Forum Widgets
Latest Discussions
Intune compliance issues Windows 11 22H2
We have unboxed several new "HP ProBook 450 G9" devices and connected them to MDM with AutoPilot. We installed these devices and they should be marked compliant based on the settings we have applied to other devices as well. But these devices are all having the same issue with compliance, because they get "Require BitLocker" and "Require Secure Boot" failed. We have installed all updates, we upgraded these devices to W11 22H2. We have checked but the disk is encrypted and we also checked the steps written on this page Secure boot enabled Windows 10 device shows Not Compliant in Intune - Intune | Microsoft Learn. "manage-bde-protectors-getC:" returns TPM: PCRValidationProfile: 7,11 "Get-Tpm" returns TpmPresent:True TpmReady:True TpmEnabled:True TpmActivated:True TpmOwned:True RestartPending:False ManufacturerVersion:7.2.3.0 ManufacturerVersionFull20:7.2.3.0 "Get-BitLockerVolume-MountPointC" returns VolumeTypeMountCapacityGBVolumeStatusEncryptionKeyProtectorAutoUnlockProtection PointPercentageEnabledStatus ------------------------------------------------------------------------------- OperatingSystemC:237,29FullyEncrypted100{RecoveryPassword,Tpm}On "Confirm-SecureBootUEFI" returns True What can we do to fix this?josvdsJan 18, 2023Brass Contributor28KViews0likes93CommentsApps are not installing at the time of enrollment
Hi People, I am new in enrollment of the android devices. I have a few devices which I need to enroll as Corporate-owned, fully managed user device. In order to do so, I completed the steps below: 1. Scan the code 2. Login as company credentials. 3. Setup the pin number. After that I am stuck at installing the apps. As Microsoft Authenticator and Microsoft Intune are required apps, without that I can't do anything. Installation of that apps are just going for ever. Please see the screenshot and help me if you can .ThanksBijanyaMay 24, 2022Copper Contributor27KViews0likes84CommentsEndpoint privilege management, deployment unsuccessful with "device health monitoring" error
Hello all, I'm testing Endpoint privilege management on a few machines in a test environment. The elevation settings policy isn't deploying when "send data to microsoft" is selected, the error received mentions an "Allow Device Health Monitoring" error, but that settings is correctly deployed via configuration profiles. Also can't find any info about that in the logs. If I deselect "send data to microsoft" then the policy is deployed successfully, but in reality the app is not installed on the target devices (so no right click options about EPM). Anyone facing the same issue, and what steps could we try to fix it?MaxMorsiaMar 30, 2023Brass Contributor32KViews0likes81CommentsIntune Management Extension not installing
I am testing Intune/EMS on Windows 10 (1709) PCs and trying to get Powershell scripts to run without success. I think the issue is with the Intune Management Extension not installing but cant find much information on how to troubleshoot this particular issue. Can anyone advise how I get Powershell scripts to run ? TIA ScottScott PatersonJan 07, 2018Copper Contributor154KViews0likes70CommentsIntune App Protection Policies (The apps on this device are already managed)
Hi One of our users got this error for some reason. The device is an iPhone, enrolled into Intune. When the user opens Microsoft Teams they get the following error. Remove Account The apps on this device are already managed. Only a single managed account is allowed on a device. Select the account you want to remove. This account and all associated data will be removed from all managed apps. Then it displays two identical work accounts for the user. (Example) user@ domain.com user@ domain.com No matter what we delete this just goes on and on for Teams, no other apps has this issue and no other user has this issue, and it just started happening today.SolvedJimmyWorkSep 14, 2022Iron Contributor65KViews3likes64CommentsCannot Reseal Windows 11 device while pre-provisioning
Before I reinvent the wheel, I thought I’ll post the issue here. I have a AP profile configured as below. Deployment mode User-Driven Join to Azure AD as Azure AD joined Language (Region) Dutch (Netherlands) Automatically configure keyboard Yes ( In know.. please read on) Microsoft Software License Terms Hide Privacy settings Hide Hide change account options Hide User account type Standard Allow pre-provisioned deployment Yes Apply device name template Yes Enter a name XXXX-%SERIAL% I know I’ve set the auto keyboard to yes, but here me out. As far as I understood the previously known issue is fixed in Windows 11.Windows Autopilot for pre-provisioned deployment | Microsoft Docs In Windows 10, version 2004 and later, if the Autopilot deployment profile Language/Region setting is not set to User Select, then OOBE will progress past the language/region/keyboard selection screens. This causes the pre-provisioning technician to arrive at the Azure AD login page, which is too late to enter pre-provisioning. This issue is fixed in Windows 11. For the pre-provisioning part: On Windows 10 21H2 (10.0.19044.1645) I can pre-provision the device successfully. The technician flow completes and I have a green screen giving me the option to reseal. After reboot, the normal user flow follows, and the device is ready to go before you know. AAD joined and MDM enrolled with user affinity. However, on Windows 11 (10.0.22000.675) the technician flow starts OK. I’m presented with the AP profile that is selected, and I can continue pre-provisioning. But it never shows me the green screen and I’m not able to reseal the device. It also does not show any errors what so ever during pre-provisioning. The device simply reboots and ends up at the login screen. The user flow does not seem to start and from the login screen, I’m also not able to sign-in with any account. At this stage, I checked the device in the AP portal. The