Pinned Posts
Forum Widgets
Latest Discussions
Which Entra account are you supposed to use to connect to a managed Google Play account?
At Connect Intune account to managed Google Play account - Microsoft Intune | Microsoft Learn, it says: We recommend using the Microsoft Entra account you're signed into to create the Google Admin account. So I used my Entra account to set it up. Now, though, when I look at the Managed Google Play item in Intune under Devices > Android > Enrollment, it has my email address under "Linked account". Was I supposed to create a shared Entra account to make this connection? What happens when I leave the org?
Platform SSO "Page not found" on macOS Tahoe 26.4 — Company Portal 5.2602
Environment: macOS Tahoe 26.4 Company Portal 5.2602.0 (latest as of April 2026) Microsoft Intune — Automated Device Enrollment (ADE) Platform SSO with Secure Enclave (UserSecureEnclaveKey) SSO Extension: com.microsoft.CompanyPortalMac.ssoextension / Team ID: UBF8T346G9 URLs configured: https://login.microsoftonline.com, https://login.microsoft.com, https://sts.windows.net Device: MacBook Pro 14" (Apple Silicon), supervised, ADE-enrolled Issue: During Platform SSO registration, after the user authenticates successfully in the SSO registration prompt, Company Portal crashes with a "Page not found" error. The registration never completes — no WPJ certificate is created, no SSO registration key is stored in the Secure Enclave. Console logs show: CompanyPortalMac: URL(filePath:) API misuse — usingass old file path API which does not support security scoped bookmarks The error occurs specifically at the token exchange step after authentication, suggesting the Company Portal binary is calling a deprecated macOS file URL API that Tahoe 26.4 now enforces more strictly. What we tried: Full wipe and re-enrollment via ADE Removing and reinstalling Company Portal via Intune Different user accounts Verified SSO extension profile is correctly applied (confirmed via profiles show -type configuration) Verified network connectivity to Microsoft identity endpoints Tested on a clean macOS Tahoe 26.4 install — same result Expected behavior: Platform SSO registration completes, WPJ certificate is created, and SSO token is cached for seamless authentication. Actual behavior: "Page not found" after authentication in the SSO registration flow. Console shows the URL(filePath:) API misuse warning. Registration fails silently — no error surfaced to the user beyond the page not found screen. Question: Is this a known bug in Company Portal 5.2602 with macOS Tahoe 26.4? Is there a newer build or hotfix addressing the URL(filePath:) deprecation? Any workaround available? Tags: Platform SSO, macOS, Company Portal, ADE, Intune
Intune enroll on redhat 10 KDE
**intune-portal 1.2603.31 fails to authenticate on RHEL 10 KDE Plasma — Misconfiguration(0) in gtk4/actions.rs** **Environment** - OS: Red Hat Enterprise Linux 10 - Desktop: KDE Plasma (Wayland, XDG_SESSION_DESKTOP=plasma) - intune-portal: 1.2603.31-1.el10.x86_64 - microsoft-identity-broker: 3.0.1-1.el10.x86_64 - xdg-desktop-portal-kde: 6.4.5-1.el10_1.x86_64 - webkitgtk6.0: 2.50.4-2.el10_1.x86_64 **Summary** The Intune portal fails to complete authentication on KDE Plasma. The same machine, same user account, and same tenant works correctly under GNOME on the same RHEL 10 install. The only difference between the working and non-working sessions is XDG_SESSION_DESKTOP (gnome vs plasma). **Error** The portal throws the following Rust error when attempting to start a login: ``` [intune-portal/src/gtk4/actions.rs:103:29] e = Error { context: "Starting a new login", source: Misconfiguration( 0, ), } ``` The OneAuth logs show: - `No accounts found in the OneAuth account store` - `Auth params authority is empty` - `MATS device telemetry disabled` This results in a [4kv4v] error in the Microsoft auth window with Code: 0. **Additional findings during investigation** 1. On RHEL 10, the KDE portal service is named `plasma-xdg-desktop-portal-kde.service` rather than the expected `xdg-desktop-portal-kde.service`. This means it is not auto-discovered without explicitly starting it, which is a secondary issue. 2. Overriding `XDG_SESSION_DESKTOP=gnome` at launch does not resolve the Misconfiguration(0) error, suggesting the portal reads the session desktop variable at startup rather than at auth time. 3. The auth flow reaches the broker, the broker starts MSAL, but the portal fails to pass authority parameters, so the login flow never presents a credential prompt to the user. **Steps to reproduce** 1. Install intune-portal 1.2603.31 on RHEL 10 2. Log into a KDE Plasma Wayland session 3. Launch intune-portal and attempt to sign in 4. Observe Misconfiguration(0) error — no login prompt is shown 5. Log out, log into GNOME on the same machine 6. Launch intune-portal — authentication completes successfully **Expected behaviour** Authentication should work on KDE Plasma in the same way it does on GNOME. **Workaround** None found. Using GNOME is the only current option on this machine.
