Recent Discussions
Cannot enroll azure vm(windows 24H2) in Microsoft company portal
I created a windows VM in Azure. To access company resources on this machine, I attempted to enroll the device through the Company Portal. However, the enrollment failed while setting up the work or school account, with the error message “This connection isn’t secure.” How should I fix this issue?
intune constantly tries to re-install Chrome everyday when it is already installed
Hi, We have set Intune to install few applications including Google Chrome for users but Intune constantly tries to re-install Google Chrome everyday. What could be wrong with detection rule setting for Google Chrome and how to fix it? Your assistance will be greatly appreciated! Cheers, SasanMicrosoft #IntuneForMSPs resource guide
Welcome to your home for all things #IntuneForMSPs! Our goal is to help you grow your Microsoft Managed Service Provider (MSP) business by combining productivity apps, intelligent cloud services, and the world-class security of Microsoft 365 with the multi-tenant management capabilities of you, our partners. Join us for #IntuneForMSPs community meetups to hear first-hand experiences with configuring and managing customer tenants, gain best practices, and get answers to your questions, live and on demand. Upcoming monthly #IntuneForMSPs meetups: Planning your customers' Intune migration - February 17th, 2026 at 8:00 a.m. PST (4:00 p.m. UTC) Past #IntuneForMSPs meetups – now available on demand! Getting started with Microsoft #IntuneForMSPs - January 20th, 2026 Jump to: Marketing and business development | Demos and tutorials | Multi-tenant management partners | Application packaging partners’ | Microsoft communities | Select content from Microsoft MVPs In the spotlight Click the image below to watch the Microsoft Intune multi-tenant management video with Jonathan Edwards. Marketing and business development Start by joining Microsoft Partner programs: AI Business Solutions for Partners Microsoft Security Partners Join the Partner Skilling Hub for Free Go to Microsoft Partner Skilling Hub Create your free account Select Solution areas of interest Intune content: AI Business Solutions, Security Recommended modules: Implement with impact: Endpoint Management with Microsoft Intune | Microsoft Partner Skilling Hub Implement with impact: Implement Identity and access management with Microsoft Entra - Modules Demos and tutorials Whether deploying solutions for yourself or for your customers, these resources can help you with prescriptive ‘do this next’ guidance to get you up to speed quickly. Download this guide: Enhancing Security with Microsoft 365 Business: A Hands-on, Effective Guide Follow along with the companion videos: Achieve greater security and productivity with Microsoft Intune and Microsoft 365 Explore click-through interactive guides for more advanced instruction: Microsoft Intune guided demos Topics include configuring app protection policies, configuring Conditional Access, updating Windows from the cloud, configuring corporate devices, deploying and managing line of business (LOB) apps, enabling Universal Print, accessing corporate resources on personal-owned devices, setting up Windows Autopilot for new device delivery, and reducing bandwidth consumption with Delivery Optimization. Multi-tenant management partners Microsoft Intune is proud to collaborate with leading global providers of multi-tenant Intune management solutions. These companies are building innovative capabilities on top of Microsoft Intune, Microsoft Security, and the broader M365 platform. Their companion solutions allow MSPs to: Centrally view and manage all customer tenants and action items through a unified partner dashboard. Take action across environments, leveraging Intune for device management, cloud security, and compliance. Standardize security settings, automate onboarding, and ensure policy consistency at scale-no more repetitive, manual tasks or risky policy drift. Importantly, this is a collaboration. These solutions are independent companions, offering their unique workflows and advanced automation features alongside the Intune platform. Nerdio overview Nerdio brings deep automation and analytics to Intune, Windows 365, Azure Virtual Desktop, and the broader Microsoft cloud. MSPs benefit from multi-tenant dashboards, global policy insights, role-based access, centralized app deployment, and automatic policy versioning with rollback and drift correction. Nerdio’s tooling is designed specifically for MSPs and scales from small teams to large enterprise portfolios. Get more details at Nerdio’s landing page: aka.ms/IntuneforMSPs/Nerdio. Nerdio knowledge hub inforcer overview inforcer empowers MSPs to standardize Microsoft 365 and Intune policies across all tenants, automate environment configuration, monitor compliance in real time, and reduce risk through policy drift detection. Its reporting and automation features free teams from manual, error-prone scripting and help deliver consistent, secure customer experiences, setting MSPs