interesting thing is, that the device seems to be AAD joined and MDM enrolled. And as expected, there is no primary user yet in Intune. So I looked up the device in Azure AD and confirmed it is AAD joined. Although I don’t believe the info presented. I also looked up the device in MEM/Intune and collected the diagnostics logs from the device. Still in the process of diving into the logfiles but here are some of my findings: intunemanagementextension.log shows some interesting things: GetAADJoinInfo - Failed to get Azure AD Join information using NetGetAadJoinInformation ![LOG[AAD User check using device check in app is failed, now fallback to the Graph audience. ex = Intune Management Extension Error.Exception: Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.TokenAquireException: Attempt to get token, but failed. The User Device Registration event log is playing tricks on me. Here are some of the events from the log The get jAccount S-1-12-1-xxx-xxx was added to group Administrators.oin response operation callback was successful. The post join tasks for the AAD Authentication Package completed successfully. The registration status has been successfully flushed to disk. Join type: 11 (DEVICE_AUTO_DDID) The complete join response operation was successful. The task \Microsoft\Windows\Workplace Join\Device-Sync was successfully enabled. The initialization of the join request was successful. Inputs: JoinRequest: 8 (DEVICE_UNJOIN) Domain:xxx.onmicrosoft.com If I had to guess, I’d say the device is AAD joined and MDM enrolled at first, but for some reason, it unjoins the device in AAD which explains the fact that I cannot sign-in with a AAD User account. The device however remains MDM enrolled. What is going on here? I will test the same setup with auto configure keyboards set to No and see what happens. But the fact that I can get to the pre-provisioning screen, see the selected AP profile and reseal the device with W10 tells me (or at least it looks like) this should work. Anyone else having the same experience with Windows 11? Hope this makes some sense. Thx in advance! Oktay26KViews0likes63CommentsUnable to uninstall Visual Studio Pro 2022 via Intune
Hi, I'm able to install Visual Studio Pro 2022 but unable to uninstall it via Intune. Following are the commands that I'm using: Install command vs_Professional.exe --nocache --wait --noUpdateInstaller --noWeb --quiet --norestart Uninstall command vs_Professional.exe uninstall --installPath "C:\Program Files\Microsoft Visual Studio\2022\Professional"--quiet --norestart And using the following bootstrapper: https://aka.ms/vs/17/release/vs_professional.exeSolved11KViews0likes58CommentsError 65000 with Settings Catalog
Hello Community! This is my first posting looking for answers. I'm pretty new to Intune and Endpoint Manager. In doing some testing, I have created a configuration profile using the settings catalog. I'm trying to disable the News and Interests from the taskbar. I have applied this to my testing group. Below is a screenshot of the settings I used. After the policy pushes to the device, it errors out. I get the following Error details for this device. I've tried looking for information on this error with no luck. Any help would be appreciated! DuncanDuncMarshJul 16, 2021Copper Contributor274KViews0likes50Commentsinstalling a exe but not working
Hi all, I am trying to install an emulator which is an exe with a license key but when installing it fails. I have been told that the install command is: But this doesnt seem to work via intune. I have packaged the .intunewin file pointing to the exe but no luck any ideas?SolvedAB21805Feb 02, 2022Bronze Contributor11KViews0likes49CommentsIntune Doesn't Install Win32 Apps Until a User Logs On?
Hi, I'm using autopilot in self-deployment mode to provision devices. I have about 10 apps assigned to a dynamic security group that contains my devices. I have ESP configured to allow the user to "Continue Anyway" because some of the apps have known reasons for failing (e.g. doing I'm testing on a Surface device but trying to install an nVidia driver/app) so I had to enable the ability to move on from ESP when those apps fail, or I'd be waiting all year for ESP to finish. (doesn't seem to time out at 60 min as it should) So after hitting the "Continue Anyway" button, Autopilot completes, and I'm left at a logon screen. I noticed that the only app that installed was an MSI. None of my Win32 apps installed until I logged in. Even after logging in, it's still pretty flaky. This is a "video wall" device, sort of like a kiosk but not as locked down and it is logging in with a local user account. I'm getting lots of "Failed to get AAD token" errors in the IntuneManagementExtension.log file and I'm not sure if that's why app deploy is so unreliable. Reboots seem to help or deleting the IntuneManagementExtension reg key and restarting the service. App deploy seems to be more reliable when I log in with my AAD account. This is a completely standalone tenant - no hybrid, pretty basic. Is this to be expected that Win32 apps don't install until a user is logged in? I know there are kiosk/autologon device config profiles available and intended for similar scenarios but in my case, those would be a bit too restrictive for this particular scenario. I really need zero touch deployment and app install using a local account with auto logon. Am I swimming upstream? One of my win32 apps is a powershell script that creates the autologon user and uses autologon64.exe to configure autologon. (and a powershell detection script to look for the reg entries) thanks, DanDanWheelerMar 08, 2022Brass Contributor24KViews0likes47Comments
Resources
Tags
- Intune3,888 Topics
- Mobile Device Management (MDM)2,112 Topics
- Mobile Application Management (MAM)771 Topics
- Conditional Access427 Topics
- Software Management394 Topics
- Graph API228 Topics
- Azure Friday152 Topics
- Autopilot103 Topics
- Android62 Topics
- iOS51 Topics