Recent Discussions
Deploying PS Script as Application Doesn't Work
I've been trying desperately to get a powershell script to run on a target machine using MECM. First to note, I inherited a partially built MECM environment from my predecessor that wasn't documented well and wasn't fully tested. We're now trying to migrate off of our ancient software deployment software to use MECM and need to do so ASAP because that server is on its last life at the moment. We have an application on our old system that requires the movement of license files from a network share into a specific folder within the target machine after the application installs. I've tested the application install separately and it works just fine. However, the copy job to move the files from the network share to the local PC fails. I've confirmed that the PS script itself works as expected. I can run it locally on the target machine when logged in as myself or an administrator. I confirmed that the script works even through MECM when I install it in the user context. However, whenever I try to either run the script directly (Assets and Compliance > Device Collections > right click on collection > Run Scripts), or create a deployment type using the script installer, the job doesn't work. 1 of 2 things happens. When running as a script directly, it will complete and state that it was successful (which I still find odd and not sure why that happens), but the actual process doesn't complete the copy, and so the files aren't copied over to the target machine. When running it as an application deployment, the installation fails outright with exit code 1. I've tried everything I can think of to get the PS script to run as a user for the entire system, but nothing seems to work. I've been troubleshooting this for over a week so I'm probably forgetting some efforts I've done, but I think this sums it up. I'm sure I'm not the only one trying to use MECM in this fashion, so I'm sure there's solutions out there, but either my google machine is broken and I can't seem to get the results I'm looking for or I'm simply missing something super simple that nobody has ever had a problem with...I'm fine with either, but could use the insight!Solved167Views0likes10CommentsSet Edge as the default browser on Android
Is it possible to use Intune to set Edge as the default browser app for an Android fully managed device? We have an app that goes through an SSO process and uses the default browser for that. The SSO process will fail if the default browser is set to Chrome, but will work when the default browser is set to Edge. The "Restrict web content transfer with other apps" setting doesn't seem to help in this instance. Any suggestions would be appreciated & thanks in advance.43Views0likes1CommentGRAPH - Add/remove user to distribution list
Good evening, for about a week, through a small program that uses graph api, the addition / removal of users from distribution lists no longer works; do you have any idea why? I have many processes that use graph api and they never gave me problems; we thought it was a temporary problem, but after a week it still doesn't work (attached the error)15KViews0likes6CommentsUninstalling printer queues
Hello, We are going to migrate from shared printers on a server to a new system. We need to delete all the printer queues which are \\server\printer01/02/03.... I tried using remediation script with no luck. Here is the detection part : # Recherche des imprimantes correspondant aux motifs IM?? ou CANON_* $printers = Get-Printer | Where-Object { $_.Name -like '\\server\IM*' -or $_.Name -like '\\server\CANON_*' } if ($printers) { #Write-Output "Imprimantes détectées :" #$printers | ForEach-Object { Write-Output $_.Name } exit 1 # Code de sortie 1 = imprimantes trouvées } else { #Write-Output "Aucune imprimante correspondante trouvée." exit 0 # Code de sortie 0 = aucune imprimante trouvée } and here is the remediation part : # Supprimer les imprimantes contenant "IM" ou commençant par "CANON_" $printersToRemove = Get-Printer | Where-Object { $_.Name -like '\\server\IM*' -or $_.Name -like '\\server\CANON_*' } foreach ($printer in $printersToRemove) { try { Remove-Printer -Name $printer.Name -ErrorAction Stop # Write-Output "Imprimante supprimée : $($printer.Name)" } catch { Write-Output "Erreur lors de la suppression de : $($printer.Name) - $_" } } And the settings : SettingsDetection script YesRemediation script YesRun this script using the logged-on credentials YesEnforce script signature check NoRun script in 64-bit PowerShell No If I test the scripts locally, it works. Any ideas? Thanks19Views0likes1CommentFeature Upgrade W11 24H2 not pushing why?
