We are currently using Intune with Autopilot deployments and receiving a vanilla Windows 11 25H2 image directly from the vendor.
We also have old laptops to redeploy
Hybrid joined.
In this scenarios, do we still need to use OSDCloud?
Also, what is the best approach to manage and update new HP or Dell drivers through Intune?
Hi All,
We are planning a family trip to Switzerland with our family of four. What would be the best time of the year to visit, and what are the must-see places and experiences you would recommend?
Thanks.
​
Hi All,
Currently we have Entra branding configured, but I’m looking at changing the sign-in page so it looks different from the default Microsoft page.
Before making any changes, I’d like to understand what impact this could have in production and the best way to approach the design and rollout.
If anyone has experience with Entra custom branding/sign-in page changes, please share any recommendations, lessons learned, or best practices.
Thanks in advance.
Hi Team,
We have a hybrid environment and are not planning to remove our on-prem DNS at this stage because we still have dependencies with on-premise.
We have Fortinet firewalls across all branch offices. Would it be a good approach to use FortiGate as the DNS server for Entra-joined endpoints?
My main question is:
What is the best way to reduce or remove on-prem dependency for Entra-joined endpoints while still maintaining access to these on-prem resources?
Hi All,
I’m planning to standardise and rename all our Intune groups. looking at the best naming convention for application user groups.
CompName-App-AdobeReader-U-Enable ?
Currently my Device naming
CompName--Win--D-Test
CompName--Win--D-Kiosk
Just wanted to check if anyone has a better or recommended approach before I proceed.
Hi All,
Currently, we have 430 controls that match the 25H2 baseline. When we create the Autopilot configuration for the new SOE, would you like us to apply these 430 matching controls?
Current devices are comply with ISO27001 and RFFR audits.
What is the best way to approach?
Do you apply these baseline to the Autopilot all dynamic root leavel group?
Hi Team,
We’re running a hybrid environment whfb with certificate trust (no Kerberos Cloud Trust). WHfB PIN works fine on most devices.
However, in the last few weeks, about 5–10 devices are failing with error 0xc0000a100. On those devices we see:
Event ID 7001 – Certificate trust auth failure
Event ID 6010 – Self-signed certificate rejected
Most devices are unaffected.
AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : YES
NgcSet : YES
AzureAdPrt : YES
EnterprisePrt : NO
EnterprisePrtAuthority :
OnPremTgt : NO
CloudTgt : YES
Has anyone seen this recently? Any updates or changes that could break certificate trust? What’s the best way to fix affected devices?
Thanks in advance.
Hi everyone,
I’m planning to transition our environment from Hybrid Azure AD Join to Entra ID joined devices using Autopilot, starting with a clean approach rather than carrying over existing hybrid policies.
At the moment, we don’t have Security Baselines applied, but we do have a number of Settings Catalog policies configured for Windows 11 24H2. I’ve noticed that the available baseline templates are aligned with 25H2, so I’m trying to understand the best way to compare our current configurations against the baseline and determine what should be carried forward for new Autopilot devices.
In parallel, I’m planning to implement a new structure for groups, tags, and policies. We also want a naming convention that supports future mergers or multi-entity environments, while still keeping the current company identity clear for day-to-day management.
I’d really appreciate any guidance on:
Approaches/tools to compare existing configurations with Security Baselines
Best practices for transitioning to a clean Autopilot setup
Recommended naming conventions for groups, tags, and policies in scalable environments
Thanks in advance for your help!