up to deliver advanced AI services to their customers. Learn more at: aka.ms/IntuneforMSPs/inforcer Inforcer resources Application packaging partners’ Migrating applications from Configuration Manager and other on-prem solutions to Microsoft Intune cloud native remains a challenging and time consuming undertaking, especially when dealing with complex line-of-business, legacy, and custom home-grown applications. Some organizations pursuing a full cloud-native management vision are encountering blockers related to application compatibility, re-packaging, and the scale of existing app estates - all while trying to maintain business continuity, device compliance, and preparing for the AI Copilot era. To address the complex realities of app migration, the Microsoft partner ecosystem has stepped up with specialized offers designed to reduce risk and accelerate cloud adoption. As part of this initiative our Microsoft partners Rimo3 and Robopack are offering no-cost, time-limited app migration service to all Intune customers who are looking to move from ConfigMgr to Intune. These services can help IT teams automate assessment, package conversion, and remediation for various app types, helping organizations realize the full value of Intune faster and with less disruption. Please note: These app migration service offers are made directly by partners, are subject to their terms, and Microsoft makes no guarantees or commitments regarding their availability or outcome. Application packaging partner solution overviews Rimo3 helps IT professionals modernize, migrate, and manage applications at enterprise scale. The platform eliminates manual effort by automating packaging, validation, and patch testing. With patented IP, Rimo3 ensures every app is compatible, secure, and visible for dependencies and update readiness before deployment. Automated, unattended workflows reduce migration timelines from months to days, while contextual patch validation minimizes production risk. Rimo3 keeps environments evergreen with zero-touch app management and enhances Microsoft Intune with bulk operations, advanced controls, and unified reporting. Learn more at: aka.ms/IntuneRimo3Package Robopack is a cloud-native Intune app lifecycle platform that lets you package, deploy, and keep third-party apps updated, across one or many tenants, with phased control and PowerShell App Deployment Toolkit (PSADT)-based customization. Start with a self-service migration readiness report, mapped to the library of 41,000 pre-packaged, fully documented apps ready to go, or upload your own apps to be analysed and converted. Robopack Radar discovers apps installed across your estate, allowing you to quickly migrate to Intune and uncover Shadow IT. Learn more at: aka.ms/IntuneRobopackPackage Microsoft communities Microsoft 365 Blog small and medium business-related posts Microsoft 365 Partner LinkedIn channel Select content from Microsoft MVPs Essential Intune reading list: MVP community content for 2025 - Microsoft Intune Blog
Issues with OSD in secondary MCM 2509 site
Hi, having upgraded primary and secondary MCM site to version 2509 I cannot perform OSD anymore on secondary site location - errors: Failed to query Management Point locator QueryMPLocator: no valid MP locations are received Boundary Group in secondary site does have assigned MP and that is secondary MCM site server - however I get this as well: <MPLocation SiteCode="" AssignedSiteCode="" MP="" MPCertificatesEx="" x86UnknownMachineGUID="" x64UnknownMachineGUID=""/> Any help would be highly appreciated.LAPS Intune policies
So it seems that there are legacy LAPS policies (via Configuration/Policies/New/Windows 10/Settings catalog Search for LAPS = Administrative templates/LAPS Well, I did configure them & added my device group. Then I realize that it is NOT this LAPS I need (by then quite few devices got the policy) I unlinked the group, deleted this policy & created NEW LAPS policy via Endpoint Security/Account Protection/Create policy/Windows/Windows LAPS Here I can setup new settings (especially Password Complexity = Passphrase) While lots of my devices get the local admin password reset to correct Passphrase, there are quite a few that have complex password (leftover from previous attempt?) No matter what I do, I cannot get this local admin password changed to Passphrase Any idea how to get ALL the local admin passwords to be in same format? Thanks Seb
iOS Company Portal Security
Scenario: Colleague have installed the Company Portal and enrolled their personal device. They then install an application through the Company Portal. Any application that does not have the Intune SDK integrated. It is understood that Application Protection will not be applied to the application without the SDK integration. Question(s): What is the level of security protection on this application? Would the data stored from the application be secured? If the iOS restriction policy deemed that the transfer of information from the application to another unmanaged application be limited, would that be enforced?
