Recent Discussions
SYSTEM CENTER IMPLEMENTATION & LICENSING Guide
Dear Microsoft Community, Our organization is planning to deploy a comprehensive IT management solution using the Microsoft System Center Suite. The goal is to streamline infrastructure operations, enhance backup and recovery, manage both virtual and physical resources, oversee endpoints, and maintain security and compliance. We need guidance regarding the number and type of licenses required, specifically Client Management Licenses (CML), Server Management Licenses (ML), and System Center Suite licenses.
Company Portal | App installation issues
Anyone else experiencing issues with downloading apps from company portal? Win32 apps, pressing install and just spins on “download pending… your device is syncing and will begin downloading your app shortly” Experiencing this issues with 2 different tenants. In 2 different countries now.Entra ID LAPS and BitLocker on Hybrid AD–Joined Devices
Hi All, We have Hybrid AD–joined Windows devices with BitLocker managed on-prem via GPO and BitLocker recovery keys already escrowed to Microsoft Entra ID. If we enable Windows LAPS in Entra ID (cloud LAPS), will this have any impact on: Existing BitLocker recovery keys stored in Entra ID, or Current/future BitLocker configuration and escrow behavior? Is there any dependency or interaction between Entra ID LAPS and BitLocker on hybrid devices? Thanks in advance Dilan
How to foce intune client in Ubuntu to synch automatically
Hello, in my company we have enrolled Devs Ubuntu devices to control some security setting and allow or not the access to our company apps and content. We have set compliance policies and enabled conditional access to check its. i have been surprised this morning by the last checking date of my Ubuntu laptops and ask my Devs of last signin in company portal client and the date match with the last checking date. I concluded, the company portal is synching only when the user open it and signin. This is a big problem for us because we are certified ISO27001 and we must check all devices compliance. Somebody has a script to deploy on those ubuntu devices and force a synch every day waiting for a Microsoft evolution of this process. Thanks a lot and regards MajidWindow 11
Hello I am using windows 11 few weeks ago I received windows update after update my windows started asking Bitlocker key i didn’t used Bitlocker my computer is stuck almost 2 weeks I don’t know what I do I didn’t used Bitlocker I buyed HP company alsmost 2 years. please help me to find solution without bitlocker key i can’t access my computer. thank you
Device Enrollment
Hi everyone, I need some guidance regarding a device-management scenario in my environment. We currently have Microsoft 365 Business Basic with the Intune Plan 1 add-on. All of our devices (about 150+) are Azure AD Registered, and I’m trying to determine the best method to enroll them into Intune using only our existing licenses. I’m unsure which enrollment method is most appropriate for this setup, and I haven’t been able to find a solid, recommended approach. I want to avoid unnecessary complexity and I cannot upgrade or change our licensing. I would really appreciate a well-structured explanation that covers: The best enrollment method for this scenario Why this method should be used Step-by-step guidance Pros and cons of the proposed method Any insights from those who have handled similar situations would be extremely helpful. Thanks in advance!
Issues with Windows 11 Autopilot Hybrid Joined Since last Week
Hi all, as of Thursday 4th December our Windows 11 Autopilot (Hybrid Joined) has ceased functioning. On the very first step, after the user attempts to enter their username&password, we can see the deployment profile gets downloaded to the device but then everything immediately stops with error "Something went wrong. Confirm you are using the correct sign-in information and that your organisation uses this feature. You can try and do this again and contact your system administrator with the error code 800004005". We can see that the ODJ process never starts. And we think we're seeing errors with the device reading the deployment profile JSON locally. Has anyone else had any errors? Wondering if Microsoft have made a change somewhere or have issues.Existing required application deployments policy is not sent to devices
I have couple hundred applications in SCCM/MCM that are set to required and whenever there is a new device is built, all these required applications automatically get installed. I am on 2503 and 5 days ago i started seeing this issue. But if modify that deployment with current date and time then the application gets deployed right away if i run Application Deployment evaluation cycle. I also tested by deleting the existing deployment and created a new required deployment and run Application Deployment evaluation cycle then the application installs right away. The problem seems like the Primary server is not sending the policy to the client for existing deployments. The application compliance that we see for every deployment under Monitoring for all the devices moved to Error with Success. Not sure why this is happening. All these changes i noticed in the last one week. A week ago all these Already Compliant and Success status device count is under Success tab. Let me know if you have any suggestions.
System Center Configuration Manager : Trojan QGIS software false detection ?
