Pinned Posts
Forum Widgets
Latest Discussions
Company Portal Installation failing due to missing Microsoft.UI.Xaml.2.7
Dear All, We are deploying Company Portal App as Microsoft Store app (new) from Intune on Hybrid Domain Joined devices. While some devices are successfull to install company portal, some device are failing. I did review of events in, below locations subfolders. Event Viewer -->Applications and Services Logs --> Microsoft --> Windows --> Appx Deployment Event Viewer -->Applications and Services Logs --> Microsoft --> Windows --> Appx Deployment-Server. Event Viewer -->Applications and Services Logs --> Microsoft --> Windows --> Appx Deployment-Server-Undocked Event Viewer -->Applications and Services Logs --> Microsoft --> Windows --> AppxPackagingOM During the review I found error 0x80073cf3: Package failed updates, dependency or conflict validation. This is the reason for Company Portal App failed installation. This is due to lack of Microsoft.UI.Xaml.2.7 installed on the device. If i execute below commands 1 after another in the command prompt, Installation of Company Portal gets succeeded. Winget Install --accept-source-agreements --accept-package-agreements Microsoft.UI.Xaml.2.7 Winget Install --accept-source-agreements --accept-package-agreements Microsoft.CompanyPortal My question is how can i add the Microsoft.UI.Xaml.2.7 as a dependency app for Company Portal App, especially when the app type is Microsoft Store app (new) ? I do not want to deploy Company Portal as win32 app and also deploy the Microsoft.UI.Xaml.2.7 as win32 app, because in this method of deployment i always have to create new win32app when a new version is released. Does anyone came across same situation and have any thoughts ?Intune connector stuck because it is no longer supported
Hello, We are trying to connect our JamF Pro to Intune for compliance checks on our Macs. Following Microsoft's (incorrect) instructions, we found that the old (legacy) method to be no longer supported by JamF. However, after entering the Enterprise AppID the connector is now stuck and we cannot clear it because it cant connect to anything at JamF. The "Terminate" button simply produces the following error: "{"error":{"code":"InternalServerError","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"An internal server error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: f0416542-74a3-4876-a3a3-d27cc6a9bb31 - Url: https://proxy.msub02.manage.microsoft.com/StatelessOnboardingService/deviceManagement/deviceManagementPartners('007d2fff-e0dd-4b28-8595-cec005efe5cd')/microsoft.management.services.api.terminate?api-version=5025-03-20\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}","innerError":{"date":"2025-11-20T08:33:25","request-id":"11b3ecb3-6b3c-40a1-a2ef-1259682cc5f7","client-request-id":"f0416542-74a3-4876-a3a3-d27cc6a9bb31"}}}" We have since connected JamF Pro using their new method successfully, but our managed Macs are still NOT showing in Intune. We need to clear the old connector, which is in limbo, in case this is blocking the new one from working. We raised a case with Microsoft support in November 2025 and despite repeated efforts to contact them, still haven't had a response. Any ideas, please?
physicalMemoryInBytes always returns 0 with called from ServiceNow
Hello, I am trying to fetch physicalMemoryInBytes for Intune devices from ServiceNow. I tried calling this info by using below endpoints: https://graph.microsoft.com/beta/deviceManagement/manageddevices('1111-2222-3333-abc4-55aa55bb55')?$select=id,physicalMemoryInBytes https://graph.microsoft.com/beta/deviceManagement/manageddevices('1111-2222-3333-abc4-55aa55bb55')?$select=id,hardwareinformation,physicalMemoryInBytes In both cases I'm getting below error error: Failed to iterate on data stream: com.glide.transform.transformer.exceptions.InvalidPathException: Could not find path in stream: $.value I referred to this Intune article but no luck: https://techcommunity.microsoft.com/discussions/microsoft-intune/physicalmemoryinbytes-always-returns-0/3025721 Can someone help with this?
Issue with Android iOS Wi-Fi authentication using certificates EAP-TLS with NPS
I am trying to configure Wi-Fi authentication for Android and iOS devices using certificates (EAP-TLS). I followed the guide below Support Tip - How to configure NDES for SCEP certificate deployments in Intune | Microsoft Community Hub, and I am able to successfully deploy certificates to the devices. The certificates are installed correctly on the final devices, so the distribution part seems to be working fine. However, the devices are not able to authenticate to the Wi-Fi network. The connection fails during authentication, and from what I can see the issue seems to be related to NPS. My doubt is specifically about the NPS configuration. In the guide, user or computer groups are usually added in the network policy conditions, but in my scenario I cannot rely on adding users or groups, since authentication should be based only on the certificate. I am unsure how to correctly configure NPS to accept these devices using certificate-based authentication without assigning them to a security group. Has anyone already faced this situation or can explain how NPS should be configured in this case? Any guidance or example configuration would be greatly appreciated. Thank you in advance.
Restrict User Access to Specific Devices and Location Using Intune & Conditional Access
We have a customer requirement to restrict user sign-ins using Intune and Azure AD (Entra ID) Conditional Access. The goal is to allow access only from specific, managed devices and only from a specific geographic location. For example, users should be able to access corporate resources only when signing in from compliant/managed devices and only when located in Mumbai What would be the recommended approach or best practice to achieve this using Conditional Access and Intune? Any guidance on configuration, limitations (e.g., location accuracy), or real-world experiences would be appreciated.Delivery Optimization breaking Windows 11 update downloads?