Hi, community i create a feature upgrade to 24H2 who is Rollout immediate start,i have computer who are already either in 21H2/22H2/23H2, and also W10 who are W11 readiness. I dont understand why some are passing a lot of others are still stuck in there build. last thing that i want it's to do a in place upgrade. Is there someone in the community who have the same issue and any solution that i can push for my hundreds of laptop who are stuck. thank you so much for your help it will be a lot :)44Views0likes1CommentDeploying Script as Win32 App
Hi all, I created a script that is supposed to check if a certain app was installed from a managed installer, then create a file in the C:\Temp folder if it was installed from a managed installer. I would deploy this as a Win32 app so that I could use the detection rules in the Win32 App deployment to check which device was installed via a managed installer. However, it doesn't seem to work. I created a transcript log as well to check if I would get an output from the variables, but it seems to only run the else block in the If Statement. We use a Business Premium license, so I don't access to Enterprise license capabilities like proactive remediation scripts. It is run using the System credentials, I've tested the script locally which works. Thank you, I've included some images of the script and transcript log. Script: Transcript Log Output:30Views1like1CommentWe’re running into an Intune issue where a Win32 app with a dependency sits at "Download Pending"
Setup: Main App: Installs in User Context Dependency: Installs in System Context Dependency Detection: Hosts file modification detection script Direct file detection does NOT work either When the hosts file modification is present (detection is met), detection works, and everything installs fine manually The Problem: If detection passes (exit 0) → Everything installs fine. If detection fails (exit 1) → Intune never moves forward, just stays at "Download Pending" indefinitely. Happens with both file-based detection and script-based detection. Dependency app as well at parent app install fine via Intune on their own as well as manual testing. What We Need to Know: Does Intune get stuck in "Download Pending" instead of moving forward when dependency detection fails? Could the install context mismatch (dependency in SYSTEM, main app in USER) be causing this? Myth or fact? Does Intune break the install process if a dependency app is in system context and the parent app is in user context? Again, both apps work fine independent of each other. Thanks for any help!189Views1like1CommentSubject: Best Practices for Aligning UPNs in Hybrid Entra ID + Intune Environment
Hello, I’m seeking guidance on best practices for aligning user identities in a hybrid Microsoft 365 environment, particularly regarding UPN consistency and device enrollment into Intune. Environment Overview: Client is using a hybrid Azure AD join setup via Entra ID Connect (formerly Azure AD Connect). Devices are domain-joined and enrolled into Microsoft Intune via Group Policy (GPO). Entra ID Connect sync is active with write-back where appropriate. On-premises UPN format: username@domain.local (or .xxx) Entra ID / M365 UPN format: email address removed for privacy reasons (e.g., routable custom domain) Issue: Devices are intermittently failing to enroll into Intune or are not showing up as compliant/joined. Manually updating the on-premises UPN to match the Entra ID UPN (email address removed for privacy reasons) seems to resolve the issue, but this is not yet standardized across the org. It's unclear whether this mismatch is breaking hybrid join and/or interfering with automatic MDM enrollment via GPO. Questions: What is Microsoft’s current best practice regarding UPN alignment between on-prem AD and Entra ID in a hybrid environment? Is it mandatory or strongly recommended to match the on-prem UPN to the Entra UPN (especially when using automatic Intune enrollment)? Could this mismatch be contributing to MDM enrollment issues, and if so, what is the correct process to fix it in bulk? Are there any known caveats or dependencies when changing the UPN on-prem (e.g., impact on Outlook profiles, cached credentials, etc.)? Is there a supported or recommended PowerShell method to audit and align UPNs safely? Goal: We're aiming for consistent, reliable hybrid Entra join with automatic Intune enrollment and minimal end-user disruption. Any insight or guidance is appreciated, especially if there’s documentation or field experience to support it.10Views0likes0CommentsAutopilot deployment app count jumping around
