Microsoft Intune | Microsoft Community Hub

Forum Widgets

Latest Discussions

Autopilot Company owned
We deploy all our Wiindows Laptops with AutoPilot and are Hybrid AD joined. An old sore is that devices are created twice as the device is first Entra AD joined, after which the device is joined as a Hybrid AD joined device (configuration profile), and thus creating two devices which represent one physical device. An Entra-ID joined device which becomes stale over time, as the device stats are no longer updated. And thus becomes Uncompliant. A Entra-ID Hybrid joined device which is managed by Intune, and updated wherefore the device is compliant. This is an old sore and confirmed by Microsoft support, wherefore does not seem to be a sollution. We have in some cases removed the stale Entra-ID joined device, and others we merely disabled the stale device. Yesterday i discovered some devices which show the opposite. The Hybrid AD joined device shows that it is not managed by an MDM, while the Entra-ID joined device showes managed by Intune. This results in that the correct device is no longer updated by Intune. Also when looking the deviceownership i can see that the wrong device states company owned, while the Hybrid AD joined device shows none. Is there anyway to rectify this situation? I confirm that the device is in use.
Solved
TherealKillerbe
Copper Contributor
Jul 04, 2025
mobile device management (mdm)
150Views
0likes
6Comments
App Deployment status
App deployment status is not correct as compared to one week back. Installed count has reduced compared to discovered app for windows devices in Intune Portal.
Solved
Ramesh2261
Copper Contributor
Jul 02, 2025
Intune
90Views
1like
3Comments
MS Edge deployment - Edge not updating
Hi, I created an app within intune to deploy MS Edge to all registered devices. Instune is showing, that everything is fine: But I notice, that almost all installations are outdated. How come and how to fix that?
Solved
heinzelrumpel
Copper Contributor
Jun 26, 2025
Intune
123Views
1like
4Comments
Making my business app (formerly in the MS Business Store available in Intune
Hi guys. I have a business Windows App. It was available in the MS Business Store. It was linked to various organisations which used it via an organisation identifier. One organisation is saying that new users can no longer download the App as it isn't in their organisations Intune. How do you make it available, or do I have to provide them with the files and they make it happen locally? I'd be most grateful for any help. I have limited knowledge of this area. Thanks
Solved
Dixie_Dean
Copper Contributor
Jun 26, 2025
Business Apps
Intune
Software Management
50Views
0likes
2Comments
Intune Re-Enrollment Registry Key "MmpcEnrollmentFlag"
Hey there, In the last few weeks, we encountered issues with clients (Entra Hybrid Joined) losing their Intune connection after setting an incorrect group policy. Although the group policy change was quickly reverted, about 10 clients were removed from Intune. I attempted to re-enroll these clients using various methods (MEMC Co-management, GPO, Scheduled Task, and even using psexec to directly start auto-enrollment), but the enrollment process consistently failed with the following error under Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider\Enrollment: Auto MDM Enroll: Device Credential (0x1), Failed (Bad request (400).) and/or following in CoManagementHandler.log Failed to get management URL with error 0x80070002 Eventually, I discovered a registry key that was not present on the working clients: Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments Value: MmpcEnrollmentFlag Data: 0x00000002 After deleting this key and restarting the enrollment, everything worked immediately. I am curious about how and why this registry key is created and what its function is. Looking forward to your input.
Solved
fbatuns
Copper Contributor
Jun 12, 2025
autoenroll
comanagement
Entra
HybridJoin
Intune
505Views
1like
2Comments
Intune Management Extension Deployment
Hi Team, we have had previous issues with the IME deployment not passing through our firewall until a select few urls were added to the whitelist. I have been informed that we are now blocking login.live.com for whatever reason but this is now stopping the agent from deploying internally onto newly enrolled devices!! My question is this, if this block remains in place (out with my control) will agents that are installed still be able to update and communicate correctly with the Azure servers? From my understanding and testing it just needs the connection to the login.live.com once for initial deployment and also the Company Portal needs to make an initial contact but then remaining contact is made via manage.microsoft.com url and possibly another one? hopefully looking form some guidance and advice to take forward to my management team
Solved
JamieMcC1590
Copper Contributor
Jun 06, 2025
Intune Management Extension
login.live.com
126Views
