You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: autopilot/device-preparation/known-issues.md
+29-2Lines changed: 29 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,6 +40,35 @@ This article describes known issues that can often be resolved with:
40
40
41
41
## Known issues
42
42
43
+
## Security group membership update failures might lead to non-compliant devices
44
+
45
+
Date added: *September 27, 2024*
46
+
47
+
If security groups aren't properly configured in Microsoft Intune, devices might lose compliance and be left in an unsecured state. The following are potential reasons for security group membership failures:
48
+
49
+
- **Retry failures**: Security group membership updates might not succeed during retry windows, leading to delays in group updates.
50
+
51
+
- **Static to dynamic group changes**: After the Windows Autopilot device preparation profiles are configured, changing a security group from static to dynamic could cause failures.
52
+
53
+
- **Owner removal**: If the Intune Autopilot First Party App is removed as an owner of a configured security group, updates might fail.
54
+
55
+
- **Group deletion**: If a configured security group is deleted and devices are deployed before Microsoft Intune detects the deletion, security configurations might fail to apply.
56
+
57
+
To mitigate the issue, follow these steps:
58
+
59
+
1. **Validate security group configuration before provisioning**:
60
+
61
+
- Ensure the correct security group is selected within the Microsoft Intune admin center or the Microsoft Entra admin center.
62
+
- The security group should be configured within the Windows Autopilot device preparation profile.
63
+
- The group shouldn't be assignable to other groups.
64
+
- The Intune Autopilot First Party App should be an owner of the group.
65
+
66
+
1. **Manually fix the provisioned devices**:
67
+
68
+
- If devices are already deployed or the security group isn't applicable, manually add the affected devices to the correct security group.
69
+
70
+
By following these steps, you can prevent security group membership failures and ensure devices remain compliant and secure.
71
+
43
72
## Deployment fails for devices not in the Coordinated Universal Time (UTC) time zone
44
73
45
74
Date added: *July 8, 2024* <br>
@@ -92,9 +121,7 @@ The issue is being investigated. As a workaround, add the following additional r
92
121
For more information, see [Required RBAC permissions](requirements.md?tabs=rbac#required-rbac-permissions).
93
122
94
123
> [!NOTE]
95
-
>
96
124
> The [Required RBAC permissions](requirements.md?tabs=rbac#required-rbac-permissions) article doesn't list the **Device configurations** - **Assign** permission. This permission requirement is only temporary until the issue is resolved. However, the article can be used as a guide on how to properly add this permission.
97
-
98
125
**This issue was resolved in July 2024.**
99
126
100
127
### Device is stuck at 100% during the out-of-box experience (OOBE)
0 commit comments