question

SebamedoX avatar image
0 Votes"
SebamedoX asked Crystal-MSFT commented

ESP and Autopilotprofile not arriving completly

Hi guys,

I have created a "policy set" that includes a Hybrid Join Autopilot Profile and a ESP-Profile. All the Privacy Settings, Cortana and so on are disabled.

Now im Starting White Glove/ Pre Provisioning. The White Glove Process gets a timeout after 60 Minutes even though the Timeout is set to 240 minutes. I can continue that process, but when i finally come to the user login page, I have to manually confirm every Privacy Setting that usually should be hidden through Autopilot-Profile. I see that the Autopilot-Profile has an effect on that device, because the Device gets joined to Active Directory Domain. But all the other settings dont take effect. What i can also say, is that the settings are written to the registry such as a 240 for the timeout.

Windows-Version: Windows 10 Enterprise 10 2004

Has someone ever had that problem before that settings from ESP and Autopilot hadnt had any effect to the devices?

mem-intune-enrollment
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

4 Answers

Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered

@SebamedoX, For our issue, I suggest to check if there's any conflict policies with Windows Autopilot configured in our environment. The policies are listed under the following link:
https://docs.microsoft.com/en-us/mem/autopilot/policy-conflicts

Hope it can help.

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SebamedoX avatar image
0 Votes"
SebamedoX answered Crystal-MSFT commented

Hey @Crystal-MSFT im going to figure it out and disable every Policy i can. Some of those mentioned policies are really activated so im kinda optimistic.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image Crystal-MSFT ·

@SebamedoX, Thanks for the reply. It seems the solution is close to us. Wait for your good news.

0 Votes 0 ·
SebamedoX avatar image
0 Votes"
SebamedoX answered Crystal-MSFT commented

@Crystal-MSFT :
Unfortunately the device again run into a timeout, after 9 of 10 Applications :(

But: Pressed "Continue anyway". The Privacy-Settings seems to work. Now i hadnt had to confirm any Cortana or other Privacy-Setting. But now im stuck at Identifying Security Baselines for the userpart.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image Crystal-MSFT ·

@SebamedoX, Thanks for the update. I am glad to hear that the Privacy setting is working well. For the App deployment issue, based on my experience, I met some issue with Office app during Autopilot. Could you check if we have office app deployed? If yes, Would you mind to remove the assignment of the office app to see if it is working?

However, if there's no office app existing, we suggest to remove the app one by one to know which is the affected one.

Hope it can help.

0 Votes 0 ·
SebamedoX avatar image
0 Votes"
SebamedoX answered Crystal-MSFT commented

Hi Folks, (Hi @Crystal-MSFT)
sorry for answering that late! I just found out, that I had two bugs in combination:

  1. The Privacy- or Cortana Settings - all those settings that you can do within the autopilot-profile which didnt work on the device

  2. The Timeout-Problem while Autopilot


Failure Number 1 was just like you said due to a security set policy. I think it was the setting, to disable other Microsoft accounts. But there was still the problem with the Timeout while Autopiloting. Ive just found out, that a Delivery Optimization-Profile had something to do with it. I can not tell you why, but after removing the assignments everything works fine - and the app installation works twice as fast now. But of course i would really like to have it enabled again, and find out what to change in that profile. By the way, that behavior is reproducable from my home network as well (when trying pre-provisioning), so its probably nothing about the company firewall i guess.

48197-deliveryopt.jpg




deliveryopt.jpg (73.5 KiB)
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image Crystal-MSFT ·

@SebamedoX, Thanks for the updating. I am glad that we find the cause. Congratulations!

For the Delivery Optimization settings, based on my researching, it will be used when the devices download applications and updates.
https://docs.microsoft.com/en-us/mem/intune/configuration/delivery-optimization-windows

For our issue, I think maybe our issue can be with the download mode. As "HTTP blended with peering behind the same NAT", it will get updates from the internet and from other computers on your network. As a test, we can change it to other mode to see if the result can be different.
https://docs.microsoft.com/en-us/mem/intune/configuration/delivery-optimization-settings

Thanks and have a nice day!

0 Votes 0 ·