this post was submitted on 17 Oct 2023
13 points (81.0% liked)

Sysadmin

7676 readers
85 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 1 year ago
MODERATORS
 

Hey guys,

We are struggling with our Azure joined machines used by multiple people during the day. Each time they log on to a new machine we get a helpdesk call for us to set up OneDrive / Sharepoint libraries synchronization in the client.

We know Intune can do this but Intune settings can take up to 8 hrs to propagate by which the user has already called us. This takes too long.

I've made a support call with Microsoft which has been open for a month now with what I think is a fairly straight forward question but they keep telling me they' re discussing this with their team.

Is there a scenario that sets these settings instantly that minimizes helpdesk calls? Or is this made for 1 user per device scenario's? Apart from reinstating on-prem DC's and whatnot ;)

Hope you guys can point me somewhere because Microsoft doesn't seem to..

top 6 comments
sorted by: hot top controversial new old
[–] themoonisacheese@sh.itjust.works 4 points 1 year ago (1 children)

Microsoft wants you to buy 1 PC and license per user. They pretend to support multi-user systems but in reality most of their admin tools suppose a machine is dedicated to a user, or that users are at least generally always using the same machine.

If you can programatically fix the issues causing the calls, put the fix in a login script using traditional mechanisms.

[–] HC4L@lemmy.world 1 points 1 year ago

We were expecting the same and wishes MS just admitted this to us so we can go on.

We have no good mechanisms to deploy startup scripts and try to rely as much as possible on the best-practises Microsoft has. If we ever get those anyway..

[–] ramble81@lemm.ee 3 points 1 year ago (1 children)

This may be what you’re looking for. Treat the system like a VDI install when you’re installing things and look for “machine-wide” installers. Also consider getting FSLogix (free from Microsoft) to put user profiles in portable containers.

[–] HC4L@lemmy.world 1 points 1 year ago (1 children)

Interesting article but not really what we're looking for:

This option is especially useful for computers with multiple users and for when you don't want executable files running from a user profile.
Other than where the sync app is installed, the behavior is the same.

It's not the installation but the configuration that is causing trouble. FSLogix would require on-prem hardware.

[–] Snowplow8861@lemmus.org 1 points 1 year ago

You should be using machine wide installers not user appdata installers. Are you not?

[–] Snowplow8861@lemmus.org 1 points 1 year ago

So aside from using machine wide installers and ensuring that users are licensed for those products, you also need to setup enterprise roaming.

By the way, intune policies if they aren't changing don't take 8 hours to propogate to the machine, they take hours to propogate world wide like group policy takes hours to propogate in international sized ad forests.

So if you've got your intune policy set to auto sign in one drive and teams and whatever apps, assuming all your devices are intune registered, that setting doesn't take hours to get to the machine. It's immediate on first login. If you change that setting, it's some hours to get it across every single machine. By the way in my experience, generally 80% of the time with a forced sync from the company portal app you should deploy with intune, it's practically as fast as gpupdate. There's a few times where you need to patiently wait 15 minutes but you can see that if you name your configuration profile like (v12) and you'll see it's either still (v11) or immediately (v12) and you stuffed a setting and it's still not working.