Hi, I’m not sure where to report or ask about this alert, so I’m posting here. I use SCCM to deploy the software QGIS (an open-source GIS application) to users’ computers using .msi installers. Recently, SCCM removed my installer and reported the following alert: System Center Endpoint Protection a détecté un programme malveillant sur un ou plusieurs ordinateurs de votre organisation Nom de la collection : _Tous les serveurs Nom du programme malveillant : Trojan:Win64/ScarletFlash.ASA!MTB Nombre d'infections : 1 Heure de la dernière détection (heure UTC) : 03/12/2025 02:14:24 Voici les infections de ce programme malveillant : Nom de l'ordinateur : xxx.xxxxxxx.xxxx Domaine : xxxx Heure de détection (heure UTC) : 03/12/2025 02:14:24 Chemin d'accès au fichier du programme malveillant : containerfile:_E:\Sources_Packages\QGIS\3.40.10\QGIS-OSGeo4W-3.40.10-1.msi;containerfile:_E:\Sources_Packages\QGIS\3.40.12-1\QGIS-OSGeo4W-3.40.12-1.msi;file:_E:\Sources_Packages\QGIS\3.40.10\QGIS-OSGeo4W-3.40.10-1.msi->application.cab->filD90E2F766C2B1014B0D199BDDDF46963;file:_E:\Sources_Packages\QGIS\3.40.12-1\QGIS-OSGeo4W-3.40.12-1.msi->application.cab->fil338C30DA73AC1014AF5482D1DA910BA5 Action de correction : Aucune action État des actions : Réussi Pour afficher d'autres informations sur l'activité des programmes malveillants dans votre organisation, exécutez le rapport des détails du programme malveillant. I contacted QGIS security team that says it's probably a false detection. How can I report this to Microsoft and request an update to their detection signatures to prevent this installer from being deleted? Sincerly,Microsoft Intune for MSPs resource guide
Welcome to your home for all things #IntuneForMSPs! Our goal is to help you grow your Microsoft Managed Service Provider (MSP) business by combining productivity apps, intelligent cloud services, and the world-class security of Microsoft 365 with the multi-tenant management capabilities of you, our partners. Join us January 20 at 8:00 a.m. PST (4:00 p.m. UTC) on the Microsoft Intune Tech Community and kick off our new community meetup series with a guide to getting started with Microsoft 365 Business Premium. Hear first-hand experiences with configuring and managing customer tenants and learn best practices. Community meetups will feature subject matter experts on camera with Q&A in the chat (Comments) on Tech Community. Come curious and ready to learn! Jump to: Marketing and business development | Demos and tutorials | Partner resources | Microsoft communities | Select content from Microsoft MVPs In the spotlight Click the image below to watch the Microsoft Intune multi-tenant management video with Jonathan Edwards. Marketing and business development Start by joining Microsoft Partner programs: AI Business Solutions for Partners Microsoft Security Partners Join the Partner Skilling Hub for Free Go to Microsoft Partner Skilling Hub Create your free account Select Solution areas of interest Intune content: AI Business Solutions, Security Recommended modules: Implement with impact: Endpoint Management with Microsoft Intune | Microsoft Partner Skilling Hub Implement with impact: Implement Identity and access management with Microsoft Entra - Modules Demos and tutorials Whether deploying solutions for yourself or for your customers, these resources can help you with prescriptive ‘do this next’ guidance to get you up to speed quickly. Download this guide: Enhancing Security with Microsoft 365 Business: A Hands-on, Effective Guide Follow along with the companion videos: Achieve greater security and productivity with Microsoft Intune and Microsoft 365 Explore click-through interactive guides for more advanced instruction: Microsoft Intune guided demos Topics include configuring app protection policies, configuring Conditional Access, updating Windows from the cloud, configuring corporate devices, deploying and managing line of business (LOB) apps, enabling Universal Print, accessing corporate resources on personal-owned devices, setting up Windows Autopilot for new device delivery, and reducing bandwidth consumption with Delivery Optimization. Partner resources Nerdio knowledge hub Inforcer resources Microsoft communities Microsoft 365 Blog small and medium business-related posts Microsoft 365 Partner LinkedIn channel Select content from Microsoft MVPs To find an MVP near you, visit the Microsoft MVP home page. Peter Klapwijk - In The Cloud 24/7 Blog Ugur Koc - Ugur Koc Blog Andy Malone - Andy Malone on YouTube Rudy Ooms - Call4Cloud Blog Somesh Pathak - Intune IRL Blog Oktay Sari - AllThingsCloud Blog Jon Towles - Mobile Jon BlogWin 10 Security Baseline: Issue with WHFB
Hi, I activated the Intune Win 10 security baseline on a set of devices. I know experience an issue with WHfB. My face and fingerprint is not recognized, rsp. the login process is giving an error, saying that I cannot be identified. One user reports, that when away from company WhfB works as expected, asking for face or fingerprint and as second factor a PIN. I have another policy in Intune that is giving MDM policies precedence over GPO, so I cannot understand why it works for that one user when outside of company. What settings in MDM security Baseline could possibly be the cause resp. be responsible for broken WHfB?Issues with Capturing Windows11 25H2
I have been trying to capture an updated image from vsphere8 and sccm. I had zero issues with 22H2 and 23H2 but now I cannot get sysprep to pass generalizing. This error keeps coming up but I have tried most things the great Google had to offer. Any one else running into this issue?Configuration Manager ADR for Windows Servers Not Deploying Updates
