Pinned Posts
Forum Widgets
Latest Discussions
Threat Severity missing in Intune policy
I was updating our Intune Antivirus policy today and noticed that the threat severity section is gone. When I saved the changes, I did another review of the Defender settings and they have been removed from the policy. Anyone else seeing this or know how to get them back?
Intune Management Agent (v1.95.103.0) crashing
We’re seeing repeated crashes of the Intune Management Agent (Microsoft.Management.Services.IntuneWindowsAgent.exe) after updating to version 1.95.103.0. No such crashes are identified in previous versions. Symptoms: Faulting application name: Microsoft.Management.Services.IntuneWindowsAgent.exe, version: 1.95.103.0 Faulting module name: WindowsPackageManager.dll_unloaded, version: 1.26.430.0 Exception code: 0xc0000005 (Access violation) Crash counts are high, with variations pointing to WindowsPackageManager.dll, wintypes.dll, icu.dll, ucrtbase.dll, and others (often marked as “_unloaded”). In some cases, we also see ucrtbase.dll with 0xc0000409 (stack buffer overrun) and ntdll.dll with 0xc0000374 (heap corruption). The agent establishes new connections not seen in 1.94.153.0 (Teams endpoints, OCSP/CRL checks, agents.msub01.manage.microsoft.com, etc.). Crashes are not consistent but occur frequently during app management tasks. Questions: Is this a known issue or under investigation? Are there recommended mitigations (e.g. App Installer stable vs preview, disabling WinGet integration, rollback to previous IME)? Some statistics:MMP-C Enrollment Failing
I discovered a few of our devices were running into an issue with EPM functioning properly because the devices were enrolled via MDM only enrollment. I've been following some posts to try to rectify that issue and was successful in enrolling of the devices the proper way. However, I'm now running into an issue where the device is failing to enroll in MMP-C with the following error even though the file enrollment exe exists: The scheduled task looks accurate for enrolling the device in MMP-C and I'm out of details on what to do for this. Please help!Are you unable to open Google Chrome or any other browser?
Cause & Solution: If you are using Microsoft Intune, the Microsoft AI system may have automatically created a rule that blocks third-party browsers such as Chrome and Firefox. To resolve this, you need to deactivate or delete the automatically generated rule under Windows Configuration Policies.
iOS 15.8.x iPad Air 2 Failed to retrieve configuration
We are getting "Failed to retrieve configuration" on all iPad Air 2 devices running iOS 15.8.x. I saw on the https://community.jamf.com/general-discussions-2/failed-to-retrieve-configuration-on-ipados-v15-8-4-48978 forums that it's a known issue by Apple and they are working on a fix but I have doubts that they will actually do anything since they no longer support that product. Has anyone else seen this issue and found a workaround?
Android COPE - Google Zero Touch Enrollment - Device Resets automatically
Hello, Encountered a strange behavior of an Android mobile phone, enrolled in Intune through Google's Zero Touch method. Device is a Samsung running Android 15. Device is enrolled, reports that all necessary configurations and compliance policies are met, yet the device is prompted with a pop-up notification saying that it belongs to the company and that in order for the device setup to be complete, it will be reset, with a countdown of ~ 2 hours. Multiple resets occurred, yet it's stuck in the same loop. Any idea what might trigger this behavior? No other COPE enrolled phone does this. The user's current Android 14 device is running properly, but it's enrolled as BYOD.Windows App Application Protection Policy
I have been testing out an Intune MAM policy to restrict copy/paste and drive redirection to AVD session hosts based on the link here: https://learn.microsoft.com/en-us/windows-app/require-device-security-compliance-intune?tabs=web#related-contentHowever, I've run into problems (in two separate tenants) that have halted me from being able to test. Setup Intune App Protection Policy targeting Windows Devices & Microsoft Edge\ Conditional Access Policy enforcing App Protection Policy when users access 'Azure Virtual Desktop' target resource via https://windows.cloud.microsoft.com Results First When signing into a user account targeted by the policy, they are prompted to Switch Edge Profile which signs in the user to a new Edge profile for 'Work or School Account'. The account has to sign in again. The account can access Windows App resources When launching a desktop session, this authentication page pops up for an account "local@debugonly" Second When signing into a user account targeted by the policy, they are prompted to Switch Edge Profile which signs in the user to a new Edge profile for 'Work or School Account'. The account has to sign in again. After sign in, the account loops with 'Switch Edge Profile' and gets stuck here I'm curious if anyone has gotten this to work and what was your setup? Or if Microsoft or provide some assistance or if this is in the wrong forum, any help would be appreciated.
