Recent Discussions
Win 10 Security Baseline: Issue with WHFB
Hi, I activated the Intune Win 10 security baseline on a set of devices. I know experience an issue with WHfB. My face and fingerprint is not recognized, rsp. the login process is giving an error, saying that I cannot be identified. One user reports, that when away from company WhfB works as expected, asking for face or fingerprint and as second factor a PIN. I have another policy in Intune that is giving MDM policies precedence over GPO, so I cannot understand why it works for that one user when outside of company. What settings in MDM security Baseline could possibly be the cause resp. be responsible for broken WHfB?
Multi-App Kiosk not applying on Samsung A55 (Android 16)
Hello everyone, I’m facing a critical issue with Android Enterprise Multi-App Kiosk mode on a Samsung Galaxy A55 (SM-A556B). The problem started suddenly last week without any configuration changes, and now no Android Enterprise configuration profiles apply anymore. What happened originally The device was running Android 15, and it had been working fine for months in Managed Home Screen (Multi-App Kiosk). Then suddenly: Managed Home Screen stopped showing all apps The device booted into MHS, but the screen was completely empty No policy changes were made on our side I tried several troubleshooting steps, but nothing fixed it. Eventually, I factory-reset the device and re-enrolled it as a Corporate-Owned Dedicated Device (COBO). Current situation after re-enrollment Even after a clean enrollment: No Android Enterprise device restriction profiles apply (Multi-App Kiosk doesn’t start at all) The device stays in the normal Samsung launcher Only very basic commands work: Remote restart App install/uninstall via group assignment All assigned apps show as Installed Profile status in Intune shows Success, but nothing is actually enforced I then upgraded the device to Android 16 (patch 2025-11-01). Unfortunately, the behavior did not change. Current configuration Android Enterprise → Device Restrictions → Multi-App kiosk Allowed apps: Teams, Managed Home Screen, Contacts Managed Home Screen installed Enrollment type: Android Enterprise – Fully Managed / Dedicated No OEM kiosk (no Samsung Knox settings) No Work Profile on the device Symptoms now Managed Home Screen never launches Kiosk mode is completely ignored Device is fully usable like a normal phone Only app deployments work, nothing else This began while still on Android 15 Updating to 16 did NOT resolve the issue Questions Has anyone seen this behavior where Android Enterprise policies stop applying entirely after MHS fails? Is there a known issue with Samsung A55, Android 15/16, or Managed Home Screen? Could this be related to a bug in the Fully Managed/Dedicated enrollment flow for the A55? Any recommended workarounds or known fixes? Any guidance is appreciated — this behavior is completely blocking Kiosk deployments for us. Thanks!
Issues with Windows 11 Autopilot Hybrid Joined Since last Week
Hi all, as of Thursday 4th December our Windows 11 Autopilot (Hybrid Joined) has ceased functioning. On the very first step, after the user attempts to enter their username&password, we can see the deployment profile gets downloaded to the device but then everything immediately stops with error "Something went wrong. Confirm you are using the correct sign-in information and that your organisation uses this feature. You can try and do this again and contact your system administrator with the error code 800004005". We can see that the ODJ process never starts. And we think we're seeing errors with the device reading the deployment profile JSON locally. Has anyone else had any errors? Wondering if Microsoft have made a change somewhere or have issues.
Android 15 - CredentialProviderPolicy not surfaced by Intune
I have been having an issue with Android 15 devices. We use Authenticator as our password autofill provider. As soon as a device is updated from Android 14 to Android 15, the password autofill provider is no longer set and the setting to change it is 'blocked by work policy.' I have already tried removing all policies that apply to the devices (device config and device compliance policies) and factory resetting them. Simply having them enrolled as corporate owned fully managed devices causes this to happen. I raised the issue in the Android Enterprise community blog. A link to that is included below. Someone on that thread found that there is a policy in Android 14/15 called the credentialproviderpolicy. When that policy is blocked or unconfigured, this behavior happens. I cannot find anywhere in Intune where I can set this policy. It seems that it is allowed by default when managing Android 14 with Intune, but not set or blocked when the device switches to Android 15. Is there any way to specifically set a policy that is not reflected in the Intune UI? This is a blocker for being able to move more phones to Android 15. Link to Android Enterprise thread: https://www.androidenterprise.community/t5/admin-discussions/android-15-cannot-set-default-password-app/m-p/8827#M2105 Thanks, Tom
System Center Configuration Manager : Trojan QGIS software false detection ?
