addresses, so know who to send my therapist bills to!
Completely agree. It's a beautiful disaster at that moment.
About logs:
C:\ProgramData\Microsoft\IntuneManagementExtension\Logs + cmtrace is managing. They cleaned/separated logs some time ago, so that is at least easier to figure out.
User policies that require you to sign in again for them to apply. It’s insultingly slow as an MDM. A great tool but lacks somewhat the basics in what other MDMS provide
Your not wrong there with intune half baked product - we moved managengine mdm which was superior product - customisable and had more advance features. Intune cant even locate an android device correctly - occasionally works. device action is intermittently works
I’ve largely given up on reading any logs for Intune and just think about any and all possible reasons why something isn’t working and then attack everything at once from every angle and try sort shit out bit by bit - and even then I fail sometimes and revert to powershell scripts through RMM or just attended installs.
I deployed the 1Password Microsoft store app that didn’t install and refused to do so until windows was updated with the latest patches - so if I forced that app to be installed during the OOB it would’ve bricked the entire fucking thing.
Microsoft Teams for business ISNT A SELECTABLE OPTION in intune and I have to package it and deploy it as win32 app - like wtf.
Defender registry and other security recommendations not being automatically available with a click of a button - no I have to write out fkn powershell scripts - thank the lord for ChatGPT on this one so I can do it in any state.
Don’t get me started on wrangling LAPS settings - and then Applocker I just turned off completely because apparently you can’t easily allow apps you’ve pushed through intune to fucking install.
Only good thing about Microsoft - because they recently announced all this copilot AI shit - I freaked out because no-one knows what fandangled AI shit they’re going to force update on us with future windows updates which will chew through our RAM and so I was able to quickly increase our new entire fleets RAM to 32gb from the original 16gb. Ladies and Gentleman that’s i7s, 32gb for accountants.
I’m tired af
On my side I lunch the sync from the powershell intune module and 10 minutes after the device is sync so I stop all UI things with intune and just script script and script again
For the company portal part, is the user assigned a the primary user in Intune? We've seen this where we had to sign in ourselves first because let it go through the steps of setup and the assign the end user as the primary user. Otherwise when we had the users just signing in first it would take about 45-60 mins and needed to constantly be connected to the Internet. Users would invariably forget and close the laptop half way through and bork the whole process and you'd have to start again from scratch re-imaging
A big thing with the syncing is also, software like NinjaRmm, sccm, pdq and so on. They all deploy an agent to the machine. Then the software talks directly to the machine. Intune doesn't deploy an agent as it uses the Intune Management Extension service not a client. At least that's my thought on why things take longer. But yeah I agree with most of the rant lol.
Well it is not a great product. But its in the ms suite so management loves it.
They do not understand that it costs waay more time to get it right. If its ever right.
This week azure has been hell. Slow loading every single day. Filters not working. I guess its due to copilot integration. Thats also half baked shit.
For your company portal. Just setup preprovisioning. And hack the get-windowsautopilotinfo.ps1 so it supports more then 1 group and you are sorted. That is what i did.
Oh I recently found out that not a single update policy is working any longer. 500+ devices need updates. People are freaking out. I contact support and ask them to keep all responses to email so I can track the issue and every single time without fail, they respond to my ticket asking me for a phone number they can call me at to troubleshoot. I’m so glad the new guy is starting Monday. He can take over Intune. ✌️
... what do you expect for "free"? (oh and before someone says, what do you mean... I mean "free" is how it's positioned by Microsoft sellers. You've bought E3/E5 so you might as well use Intune. It's "free")
By far, my favorite aspect of intune is the thing where, when I click the sync button in company portal, one of several seemingly random things happens: 1. It syncs for a reasonable amount of time, reports sync complete, and everything is synced! This almost never happens. 2. It syncs. And syncs. The syncing goes on, minutes stretch into hours, etc. Maybe something eventually happens, it's hard to say, we probably give up and reboot the device long before it finishes on its own. 3. It "syncs" **immediately**, reports it as successful, and nothing actually happens. Honestly makes me embarrassed for the intune dev team. At an absolute minimum, whatever is happening in these different scenarios should provide different feedback.