Hi All! Just a quick post for some clarification. We have multiple Intune deployments for different clients and something we have noticed on at least two of them in the past few days is during the App deployment for autopilot we are noticing that the app count seems to jump around a bit. For example we had a deployment that was on the account setup stage on 5 out of 7 apps, I check it again a couple minutes later and for some reason it is now on 4 out of 7 apps installed. Sometimes it jumps up and down between those two app installs. It does not happen every single time but just wanted to know if anyone else has experienced this? The deployment generally still goes through but just want to to try and find a cause to address before it becomes an issue. Also note that the continue anyway button also shows up despite the deployment still being active sometimes. Thanks in advance!74Views1like2CommentsAutopilot/Intune Devices not connecting
So I've got my intune configured with basic policies, I've used a script to pull the hashes and upload to Autopilot. I've got Auto Enrollment setup for the groups I need, Deployment Profile and Enrollment Status page set. I cannot get past the login screen on the devices themselves. They are taking the hostname syntax that is setup in the Deployment profile, so I know they're at least reaching Intune initially. I'll login on the device and it'll ask me to select the profile of the user, but then it gets to the spinning screen and stays there, for up to 12 hours I've tried. I am struggling to figure out what is going on, why these devices won't register into Entra and Intune. MDM in Entra is also sync'd with Intune. I've put all the recommended policies on the firewall in place to ensure it can talk to the cloud. It's not showing anything in the Enrollment logs under monitor. I'm able to join these if I create a local profile on the device, and then Access work or school, but I'm trying to have it so they show up as corporate devices and everything is as it should be. Any and all help / suggestions are greatly appreciated!501Views0likes5CommentsDeveloper Options on Android Device
Hi all, I have an Android device enrolled in InTune and I'm trying to enable developer options. This would normally be done by tapping on the build number 7 times, however, when I try it on this device, nothing happens. There's no pop-up or error message, just nothing. I've tested on other identical devices and it works. It's got developer options enabled in the configuration policy, compliant in InTune, and was freshly reset/set-up, any ideas why it's not working?36Views0likes2CommentsVPP Apps Not Installing via Intune – Error 0x87D127DB Despite Valid Configuration
Hi everyone, We’re currently using Microsoft Intune in combination with Apple Business Manager (ABM) to provision iPhones in our organization. Our setup has worked reliably until recently: in April/May, we successfully deployed 50 iPhones without any issues. However, for the past 10 days, we’ve encountered a persistent issue: VPP apps are no longer installing automatically on newly enrolled devices. ✅ What’s working: Device registration in ABM Syncing devices from ABM to Intune Device renaming, resetting, and syncing via Intune Uninstall Apps using uninstall group of the deployment configuration on existing devices) Disabling devices in ABM and syncing changes to Intune Purchasing new apps in ABM and syncing them to Intune App license counts (total, used, available) are correctly shown in Intune ❌ What’s not working: VPP apps are not being installed. Only one or two icons appear on the home screen with a cloud symbol. Tapping them prompts a message that the app must be downloaded from the App Store. Intune consistently shows the following error: “App installation failed. 0x87D127DB (Unknown)” Occasionally, a message appears stating that VPP licenses could not be found, although all apps have sufficient licenses and Intune reflects this correctly. Troubleshooting steps taken: Devices have been reset multiple times New apps were purchased and assigned with a minimal configuration (one required group) All certificates (MDM push, VPP token, enrollment token, Apple SCIM token) are valid Apple Business Support confirms their services are operational Microsoft Support has not provided a resolution and suspects the issue lies with Apple Apple, in turn, refers us back to Microsoft At this point, we’re stuck between both vendors and are hoping someone in the community has encountered this issue or found a workaround. Has anyone else experienced this behavior or found a solution for the 0x87D127DB error with VPP apps in Intune? Thanks in advance for your help!411Views0likes7CommentsCannot wipe iPhone from Intune
