3. Intune admins - What are the key challenges / limitations on a day to day basis?

Intune admins - What are the key challenges / limitations on a day to day basis?

If I had to highlight anything you'll need, it'll be patience. Give Intune time to work. Trying to rush Intune just lands you in trouble.

Intune requires some patience. The UI will let you move through actions faster than the service can handle which can result in breaking the service or putting things in a bad state depending on the sequence of actions. Microsoft has slowly been making Intune more resilient to this but when it comes to things like unenrolling and re-enrolling you need to remember to do a self-imposed cool down after the unenroll to give the machine enough time to unconfigure itself before you attempt to re-enroll it. You also have to be patient when it comes to having a device that's been off for a long time come back online. Some admins wants to try to rush getting back to compliant or getting the user back into their e-mail and they end up making things worse. Be patient. Let Intune do its thing.

Upgrading apps that the user has installed but have only been made available (as opposed to required) is not quick and sometimes they never update. I still don't fully understand the mechanism.

Some of the baselines/policies/configurations templates Microsoft puts out don't correctly configure Microsoft Defender or don't properly disregard edition-only settings. E.g. If you try to configure WindowsSpotlight and apply it to a Windows Pro machine, it will report an error instead of considering it N/A.

You have to be very careful about layering your configurations as there are many templates where you can configure the same thing. The good news is that you can typically find conflicts easily.

The Company Portal app does not accurately report what stage it is in when installing applications even after refreshing. Sometimes it updates, sometimes it just reports whatever the initial status was. This is particularly annoying when it's a reattempt of a failed install and the status is "failed". The user has to know to pay attention to the toast notifications instead of what Company Portal's status field says.

On iOS, users can essentially break an app installation if they request to install a required app at the same time the required app is installing. I've never been able to get this to resolve without having to unenroll and reenroll the device.

Win32 applications can sometimes leave behind data in C:\Windows\IMECache and C:\Program Files (x86)\Microsoft Intune Management Extension\Content\Incoming that you have to clean up manually. I suspect this is caused by the machine losing connectivity before the automated clean up happens.

You can't layer policies you want to apply to specific users on but only while on specific devices. You can target users or devices.

I don't like that you can't really prevent global admins from logging into any random Azure AD Joined device. They shouldn't be caching those credentials on random computers. Would be nice if there was a hard stop to that.

Azure AD objects from dead/removed Intune devices are frequently left behind. You'll need to do some clean up here.

Android OS upgrades can sometimes leave you with duplicate AD device registrations. More clean up to do.

Selecting 'Manage' on an Azure AD object just takes you to the all devices list in Intune instead of to the specific device.

Unenrolling iOS devices may not actually revoke app licenses. You can manually revoke them later. It's just another thing to clean up. Remember to hit that revoke licenses button when you're unenrolling a device.

You can't hide store apps (Apple, Google, and Microsoft) when you no longer need them. They'll sit there forever.

There are many tables you can't sort or filter and the data that is exported isn't always nice to look at.

The Microsoft Defender reports only give you the last result of the scan. You don't get to see historical finds.

There is no built-in report to see where a group is being used in Intune (this isn't a unique problem to Intune).

There is no global report for software discovered on devices. You have to drill down to each device and look at it one at a time.

The Graphi API lags far behind feature releases/improvements.

/r/sysadmin Thread
Previous
Next

Recently removed from /r/sysadmin

I know of a crazy vulnerable Exchange server at my old work. What to do? Details inside. Intune Windows LAPS - Configuration Profile Applies Successfully, Yet Nothing Happens...Why? Woman starting in IT next month. Should I be worried or not? How to run a meaningful CyberSecurity Risk Workshop/Assesment Amazon Outage I don't know what I'm doing and I need help What's the point of using BitLocker with TPM instead of password when someone can always access your computer without entering a password on boot? How many of you despise IoT? Onboarding 1200 New Users - how to communicate passwords? Gen Z also doesn't understand desktops. after decades of boomers going "Y NO WORK U MAKE IT GO" it's really, really sad to think the new generation might do the same thing to all of us Modern SQL Express Backup Solution [GA] Employee claims she can't use Microsoft Windows for "Religious Reasons" So I got a "correctional talk" yesterday. Rant about new age "senior" IT "specialists" who don't know how to wipe their butt. Do you think remote work is slowly dying? Most companies seem to be pushing RTO, even big tech you folks think ?

More Random Comments

In welche Familien Geheimnisse wurdet ihr eingeweiht? Great things about living in the Netherlands! Why do atheists hate Christians more than all the other religions? They say that they don't, but in my last 5days of joining several religious groups on reddit, r/christianity seems to be the most bombarded with edgy 14 year old trying to be cool I have a question for girls about female characters. Should authors and the studio be arrested for sexualized female characters? The dark side of Netherlands: legal modern slavery Best Concussion Clinics In US 2021 What's one of your favorite things to see in porn? (Shameless Porn Sharing Thread) Păreri față de alcool Cam cat platiti factura la gaz pe luna? White House’s blunt statement on omicron (epic and based) A father manages to save his young daughter from a vicious dog attack. Megathread (75): Coronavirus COVID-19 in Nederland When you tell someone you have a tiny dick and they don't believe you or think you're joking has to be the most annoying thing on earth for guys with our curse. Why Does American Culture Denigrate Fat or Chubby Women? Dead Game? Nah.