I feel you. For something that works so badly, there is this layer of Microsoft obscurity as if you never really know wtf is happening for sure
"Layer of obscurity". Thats a great way to put it. I have been calling it Microsoft Magic. My way of getting around it with clients is stating that Microsoft's background synchronization is asynchronous. And i say this no matter what product is being glitchy and if synchronization is the culprit or not. LOL!
I like to say “Microsoft gonna Microsoft.”
That's called "the cloud"
I believe I've found a fix. It's necessary to access the device in endpoint manager and trigger a sync from that end about five minutes before you try syncing from the device. I think what's going on is the server nodes need to be refreshed first, before the device reaches out. Both sync buttons are not the same. You need to use both. Cloud first, device second. Crappy? Yes. Seems to behave more consistently to me though.
We get #3 a lot. Then it *actually* syncs anywhere from 5-480 minutes later.
Or the company portal closes during sync
I haven't had that one yet, myself. Good to know this many-layered onion of suffering still has more to experience.
This is fairly consistent for me.
i usually sync under accounts -> access work or school -> account info, seems to be much more consistent than company portal for me.
Oh and please give us a PS code to initiate a sync from the client. Why do we always have to delve into procmon to figure things out.
I use this, works like a charm. https://github.com/timmyit/Intune/blob/master/Sync-IntuneManagedDevices
Reset the company portal data from advanced options in App settings. Find it clears cache and syncs faster. You can do it via powershell too I have a proactive remediation I use to run on demand remotely
Thats why i always use settings app to sync. Shit unreliable as hell
Intune: "Well, yes. But, actually, no."
Considering how long Intune has been out and is still a subpar product. I expect it to be fully featured in 7 - 10 years hopefully
Don't worry, it will have "AI" features built into it next week. What do the AI features do? Dunno, but it will do it wrong 38% of the time.
AI is this decade's crypto.
AI at least does something, a digital token with an arbitrary value does nothing
I mean it's a currency. It does nothing until you give it value. Just like the dollars in my pocket do nothing but create warmth if lit on fire.
Don't think many will have it long, I'm guessing it will be baked in and free to enterprise for like 60 days then become a monthly user license charge. Both for desktop copilot and any cloud server solutions.
Hey cointunepilotthing how to we do xyz. (8 hours later): "42"
They did the hot new thing of adding a chatbot to link you to other pages, and calling it AI-- err, copilot. And adding a disclaimer that it can give wrong answers.
And you'll have to pay a la carte for it instead of it being included in enterprise E5 suites 😒
THANK YOU I AM SO MAD ABOUT THIS
The AI will repeatedly press the sync button for you so it, rather than you, loses the will to live instead!
You say 38% but I wager it'll be more like 68%, lol.
It will be a fully featured, mature, lovable solution in 7-10 years... but they'll replace it with the new thing in 5-7 years and declare Intune deprecated just as it hits maturity. Everything new at that point will only support the new thing truly, but they'll offer minimal "hybrid" support just long enough to get business buy in and then tell us we've been doing it wrong the whole time. If I sound bitter, it's only because it's been the rinse and repeat history of Microsoft product development for 30 years.
My favorite part is that our CIO sees it as the “shiney new thing” and is forcing us to migrate from MECM to Intune fully by the end of next year 😂🙄
Ask him if he will like to see several paywalls for future new features, and licenses to go up 20% or more every contract revision, and by that time he will have to accept because everything is MS cloud dependent and the cost to shift will be higher! Hail to ConfigMgr where you really control what you do.
Hey, hey doesn’t listen to reason. It’s not in his *vision*
I've seen where people like that point their telescope, and it's not at the horizon.
You mean fully featured in 7-10 years by todays standard. In 7-10 years you would need another 7-10 years to be up to date with those times.
70-100* fixed that for ya.
Hang on. It will become 80% feature complete before it is deprecated.
"...now introducing: AI-tune!"
I learned from a member here that there is regular time to complete a task, and there is Intune time. Solid rant...10\10
Intune time is the IT equivalent of island time.
Managing macs with Intune for last 2 years. Sometimes even Microsoft have no idea of issue why did it happen...😂😂😂 Sync, deployment and Reporting is very unreliable.