Company Portal Installation failing due to missing Microsoft.UI.Xaml.2.7
Dear All, We are deploying Company Portal App as Microsoft Store app (new) from Intune on Hybrid Domain Joined devices. While some devices are successfull to install company portal, some device are failing. I did review of events in, below locations subfolders. Event Viewer -->Applications and Services Logs --> Microsoft --> Windows --> Appx Deployment Event Viewer -->Applications and Services Logs --> Microsoft --> Windows --> Appx Deployment-Server. Event Viewer -->Applications and Services Logs --> Microsoft --> Windows --> Appx Deployment-Server-Undocked Event Viewer -->Applications and Services Logs --> Microsoft --> Windows --> AppxPackagingOM During the review I found error 0x80073cf3: Package failed updates, dependency or conflict validation. This is the reason for Company Portal App failed installation. This is due to lack of Microsoft.UI.Xaml.2.7 installed on the device. If i execute below commands 1 after another in the command prompt, Installation of Company Portal gets succeeded. Winget Install --accept-source-agreements --accept-package-agreements Microsoft.UI.Xaml.2.7 Winget Install --accept-source-agreements --accept-package-agreements Microsoft.CompanyPortal My question is how can i add the Microsoft.UI.Xaml.2.7 as a dependency app for Company Portal App, especially when the app type is Microsoft Store app (new) ? I do not want to deploy Company Portal as win32 app and also deploy the Microsoft.UI.Xaml.2.7 as win32 app, because in this method of deployment i always have to create new win32app when a new version is released. Does anyone came across same situation and have any thoughts ?Ability to Block Windows Store on Windows 11 Pro
Dear friends, I have quite a huge number of student laptops which run Windows 11 Pro (latest) and are connected to Microsoft Entra ID. The laptops are controlled by InTune. I am having a problem as they are able to run Windows Store and able to download X-VPN software, even though they do NOT have administrator access to their laptop. I would like to: Be able to block them from loading Windows Store Uninstall X-VPN software through inTune The issue is that, since they are running Windows 11 Pro, I cannot use AppLocker or GPOs since they would need to run the Education or Enterprise version to use AppLocker. The GPO setting to block Store from running has been depricitaed. Did anyone find a solution to block Windows Store from running on Windows 11 Pro please? Thanks a lot in advance.
SCCM - 23/24H2 to 25H2 Upgrade
Hello SCCM Community! Having an issue with upgrading devices from 23 and 24H2 to 25H2, I am downloading the newest version in SCCM under Windows Servicing and Feature Upgrades and deploying it to the targeted collection, but nothing shows in Software Center. Upon checking the UpdatesDeployment log, it shows Actionable Updates = 0 in one of the lines, but I'm wondering why WUA is determining updates do not apply to the machine. I believed this could be a GPO restriction but I've confirmed that there are no conflicting GPOs or Registry Edits. Any suggestions? Thanks!App Protection Policy Android Microsoft Teams as dialer
Hello, I have a problem on Android devices that calls are not automatically forwarded to the Microsoft Teams Android app. I have set the following in the app protection policies: When I enter Microsoft Teams in the Dialer App Name field, it does not work either. When I select Any policy-managed dialer app in Transfer telecommunication data to, I get a push up notification. The Teams app is set up with the corporate account and calls have already been made . Push Up Notification: No available apps There are currently no apps configured on this device that your organization allows to open this content. Make sure you are logged into your managed apps with your business account, or contact your organization's support team. Thanks in advance for the help Regards Michael
MDE vs Intune Windows Device Management
I have started applying security policies for Defender for Endpoint using MDE to manage them, adding the MDE tag to my Windows 11 machines. If I am migrating to Intune management, is it necessary to offboard the devices first, before applying the auto-enroll GPO and onboarding device configuration to the machines?Issues with Windows 11 Autopilot Hybrid Joined Since last Week
Hi all, as of Thursday 4th December our Windows 11 Autopilot (Hybrid Joined) has ceased functioning. On the very first step, after the user attempts to enter their username&password, we can see the deployment profile gets downloaded to the device but then everything immediately stops with error "Something went wrong. Confirm you are using the correct sign-in information and that your organisation uses this feature. You can try and do this again and contact your system administrator with the error code 800004005". We can see that the ODJ process never starts. And we think we're seeing errors with the device reading the deployment profile JSON locally. Has anyone else had any errors? Wondering if Microsoft have made a change somewhere or have issues.How to Seamless Transition from Local Active Directory to Microsoft Intune?