Hi, I’m not sure where to report or ask about this alert, so I’m posting here. I use SCCM to deploy the software QGIS (an open-source GIS application) to users’ computers using .msi installers. Recently, SCCM removed my installer and reported the following alert: System Center Endpoint Protection a détecté un programme malveillant sur un ou plusieurs ordinateurs de votre organisation Nom de la collection : _Tous les serveurs Nom du programme malveillant : Trojan:Win64/ScarletFlash.ASA!MTB Nombre d'infections : 1 Heure de la dernière détection (heure UTC) : 03/12/2025 02:14:24 Voici les infections de ce programme malveillant : Nom de l'ordinateur : xxx.xxxxxxx.xxxx Domaine : xxxx Heure de détection (heure UTC) : 03/12/2025 02:14:24 Chemin d'accès au fichier du programme malveillant : containerfile:_E:\Sources_Packages\QGIS\3.40.10\QGIS-OSGeo4W-3.40.10-1.msi;containerfile:_E:\Sources_Packages\QGIS\3.40.12-1\QGIS-OSGeo4W-3.40.12-1.msi;file:_E:\Sources_Packages\QGIS\3.40.10\QGIS-OSGeo4W-3.40.10-1.msi->application.cab->filD90E2F766C2B1014B0D199BDDDF46963;file:_E:\Sources_Packages\QGIS\3.40.12-1\QGIS-OSGeo4W-3.40.12-1.msi->application.cab->fil338C30DA73AC1014AF5482D1DA910BA5 Action de correction : Aucune action État des actions : Réussi Pour afficher d'autres informations sur l'activité des programmes malveillants dans votre organisation, exécutez le rapport des détails du programme malveillant. I contacted QGIS security team that says it's probably a false detection. How can I report this to Microsoft and request an update to their detection signatures to prevent this installer from being deleted? Sincerly,Configuration Manager ADR for Windows Servers Not Deploying Updates
Hi everyone, We recently deployed Configuration Manager 2503 in our environment. The environment consists of the following: 1 Primary Site Server including Distribution Point role in head office, 1 Distribution Point server for a field office location, and 1 Site database server. We followed some articles or links online to deploy the Software Update Point on the primary site server that includes the Distribution Point role. The SMS_WSUS_CONFIGURATION_MANAGER, SMS_WSUS_CONTROL_MANANGER, and SMS_WSUS_SYNC_MANAGER components show a green checkmark and OK status. We followed some online articles or links to also create an Automated Deployment Rule as well. Despite creating the Automated Deployment Rules, it does not seem that updates are deploying to the targeted servers that are part of a Device Collection in Configuration Manager. Please advise what we should review to remediate this issue. Thanks.
Outlook Mobile Stuck in Login Loop on Intune Shared Android Devices
We’re having an issue on our Intune-managed shared Android Enterprise devices that are set up in Dedicated/Kiosk mode. When users try to open the Outlook mobile app, it launches and recognizes the signed-in user through AAD/Intune, but then it just gets stuck in a loop. It keeps showing messages like "Finding your account…" or "Identifying account…", and never actually loads the mailbox or even shows the normal login screen. Has anyone else run into this issue, and is there a known fix or workaround?
Manged Home Screen: Outlook
We are running into issues with the Managed Home Screen and Outlook. Once the user has logged into the Managed Home Screen and tries to access Outlook, it gets stuck in an authentication loop. Loops: Discovering Accounts -> Accounts Found -> Back to Discovering accounts. This is affecting multiple devices/accounts. This only affectsZoom Workplace
Hi All, We have setup an MSI App deployment for Zoom Workplace which has deployed to all machines successfully. However it will not Auto-Update? it is still on the same deployment version from months ago... These are the command line arguments added: AudioAutoAdjust=”1″ ZoomAutoUpdate=True zConfig="AU2_EnableAutoUpdate=true;AU2_InstallAtIdleTime=True" Can I change the MSI file to the latest one and will it deploy and overwrite existing? Any advice greatly appreciated! Thanks, Scott
Window 11
Hello I am using windows 11 few weeks ago I received windows update after update my windows started asking Bitlocker key i didn’t used Bitlocker my computer is stuck almost 2 weeks I don’t know what I do I didn’t used Bitlocker I buyed HP company alsmost 2 years. please help me to find solution without bitlocker key i can’t access my computer. thank youIntune - Issues with Account-Driven User Enrollment Issues on iOS 18.5
Hello everyone, Since the release of iOS 18, Apple has deprecated profile-based user enrollment via the Company Portal app, requiring the use of Account-Driven User Enrollment. While this change enhances user experience, I'm encountering challenges in implementing it. Steps Taken: Apple Business Manager (ABM) Account: Created and linked the ABM account to Intune using the token. Corporate devices are successfully appearing in Intune. MDM Server Configuration: Set Intune as the default MDM server for all devices in ABM. Domain Federation: Established Entra ID federation in ABM to synchronize all users. Intune Enrollment Profile: Created an 'Enrollment Type Profile' of type 'Account-Driven User Enrollment.' MDM Push Certificate: Configured and validated the MDM Push certificate. Issue Encountered: According to https://support.apple.com/guide/deployment/account-driven-enrollment-methods-dep4d9e9cd26/web, starting with iOS 18.2, hosting a service discovery file on a web server is no longer mandatory. The device should automatically contact the ABM organization associated with the Managed Apple ID if no web server is found. On an iOS 18.5 device, I navigate to: Settings > General > VPN & Device Management > Sign in to Work or School Account After entering my Microsoft email address (which matches my Managed Apple ID due to federation), I consistently receive the error: "Your Apple ID does not support the expected services on this device." In ABM, under "Access Management" > "Apple Services," all services are activated. Could I be missing a crucial step in the configuration? Any guidance or insights would be greatly appreciated. Thank you in advance for your help. Best regards,How to feed third party intelligence feed into Microsoft Intune