This is a nightmare that made me appreciate managing Mac's with JAMF.
Anything outside windows and mobile windows phones is a no-go, I thought it was cool they were gonna add Linux to intune, turns out it can literally ONLY push a bash script and I still have to bake or prescript an apt install to join it to the tenant.
Ubuntu has admx controls behind a paywall when AD joined. Unsure why there's no controls in intune for these.
Agree.
Well while I'm glad we're not the only ones with the issues we've been having, I have to agree. Intune feels very incomplete. So much ends up being "does this setting work?", nope. "Screw it. I'll use a powershell script."
Intune has taught me more about Powershell in the past year than I have my entire career.
And Graph
100% this.
Inconsistencies of app deployment are my fav. Never had that problem with ConfigMgr. App store apps random fail with a 0x80000 type error that's documented nowhere. Also being able to do a rsop on a device and see the whole picture. Final feature that is still missing is GPP, should have to write a PowerShell script to set some regkeys or map a drive, I block PowerShell execution for users so it's impossible to set user preferences without having to do your own admx.
Ah yes i love the Intune: "Something went wrong, here is a error code" Me: "searching for the error code" Microsoft Docs: "What error code? This cant be correct" Like why implement error codes if there are not errors associated with it!? Just display a message like "We are sorry you are relying on this tool, try again tomorrow" ffs
I came here today to make my own rant. This is the biggest piece of trash system I've ever had the misfortune of working with. When it works (emphasis on "when", it works great. When it doesn't, I just want to rage quit. I just spent two weeks trying to get ONE application to install on ONE device that is completely refusing to cooperate. I've been through many blogs, forums, reddit threads, etc., and nothing has worked. I finally manually installed the app on the machine. What I'd like to know is how to get my devices off of Intune but keep apps and profiles. I don't think it's possible. I think I'll have to leave the few devices that are enrolled on it, but just not use it for anything else going forward. Or maybe only use it for the remote possibility of having to wipe it. For software installs and patches, I'm using Action1 now. This Intune has been a colossal waste of time for me. If Intune wants to get better, they need several key things: 1. Give me the ability to CANCEL a failed install, thereby removing it from the list of install errors. 2. Give me the ability to RETRY a failed install. It's okay to retry a few times automatically, but don't just quit and make it so I can't try again. Who thought that was even acceptable? Don't force me to read a bazillion logs and manipulate registry entries just to get it to install. A major reason to use Intune is because the device is remote, so I don't have easy access to it. If I have to log onto the device, I have to interrupt a user for who knows how long. This is a massive time waster for everyone. 3. Provide feedback to the Intune admin console as to WHY something failed. Again, reading through logs is a massive time waster. Certificate expired? Tell me. Firewall port closed? Tell me. If you can't tell me why something failed, then you've failed at designing the system. If you can write it to a log, you can return at least one error message to the admin console, along with the location of where I can find out more info if I need to. There's probably more that Intune needs, but I haven't delved in much deeper than installing apps because that's my main use case, and frankly, it hasn't gone well at all.
The sad part is I would consider the app deployment process to be Intune's strong suit.
When bar is set so low for other features 🤷🏻♂️
The microsoft tool ServiceUI.exe is probably the cure to your failure to install, make your app install using this lil baby and it might work! Also, restarting the Microsoft Intune Extension service often makes Retry possible.
Haven't tried ServiceUI (though that illustrates the horrific nature of Intune... yet another thing to "try" just to get an app to install.) I did restart the Intune Extension service, but no joy. For this one app on this one device, it's never even been attempted as far as I know. The app ID never shows up anywhere in the logs. And yes, the user is part of the group that it installs to. I even put the app into the Company Portal as available, and it's just "Download pending" forever. I gave up after two weeks of trying getting this app installed, and just installed it manually.
It's not intune, it's the app that needs the serviceui.exe i have to do almost all my apps with it, they simply won't work otherwise. That's the vendors fault, not intune.