SSID connection using intune pushed profile kept prompting manual login
Hi, anyone encountered an issue where users connecting to an SSID with 802.1X authentication using an Intune-pushed Wi-Fi profile (with credential caching enabled) are still being prompted to enter their credentials manually? However, it works fine by configuring the network connection protocol manually. Thank you.Hybrid Azure AD joined device not enrolling into Intune
Issue A Windows device successfully registers in Entra ID (Hybrid Azure AD join) but never enrolls into Intune. Result: Device appears in Entra ID Device does not appear in Intune Intune Management Extension is not installed Device remains SCCM‑only (co‑management never starts) Log (CoManagementHandler.log): EnrollmentUrl = (null) Device is not MDM enrolled yet. All workloads are managed by SCCM. Environment Windows 10/11 Hybrid Azure AD Join On‑prem AD + MECM (Cloud Attach / Co‑management enabled) Microsoft 365 E3 (Intune license assigned) Device on corporate trusted network What I’ve done Verified Azure AD join and MDM URL Confirmed MDM user scope = All Verified Intune enrollment restrictions allow Windows Verified user has Intune license Identified Conditional Access policy targeting “Register or join devices” Updated that CA policy to Exclude → Microsoft Intune Enrollment Waited for replication and retried enrollment (deviceenroller.exe /c /AutoEnrollMDM) Question Despite excluding Microsoft Intune Enrollment, the device still does not enroll into Intune.
App Protection: Custom app vs Partner app
Is there any functional difference in using an app protection policy to manage a public partner app versus a custom application? We have an app vendor that says they wrapped their app with the SDK but it is not on the partner list so we cannot pick it from the public app list. Which leaves us with the custom app option. Is the functionality the same? Will it show up on the app protection report, work with conditional access policies, other Microsoft solutions, etc.? Thank you - JessieWebinar Cancellation
Hi everyone, The webinar “Re‑Envisioned: The New Single Device Experience in the Intune Admin Console,” originally scheduled for April 7 at 9:00 AM Pacific Time, has been cancelled at this time. We plan to reschedule the session, and when a new date is confirmed, it will be shared at http://aka.ms/securitycommunity We sincerely apologize for the inconvenience and appreciate your continued engagement with the Microsoft Security Community.
Company Portal Profile installation failed on iPhone - Status code 400
Hello, I've been managing mobile devices through InTune for almost a year. Most of our devices are iOs - I add the phone to the Apple Business Manager - wait for it to appear in InTune - then install company portal, and log my user in. This pushed out software etc to the phone. I successfully set one up on Thursday. Today I'm trying to set a new one up and I can't get the Company Portal profile to install. I get a long error, ending in Status Code 400. This error happens often, but usually if I try again, it works. Recently I thought I had discovered the issue, and have started ensuring the iPhones are updated before installing Company Portal. But nothing works with this phone. Any suggestions? Thanks in advance! AmberIntune iOS User-Based App Targeting
I’ve noticed an issue with user-based targeting and was wondering if this is an issue, or I'm just using it wrong. Lets say I want an iOS app to be deployed out to a user group, but only to company owned devices of those users. I set the assignment for required user group and assign an Include filter for corporate owned devices. If this app is also Available for All Users, then the app deploys out to all devices from the required user group, even their personal devices. It basically forgets there is a filter for the required user group assignment. Any way around this? It feels like a glitch in how Intune deploys apps.