Hi! I have Corp enrolled iPhone fully managed with DEP and Enroll with User Affinity. It works fine except when I try to wipe a phone. iPhone 13 with iOS 17.3 If I restart the phone without signing in with PIN-code, all I can do from Intune Admin Center is restart the device. If I try to wipe, nothing happends until I login to the phone with the PIN-code. Then it starts the wipe. Same thing with Remove Passcode, nothing happens before I login with PIN-code. Is this by design? It's a problem when employe leave the company without handing us their PIN-code.6.3KViews0likes8CommentsDisplay language choice on HP and Dell are skipped in OOBE when network cable are connected
I have been involved in many Intune Autopilot deployments where we have technicians who complete the pre-deploy on computers from HP and Dell before delivery. This has worked well for many years, but lately, we have received complaints from users because the computer arrives with the wrong OS/Display language. I am aware of the settings for region and keyboard I deployment profiles. I also know how to change the language with LIP in Win10 and PowerShell in Win11. What we have discovered now but not yet verified is the following: A computer from, for example, HP is shipped from the factory with multiple languages of the OS, which comes up as a question BEFORE the normal first screen in OOBE for region and keyboard, and if you choose Swedish in our case, the computer's language becomes Swedish after pre-deploy. What we have noticed now is that if you connect a network cable before starting the computer, the language choice in the OS never shows up; it instead jumps directly to region and keyboard and has chosen English as the OS language. It doesn't matter if you run pre-deploy or user driven deploy the display language choice are skipped and defaults to English. To get the language choice back, you must run restore with F11, i.e., the manufacturer's image, and then restart pre-deploy without the network cable connected until you have pressed Win 5 times. Yes,i know it is possible to change it afterwards with PowerShell in this case for Windows 11, but it takes time. Has anyone else noticed the same effect with multi-language, pre-deploy, and network cable? Or have i missed a major change in Intune or Windows?323Views2likes5CommentsUnable to enroll in MDM
Hi all. I am trialing Intune now so am new to it. I initially was able to enroll my Windows test machine. Showed up under devices in Intune. It stopped working in the last couple days. If i turn off the MDM under Automatic Enrollment i can sign it into EntraID and sign in with my account there. Once i enable the MDM again for that user, i get a spinning circle of dots immediately after signing in. I have deleted all the policies i created to get it back to 0, but still just spinning. Does not move onto to setting up account. User has Intune license covered under M365 E3. Can anyone help? Thanks Ash84Views0likes4CommentsIntune Re-Enrollment Registry Key "MmpcEnrollmentFlag"
Hey there, In the last few weeks, we encountered issues with clients (Entra Hybrid Joined) losing their Intune connection after setting an incorrect group policy. Although the group policy change was quickly reverted, about 10 clients were removed from Intune. I attempted to re-enroll these clients using various methods (MEMC Co-management, GPO, Scheduled Task, and even using psexec to directly start auto-enrollment), but the enrollment process consistently failed with the following error under Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider\Enrollment: Auto MDM Enroll: Device Credential (0x1), Failed (Bad request (400).) and/or following in CoManagementHandler.log Failed to get management URL with error 0x80070002 Eventually, I discovered a registry key that was not present on the working clients: Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments Value: MmpcEnrollmentFlag Data: 0x00000002 After deleting this key and restarting the enrollment, everything worked immediately. I am curious about how and why this registry key is created and what its function is. Looking forward to your input.Solved125Views1like2CommentsUnable to create Win32 apps in Intune
I am unable to create a very basic Win32 application in Intune. I get green check marks across the board but when I try to create the application I get an error message saying "Save Application Failed. TypeError: Cannot read properties of null (reading 'id')". Any suggestions?1.5KViews2likes3Comments
Events
Recent Blogs
- 4 MIN READBy: Julia Idaewor - Product Manager 2 | Microsoft Intune The threat landscape continues to evolve rapidly, with attackers constantly advancing their techniques to exploit zero-day vulnerabiliti...Jun 17, 20251.9KViews1like0Comments
- 2 MIN READBy July 16, 2025, all public Certification Authorities (CAs) will enforce new S/MIME Baseline Requirements as announced in the CA/Browser Forum. This requires all Sponsor-validated S/MIME certificate...Jun 03, 20254.9KViews0likes0Comments