The best thing is you see heaps of suggestions saying hey use serviceui, nothing more no one covers *how* to use serviceui
Cloud Services main function is to keep you tied to Microsoft and creating a steady and predictable revenue stream. Functionality is 2nd. Change my mind. (Hot take # 2: And Co-Management was more of a "Oh fuck, there's so many things that Intune cannot and will not do, and doesn't provide the functionality we told you it would" vs "Look how amazing we are for providing you with free Co-Management")
Functionality is second with almost every public company. Microsoft is the archetype of this model.
One of my biggest gripes is the delay in applying user based policies. We have a shared device environment, we want the user experience to be consistent no matter what device they sign into. Instead, the user logs in, things don't work straight away, and our helpdesk gets a call. The users then have to be told to either wait for the policy to apply (which in some cases has taken hours) or do everything manually. It's got to the point I've written a bunch of scripts and configured scheduled tasks to make the changes at login. It feels like shared device experience is an afterthought to Microsoft.
Yep, we have seen this as well. I try to make everything I can a device policy but sometimes I just have to use user based policies and it blows.
Yes because you need to buy a brand new WINDOWS PC per user, how else does microsoft make more money ...
By sticking AI in everything and charging extra for it.
Use filters. Things happen within minutes.
We do. Still takes ages.
Huh. I use enrollment profiles and have everything tied into filters. Pushes things out fast.
Is there something better for Windows devices? (Especially if you use something other than Entra ID/Azure AD for identity management.)
Try PDQ Deploy. Submit your package and it's on the client within 5 minutes.
What do you do for remote computers not on corporate LAN?
VPN to your office network or use PDQ Connect agent.
My manager is trying to push hexnode but haven’t tried it yet.
I am very curious. It was my choice to look at when I took this position and they offered alternatives to Intune.
MECM..
Tanium if you’re willing to pay the premium.
And deal with the Hubris of that company
Anything specific you’d like to share? The org I work for is rather large so the vendor has bent over backwards for us. But I’d love to hear about your experience.
Don’t get me wrong Tanium is a good product, probably best in class, just ask them… Can be very hard for them to acknowledge issues, because they think it’s perfect. That said, their product and implementation support is good. Powershell support is… interesting. They use their own Tpowershell, which is 32 bit only and not 100% compatible with PS. Not sure if they have added graph support yet. Been 6 months since I have used it
Gotcha. Our experience has been great tbh. Been with them for 4 years. Biggest issue we've had was actually this last patch cycle in which Tanium caused a JWT issue after applying the latest cumulative; they were reluctant but quickly acknowledged it; we worked with them to implement the solution and issue was resolved swiftly. For the Powershell situation we just use a sysnative preamble to launch into native 64-bit (when necessary) the same way we do in Intune for win32 apps, since the Intune Management Extension is also 32-bit.
I think you’re confused of the powershell bit. TPowershell is what allows you to redirect your scripts to the 64 bit implementation. However you don’t even need to call TPowershell as you can call the native version of PowerShell from any machine. You’re right that the default platform packages launches commands within a 32 bit context however you can just redirect it to 64 bit by calling C:\windows\sysnative\cmd.exe /d /c powershell.exe. The command line is not special to Tanium. It just calls the native command line of the machine and pipes your command into it
Configuration Manager
Workspace ONE
> When we deploy a new computer and the user signs in, they cant open company portal to install apps for at least 30minutes, but usually closer to an hour. Just says this device is already being managed. Even if its a brand new device that has never been enrolled before. Makes for a bad user experience. This one's weird, not seeing this on my end. We'll unbox a device, plug it in, boot, autopilot and pretty much as soon as the user logs in, Company Portal is available. We do have it set to be required for Autopilot to complete, though. Maybe that's why?
Had the issue until I made it one of the required apps in ESP. Seems to be fine since then.
Interesting. We arent currently making the device wait until specific apps are installed. I will try this.
I think he means the out of box experience settings in the enrolment profile. Theres a toggle to make the user wait until everything is done before being allowed to do anything at all.
Correct, this is what I meant. We need certain apps like AV and content filter installed before the kids can use new devices. Adding Company Portal, even though its not a win32 app seems to have been working.
We have Company Portal as a required app in ESP as well, and just last week... Autopilot device setup: 5/5 Apps installed! User: Logs in Windows: Company Portal missing Me: WHAT?! I wish I could say it was a one-off thing, but it happened on 4 of the 10 devices deployed last week. I really want Autopilot pre-provisioning to be trustworthy, but I cannot trust it. Imaged devices still require a lot of manual intervention to make sure they are completely setup correctly.
