Pinned Posts
Forum Widgets
Latest Discussions
Issue with creating an issuing CA in Cloud PKI
I have activated an trial license for Cloud PKI a couple of days ago. I follow this guide to create a Root and Issuing CA https://oliverkieselbach.com/2024/03/04/how-to-configure-cloud-pki-certificate-based-wifi-with-intune/ I could create a root certificate successfully, but when i want create an issuing certificate i'm getting this error 'CA failed to be created' I have waited to a couple of hours to try it again but still no luck. What can cause this issue and how to solve this?
We’re running into an Intune issue where a Win32 app with a dependency sits at "Download Pending"
Setup: Main App: Installs in User Context Dependency: Installs in System Context Dependency Detection: Hosts file modification detection script Direct file detection does NOT work either When the hosts file modification is present (detection is met), detection works, and everything installs fine manually The Problem: If detection passes (exit 0) → Everything installs fine. If detection fails (exit 1) → Intune never moves forward, just stays at "Download Pending" indefinitely. Happens with both file-based detection and script-based detection. Dependency app as well at parent app install fine via Intune on their own as well as manual testing. What We Need to Know: Does Intune get stuck in "Download Pending" instead of moving forward when dependency detection fails? Could the install context mismatch (dependency in SYSTEM, main app in USER) be causing this? Myth or fact? Does Intune break the install process if a dependency app is in system context and the parent app is in user context? Again, both apps work fine independent of each other. Thanks for any help!
Android 15 - CredentialProviderPolicy not surfaced by Intune
I have been having an issue with Android 15 devices. We use Authenticator as our password autofill provider. As soon as a device is updated from Android 14 to Android 15, the password autofill provider is no longer set and the setting to change it is 'blocked by work policy.' I have already tried removing all policies that apply to the devices (device config and device compliance policies) and factory resetting them. Simply having them enrolled as corporate owned fully managed devices causes this to happen. I raised the issue in the Android Enterprise community blog. A link to that is included below. Someone on that thread found that there is a policy in Android 14/15 called the credentialproviderpolicy. When that policy is blocked or unconfigured, this behavior happens. I cannot find anywhere in Intune where I can set this policy. It seems that it is allowed by default when managing Android 14 with Intune, but not set or blocked when the device switches to Android 15. Is there any way to specifically set a policy that is not reflected in the Intune UI? This is a blocker for being able to move more phones to Android 15. Link to Android Enterprise thread: https://www.androidenterprise.community/t5/admin-discussions/android-15-cannot-set-default-password-app/m-p/8827#M2105 Thanks, Tom
Windows Hello - optional
Hello community, I'm trying to set Windows Hello as optional (not forced) for users in our org. Currently we have security group for people who asked for Windows Hello to be enabled for them. All devices are Windows 11 fully managed by Intune. Current Win Hello solution is provided by Intune policy - identity protection - "Configure Windows Hello for Business". It works, but as mentioned I would like to make it optional for everyone in our org so users can decide whether use it or not. Is it possible?
Intune Graph API deviceStatuses missing device shown in portal
Hello, I am retrieving device status for an Intune configuration profile using Microsoft Graph API. API request: GET https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{policyId}/deviceStatuses Issue: In the Intune portal, a device shows Success status for the configuration profile under: Devices → Configuration profiles → Device status However, when retrieving the same data using the Graph API endpoint above, that device does not appear in the API response. Observations: In the Intune portal, the policy shows one device with Success status. But the Graph API response returns different devices and does not include the device visible in the portal. Example response (sanitized): deviceDisplayName: Device-A status: unknown deviceDisplayName: Device-B status: unknown Questions: Why would a device appear in the Intune portal device status but not in the Graph API deviceStatuses response? Is there a delay in data synchronization between the Intune portal and Graph API? Is there another Graph endpoint recommended for retrieving all device configuration status results? Additional details: Graph API version: beta Permission used: DeviceManagementConfiguration.Read.All Tested using Graph Explorer Any insights would be appreciated.
Issue with Android iOS Wi-Fi authentication using certificates EAP-TLS with NPS
I am trying to configure Wi-Fi authentication for Android and iOS devices using certificates (EAP-TLS). I followed the guide below Support Tip - How to configure NDES for SCEP certificate deployments in Intune | Microsoft Community Hub, and I am able to successfully deploy certificates to the devices. The certificates are installed correctly on the final devices, so the distribution part seems to be working fine. However, the devices are not able to authenticate to the Wi-Fi network. The connection fails during authentication, and from what I can see the issue seems to be related to NPS. My doubt is specifically about the NPS configuration. In the guide, user or computer groups are usually added in the network policy conditions, but in my scenario I cannot rely on adding users or groups, since authentication should be based only on the certificate. I am unsure how to correctly configure NPS to accept these devices using certificate-based authentication without assigning them to a security group. Has anyone already faced this situation or can explain how NPS should be configured in this case? Any guidance or example configuration would be greatly appreciated. Thank you in advance.Edge for Android Smartscreen
Hi All I hope you are well. Anyway, is it possible to configure Edge for Android Smartscreen to: Prevent end user bypass Block potential risky downloads I can see various methods and guides pointing to Edge App Configuration policies but just cannot seem to get the this to work on Android Enterprise Fully Managed devices. Any help would be great. SK
Erweiterungsmanagement im Browser
We would like to distribute browser extensions in Edge via Intune in a granular manner. The problem is that assigning two profiles with different extensions leads to a conflict. We would like to be able to assign extensions individually and assign multiple different profiles with different browser extensions to a user. With the current options, it becomes very complex and error-prone when there are multiple extensions with different user groups. Or have I overlooked a possibility?Block Local Logon to enrolling user of an Intune Managed Device
Has anyone successfully managed to deploy a security baseline template or Configuration profile or proactive remediation script that can successfully block any AAD user from being able to logon to an Intune managed device, other than the user who enrolled the device? I have a use case of an industutrial type device where we use a secure shared logon credential who is also the enrolling user, and i want to prevent anyone with an account loggin goff the primary user account and loggingin with their own personal account. The issue i seems to face now is the policy is not able to evaluate the AAD group where i assign the user account/accounts allowed to logon, and i subsequently end up blocking all local logons. Thanks
