This week’s mail sack question is from David Berner via email: Question: Quick question on compliance policies for iOS. If I add a second compliance policy and only target a subset of devices, when the second compliance policy is assigned, do the devices ever go into a weird evaluation state…

Week 3 of Friday mail sack blog and going strong! I spotted this question on reddit this week and it’s one I’m frequently asked. I think it’s a topic with enough nuance to form a meaty post. The (paraphrased) question is: Hey Scott… Why do some of my devices report…

The first week’s “Friday mail sack” blog post on Primary User was pretty successful so I’m going to keep this thing going for now! This week’s question is from @Devmgmt365 on twitter. …

It’s a new year and I’m trying to develop a new writing habit. I’m calling it my “Friday mail sack” as a nod to a hero of mine, Ned Pyle who once ran the DSTalk blog and taught me basically everything I ever knew about Active Directory and Group Policy…

Two weeks ago, I went to my first, ever Midwest Management Summit (MMS) conference and had a great time. As a Microsoft PM, I spent a lot of time talking to IT admins about a broad range of Microsoft Endpoint Manager topics. …

Here is the quick reference on harvesting AutoPilot device ID’s from OOBE using powershell. I created post just so I have a quick reference to copy+paste from whenever I need to do this for testing. Shift+F10 to enter command prompt from OOBE 2. Type Powershell 3. Type Install-Script -Name Get-WindowsAutoPilotInfo Y Y Set-ExecutionPolicy bypass Get-WindowsautoPilotInfo.Ps1 -Online 4. Provide credentials for your Azure AD admin account

Seen this message before? Anyone who has worked with in the Microsoft Endpoint Manager admin center has likely seen this notification pop up at some stage. If you configured custom roles and permissions, your chances are even higher. Issue 1 — Permissions The root cause is likely related to admin…

This is my watch list for new Microsoft Endpoint Manager on-demand content that has come out this week at the Microsoft Ignite virtual conference. These videos are in no special order and I’ll add some more as they are released for on-demand viewing. Update 11/2/21: Microsoft posted an official (and…

A common scenario for Microsoft Endpoint Manager admins is to exclude Teams devices from policies that are meant for mobile phones, not specialized ones. Consider a case where you assign an “Android” compliance policy to a group of users.. Now that policy is going to be enforced for those users…