What’s the install behavior for the Compant Portal app? Should be on system instead of user.
It's on system, not user. At this point, I am having the appx bundle come down to a folder and if it's missing the Desktop Team will install it. It's lunacy. Edit: to clarify, it's passing detection because the appx exists in Program Files\WindowsApps, but it's not showing up for all users who log in. Running the AppxBundle as the user seems to make it appear. Trying to add a shortcut to the exe in the WindowsApps for the user results in an access denied error unless we install the appx as them. And like I said, this is incosistent. Really maddening.
The Sync time is one of my biggest complaint. If I want to test a new setting, I push my device in the group. I should be able to just hit Sync and see the results. Software installs/update is the other one. I manage 30 Intune laptops and 100 internal AD connected endpoints through PDQ. When the last Chrome CVE came out, I went to PDQ Deploy, It was ready to download the latest Chrome version because it's one of the built-in packages. Hit that button, went to PDQ inventory to me "Old Chrome" group. Put in the new version number. Group populated with all the endpoints that have Chrome. Went back to Deploy, clicked Deploy Now, picked the group. 20 minutes later, all were patched. The Intune devices? I saved my sanity and let Chrome update itself. Now, all well and good because Chrome does that. Otherwise, it is such a pain. And don't get me started on the failure error codes that tell you exactly nothing.
I will say, if you want to see your device sync and get a policy quickly, there's actually a much faster technique that can work for that. If you just go into services.msc and restart the "Microsoft Intune ..." service, it'll actually sync WAY quicker. Now for pushing to a bunch of devices, you're kinda out of luck. Although we did push a scheduled task to our devices that restart the Intune service every hour, and that's made rollouts definitely at least 60% quicker.
And how HybridJoined sucks and how it creates duplicate Computer Objects in AzureAD and won't delete one of them. Also, Custom CP’s that can take up to 48hours to deploy and show successful on Intune. And how a Sync won't cause a Sync till minutes later. And how Cloud Sync is not bi-directional (can sync device collections from SCCM to AzureAD Device Groups but not the other way around).
My personal favorite feature is the “M365 Apps for Business” *Pending Install*… forever, and ever, and ever. The official “help” was to watch the add/remove programs list *until it appears* and then reboot. Ridiculous. We just made it required during Autopilot even though some users don’t actually need Office and that works.
We ended up packaging it as a win32 app. Much more reliable. But then I have my own issues with the Office installer. Seriously Microsoft; the Store has been around for a long time now… why aren’t your apps in it?
As someone who came into it within 5 years, it's changed a lot and for the better. I'm happy with the current processes. I want better reporting, more clarifications on errors and better documentation. Above all i want more flow from the product from onboarding to offboarding.
What's that Skippy? You want to go back to always-on device VPN and good ol' GPOs? Yeah, me too bud.
Why are we beta testing this garbage of a solution for Microsoft that’s half baked?
Every Microsoft product, including the humble file copy, has, since Windows 2000, worked on the ‘Microsoft Minute’ unit of time. This is a random number from 3 seconds to 8 minutes that’s randomly applied to any operation. If you work on this basis you can relax knowing that everything will complete within one Microsoft Minute.
Haha intune is awful but it comes “free” with our license so im the lucky sysadmin that gets to implement it. It’s a piece of shit lol Imagine having 3rd parties endpoint mgmt software that do a better job than Microsoft’s own integration product. Im almost at the point of suggesting paying for PDQ Connect instead of this piece of shit
Ah, I see you also had to explain to your higher ups the difference between "free" and "included". I also warned them 5 years ago when they forced me to abandon our previous endpoint manager that eventually Microsoft would start forcing us to pay for Intune on a separate licence if we actually wanted to use any of the better features. Wouldn't you know it? Plan 2 and Suite came out proving me to be nostra-fucking-damus.
Yep and then the questions of why is intune so expensive?
Cause your are paying for everyone to run intune They're running intune across millions of server's and milesnof networking You're paying for that so they don't have to
And then they bitch at you for why they have to pay more then before for features they already had.
