cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

R80.20 Updatable Objects - Intune + Autopilot

Jump to solution

Hi,

 

Are there updateable objects in R80.20 for Microsoft Intunes and Autopilot?

Intune:https://docs.microsoft.com/en-us/intune/network-bandwidth-use

Autopilot:https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-requirements...

 

also, It would be nice if there could be a way to import/upload IP address xml, csv directly to the policy in R80.20 and not only via mgmt API. Or maybe there is something like this which I am not aware of

1 Solution

Accepted Solutions

Re: R80.20 Updatable Objects - Intune + Autopilot

Jump to solution

Has anyone got this working for unattended out-of-the-box Autopilot deployments?

 

According to this link Intune is required for Autopilot:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-requirements...

 

There is an AppControl object for Intune, but look into the detail and HTTPS inspection is required. How do you get a cert on to the device for HTTPS inspection when the whole point of Autopilot is to do a zero touch deployment on a fresh machine?

 

I've tried allowing the updatable objects for Azure Services and Office365 Services, but still get a whole heap of dropped packets to something.deploy.static.akamaitechnologies.com that aren't recognised as any particular app or URL.

 

I'm starting to think that the only option is to provision a separate build network to each building and just blacklist a few categories for inappropriate or high risk apps and URLs rather than try and make white-listing work. Any other ideas?

View solution in original post

Tags (2)
8 Replies
Admin
Admin

Re: R80.20 Updatable Objects - Intune + Autopilot

Jump to solution
I believe we'll have some way to specify your Updatable Objects feed (or maybe upload one) in a later release.
As for Intune/Autopilot, I have not seen these listed in the services for Updatable Objects.
Doesn't mean it can't be added in the future.
Highlighted

Re: R80.20 Updatable Objects - Intune + Autopilot

Jump to solution
Thanks PB,

Is it possible to share it with R&D. I believe it is not a lot of effort to add Intune/Autopilot as Updatable Objects
Employee+
Employee+

Re: R80.20 Updatable Objects - Intune + Autopilot

Jump to solution

Hi Shahar and all,

We're here and listening 🙂  More use cases and vendor suggestions are always welcome.

I'll be glad to discuss the use case further on, please drop me an email...

 

Thanks,

Dima

 

Re: R80.20 Updatable Objects - Intune + Autopilot

Jump to solution

Has anyone got this working for unattended out-of-the-box Autopilot deployments?

 

According to this link Intune is required for Autopilot:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-requirements...

 

There is an AppControl object for Intune, but look into the detail and HTTPS inspection is required. How do you get a cert on to the device for HTTPS inspection when the whole point of Autopilot is to do a zero touch deployment on a fresh machine?

 

I've tried allowing the updatable objects for Azure Services and Office365 Services, but still get a whole heap of dropped packets to something.deploy.static.akamaitechnologies.com that aren't recognised as any particular app or URL.

 

I'm starting to think that the only option is to provision a separate build network to each building and just blacklist a few categories for inappropriate or high risk apps and URLs rather than try and make white-listing work. Any other ideas?

View solution in original post

Tags (2)
sajin
Nickel

Re: R80.20 Updatable Objects - Intune + Autopilot

Jump to solution
Hi, Updatable Object for INTUNE is now available and still am getting blocked by deploy.static.akamaitechnologies.com. Do we need to allow Azure Cloud object along with INTUNE to work correctly.

Re: R80.20 Updatable Objects - Intune + Autopilot

Jump to solution

Hi,

I'm getting very similar issues.  The following appear in my logs:

a104-75-172-68.deploy.static.akamaitechnologies.com (104.75.172.68)

a23-209-84-4.deploy.static.akamaitechnologies.com (23.209.84.4)

a23-216-100-183.deploy.static.akamaitechnologies.com (23.216.100.183)

a95-100-144-120.deploy.static.akamaitechnologies.com (95.100.144.120)

Intune has made a lot of noise go away.  

When will Autopilot be available as an Updatable Object?

Admin
Admin

Re: R80.20 Updatable Objects - Intune + Autopilot

Jump to solution
Probably best to get the TAC involved if you haven't already.
0 Kudos

Re: R80.20 Updatable Objects - Intune + Autopilot

Jump to solution

the problem with intune and autopilot is that it uses many URLs that are not listed anywhere and unfortunately, you have to allow them manually

TAC will not able to assist in this case

a Tip from CPX: Try to contact Check Point overlay team via your local office, they might be able to assist 

0 Kudos