Forum Widgets
Latest Discussions
Intune Alerts
I would like to create alerts in Intune to trigger for different events. For e.g. Device is enrolled in Intune. Device is encrypted/decrypted from bitlocker. Device is Enrolled Hybrid Entra Join Device is enrolled in Defender Intune policy, etc..... and all others. How can this be done and what licenses are required If any?Proactive Remediation in Intune doesn't pick up special characters
Hi All, I have a remediation script to uninstall an application. However, that will throw an error message even though it runs on PowerShell manually without an issue. Based on my troubleshooting, it seems remediation script doesn't identify the special characters contents in the file path. I would really appreciate it your help if anyone come across this before. surprisingly, although it gives an error, the command is executing and application is uninstalling without and issue. But I am curious to get rid of the error message for reporting purpose. Below is the command executing: Start-Process "C:\ProgramData\Package Cache\{7b06c930-fc32-47a7-8bea-5f1fb6099ee8}\elliptic_virtual_lock_sensor.exe" /uninstall /quiet -Wait Error message: Troubleshooting methods tried so far: Use cmd.exe '/C', instead of start-process. Used file path with start-process (Start-Process -Filepath ...... ) Add error action as either ignored or silently continue, but it still give an error in Intune. Start-Process "C:\ProgramData\Package Cache\{7b06c930-fc32-47a7-8bea-5f1fb6099ee8}\elliptic_virtual_lock_sensor.exe" /uninstall /quiet -Wait -erroraction silentlycontinue Start-Process "C:\ProgramData\Package Cache\{7b06c930-fc32-47a7-8bea-5f1fb6099ee8}\elliptic_virtual_lock_sensor.exe" /uninstall /quiet -Wait -erroraction ignore Used backtick ( ` ) with special characters ( { and } ). below is the command used. whenever I used this bactick ( `) it didn't work the script at all. Start-Process "C:\ProgramData\Package Cache\`{7b06c930-fc32-47a7-8bea-5f1fb6099ee8`}\elliptic_virtual_lock_sensor.exe" /uninstall /quiet -Wait Thanks advance, Dilan[New Blog Post] Managed Apple ID: Federated authentication with Apple Business Manager
Federated authentication with Apple Business Manager Short Introduction: This introduction will touch on a definition from Microsoft realm and Apple realm Microsoft Realm: Federated authentication is used to link Apple Business Manager to an instance of Microsoft Azure Active Directory (Azure AD). As a result, users can leverage their Azure AD usernames (User Principal Name) and passwords as Managed Apple IDs. They can then use their Azure AD credentials to sign into their assigned iPad or Mac and even to iCloud on the web. Apple Realm: Managed Apple IDs were specifically created to enable IT administrators to manage employee accounts within their organization. These accounts empower IT Admins to establish password policies and efficiently manage app licensing. They serve as an ideal solution, striking a balance between providing valuable and productive tools for your team while ensuring compliance with your organization’s security standards. Fortunately, Apple has streamlined this process, eliminating the need for any additional applications. Account management is conveniently conducted through the Apple portal known as Apple Business Manager (ABM). This platform allows you to effortlessly monitor all the accounts within your organization, providing the capability to manage existing accounts or generate new ones directly from your web browser. Pros of Managed Apple ID: Creates a single sign-on: Syncing Apple Business Manager with your Azure tenant, federated authentication allows Managed Apple IDs to use the corresponding Azure Active Directory username and password. This provides your employees with a single sign-on for their corporate identity, whether it is Apple or Microsoft Device management simplicity: Unifying identities across Apple Business Manager and Azure Active Directory, e.g. If you deactivate an employee’s account in Active Directory, their Managed Apple ID will also be deactivated, preventing employees who no longer require access to your system from logging in. BYOD devices: Managed Apple ID also enables the new User Enrollment process for BYOD devices. When a user signs in on a personal device with their Managed Apple ID, the enrollment process is automatically initiated. This ensures that all devices are synced under corporate credentials while allowing employees to maintain control over their personal data Shared iPad: Another Pro for Managed Apple ID for business is Shared iPad, where this works that a user’s data is stored in the cloud until they log in on an iPad. Once they log in, that information is downloaded and cached on the device until they log out. After logging out, the data becomes inaccessible to anyone else until the user signs back in. Cons of Managed Apple ID: The following features are by default disabled: iMessage (Possibility for admin to enable it) FaceTime (Possibility for admin to enable it) iCloud Mail and Keychain Find My Apple Pay Purchasing on the App Store and iBook Store How to set up a Managed Apple ID Prerequisites: Azure Global Admin Account ABM Admin Account Login with Global admin account Consent to preform the federation. After few minutes, ‘Federate’ will show up on the domain Sign in one more time with the Global Admin. With this it’s going to check that the usernames within the Tenant do not already have Apple-ID, because this step will manage all the usernames. (This process might take long time, depending on how many accounts in tenant) Incase of username Conflict:- Click on the ‘User Name Conflict’ Click continue Here we can notify the Users that they will have to relinquish their ownership and change the Apple ID within 60 days. Click on ‘Ok’ Enable federation. From the user side:- the user has the possibility to follow the instruction in the email and get the Apple ID changed. User has to go through the security questionsDiscrepancy Between Intune Endpoint Security Reports and Defender Portal
Hello, I am experiencing an issue with discrepancies in device onboarding reports between Microsoft Intune's Endpoint Security section and the Microsoft Defender portal. My devices are onboarded in Microsoft Defender for Endpoint (MDE) through Intune. However, in Intune’s Endpoint Security section, the report does not reflect the correct onboarding status for these devices. This causes inconsistencies in security reporting and compliance monitoring. I have verified that devices are properly onboarded in Defender, but Intune does not seem to update the status accordingly. Has anyone encountered this issue before? Are there any known solutions or troubleshooting steps to force Intune to sync the correct onboarding status? Any guidance would be greatly appreciated. Thank you!
