Recent Discussions
Drive Encryption through Endpoint Security no longer showing option to backup information in Entra
Hi All - Just want to check with Community members if others are seeing similar while configuring Drive Encryption under Endpoint Security in Intune. Can see option to save BitLocker recovery information in AD DS but not in Microsoft Entra ID. Is this a bug?
Deploying and Activating Microsoft Defender on Android Kiosk Devices Without User Interaction
I’m working with an Android Kiosk device that deploys two applications. This device is enrolled under 'Corporate-owned dedicated devices' Enrollment Profiles and isn’t assigned to any specific user. Our company requires Microsoft Defender on all devices, but I’m encountering issues with Defender activation —it won’t activate without a user login. Since this is a dedicated Kiosk device with no assigned user, this setup doesn’t align well with our needs. Are there any options to deploy and activate Microsoft Defender on Android Kiosk devices without requiring user interaction? Any guidance on configuring Defender in this scenario would be greatly appreciated."
RHEL 9 install intune-portal
Hi All, My RHEL is 9.2 , and I try to join to intune, and follow https://learn.microsoft.com/en-us/mem/intune/user-help/microsoft-intune-app-linux. After I installed intune-portal and Microsoft Edge, when I input "intune-portal" on commandline, it show the error message "intune-portal: symbol lookup error: intune-portal: undefined symbol: webkit_web_view_evaluate_javascript", I have installed java and webkit2gtk3, I don't know how to resolv it.
[iOS] does disabling iCloud backup via app assignment work?
Been trying to find a way to disable iCloud for the Messages app. So far what I've heard/read/been told is that it's not possible to do it as an app config to Messages, because Apple has not exposed an API for it. Still trying to get a grasp on InTune however, so I've continued investigating.. I know that on the App assignment field, when you assign as required or available, a few options populate - one of them being "enable iCloud backup" (or maybe it's disable, idk). Obviously my mind immediately went to adding Messages as a managed application, and disabling it here, then assigning. I had NO idea if this would work, a) because the app is already built-in to devices and b) they're managed devices and everything else is VPP. But I tested on a non-managed test device - it did not work. (i did not get a second Messages install either) So I'm just wondering if anyone knows how exactly how this setting is supposed to apply, if it's REALLY supposed to work with all managed apps, or any details? Based off this article from Apple, it DOES seem like when you manage an app, you have this functionality. But maybe not for built-in (to device) apps?
Disable automatic app updates for specific apps in Intune
Hi, In our organization, I have enabled all three options below to install and manage traditional Android applications through Intune, However, we have encountered a situation where certain specific Android applications, such as the Google Play Private App, only work with lower versions of the OS. The higher version is not compatible, and Google Play Store is reporting it as an unsafe app and blocking it. Is there any option available in Intune that allows us to block automatic app updates for specific applications?
The unmonitored process is in progress, however it may timeout. (0x87D300C9)
I tried to push the Windows patches manually through Intune since we are having issues with our rings for certain builds. I get the following error message. The unmonitored process is in progress, however it may timeout. (0x87D300C9) All that I am trying to do in the PowerShell Install script is to restart the computer after 8 hours. Start-Sleep -Seconds 28800 Start-Process "wusa.exe" -ArgumentList ".\windows11.0-kb5051989-x64_ce6a034d2385b0623c3182cf396755ef5ad05483.msu /quiet /norestart -Wait" Restart-Computer -Force This is the detection script $sysinfo = systeminfo.exe $result = $sysinfo -match "kb5051989" if ($result) { Write-Output "Found kb5051989" exit 0 } else { Write-Output "kb5051989 not found" exit 1 }Intune Alerts
I would like to create alerts in Intune to trigger for different events. For e.g. Device is enrolled in Intune. Device is encrypted/decrypted from bitlocker. Device is Enrolled Hybrid Entra Join Device is enrolled in Defender Intune policy, etc..... and all others. How can this be done and what licenses are required If any?Android APK Deployment
Morning We have a custom app being built for us as an APK which I have successfully deployed previously. I've added it to our private google store and then deployed via a group. Worked absolutely fine. The recent update and the most important one as it's the go live APK for the new system we're working on, I cannot get to work at all and I'm into my 5th version of the APK from the vendor and I've tried every way I know. I'm new to Android I've only ever worked with Apple and it's seemless deploying APPs with Apple. Android is a nightmare. I've followed the following process; 1) All Apps 2) Add 3) Managed Google Play app 4) I've added two here a test app and the actual deployment. 5) Now once uploaded I press sync, the test app which has been used the entire time shows up. The go live app doesn't. In Attachment 1, it has the logo. And the app doesn't sync into the app library. I try changing the APK of the test version and I get every error under the sun. Default name is incorrect. Unable to change this APK. Login to the Admin Google store - Which then gives me another error to say that this doesn't exist. The other way of doing it is by 1) Add app 2) Line of business App 3) I then add the APK, I add the scope and I add the exact same group as I've deployed all of the test devices. I even add it to all users, everything possible. And does the app deploy to the phone? It doesn't. I've changed the deployment type from required to available for enrolled devices to available with or without enrolment. It can't be seen in the store. It doesn't show any statistics at all. That's allowing ANY user to download and install this app. I've spent the best part of 10 hours on this and I can't find any decent tutorials to see if I am going wrong. I've deployed and set up iOS MDM on InTune deploying hundreds of apps and never had this before. Maybe I am missing something simple.
