Hi All,
I’m planning to standardise and rename all our Intune groups. looking at the best naming convention for application user groups.
CompName-App-AdobeReader-U-Enable ?
Currently my Device naming
CompName--Win--D-Test
CompName--Win--D-Kiosk
Just wanted to check if anyone has a better or recommended approach before I proceed.
Hi All,
Currently, we have 430 controls that match the 25H2 baseline. When we create the Autopilot configuration for the new SOE, would you like us to apply these 430 matching controls?
Current devices are comply with ISO27001 and RFFR audits.
What is the best way to approach?
Do you apply these baseline to the Autopilot all dynamic root leavel group?
Hi Team,
We’re running a hybrid environment whfb with certificate trust (no Kerberos Cloud Trust). WHfB PIN works fine on most devices.
However, in the last few weeks, about 5–10 devices are failing with error 0xc0000a100. On those devices we see:
Event ID 7001 – Certificate trust auth failure
Event ID 6010 – Self-signed certificate rejected
Most devices are unaffected.
AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : YES
NgcSet : YES
AzureAdPrt : YES
EnterprisePrt : NO
EnterprisePrtAuthority :
OnPremTgt : NO
CloudTgt : YES
Has anyone seen this recently? Any updates or changes that could break certificate trust? What’s the best way to fix affected devices?
Thanks in advance.
Hi everyone,
I’m planning to transition our environment from Hybrid Azure AD Join to Entra ID joined devices using Autopilot, starting with a clean approach rather than carrying over existing hybrid policies.
At the moment, we don’t have Security Baselines applied, but we do have a number of Settings Catalog policies configured for Windows 11 24H2. I’ve noticed that the available baseline templates are aligned with 25H2, so I’m trying to understand the best way to compare our current configurations against the baseline and determine what should be carried forward for new Autopilot devices.
In parallel, I’m planning to implement a new structure for groups, tags, and policies. We also want a naming convention that supports future mergers or multi-entity environments, while still keeping the current company identity clear for day-to-day management.
I’d really appreciate any guidance on:
Approaches/tools to compare existing configurations with Security Baselines
Best practices for transitioning to a clean Autopilot setup
Recommended naming conventions for groups, tags, and policies in scalable environments
Thanks in advance for your help!