Having trouble disabling screenshots in Teams on iOS devices that are registered in Entra ID.
I'm having trouble disabling screenshots in Teams on iOS devices that are registered in Entra ID. I've set the 'com.microsoft.intune.mam.screencapturecontrol = Disabled' app configuration policy, and it works for Outlook, but not Teams, even though all managed Microsoft apps are included in the policy. Any suggestions?
Intune Autopilot Reset
For devices that have had their partitions deleted and Windows 11 23h2 reinstalled and manually joined to autopilot at OOBE, any autopilot reset command fails. We ran reagentc /info and the device reports Winre as enabled. We would like assistance in figuring out what Is missing or what we need to do to get these devices that get manually rejoined to autopilot to reset as expected through autopilot reset.
Deploy File to Intune Enrolled Devices as Win-32 App
I had a request to Deploy a pdf file to user's desktop and could not find clear documentation, hence here is how I successfully deployed it and decided to share is with this amazing community. Deploy File to Intune Enrolled Devices Deploy a file to Intune enrolled device's to "C:\Users\Public\Desktop" through Intune Step 1: Prepare the files: The File Install-file.ps1 Remove-file.ps1 Detect-file.ps1 Step 2" Create an Install, Remove & Detect script & save each scripts A. Install: #Installation Script: Install-file.ps1 $FileName = "FileToDesktop.pdf" $ScriptPath = [System.IO.Path]::GetDirectoryName($MyInvocation.MyCommand.Definition) Copy-Item -Path "$ScriptPath\$FileName" -Destination "$Env:Public\Desktop" B. Remove: # Remove Installation: Remove-file.ps1 $FileName = "FileToDesktop.pdf" Remove-Item -Path "$Env:Public\Desktop\$FileName" C. Detect: # save this in a separate folder #Detect File : Detect-file.ps1 $FileName = "FileToDesktop.pdf" if (Test-Path -Path "$Env:Public\Desktop\$FileName"){ Write-Output "0" } Step 3: collect Install-file .ps1, Remove-file .ps1 and the required files in one folder as shown above and create an Intune installation Package. PS C:\Intune\WindowsIntunePrepTool> .\IntuneWinAppUtil.exe Please specify the source folder: C:\DeployFile\FileToDeploy Please specify the setup file: FileToDesktop.pdf Please specify the output folder: C:\DeployFile Do you want to specify catalog folder (Y/N)?N Step 4. Deploy Intune installation file with the following commands Upload the IntunePackage as " App : Windows app (Win32) Install Command: %windir%\system32\windowspowershell\v1.0\powershell.exe -executionpolicy bypass -file "Install-file.ps1" Uninstall Command: %windir%\system32\windowspowershell\v1.0\powershell.exe -executionpolicy bypass -file "Remove-file.ps1" Operating system architecture = select both 32/64-bit Detection rule: use custom detection script and upload the Detect script created above. Following the above steps, it is straight forward and easy to deploy a file to Intune Enrolled devices when required.
Missing local users menu in Devices [admin]
Hello! Expected: Under device > (specific device) > Manage, I expect to see a whole menu like "local administrator password recovery". Like this picture Current: However, I only see "Properties" under manage, missing all the rest. Using https://intune.microsoft.com/ I'm a superadmin of this Intune. Anyone knows where I can find those? Thank you!
