Forum Widgets
Latest Discussions
Time Zone configuration profiles and policies
Hello, I'm trying to find out the way to control "automatic time zone change" option to allow users to turn it off or on. On the Intune side there is a configuration profile using OMA-URI settings ("./Device/Vendor/MSFT/Policy/Config/UserRights/ChangeTimeZone" with string "LOCAL SERVICEAdministratorsUsers"). This one controls whether user can change the Time Zone manually in the Control Panel (the old school way) and it also reflects in the Settings when the "Set time zone automatically" is turned off however we have some users that have this option greyed out and I have not found a way how to change this from the Intune side. Users are normally standard users and they do not have administrative rights by default but they should be able to change some of the settings when they invoke "elevation mode" eg in the 1st picture below if I would switch "Set time zone automatically" on I would be presented with authentication dialog and after authentication the setting would turn on. 1st case - user can change the "set time zone automatically" option on/off but is not in the group that is allowed to manually change the time zone hence it does not even show the time zone choices (this reflects the configuration profile mentioned above) 2nd case - user can change the "set time zone automatically" option on/off and is in the group that is allowed to manually change the time zone => shows additional options Time Zone and DST. 3rd case - user can not change the "set time zone automatically" option at all means can't change the TZ or DST in Settings, but is able to change time zone via Control Panel (see below) And the question for the million $$$ 🙂 is if or where is the option / configuration that makes the "Set time zone automatically" greyed out. Any ideas? ThanksWe’re running into an Intune issue where a Win32 app with a dependency sits at "Download Pending"
Setup: Main App: Installs in User Context Dependency: Installs in System Context Dependency Detection: Hosts file modification detection script Direct file detection does NOT work either When the hosts file modification is present (detection is met), detection works, and everything installs fine manually The Problem: If detection passes (exit 0) → Everything installs fine. If detection fails (exit 1) → Intune never moves forward, just stays at "Download Pending" indefinitely. Happens with both file-based detection and script-based detection. Dependency app as well at parent app install fine via Intune on their own as well as manual testing. What We Need to Know: Does Intune get stuck in "Download Pending" instead of moving forward when dependency detection fails? Could the install context mismatch (dependency in SYSTEM, main app in USER) be causing this? Myth or fact? Does Intune break the install process if a dependency app is in system context and the parent app is in user context? Again, both apps work fine independent of each other. Thanks for any help!
Subject: Best Practices for Aligning UPNs in Hybrid Entra ID + Intune Environment
Hello, I’m seeking guidance on best practices for aligning user identities in a hybrid Microsoft 365 environment, particularly regarding UPN consistency and device enrollment into Intune. Environment Overview: Client is using a hybrid Azure AD join setup via Entra ID Connect (formerly Azure AD Connect). Devices are domain-joined and enrolled into Microsoft Intune via Group Policy (GPO). Entra ID Connect sync is active with write-back where appropriate. On-premises UPN format: username@domain.local (or .xxx) Entra ID / M365 UPN format: email address removed for privacy reasons (e.g., routable custom domain) Issue: Devices are intermittently failing to enroll into Intune or are not showing up as compliant/joined. Manually updating the on-premises UPN to match the Entra ID UPN (email address removed for privacy reasons) seems to resolve the issue, but this is not yet standardized across the org. It's unclear whether this mismatch is breaking hybrid join and/or interfering with automatic MDM enrollment via GPO. Questions: What is Microsoft’s current best practice regarding UPN alignment between on-prem AD and Entra ID in a hybrid environment? Is it mandatory or strongly recommended to match the on-prem UPN to the Entra UPN (especially when using automatic Intune enrollment)? Could this mismatch be contributing to MDM enrollment issues, and if so, what is the correct process to fix it in bulk? Are there any known caveats or dependencies when changing the UPN on-prem (e.g., impact on Outlook profiles, cached credentials, etc.)? Is there a supported or recommended PowerShell method to audit and align UPNs safely? Goal: We're aiming for consistent, reliable hybrid Entra join with automatic Intune enrollment and minimal end-user disruption. Any insight or guidance is appreciated, especially if there’s documentation or field experience to support it.Set Edge as the default browser on Android
