Microsoft Intune | Microsoft Community Hub

Pinned Posts

Microsoft multi-tenant management resource guide
Sep 16, 2025
Lior_Bela

Forum Widgets

Latest Discussions

Intune Confusion
Hey guys, I'm relatively new to Microsoft Intune and have been playing with the platform with a view of potentially using it as our corporate endpoint management solution. I've been playing with it for a few days and I'm a little confused. Within our organisation we have about 25 'hotdesks' shared by Call Centre staff working on shifts - I thought that Intune Plan 1 Device Only would be a good fit for these systems. For the remainder of our staff (circa 250), I was thinking maybe Device Only or maybe User license. I'm not sure we require a full user license for everyone as we have a small amount of corporate software (so no real requirement for corporate software catalogue within the user portal etc) and only really need to manage Windows updates, configuration / security policies and to push / remove software - which I 'believe' is possible with the device only licenses. I've started off by acquiring x4 device only licenses (thus have not assigned them to any users) for testing purposes. My 4 test systems were already AAD joined and so to enroll them I did this using by a Device Enrollment Manager account and joined through 'Settings > Accounts > Access work or school > Enrol only in device management' on each test workstation. All 4 test systems enrolled without issue and are visible within the Intune Portal and are checking in. This is where I get confused: 1 of the 4 test workstations has the IntuneManagementExtension service running in Windows. The other 3 do not. The system that does have the service running also has the IME log directory present = C:\ProgramData\Microsoft\IntuneManagementExtension\Logs - the others do not. Again, all 4 systems are enrolled and checking in and reporting as compliant. Also, I've pushed a test piece of software to all 4 test systems (mandatory push)... none have received it. This was 8 hours ago. I also noticed when running dsregcmd / status that the MDMurl was blank on these workstations. I have a personal M365 tenant with Intune Plan 1 user licenses that I've used for a year or two and have had no problems or oddities experienced with software pushes (probably not oddities but more of a lack of understanding of device licenses on my part perhaps). I checked one of my personal workstations and they do have the Intune service running and the logs directory. Can anyone shine any light on why: A) One system has the service running / the log directory present and the others do not? B) Is there something fundamentally wrong with my understanding of device only licensing perhaps? Is there something wrong with the way in which I have enrolled these systems perhaps? C) Any idea why the software would not install on any of these 'device only' systems (nothing is being reported at all RE the deployment in Intune and I deployed the software about 8 hours ago)? D) Why would the MDMurl be blank but all systems are successfully checking in? Any pointers appreciated as I've been tying myself in knots with this. Pretty certain this is due to a chronic lack of understanding on my part. Greatly appreciate any assistance guys.
Solved
MattyT
Copper Contributor
Sep 12, 2025
Intune
226Views
0likes
7Comments
App-Approval for Apps assinged via Intune
Hey there, when deploying Apps via Configuration-Manger (SCCM) there is an Option "An Administrator must approve a request for this application on the Device" where you also got an option for Mail Notification to Approvers: Do you know if there is an equivalent Feature when assigning Intune-Apps to Users? Or is there an alternative Method to reach the same result? Company Portal can handle Approvals from Configuration Manger: Wondering if there is a "Intune-Native" way? Looking forward to your answers.
Solved
fbatuns
Iron Contributor
Sep 02, 2025
Intune
mobile device management (mdm)
Software Management
210Views
1like
7Comments
Bitlocker PIN
Hello, I would like to know what your Bitlocker PIN policies are and how you approach them. Do you use a PIN that consists only of numbers, or a PIN that allows the use of characters such as upper and lower case letters, symbols, numbers, and spaces? I am asking this from the perspective of “user acceptance,” but also as an additional layer of device security.
Solved
Bogdan_Guinea
Iron Contributor
Aug 26, 2025
Bitlocker Encryption
Intune
mobile device management (mdm)
154Views
0likes
4Comments
Best Approach for Managing Microsoft 365 Apps Policies in Intune
Hi All, Our company is currently operating in a Hybrid Active Directory (AD) environment, with all policies being deployed via Group Policy Objects (GPOs). We have GPOs in place for Microsoft Office and Outlook, and we are planning to transition these to Microsoft Intune. My question is: What is the recommended approach for creating and managing policies related to Office 365 and Outlook (Microsoft 365 Apps) in Intune? Specifically, would it be better to implement these settings using Configuration Profiles, or should we use Policies for Microsoft 365 Apps within Intune? I’d appreciate guidance on the best practice for this migration. Thanks, Dilan