0likes
5Comments
Work Profile Contacts in Android Auto BYOD
Hey there, is it possible to List the Contacts from the Android Work-Profile in Android Auto? People in our Organization are not able to search for Work-Profile-Contacts via Android Auto. When Contacts from the Work-Profile are calling, the Name is showing up correctly and is also correctly displayed in the caller history, but when using the Phone app on the cars display it's not possible to find the contacts. What have we tried so far: Installed Android Auto App on Work-Profile Enabled "Connected Apps" Contact Sync via Outlook App Contact Sync via Gmail / Google Contacts Installed Google Phone App on both profiles and set it to the Default call Application Installed Samsung Phone App on both profiles and set it to the Default call Application Enabled the Work Profile Switch in the Android Auto setting (seems only usefull for notifications) Tried different Phone and Car Vendors One more Information: When Using the Call or Contact App on Personal-Profile and searching for Work Contacts, they are showing up as expected. I believe maybe it's not supported by Google? Is anybody facing the same issue or are there some Workaround i have not thought about=
Solved
fbatuns
Copper Contributor
May 23, 2025
android
BYOD
Intune
mobile device management (mdm)
124Views
0likes
2Comments
VPP Apps Not Installing via Intune – Error 0x87D127DB Despite Valid Configuration
Hi everyone, We’re currently using Microsoft Intune in combination with Apple Business Manager (ABM) to provision iPhones in our organization. Our setup has worked reliably until recently: in April/May, we successfully deployed 50 iPhones without any issues. However, for the past 10 days, we’ve encountered a persistent issue: VPP apps are no longer installing automatically on newly enrolled devices. ✅ What’s working: Device registration in ABM Syncing devices from ABM to Intune Device renaming, resetting, and syncing via Intune Uninstall Apps using uninstall group of the deployment configuration on existing devices) Disabling devices in ABM and syncing changes to Intune Purchasing new apps in ABM and syncing them to Intune App license counts (total, used, available) are correctly shown in Intune ❌ What’s not working: VPP apps are not being installed. Only one or two icons appear on the home screen with a cloud symbol. Tapping them prompts a message that the app must be downloaded from the App Store. Intune consistently shows the following error: “App installation failed. 0x87D127DB (Unknown)” Occasionally, a message appears stating that VPP licenses could not be found, although all apps have sufficient licenses and Intune reflects this correctly. Troubleshooting steps taken: Devices have been reset multiple times New apps were purchased and assigned with a minimal configuration (one required group) All certificates (MDM push, VPP token, enrollment token, Apple SCIM token) are valid Apple Business Support confirms their services are operational Microsoft Support has not provided a resolution and suspects the issue lies with Apple Apple, in turn, refers us back to Microsoft At this point, we’re stuck between both vendors and are hoping someone in the community has encountered this issue or found a workaround. Has anyone else experienced this behavior or found a solution for the 0x87D127DB error with VPP apps in Intune? Thanks in advance for your help!
Solved
MSThomK
Copper Contributor
May 22, 2025
0x87D127DB
ABM
App Deployment
Apple Business Manager
Intune MDM
689Views
0likes
7Comments
Intune URLs - Default Category Seems to Include Non-Applicable URLs
I've run a PowerShell script that returns the URLs and IP ranges required by Intune but it seems to return URLs that should not be required such as Cortana.ai, itunes.apple.com, virtualearth.net, assets-yammer.com, platform.linkedin.com and many others. Those listed are in the default category. Does anyone know of a script I can use that just returns URLs and IP ranges essential for Intune, or what I can do to modify the code I am using to do the same. Below is the code I use to collect the IPs\URLs. (invoke-restmethod -Uri ("https://endpoints.office.com/endpoints/WorldWide?ServiceAreas=MEM`&`clientrequestid=" + ([GUID]::NewGuid()).Guid)) | ?{$_.ServiceArea -eq "MEM" -and $_.urls} Regards, Pete.
Solved
pleeman
Copper Contributor
May 06, 2025
Intune
112Views
0likes
4Comments
Android - Device name template
Hi All, Yesterday, I switched this new function on an Android Corp-owned dedicated setup. I enrolled a device this morning, but the template hasn't applied. Has anyone had any success with this feature? Regards
Solved
UpNorthIntune
Iron Contributor
May 01, 2025
Intune
177Views
0likes
2Comments

Resources

Tags

Intune4,168 Topics
mobile device management (mdm)2,244 Topics
Mobile Application Management (MAM)825 Topics
Conditional Access447 Topics
Software Management446 Topics
Graph API241 Topics
Azure Friday163 Topics
Autopilot111 Topics
android71 Topics
ios59 Topics