Forum Widgets
Latest Discussions
- CEO24Jan 15, 2025Copper Contributor10Views0likes1Comment
help with remediation
Hi, i'm trying to create detection and remediation scripts for intune to detect the presence of a template in the users word startup folder **My detection is as follows** $path = "C:\Users\$env:USERNAME\AppData\Roaming\Microsoft\Word\Startup\ACS Template 2010 2013 2016 (2) (1).dotm" if (Test-Path $path) { Write-Output "File exists: $path" exit 1 # Success, file exists } else { Write-Output "File not found: $path" exit 0 # Failure, file does not exist **My remediation** $path = "C:\Users\$env:USERNAME\AppData\Roaming\Microsoft\Word\Startup\ACS Template 2010 2013 2016 (2) (1).dotm" if (Test-Path $path) { Remove-Item -Path $path -Force It seems like the detection works as the detection status is "without issues" but the remediation doesn't run. Any advice on how to correct this very much welcomedmonkeybraddersJan 15, 2025Copper Contributor6Views0likes1Commenthelp with remediation
Hi, i'm trying to create detection and remediation scripts for intune to detect the presence of a template in the users word startup folder **My detection is as follows** $path = "C:\Users\$env:USERNAME\AppData\Roaming\Microsoft\Word\Startup\ACS Template 2010 2013 2016 (2) (1).dotm" if (Test-Path $path) { Write-Output "File exists: $path" exit 1 # Success, file exists } else { Write-Output "File not found: $path" exit 0 # Failure, file does not exist **My remediation** $path = "C:\Users\$env:USERNAME\AppData\Roaming\Microsoft\Word\Startup\ACS Template 2010 2013 2016 (2) (1).dotm" if (Test-Path $path) { Remove-Item -Path $path -Force It seems like the detection works as the detection status is "without issues" but the remediation doesn't run. Any advice on how to correct this very much welcomedmonkeybraddersJan 15, 2025Copper Contributor4Views0likes1CommentUbuntu 24.04 LTS + Entra ID Authentication + Intune Enrollment
Hi Community I want to combine in Ubuntu 24.04 LTS the new user authentication with Entra ID along with enrollment in Intune using the new version of the intune portal. The goal is that the user can log in Ubuntu with the local user created during the Device Authentication process and then be able to enroll in Intune and sign in to the portal whenever he wish. During my tests, I have seen that if you install the necessary components for authentication with Entra ID, along with Microsoft Edge and the Intune company portal using the Ubuntu installation user, and then authenticate with the Entra ID user after the device authentication process, you get this error when you try to enroll using the company portal: Continuing with my tests, I have seen that if you start Microsoft Edge you can save a default keyring with a password. This security feature is specific to GNOME as far as I have read. With this keyring, it will be possible to enroll the device in Intune later. When starting the company portal, the default keyring password is requested, and after entering it, enrollment can be completed. From then on, the user can sign in to the portal as long as they enter that password However, the generation of this default keyring is a process that we do not want to leave in the hands of the user. The goal is to deliver the device to the user with all the necessary software, so that once they have authenticated the device with Entra ID, they can open the company portal and enroll in Intune. Does anyone know if there is a way to avoid using such keyrings in a scenario like this? On a machine with only Ubuntu and Edge, it is possible to make this process transparent, by disabling user autologin or setting an empty password for this keyring, but in the scenario of Ubuntu + Entra ID + Intune, I can't manage it. Thanks for your help and I wish you a great 2025AguinacoJan 15, 2025Copper Contributor167Views1like1CommentAndroid device registration stuck for enterprise devices with work profile
I'm trying to register my enterprise-owned Android device with a work profile, but it keeps getting stuck at the registration step. I've noticed that this issue only occurs with enterprise-owned devices with work profiles and not with fully managed devices. Can anyone help me understand why this is happening and how to fix it?KevingirolsteinJan 15, 2025Copper Contributor3.9KViews0likes5CommentsAutopilot - User Driven
