Absolutely.. for now. Just keep an eye though on where they’re going with all this. And remember, I’ve been a fan of GPOs for 24 years. Im for sure not here to bad mouth them and talk down about them. In some cases they are the only way to get certain the done in an on premises environment

You can apply Intune profiles to either domain joined or non-domain joined devices. GPO's can only be deployed to Active Directory Domain Joined devices, not just entra ID devices. Autopilot is a form of provisioning.

To address the discrepancy between what Microsoft Intune reports and the findings from your Tenable program, you can manually verify the settings on a device to ensure they're applied as intended. Here's a step-by-step guide to check the status of "Account Logon Logoff Audit Logoff" or similar audit settings on a Windows device, which is a common scenario for Intune-managed devices: Step 1: Use Local Group Policy Editor On the target device, open the Run dialog box by pressing Win + R. Type gpedit.msc and press Enter to open the Local Group Policy Editor. Step 2: Navigate to Audit Policies In the Local Group Policy Editor, navigate to Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies. Under Audit Policies, look for Logon/Logoff policies. Step 3: Check Audit Settings In the Logon/Logoff category, find the policy for "Audit Logoff" or similar. Double-click on it to check its configuration. Ensure it's set to "Success" or "Success and Failure," depending on your requirements. Step 4: Use Event Viewer to Confirm Audit Logs Close the Local Group Policy Editor. Open the Run dialog box again (Win + R), type eventvwr.msc, and press Enter to open the Event Viewer. In the Event Viewer, navigate to Windows Logs -> Security. Look for events with IDs related to logon/logoff activities (e.g., Event ID 4634 for logoff events). Verify if the events are being logged as expected. Step 5: Compare with Intune Reporting Log into the Microsoft Endpoint Manager admin center. Navigate to the device or user profile where the policy is applied. Check the policy status to ensure it's marked as "Success." Additional Tips: If the policies are not applied as expected, it could be due to policy inheritance, conflicts with other policies, or the device not receiving or applying the policy correctly. Ensure the device is properly enrolled in Intune and has received the latest policy updates. Consider using the "Resultant Set of Policy" (RSoP) tool or the gpresult command line tool to get a comprehensive report of all applied group policies. If, after these checks, you find that the settings are correctly applied and logged, but Tenable still reports discrepancies, you might need to investigate how Tenable assesses these settings or contact their support for further assistance. It's possible that Tenable's assessment criteria or method might differ from the actual state of the device, leading to such discrepancies.

John's courses almost always start out with 3-4 lessons that orient you to how his courses work, one of which touches on this question very, very clearly. The TL;DR version -> he does his best to update everything that he can, but due to just how often things changes with M$'s different Iaas, Paas and SaaS offerings (weekly in some cases), and the sheer number of courses he provides, it takes time for him to get to everything and keep it all up to date as possible.

Hi, yes you are correct on the difficulty involved in updates. Micrsoft changes their portals about every week.. at least it feels like they do. The concepts remain the same though for the most part. I work hard to update courses all the time. I've updated about 3 courses just in the past few days. FYI, on udemy courses you can always see when the last updates occurred on a certain course by viewing the sales page. Also, think about it like this. On Udemy, when courses are out of date, the reviews will reflect that. Students will write bad reviews about how the course is way out of date. My advice is always read reviews! That includes on my courses! I hope you'll find my reviews speak for themselves :) Remember, if you plan to buy any of my courses, get a Udemy discount by going to the link in the description of this video.

@@examlabpracticeAppreciate your prompt response and explanation.

@@markhokanson2401Thanks for the input Mark!

Totally depends on the org. Some of us only have 3-4 people on the IT team, so desktop and administration ARE the same people. Some folks are doing the entire IT department all by themselves. Ultimately it's up to your org's brass to decide who does what.

Yeah I was about to say a lot of the same things @markhokanson said. It's gonna depend on the company. The main issue right now is getting IT Managers up to speed on how things are changing. A LOT of IT managers are set in their ways and they aren't learning the new concepts. It's the "Old dog new tricks" problem. They are over the people that are learning the new concepts. So it's a challenge sometimes to get IT Managers to realize they need to handle control over certain things differently then they did 15 years ago. The good news is, it is possible with Intune to just give specific power over to certain people. You don't have to give an admin the keys to the kingdom, just to create a config profile.