Solved
dilanmic
Iron Contributor
Aug 21, 2025
Graph API
Intune
mobile device management (mdm)
Software Management
249Views
0likes
6Comments
Stuck with InTune
Hi, need some help from those that know more than me, I have two devices that were previously enrolled and managed through InTune. We have a hybrid environment. Unfortuantely they were accidentally deleted from InTune and then EntraID in an attempt to get them re-enrolled. The devices are now showing as pending in Entra ID again due to the hybrid sync. I have tried scripts and GPOs to get them to re-enroll but so far nothing has come back. I have found out that on the device side they are still showing as being enrolled in InTune MDM. I am wondering, can I fix this by disconnecting this MDM connection and getting the user to sign into it? Hopefully, I have been clear enough on this, but if not ask and I will try to clarify. Thanks, M
Solved
AlwaysAnIssue951
Copper Contributor
Aug 04, 2025
Intune
mobile device management (mdm)
274Views
0likes
8Comments
Initiate Windows Updates devices not logged in by users
Hi All, We have a scenario deploy windows updates for devices enrolled to Microsoft Intune and no user logged in. Our IT administrators keep the newly imaged laptops for about 3-4 weeks on their shelf before hand over to a new user. Because of that during that time those devices report to Intune as non-compliant due to Windows OS version. Therefore we are looking for a way to deploy windows updates for them without depending on logged in users. Appreciate any ideas. thanks in advance! Dilan
Solved
dilanmic
Iron Contributor
Jul 18, 2025
Intune
Mobile Application Management (MAM)
mobile device management (mdm)
Software Management
297Views
0likes
4Comments
Subsequent device registration in Intune
Hello Tech Community, We use Entra ID and our devices are fully Entra-joined. Windows 11 devices appear in Entra ID as normal. We now want to manage our devices with Intune. However, the devices do not appear in Intune because the MDM user area was initially configured as 'None'. How can we subsequently move the devices to Intune? Ideally, we would like an automated process to avoid having to move each individual device. Details: Windows 11 Devices - Fully Entra-joined Appear in Entra No other device management in use Problem: Register the devices in intune without manually touch each individual device. Also i don't want to use things like PSRemote. Thanks for your answers. BR
Solved
GriJ
Brass Contributor
Jul 17, 2025
Intune
mobile device management (mdm)
135Views
1like
3Comments
Autopilot Company owned
We deploy all our Wiindows Laptops with AutoPilot and are Hybrid AD joined. An old sore is that devices are created twice as the device is first Entra AD joined, after which the device is joined as a Hybrid AD joined device (configuration profile), and thus creating two devices which represent one physical device. An Entra-ID joined device which becomes stale over time, as the device stats are no longer updated. And thus becomes Uncompliant. A Entra-ID Hybrid joined device which is managed by Intune, and updated wherefore the device is compliant. This is an old sore and confirmed by Microsoft support, wherefore does not seem to be a sollution. We have in some cases removed the stale Entra-ID joined device, and others we merely disabled the stale device. Yesterday i discovered some devices which show the opposite. The Hybrid AD joined device shows that it is not managed by an MDM, while the Entra-ID joined device showes managed by Intune. This results in that the correct device is no longer updated by Intune. Also when looking the deviceownership i can see that the wrong device states company owned, while the Hybrid AD joined device shows none. Is there anyway to rectify this situation? I confirm that the device is in use.
Solved
TherealKillerbe
Brass Contributor
Jul 04, 2025
mobile device management (mdm)
259Views
0likes
6Comments
App Deployment status
App deployment status is not correct as compared to one week back. Installed count has reduced compared to discovered app for windows devices in Intune Portal.
Solved
Ramesh2261
Copper Contributor
Jul 02, 2025
Intune
123Views
1like
3Comments
MS Edge deployment - Edge not updating
Hi, I created an app within intune to deploy MS Edge to all registered devices. Instune is showing, that everything is fine: But I notice, that almost all installations are outdated. How come and how to fix that?
Solved
heinzelrumpel
Brass Contributor
Jun 26, 2025
Intune
227Views
1like
4Comments

Resources

Tags

Intune4,220 Topics
mobile device management (mdm)2,272 Topics
Mobile Application Management (MAM)833 Topics
Software Management457 Topics
Conditional Access449 Topics
Graph API246 Topics
Azure Friday164 Topics
Autopilot112 Topics
android72 Topics
ios59 Topics