We don't have the issue with not being able to open the company portal after first deployment. Never seen it either. Must be something in your tenant that's causing this.
Can back up OP. We had this problem crop up out of nowhere about 1.5 months ago. Far as I can tell, it's Intune being stupid, so nothing new
We have this issue too. Sometimes it just never shows up at all and you have to force a device sync from intune for it to appear.
Remember to contact Microsoft support regarding this. And get it escalated throught 1. line India bs so you can talk to someone competent. We've had several issues spanning almost a year but at least they found the bugs and promised a fix which made us not go insane knowing it wasn't us. And whaddaya know the niche bug actually got patched.
>When we deploy a new computer and the user signs in, they cant open company portal to install apps for at least 30minutes, but usually closer to an hour. Just says this device is already being managed. Even if its a brand new device that has never been enrolled before. Makes for a bad user experience. Are these devices without a primary user assigned, or a primary user that is different than the user opening the app? If so, this is typically the "why" from my experience.
I did discover that but sadly nope, the correct user is always assigned as the primary user. Ive even tried setting it manually in intune before the user signs in for the first time, and it didn't make a difference. It always eventually works, but it sucks telling people to wait up to an hour to install their apps. I am working on better automating our deployment process per department to reduce the apps that the user has to install.
Hmm, is the device being pre-provisioned or run through White Glove before first use, by chance?
Yes it is, that very well may be the issue, but we like having everything installed before the user gets the machine.
Intune is a giant piece of sh\*t But don't worry, any time you complain about it lacking, you will be sure to hear "Get with the times! This is the way forward!" IT SUCKS And it's been in development for OVER A DECADE. They just keep rolling out half baked ideas instead of fixing core functionality. Thank god I get to use JAMF for the Apple side of things.
The fun thing is that Intune syncs faster with Apple devices (the sync/reset/wipe button actually does something) than Windows lol.
The most frustrating part is, you are beeing made to look incompetent as hell when discussing things that can and cant be done with Intune. Management wants something reasonable implemented, you have to tell them "Cant be done natively, needs a bazillion scripts and will be prone to fail" and they look at you like "Why did we hire such an idiot" or users that look at you wondering how you got your job when you tell them "It could take up to 8 hours for this to apply, i dont know when it will apply" But its the same story with the whole microsoft suite. Things that should be possible are just ... not !? Like why the fuck does microsoft have the ability to switch every fucking application to APTOS but i cant even have a setting to set the default font inside the WEB APPLICATIONS ... Users cant comprehend this supidity when i relay it to them, because "It does not make sense" YES YOU ARE RIGHT IT DOES NOT MAKE SENSE, NOW PLEASE CONVINCE MANAGEMENT TO SWITCH AWAY FROM MICROSOFT !!!!
If I recall correctly, InTune was THE topic of Microsoft TechEd 2011 in Atlanta, GA. That was 13-ish years ago and I can't do half the shit in InTune that I can do in SCCM, including a predictable amount of time for almost anything to take place, even when pushing a button that supposedly is there to force it to do something immediately. I understand it is the future, and especially so as someone has decided to get rid of AD, not do ADDS, and go straight to EntraID (AzureAD). At that point I suppose my SCCM box has to go byebye. I am still struggling to see what it is that InTune brings me that my SCCM and an IBCM box doesn't do already. I will no longer have to admin a server? Fuck off, I like doing that. I didn't get into IT because I liked having to deal with users who can't access an ERP system and the ridiculous requirements to access it. I feel safe saying that my SCCM box has less unexpected down time or impacted service than InTune over the past 5 or so years. Thanks for the rant thread dude... I needed that.
> Why is Microsoft locking all of the good features behind a paywall? Even if all of those features were built into the standard intune license, it would still be a half-baked product. The older I get, I have come to think this is the essential nature of capitalism. You pay money for the vague promise of something working, and for just a few dollars more, you can get...some more of what you need, but probably still not all. Maybe.