Is it possible to use Intune to set Edge as the default browser app for an Android fully managed device? We have an app that goes through an SSO process and uses the default browser for that. The SSO process will fail if the default browser is set to Chrome, but will work when the default browser is set to Edge. The "Restrict web content transfer with other apps" setting doesn't seem to help in this instance. Any suggestions would be appreciated & thanks in advance.GRAPH - Add/remove user to distribution list
Good evening, for about a week, through a small program that uses graph api, the addition / removal of users from distribution lists no longer works; do you have any idea why? I have many processes that use graph api and they never gave me problems; we thought it was a temporary problem, but after a week it still doesn't work (attached the error)Uninstalling printer queues
Hello, We are going to migrate from shared printers on a server to a new system. We need to delete all the printer queues which are \\server\printer01/02/03.... I tried using remediation script with no luck. Here is the detection part : # Recherche des imprimantes correspondant aux motifs IM?? ou CANON_* $printers = Get-Printer | Where-Object { $_.Name -like '\\server\IM*' -or $_.Name -like '\\server\CANON_*' } if ($printers) { #Write-Output "Imprimantes détectées :" #$printers | ForEach-Object { Write-Output $_.Name } exit 1 # Code de sortie 1 = imprimantes trouvées } else { #Write-Output "Aucune imprimante correspondante trouvée." exit 0 # Code de sortie 0 = aucune imprimante trouvée } and here is the remediation part : # Supprimer les imprimantes contenant "IM" ou commençant par "CANON_" $printersToRemove = Get-Printer | Where-Object { $_.Name -like '\\server\IM*' -or $_.Name -like '\\server\CANON_*' } foreach ($printer in $printersToRemove) { try { Remove-Printer -Name $printer.Name -ErrorAction Stop # Write-Output "Imprimante supprimée : $($printer.Name)" } catch { Write-Output "Erreur lors de la suppression de : $($printer.Name) - $_" } } And the settings : SettingsDetection script YesRemediation script YesRun this script using the logged-on credentials YesEnforce script signature check NoRun script in 64-bit PowerShell No If I test the scripts locally, it works. Any ideas? ThanksFeature Upgrade W11 24H2 not pushing why?
Hi, community i create a feature upgrade to 24H2 who is Rollout immediate start,i have computer who are already either in 21H2/22H2/23H2, and also W10 who are W11 readiness. I dont understand why some are passing a lot of others are still stuck in there build. last thing that i want it's to do a in place upgrade. Is there someone in the community who have the same issue and any solution that i can push for my hundreds of laptop who are stuck. thank you so much for your help it will be a lot :)Deploying Script as Win32 App
Hi all, I created a script that is supposed to check if a certain app was installed from a managed installer, then create a file in the C:\Temp folder if it was installed from a managed installer. I would deploy this as a Win32 app so that I could use the detection rules in the Win32 App deployment to check which device was installed via a managed installer. However, it doesn't seem to work. I created a transcript log as well to check if I would get an output from the variables, but it seems to only run the else block in the If Statement. We use a Business Premium license, so I don't access to Enterprise license capabilities like proactive remediation scripts. It is run using the System credentials, I've tested the script locally which works. Thank you, I've included some images of the script and transcript log. Script: Transcript Log Output:
Autopilot deployment app count jumping around
Hi All! Just a quick post for some clarification. We have multiple Intune deployments for different clients and something we have noticed on at least two of them in the past few days is during the App deployment for autopilot we are noticing that the app count seems to jump around a bit. For example we had a deployment that was on the account setup stage on 5 out of 7 apps, I check it again a couple minutes later and for some reason it is now on 4 out of 7 apps installed. Sometimes it jumps up and down between those two app installs. It does not happen every single time but just wanted to know if anyone else has experienced this? The deployment generally still goes through but just want to to try and find a cause to address before it becomes an issue. Also note that the continue anyway button also shows up despite the deployment still being active sometimes. Thanks in advance!