Hi everyone, We recently deployed Configuration Manager 2503 in our environment. The environment consists of the following: 1 Primary Site Server including Distribution Point role in head office, 1 Distribution Point server for a field office location, and 1 Site database server. We followed some articles or links online to deploy the Software Update Point on the primary site server that includes the Distribution Point role. The SMS_WSUS_CONFIGURATION_MANAGER, SMS_WSUS_CONTROL_MANANGER, and SMS_WSUS_SYNC_MANAGER components show a green checkmark and OK status. We followed some online articles or links to also create an Automated Deployment Rule as well. Despite creating the Automated Deployment Rules, it does not seem that updates are deploying to the targeted servers that are part of a Device Collection in Configuration Manager. Please advise what we should review to remediate this issue. Thanks.Deploy an application to Windows devices with specific serial numbers
I have a total of 200 new laptops which I would like to deploy a specific application using InTune. I have the serial number of all the laptops. These laptop are only identifiable by the serial number only and cannot use anything else. I've been searching for solutions but articles are not clear. Can someone please advise if this can be done? If so, can you guide me to a good article or with some points? Thanks in advanceAndroid 15 - CredentialProviderPolicy not surfaced by Intune
I have been having an issue with Android 15 devices. We use Authenticator as our password autofill provider. As soon as a device is updated from Android 14 to Android 15, the password autofill provider is no longer set and the setting to change it is 'blocked by work policy.' I have already tried removing all policies that apply to the devices (device config and device compliance policies) and factory resetting them. Simply having them enrolled as corporate owned fully managed devices causes this to happen. I raised the issue in the Android Enterprise community blog. A link to that is included below. Someone on that thread found that there is a policy in Android 14/15 called the credentialproviderpolicy. When that policy is blocked or unconfigured, this behavior happens. I cannot find anywhere in Intune where I can set this policy. It seems that it is allowed by default when managing Android 14 with Intune, but not set or blocked when the device switches to Android 15. Is there any way to specifically set a policy that is not reflected in the Intune UI? This is a blocker for being able to move more phones to Android 15. Link to Android Enterprise thread: https://www.androidenterprise.community/t5/admin-discussions/android-15-cannot-set-default-password-app/m-p/8827#M2105 Thanks, Tom
Multi-App Kiosk not applying on Samsung A55 (Android 16)
Hello everyone, I’m facing a critical issue with Android Enterprise Multi-App Kiosk mode on a Samsung Galaxy A55 (SM-A556B). The problem started suddenly last week without any configuration changes, and now no Android Enterprise configuration profiles apply anymore. What happened originally The device was running Android 15, and it had been working fine for months in Managed Home Screen (Multi-App Kiosk). Then suddenly: Managed Home Screen stopped showing all apps The device booted into MHS, but the screen was completely empty No policy changes were made on our side I tried several troubleshooting steps, but nothing fixed it. Eventually, I factory-reset the device and re-enrolled it as a Corporate-Owned Dedicated Device (COBO). Current situation after re-enrollment Even after a clean enrollment: No Android Enterprise device restriction profiles apply (Multi-App Kiosk doesn’t start at all) The device stays in the normal Samsung launcher Only very basic commands work: Remote restart App install/uninstall via group assignment All assigned apps show as Installed Profile status in Intune shows Success, but nothing is actually enforced I then upgraded the device to Android 16 (patch 2025-11-01). Unfortunately, the behavior did not change. Current configuration Android Enterprise → Device Restrictions → Multi-App kiosk Allowed apps: Teams, Managed Home Screen, Contacts Managed Home Screen installed Enrollment type: Android Enterprise – Fully Managed / Dedicated No OEM kiosk (no Samsung Knox settings) No Work Profile on the device Symptoms now Managed Home Screen never launches Kiosk mode is completely ignored Device is fully usable like a normal phone Only app deployments work, nothing else This began while still on Android 15 Updating to 16 did NOT resolve the issue Questions Has anyone seen this behavior where Android Enterprise policies stop applying entirely after MHS fails? Is there a known issue with Samsung A55, Android 15/16, or Managed Home Screen? Could this be related to a bug in the Fully Managed/Dedicated enrollment flow for the A55? Any recommended workarounds or known fixes? Any guidance is appreciated — this behavior is completely blocking Kiosk deployments for us. Thanks!Outlook Mobile Stuck in Login Loop on Intune Shared Android Devices
We’re having an issue on our Intune-managed shared Android Enterprise devices that are set up in Dedicated/Kiosk mode. When users try to open the Outlook mobile app, it launches and recognizes the signed-in user through AAD/Intune, but then it just gets stuck in a loop. It keeps showing messages like "Finding your account…" or "Identifying account…", and never actually loads the mailbox or even shows the normal login screen. Has anyone else run into this issue, and is there a known fix or workaround?
Events
Tune in to learn how Microsoft Intune can help you, as a Microsoft Managed Service Provider (MSP), develop new opportunities and enhance existing offerings. Let’s talk business outcomes and why Intun...
Online
Recent Blogs
- Here’s a November and December capability summary of how Intune’s 2025 changes in endpoint management help securely support cross-platform and IT admin workflows.Dec 11, 2025
- Microsoft 365 extends advanced security and AI-powered endpoint management to more customersDec 04, 2025