Our organization currently operates with a Local Active Directory (AD) setup, using Azure AD Connect to sync directories with Azure Entra. All organizational devices are domain-joined and managed via Local AD. We are planning to transition device management to Microsoft Intune while ensuring a seamless process with no user intervention and no loss of user data. What are the industry best practices for achieving this transition?Password Complexity Error 2016281112(Remediation failed)
Hello, I've been having an issue with Intune device compliance. The main issue stems from the fact that the devices have a Microsoft account as the device profile, this means that users use their Microsoft password to log in to their devices. However, when setting password restrictions in Intune, it appears to only affect the device password (that isn't being used) instead of the Microsoft password. On its own this would be fine, however, I have been getting the error mentioned above: 2016281112 (remediation failed) on the "password complexity" setting in the device compliance policy. This doesn't make any sense to me as I have edited all of the settings related to passwords so they shouldn't be required at all. Unfortunately, due to the Microsoft account link I mentioned earlier, users cannot change their device passwords without being un-enrolled from Intune so it is very difficult to determine the cause of the issue, or work around it. Can anyone help me resolve this error please?physicalMemoryInBytes always returns 0 with called from ServiceNow
Hello, I am trying to fetch physicalMemoryInBytes for Intune devices from ServiceNow. I tried calling this info by using below endpoints: https://graph.microsoft.com/beta/deviceManagement/manageddevices('1111-2222-3333-abc4-55aa55bb55')?$select=id,physicalMemoryInBytes https://graph.microsoft.com/beta/deviceManagement/manageddevices('1111-2222-3333-abc4-55aa55bb55')?$select=id,hardwareinformation,physicalMemoryInBytes In both cases I'm getting below error error: Failed to iterate on data stream: com.glide.transform.transformer.exceptions.InvalidPathException: Could not find path in stream: $.value I referred to this Intune article but no luck: https://techcommunity.microsoft.com/discussions/microsoft-intune/physicalmemoryinbytes-always-returns-0/3025721 Can someone help with this?Microsoft Graph Command Line Tools Blocked by CA
Hi All I hope you are well. Anyway, I recently turned ON a Conditional Access Policy Template, "Require MDM-enrolled and compliant device to access cloud apps for all users (Preview)" this seems to work fine until our IT Admins try to use the AutoPilot script which gets blocked based on: Microsoft Graph Command Line Tools Any ideas on how to allow AutoPilot / Microsoft Graph Command Line Tools through CA? Info appreciatedHow is your company managing driver updates via Intune?
Hey folks, I’m currently reviewing our driver update strategy for Windows 11 devices managed via Intune. As you probably know, using Windows Update for Business (WUfB) gives us two main options for driver updates: Automatically allow drivers via WUfB Manually approve drivers via Intune + Windows Update for Business deployment service (WUfB-DS) Each approach has its own pros and cons: Automatic driver updates are great for keeping everything up to date with minimal effort, but they come with risks. We’ve seen networking components randomly break after an update, or newer GPU drivers triggering application compatibility issues. Definitely not zero-risk. Manual approval, on the other hand, gives you control and helps avoid surprises, but it also introduces operational overhead: identifying needed drivers, testing, scheduling approvals, and communicating with users — all of that takes time and effort. We’re debating internally whether the automation risk is worth the convenience, or if the manual path is the only safe option in an enterprise setting. So I’m curious: How is your company handling this? Are you letting Windows install driver updates automatically? Or are you manually controlling which drivers get deployed — and if so, how are you handling the process and workload? Would love to hear your thoughts, especially if you’ve found a good balance or process that works well in production! Thanks in advance!Restrict User Access to Specific Devices and Location Using Intune & Conditional Access
We have a customer requirement to restrict user sign-ins using Intune and Azure AD (Entra ID) Conditional Access. The goal is to allow access only from specific, managed devices and only from a specific geographic location. For example, users should be able to access corporate resources only when signing in from compliant/managed devices and only when located in Mumbai What would be the recommended approach or best practice to achieve this using Conditional Access and Intune? Any guidance on configuration, limitations (e.g., location accuracy), or real-world experiences would be appreciated.Save the date - January 26, 2026 - Tech Community Live: Intune edition
Save the date for Tech Community Live: Intune edition, starting at 8:00 AM PT! Join us for an exclusive live event designed for IT professionals managing endpoints with Microsoft Intune. This interactive experience features four Ask Microsoft Anything (AMA) sessions focused on the most critical aspects of modern endpoint management. Learn how to secure your endpoints with policy and Microsoft Defender, streamline app deployment and updates with Intune, and apply Zero Trust principles effectively across your organization. Each session is led by Microsoft experts ready to answer your toughest questions and share best practices for real-world scenarios. Whether you’re looking to strengthen compliance, optimize app lifecycle management, or embrace Zero Trust strategies, this event delivers actionable insights to keep your organization secure and efficient. Don't miss this opportunity to connect with the experts and elevate your Intune skills. Go to Tech Community Live: Intune edition to add this event to your calendar! Better yet, sign in to add your questions now.
Recent Blogs
- Centralize critical IT actions and get AI-ready with Intune admin tasks – helping admin teams act faster, reduce risk and maintain control.Feb 03, 2026
- Using a Mobile Threat Defense (MTD) solution, such as Microsoft Defender for Endpoint, with Microsoft Intune helps keep your organization’s resources protected and allows you to block devices that ar...Feb 02, 2026
