Forum Widgets
Latest Discussions
Android Devices Not Evaluating
Hi All! I seem to encounter this kind of error several times a year for no apparent reason. It mainly happens on the Android side of things on newly created setups, and then corrects itself over time, which sometimes can be weeks. I recently created two Android dedicated device environments. Dynamic group linked to the enrolment profile name, etc etc I scan the device and follow the normal process, device get all the way to the end but doesn't receive its assigned apps. When I check in the Intune Admin Portal, the device is showing as not evaluated. There is no default compliance policy showing and its custom policy. When I click on Managed Apps, the list of apps the device is going to receive are showing as pending install. The Group Membership tab shows the correct dynamic group. So for me, the setup looks good. I have left the device for 24 & 48 hours in case its a sync issue. Enrolled the device via a different WiFi. Wiped the device and left it 24 hours before enrolling it. Checked spelling of groups etc. Anyone else experienced this issue, and found a solution? I have a Teams Meeting with our external support tomorrow, Have a good one178Views1like10CommentsPlease explain custom configuration policy oma-uri settings.
I have tried and tried to understand custom config policies. I have read every document Microsoft has on the topic and I have walked away with less understanding than I started. I have never been able to get it to work. I don't understand the premise. I keep having to search for examples but most don't work and most don't detail why or how to get working. It is like Microsoft spent more time not documenting it than just telling us what to do. So please someone can you dumb it down a whole lot? I really want to understand it but I'm just giving up and need a boost to try again.ComputerHabitApr 23, 2025Brass Contributor19Views1like1CommentHow to Disable a reboot policy
I created a reboot policy via intune. I set the devices to restart every Tuesday morning at 5. Now the problem is that policy is no longer needed but even after deleting the policy I can’t get rid of it. My machines are still restarting Tuesdays. I went in like some suggested and created a new policy and set the restart time to 0000-00-00T00:00:00Z. I applied it to a few test pcs but I get a failed status for all the pcs. When I go into the policy the error type is 2 and the error code is 65000. Has anyone had a similar issue with disabling a reboot policy?Jesse13579Apr 23, 2025Brass Contributor31Views1like2CommentsTo block access to the location button on Android.
Hello. I would like to know if it is possible to block the user from being able to deactivate the location. I want to keep it always activated and blocked so that the user cannot deactivate it.SolvedGuilherme1020Apr 22, 2025Copper Contributor1.7KViews0likes4CommentsCloud PKI SCEP
Hello All, I have setup steps to utilise cloud PKI to issue SCEP certificate to users so they can be used for email security (SMIME). Root and intermediary setup in cloud PKI successfully and configuration profiles for both setup and both are deployed successfully to test devices. When it comes to the SCEP profile, It has also been deployed but no success status showing yet in the report and issuing certificate not showing any leaf certificates. No errors are currently showing and report just says pending. Any Idea what is causing the delay or how to investigate? Thanks in advance.iPhone setup issue - company portal issue
Hi I have a user who cannot set their phone up. It's all been provisioned ok, but the user cannot set their iPhone up. When they sign into the company portal on the iPhone, it says their credentials are incorrect. She is using her company e-mail address and password, and we know her credentials are ok, as we've tested them signing into her Microsoft account. But company portal on her iphone keeps saying her credentials are incorrect. Can anyone offer any advice? Many thanks AndyandyjonathanApr 22, 2025Occasional Reader9Views0likes0Commentsmonitor the client certificate expiration dates
I would like to monitor the client (windows) certificate expiration dates on the clients and be informed shortly before the expire. Is this possible with Intune and can you please give me a hint how? Thanks for your supportStefan31Apr 22, 2025Copper Contributor48Views1like5CommentsWindows 11 PRO OEM on HP Devices
Hy, I have a kind of problem, our HP devices are shipped with a Windows 11 Pro OEM. We have Enterprise Mobility + Security E5 licenses which should support the upgrade process from W11 Pro to the Enterprise version, but this is not happening. Requirements: Ensure that your device is running a supported version of Windows Pro and that the user is assigned an appropriate EMS license (e.g., E3 or E5). The device must also be joined to Azure AD or hybrid Azure AD joined. The requirements are fulfilled, but still no activation after deployment using APv2. Does anyone have any ideas?SolvedBogdan_GuineaApr 22, 2025Brass Contributor124Views0likes8CommentsWindows Autopilot Pre-Provisioning (White-glove)
Hi, Does anyone can help what would be the cause of the issue with Windows Autopilot Pre-Provisioning (White-Glove)? We did assign user & grab device hash then deployed to autopilot group. The computer process set up complete properly, device RESEAL. However, we faced issue when we start up the laptop at the login OOBE screen we didn't see the assign user appear? I used to see the login page user UPN already attached, it is just waiting user to put the password only. In my case, the sign in ask user to enter their UPN. Is there any suggestions? Note: Windows 11 23H2, and Windows 11 24H2 through the same behaviour. Thanks, PhearinphearinApr 21, 2025Copper Contributor66Views0likes4CommentsRemovable Media settings tattooed to device
Hello, I created a policy to block USB Removable Media in Configurations > Templates > Device Restrictions > General to block Removable storage, which successfully blocks USB access. However, removing this setting does not revert the block. I noticed the following registry key is created in the device: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevices] "Deny_All"=dword:00000001 "MDMRegSet"=dword:00000001 "RebootTimeinSeconds_state"=dword:00000001 "RebootTimeinSeconds"=dword:0000012c Is this the correct registry location for this setting? Even after manually deleting the key, USB access remains blocked. After a reboot, the registry key reappears, even though the policy is no longer assigned to the device in Intune. Can anyone confirm if this is the only registry entry involved, or if additional steps are required to fully remove the restriction? Thanks!drivesafelyApr 21, 2025Brass Contributor68Views0likes3Comments
Resources
Tags
- Intune4,084 Topics
- mobile device management (mdm)2,204 Topics
- Mobile Application Management (MAM)813 Topics
- Conditional Access445 Topics
- Software Management435 Topics
- Graph API237 Topics
- Azure Friday162 Topics
- Autopilot109 Topics
- android68 Topics
- ios56 Topics