We want to create a connector/integration which can connect to Third Party Intelligence product and ingest that data into Microsoft Intune. Is it possible to create such a connector/integration? if yes then how, also do specify if there are any other ways to achieve this use case.Autopilot failing while hardwired in but face no issue on the Wi-Fi
We are in the process of migrating from SCCM to Intune. The issue we are facing is that when the device is hardwired in, the autopilot process fails and says network connection lost. When the device is connected to the wireless network, it goes through the entire autopilot process and successfully enrolls the device. Has anyone faced this issue before?Conditional Access Policy Not Allowing Users to Access AVD
We have an existing conditional access policy which requires a users' device to be marked as "compliant" in order to access "All Agent Resources". We are trying to deploy an AVD as an alternative to allowing users to use personal devices, but this CA policy seems to be interfering with users being able to access the AVD via Windows App. Yhe device they're accessing from isn't "Compliant" with Intune enrollment being one of the requirements for being compliant. Again, we do not want to allow personal devices into Intune which the MSP allowed previously. For the CA policy it's applied to all users EXCEPT for specific users in an exclusion group. Putting users in this exclusion group allows them to access the AVD via Windows App but at this point they can just access all resources from their personal machine defeating the purpose of the AVD. Target Resources Include All Resources Exclude: The AVD Itself, Windows 365, Azure Virtual Desktop, Azure Windows VM Sign-in Conditions Device Platforms - Windows, MacOS Client apps - Browser, Mobile apps and desktop clients, exchange ActiveSync clients, other clients are checked Grant Access Require MFA and Require device to be marked as compliant are both checked. Access to the AVD works in the browser but not in Windows App.MacOS ADE Error
Hello everyone. I am running into an enrollment error when rolling out ADE for MacoOS devices. I have a macbook pro I have added to Apple Business Manager using the Apple Configurator for IOS. The device appears in ABM, syncs to my Intune MDM, and I have assigned it an enrollment profile. I then Factory Reset the Macbook. Upon first boot it loads the AD Account sign in page and lets me input login credentials, then throws the following error message. "Something went wrong - We're sorry, we ran into a problem. Please retry. If this happens again, factory reset your device to start over or contact your IT support person to do it for you." I have tried changing networks, creating new profiles, removing the device from ABM and Intune and adding it again to the same result. I have my profile set with modern authentication with User Affinity. Any help with this would be appreciated.Cert Based Auth no longer working on Android devices.
Curious as to how wide spread this is/will be. Windows and iOS is fine, only affecting android. You can easily test this by revoking MFA sessions on a user who is using cert based auth on a android phone. I'm not sure if there has been a update recently to Android Microsoft Office apps where it thinks the certs live inside the intune company portal and is not looking for certs in the phones cert store. BYOD work profile Android 14 phones are being problematic, when a user changed their password and Azure revoked their sessions for a reauth, the issue started occurring. I tested this on another user manually revoking their MFA sessions without changing their password same issue occurred. I also setup a brand new Android phone and had the same issue after enrolling it. The issue is when the user opens outlook or teams and goes to sign in, it will pop up asking to use a cert on the device or a physical key. When selecting on the device the phone will freeze it will then eventually say ""company portal isn't responding" with the options of wait or cancel. Opening chrome in the work profile and going to a office app site will popup asking for the cert and works fine. So the issue doesn't appear to be the phone getting the cert, just the Office Apps are not accessing the Phones cert Store. I can confirm the Cert is inside the work profile as a browser or cert viewer app inside the workprofile can see it, auths work fine when using a browser in work profile, just not outlook or teams inside the work profile.Applications deployed on device based collection are missing from devices.
Hey guys, In my SCCM environment we are facing an issue. Its a co-managed environment where apps are deployed via SCCM. All of a sudden the apps deployed on Device based collection are not reaching the end user devices. The policies related to these app are also not reaching the device. The compliance status for these apps also went down even though if it is installed on the device the SCCM reports as Non-Compliant\Error. Has anyone faced this issue or can help me to identify what could be causing the issue.
Recent Blogs
- Here’s a November and December capability summary of how Intune’s 2025 changes in endpoint management help securely support cross-platform and IT admin workflows.Dec 11, 2025
- Microsoft 365 extends advanced security and AI-powered endpoint management to more customersDec 04, 2025
