Forum Widgets
Latest Discussions
Make Windows Hello the default method for admin elevation prompts?
Hi everyone, I am trying to figure out how to set Windows Hello (Fingerprint or Face) as the default option when I'm prompted for admin elevation. Right now, Windows always defaults to asking for the admin email and password, so I have to click "More options" and select Windows Hello manually each time. Is there a way to make Windows Hello (Or just the pin) the default sign-in method for these prompts so I don't have to change it manually every time? Thanks in advanceSolved62Views1like3CommentsBest Kiosk Setup for Public Library PCs (Cloud-Only, File Explorer and Printing Issues)??
I’m trying to configure kiosk devices for a public library. I’ve tested configuring kiosks through the Intune Template option, where you can select a single app or multiple apps. However, I ran into an issue with the Start menu configuration — I want to display only Chrome, Edge, and the Downloads folder (via File Explorer). I then decided to switch to a custom OMA-URI configuration using an XML string <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"> <Profiles> <Profile Id="{7877df8d78fd7f8d7fdf-a454a45ae45-7sd777}"> <AllAppsList> <AllowedApps> <App DesktopAppPath="%ProgramFiles%\Google\Chrome\Application\chrome.exe"/> <App DesktopAppPath="%SystemRoot%\explorer.exe"/> </AllowedApps> </AllAppsList> <v5:StartPins> <![CDATA[ { "pinnedList": [ { "desktopAppLink": "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk" }, { "desktopAppLink": "%SystemRoot%\\explorer.exe" } ] } ]]> </v5:StartPins> <Taskbar ShowTaskbar="true"/> </Profile> </Profiles> <Configs> <Config> <AutoLogonAccount rs5:DisplayName="kioskläge"/> <DefaultProfile Id="{7877df8d78fd7f8d7fdf-a454a45ae45-7sd777}"/> </Config> </Configs> </AssignedAccessConfiguration> The problem is that File Explorer doesn’t appear on the Start menu, while Chrome launches correctly (because I use a PowerShell script for that). Based on your experience — what would be the best setup for public library computers that run pure cloud (no domain join), where public users will download documents and print them? If printing is required, would Universal Print be the best option, considering that the printers are on-premises?SolvedAnkido88Oct 12, 2025Copper Contributor85Views0likes2CommentsSome devices not registering with Intune
We recently completed a migration Microsoft 365 Exchange, all users now have either E5 or E3 licenses. Now that employees have licenses, I was expecting machines to be added to Intune. The GPO was created months ago and worked in testing, and all of the items under Windows | Enrollment in Intune were validated. About 40% of devices have been Intune registered, and this is far lower that I would expect by now. Any suggestions for troubleshooting?SolvedTomCSBOct 09, 2025Copper Contributor100Views0likes3Comments
Intune Confusion
Hey guys, I'm relatively new to Microsoft Intune and have been playing with the platform with a view of potentially using it as our corporate endpoint management solution. I've been playing with it for a few days and I'm a little confused. Within our organisation we have about 25 'hotdesks' shared by Call Centre staff working on shifts - I thought that Intune Plan 1 Device Only would be a good fit for these systems. For the remainder of our staff (circa 250), I was thinking maybe Device Only or maybe User license. I'm not sure we require a full user license for everyone as we have a small amount of corporate software (so no real requirement for corporate software catalogue within the user portal etc) and only really need to manage Windows updates, configuration / security policies and to push / remove software - which I 'believe' is possible with the device only licenses. I've started off by acquiring x4 device only licenses (thus have not assigned them to any users) for testing purposes. My 4 test systems were already AAD joined and so to enroll them I did this using by a Device Enrollment Manager account and joined through 'Settings > Accounts > Access work or school > Enrol only in device management' on each test workstation. All 4 test systems enrolled without issue and are visible within the Intune Portal and are checking in. This is where I get confused: 1 of the 4 test workstations has the IntuneManagementExtension service running in Windows. The other 3 do not. The system that does have the service running also has the IME log directory present = C:\ProgramData\Microsoft\IntuneManagementExtension\Logs - the others do not. Again, all 4 systems are enrolled and checking in and reporting as compliant. Also, I've pushed a test piece of software to all 4 test systems (mandatory push)... none have received it. This was 8 hours ago. I also noticed when running dsregcmd / status that the MDMurl was blank on these workstations. I have a personal M365 tenant with Intune Plan 1 user licenses that I've used for a year or two and have had no problems or oddities experienced with software pushes (probably not oddities but more of a lack of understanding of device licenses on my part perhaps). I