I am trying to get Microsoft Surface Pro onboarded to autopilot and once it updates the windows and all those good things complete and it comes to login screen, I try to enter the UPN credentials, and it would not allow me to login. I reset the device couple of times and nothing happens. It would not allow me at all. Autopiloting Microsoft Surface out of the box step by step - Google Search Same steps I am followingoryxwayJan 15, 2025Iron Contributor19Views0likes1CommentCertificate based authentication for Outlook app on Android & iOS
Hi All, I have a third-party certificate authority integrated with Intune tenant. Outlook app is configured under app configuration policies with Modern Auth as below and not assigned. Outlook client is deployed for both Android and iOS devices The certificate authority is issuing a user certificate for all enrolled devices. My questions are 1. How can I use the user certificate to maintain the Outlook seamless authentication ( no user name & password prompt)? For iOS I have created a device configuration policy for Exchange Active sync which has the option for me to select the authentication method as a certificate and I have to select the user certificate. Is this the correct approach for certificate-based authentication? 2. For Android I couldn't create a similar device configuration policy as only Gmail and Ninework are visible under the select app. What would be the approach for Android devices? SankaSolvedSankapereraJan 15, 2025Copper Contributor2.9KViews0likes3CommentsIntune - remove local admins
Hello All, In our workgroup environment, users currently have local admin rights. After performing Entra join and onboarding devices to Intune, how can we remove all users from the local administrators group, keeping only the default administrator account? Note that users will continue logging in with their local accounts, not Entra accounts. Additionally, is there a simpler way to update the IP addresses on these devices? Thanks!drivesafelyJan 14, 2025Brass Contributor90Views0likes6CommentsCloud PKI - Rolling Out to ChromeOS?
Hi all, Will try to summarize my goal and current issue..hoping someone out there has ran across something similar to this implementation. Essentially I have 20 Cloud PKI licenses on users in my tenant to get a proof of concept going. We have a mixed bag in my org of people using Intuned Windows devices, as well as Enterprise Enrolled Chromebooks in a Google Tenant. The goal is to utilize Cloud PKI, create a root and issuing CA, and utilize Google Admin to roll certificates out to Chromebook users via SCEP from Cloud PKI. The Chromebook users are already using Entra ID SSO to log into the Chromebooks. Then use these certificates to follow Google's documentation on using Defender for Cloud Apps for Conditional Access on ChromeOS to only allow devices with these certificates to access company resources. So far I have the root and issuing certs created. I have my Google tenant recognizing the root cert, but when I try rolling out my SCEP profile is where everything is falling apart. I assume my issue lies in the SCEP profile on the Google admin side..But before I lose my mind trying to get it to work..Is Cloud PKI even designed to allow SCEP requests and cert issuing in scenarios like this? One example being the SCEP URI has that {{CLOUDPKIFQDN}} piece in it...for the life of me I can't be sure how to substitute for this dynamic piece if I'm trying to use SCEP somewhere other than Intune or Entra. Thank you for any ideas or input, it's greatly appreciated.dotpeekJan 14, 2025Copper Contributor14Views0likes0CommentsRe-Installing Native apps removed via intune
Hi All, I have ~30 phones set up with device management in our enviornment. When these phones were originally set up, their profile was set up to remove a number of native apps. This was accomplished through blocking the app bundle id's of these apps as shown below: Obviously this configuration caused issues and we've removed it, but although the configuration was removed and we've synced the phones over countless times these native apps are not reinstalling. Is there a way to push native apps back out via intune?softwaretoughJan 13, 2025Copper Contributor19Views0likes0Comments
Resources
Tags
- Intune3,942 Topics
- Mobile Device Management (MDM)2,138 Topics
- Mobile Application Management (MAM)786 Topics
- Conditional Access433 Topics
- Software Management410 Topics
- Graph API229 Topics
- Azure Friday155 Topics
- Autopilot105 Topics
- Android64 Topics
- iOS52 Topics