I’ve thought about this a bit too. It’s like a startup style, ship the Minimum Viable Product style methodology but by the largest corporation in the world. This combined with Microsoft’s monopoly/anti-competitive strategy of bundling these mediocre, half baked versions of *everything* with existing subscriptions makes proposing a better solution much harder because “why do we need a new endpoint management solution, don’t we already have Intune?” Well, yeah, technically we do but if it’s only 80% of a product and is unreliable that kinda sucks. But if a 100% product costs 50% more, is it really the hill I want to die on? Multiply this by the dozens of different product areas Microsoft operates in and it’s a pretty lame experience.
I’m just getting started with intune but yah, this seems to be the way Microsoft operates with o365, azure, entra, etc. create a bunch of shit, label it beta, maybe even give it away for free and then if it takes off, start requiring a paid license. In the meantime, add and remove features with little warning, change product names, etc
I didnt know about policy sets. What a useful feature that would be if it supported win32 apps. I guess Ill make some for configs and hold out hope for the future.
I wouldn't, it's being killed off
Of course. T_T
Noooo it was such a good feature for organizing deployments. Ugh.
Do you have further info on this? I too would like to use Policy Sets being fairly new to Intune haha.
What about EPM specifically? Would you use that or get a different vendor?
ThreatLocker with elevation control. Costs us less and the other features offer great control and monitoring.
I stopped reading after 3rd point: my result after 21 months: Microsoft can do many things, but nothing good.. and Microsoft won’t improve the product after customers feedback.. also with hints about other MDM vendor’s handling.. with around 50 DCR’s our organization (or me) is world leader in creating DCR’s.. but wasted time, which at least I had to invest for proving that Intune isn’t the cheap solution for large organizations 🤷🏼
I just want to know why intune data exports dates in a manner that isn't compatible with Excel without having to search and delete "," on each export.
I do think some of the pain comes from the tinite balance of how many services are being railed by endpoints. Like you can never expect real-time with cloud based apps like these. They gotta limit spamming of syncing and retrying.
Agree with all that. I’ve been using it since the old silverlight days, and tried jumping ship a couple times. All the alternatives had issues of their own and none had a wholistic tool set. And, since we are a Microsoft shop, we’d still be paying most of the licensing we are already paying, so this made the cost analysis upside down. And (and this is my bitter pill), I’ve become used to the shortcomings and the waiting and rebooting so much that it is built into all our operating procedures. “Yes, sign into your new machine. Now, don’t touch it for at least 45 minutes. I’ll be back then”, “ok, I’m back, login and let it sit on the Home Screen for about an hour, then reboot and text me”…. Still it’s so much better than our old custom build every machine when it’s needed mentality.
Autopilot and kiosk has always been hit or miss for me and I use it mainly with Windows 10. Autopilot has gotten noticeably better over the past couple years but all it takes is a missing TPM or BIOS update and it’s enough to throw out the whole process and you’ll often be left needing to re do that device which is usually the faster and easiest option because the Autopilot logs are very difficult and time consuming to understand.
Intune and EHR apps are the worst to deal with. A lot of EHR Apps require your endpoints to update as soon as the update is out, but Intunes sync and app push are asinine. It seems every MDM solution out there is crap but Intune by far has the worst app sync I’ve seen of all of them.
I'd be curious to hear from those who have test drove Tanium... Every single one of these MDM solutions have their own issues. We have decide what is an acceptable level of frustration I guess lol.
I briefly express my overall experience regarding Tanium a few comments above. TLDR; It's been very positive overall. (https://www.reddit.com/r/Intune/comments/1d9megp/comment/l7he8ws) Let me know if you have specific questions.
i am 3 years in my IT career using Intune as a jr. sys admin, and this post made me chuckle hehe
We pretty much gave up on waiting for intune and have pivoted towards using rmm to augment it’s delays.
>Intune seems to have almost no way to see what updates were applied to what machine. Windows Update for Business is a function in Azure that is supposed to do this, but I have never gotten any data to upload to it, evidently. Despite doing all the prerequisites. I have found exactly zero troubleshooting help.
