UAM makes deploying an app via Intune easy, but the policy runs willy-nilly as devices come online and check in. This causes apps that are being updated to close unexpectedly while in use.
A way to schedule maintenance windows for these apps would make this feature more usable for my clients.
Ya . . . the Intune Check-in is infamously frustrating (see this Michael Niehaus blogpost for more info).
We've toyed around with the idea of doing an agent that we can deploy to devices that would allow us to trigger installs/scripts/scheduled actions on command, but that has its own set of issues/concerns from a functionality/security perspective.
Another possible way we can work around this by possibly creating a scheduled task on the device to force a sync every few minutes (see Triggering Intune Management Extension (IME) Sync – Modern IT – Cloud – Workplace), but that could cause your Tenant to get flagged for too many requests.
Yet another way, if everything is on-premise, is to use a "jumpbox"-style approach where one device is trusted and sends out the commands to the other devices on the network.
None of those ideas is really "ideal", but one may be lesser of the 3 evils.
Which do you think would be "best" for your customers if you had to pick one (or suggest another), Randy Lehman?
A jumpbox is an idea. I've never set one up but the 1 client I'm setting this up for now has all on-prem devices.
I'm also looking into using our RMM for deployments/updates.
Please sign in to leave a comment.
Comments (2 comments)