Recent Discussions
Issues with Windows 11 Autopilot Hybrid Joined Since last Week
Hi all, as of Thursday 4th December our Windows 11 Autopilot (Hybrid Joined) has ceased functioning. On the very first step, after the user attempts to enter their username&password, we can see the deployment profile gets downloaded to the device but then everything immediately stops with error "Something went wrong. Confirm you are using the correct sign-in information and that your organisation uses this feature. You can try and do this again and contact your system administrator with the error code 800004005". We can see that the ODJ process never starts. And we think we're seeing errors with the device reading the deployment profile JSON locally. Has anyone else had any errors? Wondering if Microsoft have made a change somewhere or have issues.
Multi-App Kiosk not applying on Samsung A55 (Android 16)
Hello everyone, I’m facing a critical issue with Android Enterprise Multi-App Kiosk mode on a Samsung Galaxy A55 (SM-A556B). The problem started suddenly last week without any configuration changes, and now no Android Enterprise configuration profiles apply anymore. What happened originally The device was running Android 15, and it had been working fine for months in Managed Home Screen (Multi-App Kiosk). Then suddenly: Managed Home Screen stopped showing all apps The device booted into MHS, but the screen was completely empty No policy changes were made on our side I tried several troubleshooting steps, but nothing fixed it. Eventually, I factory-reset the device and re-enrolled it as a Corporate-Owned Dedicated Device (COBO). Current situation after re-enrollment Even after a clean enrollment: No Android Enterprise device restriction profiles apply (Multi-App Kiosk doesn’t start at all) The device stays in the normal Samsung launcher Only very basic commands work: Remote restart App install/uninstall via group assignment All assigned apps show as Installed Profile status in Intune shows Success, but nothing is actually enforced I then upgraded the device to Android 16 (patch 2025-11-01). Unfortunately, the behavior did not change. Current configuration Android Enterprise → Device Restrictions → Multi-App kiosk Allowed apps: Teams, Managed Home Screen, Contacts Managed Home Screen installed Enrollment type: Android Enterprise – Fully Managed / Dedicated No OEM kiosk (no Samsung Knox settings) No Work Profile on the device Symptoms now Managed Home Screen never launches Kiosk mode is completely ignored Device is fully usable like a normal phone Only app deployments work, nothing else This began while still on Android 15 Updating to 16 did NOT resolve the issue Questions Has anyone seen this behavior where Android Enterprise policies stop applying entirely after MHS fails? Is there a known issue with Samsung A55, Android 15/16, or Managed Home Screen? Could this be related to a bug in the Fully Managed/Dedicated enrollment flow for the A55? Any recommended workarounds or known fixes? Any guidance is appreciated — this behavior is completely blocking Kiosk deployments for us. Thanks!
Window 11
Hello I am using windows 11 few weeks ago I received windows update after update my windows started asking Bitlocker key i didn’t used Bitlocker my computer is stuck almost 2 weeks I don’t know what I do I didn’t used Bitlocker I buyed HP company alsmost 2 years. please help me to find solution without bitlocker key i can’t access my computer. thank you
Win 10 Security Baseline: Issue with WHFB
Hi, I activated the Intune Win 10 security baseline on a set of devices. I know experience an issue with WHfB. My face and fingerprint is not recognized, rsp. the login process is giving an error, saying that I cannot be identified. One user reports, that when away from company WhfB works as expected, asking for face or fingerprint and as second factor a PIN. I have another policy in Intune that is giving MDM policies precedence over GPO, so I cannot understand why it works for that one user when outside of company. What settings in MDM security Baseline could possibly be the cause resp. be responsible for broken WHfB?Intune - Issues with Account-Driven User Enrollment Issues on iOS 18.5
Hello everyone, Since the release of iOS 18, Apple has deprecated profile-based user enrollment via the Company Portal app, requiring the use of Account-Driven User Enrollment. While this change enhances user experience, I'm encountering challenges in implementing it. Steps Taken: Apple Business Manager (ABM) Account: Created and linked the ABM account to Intune using the token. Corporate devices are successfully appearing in Intune. MDM Server Configuration: Set Intune as the default MDM server for all devices in ABM. Domain Federation: Established Entra ID federation in ABM to synchronize all users. Intune Enrollment Profile: Created an 'Enrollment Type Profile' of type 'Account-Driven User Enrollment.' MDM Push Certificate: Configured and validated the MDM Push certificate. Issue Encountered: According to https://support.apple.com/guide/deployment/account-driven-enrollment-methods-dep4d9e9cd26/web, starting with iOS 18.2, hosting a service discovery file on a web server is no longer mandatory. The device should automatically contact the ABM organization associated with the Managed Apple ID if no web server is found. On an iOS 18.5 device, I navigate to: Settings > General > VPN & Device Management > Sign in to Work or School Account After entering my Microsoft email address (which matches my Managed Apple ID due to federation), I consistently receive the error: "Your Apple ID does not support the expected services on this device." In ABM, under "Access Management" > "Apple Services," all services are activated. Could I be missing a crucial step in the configuration? Any guidance or insights would be greatly appreciated. Thank you in advance for your help. Best regards,