We started seeing Delivery Optimization–related issues with Windows updates after upgrading devices to Windows 11 24H2. In our SCCM environment, Windows updates begin downloading but consistently fail or stall partway through the download. In many cases, the download restarts multiple times and eventually errors out. This behavior is consistent across multiple devices and different boundaries. These same devices were patching normally prior to the 24H2 upgrade. Since moving to 24H2, patching has become unreliable, especially for larger updates. From what we’re seeing, this doesn’t look like a traditional content or boundary issue. It feels like Delivery Optimization is failing mid-transfer or not resuming downloads correctly after the OS upgrade. So far we’ve checked the following: - Boundaries and boundary groups are unchanged - Content is available and distributed correctly on DPs - No recent SCCM site or infrastructure changes - Network connectivity looks normal On the client side, we’ve been reviewing: - DataTransferService.log (downloads start but fail or restart mid-way) - DeliveryOptimization logs (showing repeated retries / stalled transfers) - CAS.log and LocationServices.log (content location looks normal) - WUAHandler.log (update detection looks fine) Overall, detection and policy seem healthy — the issue appears during the actual download phase. Has anyone else seen Delivery Optimization downloads stall or fail during Windows patching after upgrading to Windows 11 24H2? If so, did you find a specific DO setting, policy change, or workaround that stabilized patching?Delivery Optimization breaking Windows 11 update downloads?
We started seeing Delivery Optimization–related issues with Windows updates after upgrading devices to Windows 11 24H2. In our SCCM environment, Windows updates begin downloading but consistently fail or stall partway through the download. In many cases, the download restarts multiple times and eventually errors out. This behavior is consistent across multiple devices and different boundaries. These same devices were patching normally prior to the 24H2 upgrade. Since moving to 24H2, patching has become unreliable, especially for larger updates. From what we’re seeing, this doesn’t look like a traditional content or boundary issue. It feels like Delivery Optimization is failing mid-transfer or not resuming downloads correctly after the OS upgrade. So far we’ve checked the following: - Boundaries and boundary groups are unchanged - Content is available and distributed correctly on DPs - No recent SCCM site or infrastructure changes - Network connectivity looks normal On the client side, we’ve been reviewing: - DataTransferService.log (downloads start but fail or restart mid-way) - DeliveryOptimization logs (showing repeated retries / stalled transfers) - CAS.log and LocationServices.log (content location looks normal) - WUAHandler.log (update detection looks fine) Overall, detection and policy seem healthy — the issue appears during the actual download phase. Has anyone else seen Delivery Optimization downloads stall or fail during Windows patching after upgrading to Windows 11 24H2? If so, did you find a specific DO setting, policy change, or workaround that stabilized patching?Unable to use TargetedManagedAppConfiguration end point (Broken)
Within Intune, Graph explorer and PowerShell commands the gateway fails to respond, it's been broken for a couple of months, i have opened multiple support tickets and tumbleweed. i cant get or create any App configuration or app protection policies PS error Get-MgDeviceAppManagementTargetedManagedAppConfiguration Get-MgDeviceAppManagementTargetedManagedAppConfiguration_List: Too many retries performed. More than 3 retries encountered while sending the request. (HTTP request failed with status code: GatewayTimeout. Intune Error { "error": { "code": "UnknownError", "message": "{\"Message\":\"{\\r\\n \\\"_version\\\": 3,\\r\\n \\\"Message\\\": \\\"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 6bf99a96-6889-4b10-a52e-c31e099e9111 - Url: https://proxy.msub06.manage.microsoft.com/TrafficGateway/TrafficRoutingService/MAMAdmin/MAMAdminFEService/deviceAppManagement/targetedManagedAppConfigurations?api-version=5025-07-01&$count=true\\\",\\r\\n \\\"CustomApiErrorPhrase\\\": \\\"\\\",\\r\\n \\\"RetryAfter\\\": null,\\r\\n \\\"ErrorSourceService\\\": \\\"\\\",\\r\\n \\\"HttpHeaders\\\": \\\"{}\\\"\\r\\n}\"}", "innerError": { "date": "2025-12-23T12:42:49", "request-id": "b844d1f6-c583-485c-b33f-9a29d9b44a92", "client-request-id": "6bf99a96-6889-4b10-a52e-c31e099e9111" } } }Separate APP policies
Hi All I hope you are well and have a Merry Christmas and a Happy New Year. Anyway, trying to get my head around APP policies for both BYOD and Corp (COBO) Android devices. I'd like nothing more than a single APP policy for Android but there are certain settings such block screenshots that I would like to include in the BYOD APP policy but not include in the Corp (COBO) APP policy. So, my thinking is: BYOD APP policy > Assigned to E3 / F3 groups > Filter on EXCLUDE corp devices Corp Owned / Intune Enrolled COBO APP policy - Filter on EXCLUDE personal devices Could someone advise on the best way to achieve this? What's the best Device / App filter syntax to use? Info appreciatedEntra ID LAPS and BitLocker on Hybrid AD–Joined Devices
Hi All, We have Hybrid AD–joined Windows devices with BitLocker managed on-prem via GPO and BitLocker recovery keys already escrowed to Microsoft Entra ID. If we enable Windows LAPS in Entra ID (cloud LAPS), will this have any impact on: Existing BitLocker recovery keys stored in Entra ID, or Current/future BitLocker configuration and escrow behavior? Is there any dependency or interaction between Entra ID LAPS and BitLocker on hybrid devices? Thanks in advance Dilan