checked one of my personal workstations and they do have the Intune service running and the logs directory. Can anyone shine any light on why: A) One system has the service running / the log directory present and the others do not? B) Is there something fundamentally wrong with my understanding of device only licensing perhaps? Is there something wrong with the way in which I have enrolled these systems perhaps? C) Any idea why the software would not install on any of these 'device only' systems (nothing is being reported at all RE the deployment in Intune and I deployed the software about 8 hours ago)? D) Why would the MDMurl be blank but all systems are successfully checking in? Any pointers appreciated as I've been tying myself in knots with this. Pretty certain this is due to a chronic lack of understanding on my part. Greatly appreciate any assistance guys.SolvedMattyTSep 12, 2025Copper Contributor265Views0likes7CommentsApp-Approval for Apps assinged via Intune
Hey there, when deploying Apps via Configuration-Manger (SCCM) there is an Option "An Administrator must approve a request for this application on the Device" where you also got an option for Mail Notification to Approvers: Do you know if there is an equivalent Feature when assigning Intune-Apps to Users? Or is there an alternative Method to reach the same result? Company Portal can handle Approvals from Configuration Manger: Wondering if there is a "Intune-Native" way? Looking forward to your answers.Solved248Views1like7Comments
Bitlocker PIN
Hello, I would like to know what your Bitlocker PIN policies are and how you approach them. Do you use a PIN that consists only of numbers, or a PIN that allows the use of characters such as upper and lower case letters, symbols, numbers, and spaces? I am asking this from the perspective of “user acceptance,” but also as an additional layer of device security.Solved206Views0likes4CommentsBest Approach for Managing Microsoft 365 Apps Policies in Intune
Hi All, Our company is currently operating in a Hybrid Active Directory (AD) environment, with all policies being deployed via Group Policy Objects (GPOs). We have GPOs in place for Microsoft Office and Outlook, and we are planning to transition these to Microsoft Intune. My question is: What is the recommended approach for creating and managing policies related to Office 365 and Outlook (Microsoft 365 Apps) in Intune? Specifically, would it be better to implement these settings using Configuration Profiles, or should we use Policies for Microsoft 365 Apps within Intune? I’d appreciate guidance on the best practice for this migration. Thanks, DilanSolved289Views0likes6CommentsStuck with InTune
Hi, need some help from those that know more than me, I have two devices that were previously enrolled and managed through InTune. We have a hybrid environment. Unfortuantely they were accidentally deleted from InTune and then EntraID in an attempt to get them re-enrolled. The devices are now showing as pending in Entra ID again due to the hybrid sync. I have tried scripts and GPOs to get them to re-enroll but so far nothing has come back. I have found out that on the device side they are still showing as being enrolled in InTune MDM. I am wondering, can I fix this by disconnecting this MDM connection and getting the user to sign into it? Hopefully, I have been clear enough on this, but if not ask and I will try to clarify. Thanks, MSolvedAlwaysAnIssue951Aug 04, 2025Copper Contributor313Views0likes8CommentsInitiate Windows Updates devices not logged in by users
Hi All, We have a scenario deploy windows updates for devices enrolled to Microsoft Intune and no user logged in. Our IT administrators keep the newly imaged laptops for about 3-4 weeks on their shelf before hand over to a new user. Because of that during that time those devices report to Intune as non-compliant due to Windows OS version. Therefore we are looking for a way to deploy windows updates for them without depending on logged in users. Appreciate any ideas. thanks in advance! DilanSolvedSubsequent device registration in Intune
Hello Tech Community, We use Entra ID and our devices are fully Entra-joined. Windows 11 devices appear in Entra ID as normal. We now want to manage our devices with Intune. However, the devices do not appear in Intune because the MDM user area was initially configured as 'None'. How can we subsequently move the devices to Intune? Ideally, we would like an automated process to avoid having to move each individual device. Details: Windows 11 Devices - Fully Entra-joined Appear in Entra No other device management in use Problem: Register the devices in intune without manually touch each individual device. Also i don't want to use things like PSRemote. Thanks for your answers. BRSolvedGriJJul 17, 2025Brass Contributor151Views1like3Comments
Resources
Tags
- Intune4,252 Topics
- mobile device management (mdm)2,285 Topics
- Mobile Application Management (MAM)836 Topics
- Software Management460 Topics
- Conditional Access453 Topics
- Graph API246 Topics
- Azure Friday165 Topics
- Autopilot113 Topics
- android72 Topics
- ios59 Topics