Forum Widgets
Latest Discussions
Error running on-premises Intune Connector for Active Directory (ODJ Connector).
Hi, I trying add AAD joined devices hybrid at my AD DS local whit Autopilot. I downloaded the ODJConnectorBootstrapper.exe file from the Microsoft Endpoint Manager > Devices > Enroll devices portal, the installation was successful, but after trying to sign in, an error occurred in the log file (C:\Program Files\Microsoft Intune\ODJConnector\ODJConnectorUI\ODJConnectorUI. log) and also in the Event Viewer (Application and Servecies Logs > ODJ Connector Service) .. Event Viewer: { "Metric":{ "Dimensions":{ "InstanceId":"746F3603-6956-42CF-B6B0-A9673088C5F0", "DiagnosticCode":"0x0FFFFFFF", "DiagnosticText":"We are unable to complete your request because a server-side error occurred. Please try again. [Exception Message: \"DiagnosticException: 0x0FFFFFFF. We are unable to complete your request because a server-side error occurred. Please try again.\"] [Exception Message: \"Value cannot be null.\u000d\u000aParameter name: cert\"]" }, "Name":"RequestHandlingPipeline_DownloadFailure", "Value":0 } } log file: ODJ Connector UI Error: 2 : ERROR: Failed to check if machine is already enrolled. Detailed message is: Error in retrieving certificate. A certificate could not be found in the specified store. The articles I used: https://docs.microsoft.com/en-pt/mem/autopilot/windows-autopilot-hybrid https://techcommunity.microsoft.com/t5/intune-customer-success/admins-experience-deploy-hybrid-azure-ad-joined-devices-by-using/ba-p/1131428 The IE Enhanced Security Configuration is already OFF, I've removed everything related to Intune and reinstalled only the ODJConnector, I've restarted the server, but the problem persists. Can anyone help me?Which Windows Licenses are required to manage BitLocker through Intune
License Confusion for Managing BitLocker via Intune Scenario: We are managing BitLocker through Intune, with recovery keys backed up to Entra ID for both Hybrid and Entra ID-joined devices. Our devices run Windows 10/11 Professional, and we have EMS E3 licenses. Confusion: Most Microsoft documents state that Windows 10/11 Professional is sufficient to enable and manage BitLocker. However, one document mentions that Windows 10/11 Enterprise is required to manage BitLocker using CSP (Configuration Service Provider). We need clarification on whether Windows 10/11 Professional is fully capable of BitLocker management via Intune or if Enterprise is required for CSP-based management. I am providing reference Microsoft articles and screenshots to support this. BitLocker Enablement: https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/#windows-edition-and-licensing-requirements BitLocker Management: https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/configure?tabs=common#windows-edition-and-licensing-requirements Encrypt Devices with Intune: https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices#view-details-for-recovery-keys You can find this paragraph in above document. "Information for BitLocker is obtained using the (CSP). BitLocker CSP is supported on Windows 10 version 1703 and later, Windows 10 Pro version 1809 and later, and Windows 11." Contradictory Statement Document: https://learn.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp
iOS blocks screenshots on any managed app
We are encountering a problem with intune managed apps screen sharing/ screenshotting on iOS devices, where sharing content from managed apps results in a black screen, same goes for takeing a screenshot. This behavior stems from a recent Intune feature designed to enhance data security by blocking screen captures and screen sharing in mobile application management (MAM)-protected apps on iOS devices. This feature is automatically enabled when the "Send Org data to other apps" setting in the App Protection Policy (APP) is configured to any option other than "All apps." Consequently, attempts to capture or share the screen from a managed account within a MAM-protected app result in a blank screen instead of the actual content. To permit screen sharing on iOS devices, administrators can configure an app configuration policy with the setting com.microsoft.intune.mam.screencapturecontrol = Disabled. However, this adjustment also allows on-device screenshots and screen recordings, which might not align with organizational security requirements. --> https://techcommunity.microsoft.com/blog/intunecustomersuccess/new-block-screen-capture-for-iosipados-mam-protected-apps/4366312 But this solution does not make sense, Microsoft always recommended the usage of Managed Devices Policys so why the sudden change to only allow this with managed apps policys? We would need a feature to enable screenshotting on a managed devices policy! We already opened two SR for this but none of them could provide a solution. Please help out here, a lot of our customers who use intune for MDM purpose are very annoyed by this feature. BR
Sharepoint - OneDrive Sync
Hi all, (posted here but was asked to move to here: Sharepoint - OneDrive Sync - Microsoft Community in my company we use a sharepoint: https://xxx.sharepoint.com/Name%20Public/ i can open the site in edge, i can interact with the files and folders and i can push on the "sync" method and onedrive will start syncing manually. Now to my problem: In intunes Admincenter I have a configuration policy with: "Configure team site libraries to sync automatically (user)" as follows: Value: https://xxx.sharepoint.com/Name%20Public | 1c27e911-bb36-4ae7-8fd8-d3b68c4d6e8c Name: xxx Public The policy is successfully applied to the users. However, one drive does not start synchronisation. $OneDriveCmd = "C:\Program Files\Microsoft OneDrive\OneDrive.exe" Start-Process -FilePath $OneDriveCmd -ArgumentList "/url:$SiteURL /id:$LibraryID /automount" Results in an error, something like "cannot open program, url not readable" Path and library are given in variables to the script Does anyone have an idea for me
Syncing Outlook contacts on Android to native Contacts app
What process are you guys using to sync your Outlook contacts from the Work side to the native Contacts app on the personal side? We are basically personal phone enrolled with Work Profile (even though we own the phones). I tried to create an App Config but not doing as I expect. Feel free to show screenshots or instructions on how you handled it. Thanks in advanced.Autopilot Company owned
We deploy all our Wiindows Laptops with AutoPilot and are Hybrid AD joined. An old sore is that devices are created twice as the device is first Entra AD joined, after which the device is joined as a Hybrid AD joined device (configuration profile), and thus creating two devices which represent one physical device. An Entra-ID joined device which becomes stale over time, as the device stats are no longer updated. And thus becomes Uncompliant. A Entra-ID Hybrid joined device which is managed by Intune, and updated wherefore the device is compliant. This is an old sore and confirmed by Microsoft support, wherefore does not seem to be a sollution. We have in some cases removed the stale Entra-ID joined device, and others we merely disabled the stale device. Yesterday i discovered some devices which show the opposite. The Hybrid AD joined device shows that it is not managed by an MDM, while the Entra-ID joined device showes managed by Intune. This results in that the correct device is no longer updated by Intune. Also when looking the deviceownership i can see that the wrong device states company owned, while the Hybrid AD joined device shows none. Is there anyway to rectify this situation? I confirm that the device is in use.
Acrobat DC Install via Intune
Has anyone been success on deploying Acrobat DC Professional via Intune? I downloaded the package from Adobe and used the IntuneApp to create a package but so far it refuses to install failing with a (0x80070005) error. I can deploy the reader without issue. Deployed Dreamweaver and Photoshop CC without error but this one is puzzling. This like all of CC is subscription based now, so not sure what I am missing...