Automatically configure Windows Autopilot device names using a CSV File
Hello All, Is it possible to upload a CSV file so that the enrolled device pick's up an assigned device name? So, for example, device serial number abc123xyz with get assigned a device name of Asset001 (I will be using out own asset stickers) I am currently just using %SERIAL% setting in the deployment profile for my test device. Then end goal is too have the devices name match the asset sticker on the device. Looking forward to your input.
Mobile keyboard issue: "Your organizations data cannot be pasted here" - Intune App Protection
I have an ongoing issue where I've setup an Intune app protection policy for unmanaged devices to restrict the ability to copy company data outside of company managed apps into personal apps. Whilst this feature works in respect to managed apps and non-managed apps, there is a UI issue on both Android and iOS where the keyboard clipboard shows straight after you copy text in a managed app: "Your organizations data cannot be pasted here". How do you stop this annoying popup that seems to relate to mobile keyboard clipboards? It's an annoying issue as users think they can't copy/paste between work apps. We have to tell them every time that if they just press down on screen then press paste, it pastes correctly. Example of our iOS policy is per below. Please help! There is also a good post here on it, will nil reply: Issue with Copy/Paste Restriction in Intune MDM on... - Android Enterprise Customer Community - 8637Work or School Account Problem just after Hybrid AD Joined Autopilot
Hi All, We are doing the Hybrid AD joined Autopilot and the issue is just after finish the process and user has signed in, there is a notification for sign in again to fix your work or school account. if we are not sign in and let be there, we didn't get company portal app installed for about 3 to 4 hours. however, if we click the notification and sign in the user account, we will get the company portal app installed within 5 minutes. if we go to Account settings, we could see hybrid ad joined done properly and policies has been pushed by Intune too (image2). We have deployed the Company Portal app to All users at the moment. I want a help to identify is this by design or something wrong with our configurations? image1: image2: Thanks, DilanSyncing Outlook contacts to the native contacts on iOS devices
We use Intune to enroll our iOS devices and push Outlook Mobile App to them. I have the email profile successful. But was wondering what do folks do in order to sync the Outlook contacts to the native Contacts app. We are moving to Office 365. I had it working when we were on prem.iPads in Single App Mode stuck after Update
Hi, We've got a bunch of iPads that we control via InTune, a bunch are set to Single App Mode. They have auto-update on for iOS updates, however when they restart themselves after completing the update often(not always) they will go back to the lock screen rather than the single app screen. Thankfully we've got the SN displayed on the lock screen and when we reboot from InTune it fixes it, however this isn't a proper solution. Because it's single app mode it won't let the users swipe away the lock screen. Has anyone got a fix for this? Any assistance is greatly appreciated.Discrepancy Between Intune Endpoint Security Reports and Defender Portal
Hello, I am experiencing an issue with discrepancies in device onboarding reports between Microsoft Intune's Endpoint Security section and the Microsoft Defender portal. My devices are onboarded in Microsoft Defender for Endpoint (MDE) through Intune. However, in Intune’s Endpoint Security section, the report does not reflect the correct onboarding status for these devices. This causes inconsistencies in security reporting and compliance monitoring. I have verified that devices are properly onboarded in Defender, but Intune does not seem to update the status accordingly. Has anyone encountered this issue before? Are there any known solutions or troubleshooting steps to force Intune to sync the correct onboarding status? Any guidance would be greatly appreciated. Thank you!
Events
Get practical guidance on how to use Copilot in Intune to streamline and enhance your IT management experience within Microsoft Intune. Learn how key capabilities can assist you with policy managemen...
Online
Ever wondered what happens from the time you click the save button on an assignment to when your devices receive the updated changes? Learn about the inner workings of payload delivery to devices. Ex...
Online
Recent Blogs
- With Microsoft Intune and Zero Trust, organizations are making great strides in their cloud-native journeys.Feb 14, 2025
- Get the knowledge and skills you need to set up and use the latest endpoint management and security capabilities!Feb 13, 2025