How to feed third party intelligence feed into Microsoft Intune
We want to create a connector/integration which can connect to Third Party Intelligence product and ingest that data into Microsoft Intune. Is it possible to create such a connector/integration? if yes then how, also do specify if there are any other ways to achieve this use case.Autopilot failing while hardwired in but face no issue on the Wi-Fi
We are in the process of migrating from SCCM to Intune. The issue we are facing is that when the device is hardwired in, the autopilot process fails and says network connection lost. When the device is connected to the wireless network, it goes through the entire autopilot process and successfully enrolls the device. Has anyone faced this issue before?Conditional Access Policy Not Allowing Users to Access AVD
We have an existing conditional access policy which requires a users' device to be marked as "compliant" in order to access "All Agent Resources". We are trying to deploy an AVD as an alternative to allowing users to use personal devices, but this CA policy seems to be interfering with users being able to access the AVD via Windows App. Yhe device they're accessing from isn't "Compliant" with Intune enrollment being one of the requirements for being compliant. Again, we do not want to allow personal devices into Intune which the MSP allowed previously. For the CA policy it's applied to all users EXCEPT for specific users in an exclusion group. Putting users in this exclusion group allows them to access the AVD via Windows App but at this point they can just access all resources from their personal machine defeating the purpose of the AVD. Target Resources Include All Resources Exclude: The AVD Itself, Windows 365, Azure Virtual Desktop, Azure Windows VM Sign-in Conditions Device Platforms - Windows, MacOS Client apps - Browser, Mobile apps and desktop clients, exchange ActiveSync clients, other clients are checked Grant Access Require MFA and Require device to be marked as compliant are both checked. Access to the AVD works in the browser but not in Windows App.MacOS ADE Error
Hello everyone. I am running into an enrollment error when rolling out ADE for MacoOS devices. I have a macbook pro I have added to Apple Business Manager using the Apple Configurator for IOS. The device appears in ABM, syncs to my Intune MDM, and I have assigned it an enrollment profile. I then Factory Reset the Macbook. Upon first boot it loads the AD Account sign in page and lets me input login credentials, then throws the following error message. "Something went wrong - We're sorry, we ran into a problem. Please retry. If this happens again, factory reset your device to start over or contact your IT support person to do it for you." I have tried changing networks, creating new profiles, removing the device from ABM and Intune and adding it again to the same result. I have my profile set with modern authentication with User Affinity. Any help with this would be appreciated.Cert Based Auth no longer working on Android devices.
Curious as to how wide spread this is/will be. Windows and iOS is fine, only affecting android. You can easily test this by revoking MFA sessions on a user who is using cert based auth on a android phone. I'm not sure if there has been a update recently to Android Microsoft Office apps where it thinks the certs live inside the intune company portal and is not looking for certs in the phones cert store. BYOD work profile Android 14 phones are being problematic, when a user changed their password and Azure revoked their sessions for a reauth, the issue started occurring. I tested this on another user manually revoking their MFA sessions without changing their password same issue occurred. I also setup a brand new Android phone and had the same issue after enrolling it. The issue is when the user opens outlook or teams and goes to sign in, it will pop up asking to use a cert on the device or a physical key. When selecting on the device the phone will freeze it will then eventually say ""company portal isn't responding" with the options of wait or cancel. Opening chrome in the work profile and going to a office app site will popup asking for the cert and works fine. So the issue doesn't appear to be the phone getting the cert, just the Office Apps are not accessing the Phones cert Store. I can confirm the Cert is inside the work profile as a browser or cert viewer app inside the workprofile can see it, auths work fine when using a browser in work profile, just not outlook or teams inside the work profile.Applications deployed on device based collection are missing from devices.