Intune is unable to register Ubuntu 24.04.2 device
Hey, Writing this issue since I found no source code/repo, and no other issues here matched my symptoms. Anyone got any hints on how I could proceed? Or maybe even better, where to find the source code and build instructions for `intune-portal` so I can build towards the current libraries... 2025-06-26 08:46:50+02:00: ~ w/❄️ w/🧙 took 2s x10an14@ubuntu ❯ : intune-portal 2025-06-26 08:47:41 INFO Command line arguments args=PortalArgs { common: CommonArgs { interactive: false, socket_path: "/run/intune/daemon.socket" } } version="1.2503.10" 2025-06-26 08:47:45 INFO Starting a new login Could not create default EGL display: EGL_BAD_PARAMETER. Aborting... 2025-06-26 08:47:48 WARN oneauth{tag="9a8hm"}: HTTP status: 404 2025-06-26 08:47:48 WARN oneauth{tag="5fsch"}: Failed to get image from Graph ^CError: nu::shell::terminated_by_signal × External command was terminated by a signal ╭─[entry #143:1:1] 1 │ intune-portal · ──────┬────── · ╰── terminated by SIGINT (2) ╰──── 2025-06-26 08:47:56+02:00: ~ w/❄️ w/🧙 took 14s x10an14@ubuntu ❌-2 ❯ : lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 24.04.2 LTS Release: 24.04 Codename: noble 2025-06-26 08:48:08+02:00: ~ w/❄️ w/🧙 x10an14@ubuntu ❯ : grep -HIRnC 10 'microsoft' /etc/apt/sources.list.d/ /etc/apt/sources.list.d/microsoft-prod.list:1:deb [arch=amd64,arm64,armhf signed-by=/usr/share/keyrings/microsoft-prod.gpg] https://packages.microsoft.com/ubuntu/24.04/prod noble main 2025-06-26 08:48:27+02:00: ~ w/❄️ w/🧙 x10an14@ubuntu ❯ : history | last 11 ───#───┬───────────────────────────────────────────────────────────────────────────────────command──────────────────────────────────────────────────────────────────────────────────── 12135 │ grep -HIRnC 10 'microsoft' /etc/apt/sources.list.d/ 12136 │ sudo apt purge intune-portal microsoft-edge-stable microsoft-identity-broker 12137 │ ^find ~/.local ~/.cache ~/.config -iname '*microsoft-identity*' -or -iname '*intune*' e> /dev/null | lines | tee { each {|d| rm -r $d}} | each {|d| echo $"Deleting: ($d)"} 12138 │ ^find ~/.local ~/.cache ~/.config -iname '*microsoft*' -or -iname '*intune*' e> /dev/null | lines | tee { each {|d| rm -r $d}} | each {|d| echo $"Deleting: ($d)"} 12139 │ systemctl --user daemon-reload 12140 │ sudo apt install intune-portal 12141 │ systemctl --user daemon-reload 12142 │ ^find ~/.local ~/.cache ~/.config -iname '*microsoft-*' -or -iname '*intune*' e> /dev/null | lines | tee { each {|d| rm -r $d}} | each {|d| echo $"Deleting: ($d)"} 12143 │ intune-portal 12144 │ lsb_release -a 12145 │ grep -HIRnC 10 'microsoft' /etc/apt/sources.list.d/ 2025-06-26 08:48:48+02:00: ~ w/❄️ w/🧙 x10an14@ubuntu ❯ : Here are the relevant logs I was able to find: x10an14@ubuntu ❯ : sudo journalctl -t intune-portal -t microsoft-identity-broker -f Jun 26 08:47:41 ubuntu intune-portal[261043]: Command line arguments args=PortalArgs { common: CommonArgs { interactive: false, socket_path: "/run/intune/daemon.socket" } } version="1.2503.10" Jun 26 08:47:45 ubuntu intune-portal[261043]: Starting a new login Jun 26 08:47:45 ubuntu microsoft-identity-broker[261088]: I/IdentityBrokerService: [2025-06-26 06:47:45 - thread_id: 1, correlation_id: UNSET - ] Starting DBus Service for Microsoft Identity Broker... Jun 26 08:47:46 ubuntu microsoft-identity-broker[261088]: SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". Jun 26 08:47:46 ubuntu microsoft-identity-broker[261088]: SLF4J: Defaulting to no-operation (NOP) logger implementation Jun 26 08:47:46 ubuntu microsoft-identity-broker[261088]: SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. Jun 26 08:47:46 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:46 - thread_id: 1, correlation_id: UNSET - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:46 ubuntu microsoft-identity-broker[261088]: I/MapDbStorage:getDb: [2025-06-26 06:47:46 - thread_id: 1, correlation_id: UNSET - ] Attempting to open DB File at path: /home/x10an14/.local/state/microsoft-identity-broker/broker-data.db Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 1, correlation_id: UNSET - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 1, correlation_id: UNSET - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/IdentityBrokerService: [2025-06-26 06:47:47 - thread_id: 1, correlation_id: UNSET - ] DBus Service for Broker has been started! Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/getAccounts: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: UNSET - ] Received method call from UID [1000], with correlationId [ffba9791-791b-4237-b485-2101a8cd85b9]. Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/MapDbStorage:getDb: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] Attempting to open DB File at path: /home/x10an14/.local/state/microsoft-identity-broker/account-data.db Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/BrokerUtil:getCacheRecordListFromBrokerCache: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] This client ID is not known to brokerOAuth2TokenCache. Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/BrokerUtil:getCacheRecordListFromBrokerCache: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] No accounts available in client app cache, trying the FOCI cache. Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: W/DefaultBrokerApplicationRegistry:getMetadata: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] Metadata could not be found for clientId, environment: [b743a22d-6705-4147-8670-d92fa515ee2b, null] Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/AuthSdkOperation:isAppInBrokerApplicationRegistry: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] App in broker application registry: [false] Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/AuthSdkOperation:addDeviceAccountIfNeeded: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] App in registry is allowed to access WPJ: [false] Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/AuthSdkOperation:addDeviceAccountIfNeeded: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] is a known FoCI App: [true] Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerServiceOperation:getAccounts: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] Received get account result for correlation id: ffba9791-791b-4237-b485-2101a8cd85b9 Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/BrokerDBusV1Impl:getAccounts: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] Sending result back to calling application for correlation id: ffba9791-791b-4237-b485-2101a8cd85b9 Jun 26 08:47:48 ubuntu intune-portal[261043]: oneauth{tag="9a8hm"}: HTTP status: 404 Jun 26 08:47:48 ubuntu intune-portal[261043]: oneauth{tag="5fsch"}: Failed to get image from Graph
How to Identify and Validate the Current Device's Intune Registration (Android & iOS)
In both Android and iOS environments, which specific device-level field or identifier can we use via Microsoft Intune or Microsoft Graph API to reliably determine: - Whether the current device is registered or managed by Intune - Whether the current device is Intune-compliant Our use case involves validating device trust during app login. So we need to identify the exact device the user is currently using (not just any device associated with their account) and confirm that it is Intune-managed. We are looking for a consistent identifier, such as: Hardware ID Entra ID Device ID device object ID Or any identifier accessible through MSAL, Entra ID claims, or Microsoft Graph API This identifier should allow us to cross-reference with Graph API responses, such as from: /deviceManagement/managedDevices /me/managedDevices What is the best practice or recommended identifier to securely link the current device to its Intune record? Are there any platform-specific differences between Android and iOS we should consider?Intermittent Non-Compliant Status on Chrome Sessions - Resolved by Switching to Edge
We are experiencing an intermittent issue where certain users' devices are marked as "non-compliant" in Intune, even though there are no visible problems with the Chrome session. Interestingly, the issue resolves itself when users switch to Microsoft Edge and then return to Chrome. Has anyone else encountered this issue? Is there a known root cause or workaround for this behavior? Any guidance on how to prevent this from happening would be greatly appreciated!