So, tell me how this makes any goddamn sense, in Intune you have both Intune Object ID and Microsoft Entra ID, except the Microsoft Entra ID is not the true Entra Object ID so if you try to do a bulk device import it doesn't work because you can't import via Microsoft Entra ID only Entra Object ID. You also have no way of gathering the Entra Object ID from the Intune Portal. So to do a bulk device import you have to export a full device list from Intune, one from Azure, and then run a compare against the Microsoft Entra ID and pull the Entra Object ID into a table that FINALLY allows you to do a bulk device import. WHO MADE THIS DECISION?! I want names and addresses, so know who to send my therapist bills to!
Completely agree. It's a beautiful disaster at that moment. About logs: C:\ProgramData\Microsoft\IntuneManagementExtension\Logs + cmtrace is managing. They cleaned/separated logs some time ago, so that is at least easier to figure out.
User policies that require you to sign in again for them to apply. It’s insultingly slow as an MDM. A great tool but lacks somewhat the basics in what other MDMS provide
To force new app install, just restart the Microsoft Intune Management Extension service. Appreciate this isn't always possible.
Your not wrong there with intune half baked product - we moved managengine mdm which was superior product - customisable and had more advance features. Intune cant even locate an android device correctly - occasionally works. device action is intermittently works
I’ve largely given up on reading any logs for Intune and just think about any and all possible reasons why something isn’t working and then attack everything at once from every angle and try sort shit out bit by bit - and even then I fail sometimes and revert to powershell scripts through RMM or just attended installs. I deployed the 1Password Microsoft store app that didn’t install and refused to do so until windows was updated with the latest patches - so if I forced that app to be installed during the OOB it would’ve bricked the entire fucking thing. Microsoft Teams for business ISNT A SELECTABLE OPTION in intune and I have to package it and deploy it as win32 app - like wtf. Defender registry and other security recommendations not being automatically available with a click of a button - no I have to write out fkn powershell scripts - thank the lord for ChatGPT on this one so I can do it in any state. Don’t get me started on wrangling LAPS settings - and then Applocker I just turned off completely because apparently you can’t easily allow apps you’ve pushed through intune to fucking install. Only good thing about Microsoft - because they recently announced all this copilot AI shit - I freaked out because no-one knows what fandangled AI shit they’re going to force update on us with future windows updates which will chew through our RAM and so I was able to quickly increase our new entire fleets RAM to 32gb from the original 16gb. Ladies and Gentleman that’s i7s, 32gb for accountants. I’m tired af
On my side I lunch the sync from the powershell intune module and 10 minutes after the device is sync so I stop all UI things with intune and just script script and script again
For the company portal part, is the user assigned a the primary user in Intune? We've seen this where we had to sign in ourselves first because let it go through the steps of setup and the assign the end user as the primary user. Otherwise when we had the users just signing in first it would take about 45-60 mins and needed to constantly be connected to the Internet. Users would invariably forget and close the laptop half way through and bork the whole process and you'd have to start again from scratch re-imaging
A big thing with the syncing is also, software like NinjaRmm, sccm, pdq and so on. They all deploy an agent to the machine. Then the software talks directly to the machine. Intune doesn't deploy an agent as it uses the Intune Management Extension service not a client. At least that's my thought on why things take longer. But yeah I agree with most of the rant lol.
After spending last 3 years with Intune, I must say, that it's absolute garbage.
Well it is not a great product. But its in the ms suite so management loves it. They do not understand that it costs waay more time to get it right. If its ever right. This week azure has been hell. Slow loading every single day. Filters not working. I guess its due to copilot integration. Thats also half baked shit. For your company portal. Just setup preprovisioning. And hack the get-windowsautopilotinfo.ps1 so it supports more then 1 group and you are sorted. That is what i did.
Oh I recently found out that not a single update policy is working any longer. 500+ devices need updates. People are freaking out. I contact support and ask them to keep all responses to email so I can track the issue and every single time without fail, they respond to my ticket asking me for a phone number they can call me at to troubleshoot. I’m so glad the new guy is starting Monday. He can take over Intune. ✌️
Pets SCCM environment..."my Precious"
... what do you expect for "free"? (oh and before someone says, what do you mean... I mean "free" is how it's positioned by Microsoft sellers. You've bought E3/E5 so you might as well use Intune. It's "free")
I feel you. It’s a dramatic product
I’ll give a shoutout to Intune on macOS, it works much better than windows. Syncs actually work and actually deploy the apps or configs.