Hey guys, In my SCCM environment we are facing an issue. Its a co-managed environment where apps are deployed via SCCM. All of a sudden the apps deployed on Device based collection are not reaching the end user devices. The policies related to these app are also not reaching the device. The compliance status for these apps also went down even though if it is installed on the device the SCCM reports as Non-Compliant\Error. Has anyone faced this issue or can help me to identify what could be causing the issue.Error 80190190 Entra Join Device
Yesterday we could enroll devices fine until about 10am. After that we can no longer complete an Entra join on a corporate laptop. It gives an error code of 80190190. In the logs it shows the device registered/enrolls then shows a removal less than a minute later. Successfully joined device using account type Successfully deleted the device with identifier
Outlook Mobile Stuck in Login Loop on Intune Shared Android Devices
We’re having an issue on our Intune-managed shared Android Enterprise devices that are set up in Dedicated/Kiosk mode. When users try to open the Outlook mobile app, it launches and recognizes the signed-in user through AAD/Intune, but then it just gets stuck in a loop. It keeps showing messages like "Finding your account…" or "Identifying account…", and never actually loads the mailbox or even shows the normal login screen. Has anyone else run into this issue, and is there a known fix or workaround?Disable Bluetooth on Android Fully Managed Devices
Hi All, Got an issue on an Android fully managed setup. I have set the option in the config profile to Block the Bluetooth Configuration, and this apply's to the devices, however Bluetooth is enabled by default, which is an issue as it has to be switched off. The config of Bluetooth on the device is locked down as per the setting. Any idea on how to turn Bluetooth off? It's not Samsung device so can't use KNOX. And Managed Home Screen also just blocks the config of Bluetooth and doesn't turn it off. Hoping this is possible 🤞 Thanks
Developer Options on Android Device
Hi all, I have an Android device enrolled in InTune and I'm trying to enable developer options. This would normally be done by tapping on the build number 7 times, however, when I try it on this device, nothing happens. There's no pop-up or error message, just nothing. I've tested on other identical devices and it works. It's got developer options enabled in the configuration policy, compliant in InTune, and was freshly reset/set-up, any ideas why it's not working?
Manged Home Screen: Outlook
We are running into issues with the Managed Home Screen and Outlook. Once the user has logged into the Managed Home Screen and tries to access Outlook, it gets stuck in an authentication loop. Loops: Discovering Accounts -> Accounts Found -> Back to Discovering accounts. This is affecting multiple devices/accounts. This only affects
Issues with Capturing Windows11 25H2
I have been trying to capture an updated image from vsphere8 and sccm. I had zero issues with 22H2 and 23H2 but now I cannot get sysprep to pass generalizing. This error keeps coming up but I have tried most things the great Google had to offer. Any one else running into this issue?
Intune Connection Issues in Defender for Endpoint
We have M365 E5 across the board which includes Defender for Endpoint P2. We're planning to enable Intune-MDE integration but getting this warning "A Microsoft Intune license was not found" Despite that message, I can still enable it (toggle the switch is allowed) and then the connection appears to be established.? But! more importantly, when it comes to the functionality, I cant create a "Auto from connector" EDR policy from Intune which could be due to the above glitch? "Create from Preconfigured Policy" option also greyed out. A custom policy also doesn't have the "Auto from connector" option to onboard devices. Has anyone seen this? Any inputs are highly appreciated ! Thank you Kev
Recent Blogs
- Microsoft 365 extends advanced security and AI-powered endpoint management to more customersDec 04, 2025
- Recommended videos and articles from the Intune MVP community.Dec 03, 2025
