Hey guys...! I am Zubair Riaz and I have 8 years of experience in IT System Administration. My purpose of this Channel is to assist and share knowledge with all beginners, intermediate and experienced professionals in System Administration including Cloud and On-premise Technologies. Many people might consider themselves above learning new tips and tricks, but there are always new ways to sharpen your skills in IT and we bet that you will find at least one useful thing here that you didn't know before. we will try to compile some of the most handy computer tricks you should be taking advantage of. The ultimate goal is to share knowledge and help you become more productive and Skillful. Of course, you can always pass along these tips to your friends and colleagues to help them become better and Skillful users as well. Furthermore, You can suggest me more required and updated technologies.
When BitLocker is turned on, it encrypts the drives, and the way it works depends on the configuration: 1. No Password by Default (TPM Mode): Most modern systems with a Trusted Platform Module (TPM) chip use TPM-only mode. In this mode, BitLocker encrypts the drive and stores the encryption key in the TPM. When you start the computer, it unlocks the drive automatically without requiring a password, as long as the system integrity checks pass. 2. Password or PIN (Optional): If configured, you can enable additional security options: PIN: You can set a PIN that must be entered before the drive is unlocked at startup. This adds another layer of protection alongside the TPM. Password: If the device doesn’t have a TPM or BitLocker is set up in a particular way (like on removable drives), you can configure BitLocker to require a password at startup to unlock the drive. 3. Recovery Key: BitLocker generates a recovery key when encryption is enabled. If the system fails the TPM check, or if you're using a password or PIN and forget it, you'll need this recovery key to unlock the drive. This recovery key is typically stored in Azure AD (if managed via Intune), or you can save it in other locations like a USB drive, file, or print it out. So, by default, no password is required at startup if TPM is used, but you can enforce a password, PIN, or recovery key depending on your BitLocker settings or Intune policies.
What is the user experience on the device that has had the primary user changed? the situation we are in, one of our sites a single tech imaged and enrolled over 100 devices with his credentials and then handed them out. Once we change primary user within Intune what will happen on the device? In other words what is the user experience for the person who has the device and is logged into it when they become the primary user?
Thank you for you comment that will helps in sharing knowledge. As explained changing a Primary User will change the Device to a Shared Device, The scenario you explain should follow the process of creating DEM ( Device Enrollment Manager ) to enroll Devices. I have Video for Device Enrollment Manager in Intune play list if you want to watch... ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-ko5RL-gvn1Y.htmlsi=sD5a1LaTpVnCVoKW Also if the User turns into Primary User thats will be normal. And if any other user will be logged in that will be experienced as BYOD.
Please upload your required images as a slide show on any storage that accessable via internet and register that URL in the policy shown in video,same as i uploaded an image URL. Let me know if you have any questions. Thank you for your comment.
@@iteepk how to manage license for shared devices.. As no primary user is there.. we have user license to activate windows enterprise. How to manage apps ? Do we need to deploy with users group or device groups? Same for configurations?
@@sanjeev.bhardwaj shared device is shared between many users, Which apps you are referring? As of i think Shared devices doesn't need to have any Data or the Apps that could have Data, Like Email App, Who will use their email on a Shared device if the Device is shared between multiple users? And yes if you need to deploy apps or Configurations,you could do that. You could assign additional licenses as per requirements. You can create a shared email account and assign license according to requirements to a Shared Account/email,either you can use that account unlicense. That will work also.
I created a Windows Hello for Business profile. It was working fine, but recently, it no longer recognizes the pin. I get this error message: 'Something went wrong, and your PIN isn’t available (status: 0x000015b, sub-status: 0x0). Click to set up your PIN again.' Would creating a deactivation profile solve the problem?
Are you facing this problem only on a Single Computer or on more than one Computers? If its only the Single Computer then i think you don't need to create profile again. Also have you googled your error? Thank you for your comment.
I also have facing this problem as 05/09/2024. I'm using windows 11. I have try above method but not solved. I remember that the day before I installed the WPS. So what I do is just uninstall the WPS and the problem fixed.
Hi, thanks for the video! I've been testing the iOS Web-based device enrollment for the last couple of weeks and since a couple of days I've noticed Company Portal app install configured as required failed to my devices, when checking why, Intune says "Requisite app configuration policy not present, ensure policy is targeted to same group(s) (0x87D13B7F)" could you produce a video describing how to create the policy for Company Portal on iOS? that would be a big hit for your channel!
This is an excellent demonstration! The practical examples provided clearly illustrate the distinction between corporate-owned and personal devices. The application of configuration profiles to automatically filter and exclude personal devices from policies is a smart approach to ensure effective management of corporate devices. Great job on making complex concepts accessible and actionable!
Thanks for the informational video. I was wondering: When a PS scripts is deployed through intune; will the script run only once at first device sync? Or will it run at every sync? Say I want to deploy a script that creates a folder at the C: drive for all user, I dont want this to happen every sync. I'm new to intune, so pardon if this is a stupid question.
Intune Management extension agent will check every hour if changes are made to current script or assigned any new script. Even this process will run on the machine after every restart. Once the script executes it doesn't executes again until the Changes are made to the script or Policy. If your are worried about duplications then don't worry. 😊 Thank you for your comment and support. 😊
Great one, please kindly make videos on all kinds of Windows Server and Active Directory troubleshooting scenarios including Server Migrations, AD migrations and all other complex troubleshooting scenarios on Windows Server and Active Directory.
This tutorial is incredibly helpful! It provides clear, step-by-step instructions for wiping and removing a Windows device from Microsoft Intune. The emphasis on understanding the process is crucial for anyone looking to troubleshoot or transition devices effectively. Great job on making this complex topic accessible and straightforward! ...
Awesome explanations, making things so clear, wish you make all kinds of technical troubleshooting videos in future related to Azure Practical, Windows Server, Active Dorectory all complex and other challenges troubleshooting scenarios on them please.
Yes, I will try to create all videos related to Azure Practical, Windows Server, Active Directory and any other related to Cloud or Onpremise. Thank you for your comments and support. Take care... Keep growing and keep supporting @ITeePK
