u/capocayne

Hi everyone,

about 2–3 days ago I modified one of my device configuration profiles in Intune and changed "Allow Telemetry" from "Security" to "Full".

Since then, I noticed that in the report “Device counts by Secure Boot certificate status”, suddenly more than 200 devices are shown as “up to date” (we have around 400 devices in total).

My questions:

• Could this telemetry change have caused this behavior?
• Or is it more likely just a coincidence?

In addition, I now see many devices with the status:
"Under Observation – More Data Needed"

Portal description:

>

I’d appreciate some clarification on this:

• What does this status technically mean?
• Is it a temporary state after changes (e.g. telemetry adjustments)?
• Are there recommended actions to resolve or speed up this status?

Thanks!

Hello everyone, we have around 400 Windows devices in our company, a mix of hybrid devices and Autopilot devices. The Autopilot devices are mainly used by field staff, such as installers and service technicians. These users require elevated permissions for setup installations and for changing network settings, specifically IP addresses.

For this purpose, I configured the following setting under Endpoint Security → Account Protection:

• User selection type: User/Group
• Group and user action: Add (Update)
• Local group: Administrators

(And of course, I created and assigned a dedicated group for these users.)

My question is: is our approach correct? Because in our environment, I assume that LAPS cannot really be used effectively.

Also, how does the security aspect look in such a scenario? What would be considered best practice for balancing operational requirements and security?