Recent Discussions
Company portal enrolment issues: Your device is already connected by your organisation
Hi I am a Helpdesk technician in a Small organisation of 25 users. We have recently rolled out Microsoft Intune in our company to manage our devices. We have recently acquired two new laptops which we cannot the device in company portal when running through the 3 stage process to "Set Up Your Device". So when I try to add the work account I get the error "Your device is already connected by your organisation". I am totally confused by this. The device is brand new so it has never been connected to Intune before. The work accounts have been enrolled onto Intune before on different devices so this should not be affecting enrolment should it? Please can someone advise us as we are unsure where to go. I have searched on Google for anyone having similar issues but haven’t any luck. Thanks, Shoaib
Error 65000 with Settings Catalog
Hello Community! This is my first posting looking for answers. I'm pretty new to Intune and Endpoint Manager. In doing some testing, I have created a configuration profile using the settings catalog. I'm trying to disable the News and Interests from the taskbar. I have applied this to my testing group. Below is a screenshot of the settings I used. After the policy pushes to the device, it errors out. I get the following Error details for this device. I've tried looking for information on this error with no luck. Any help would be appreciated! DuncanDevice compliance 65001 (Not Applicable) and Defender Security centre weirdness
Hi Tech community. I have 2 questions, related to some work I am doing with a customer who's devices are Azure Hybrid AD joined and using Windows 10 1909. 1. The windows 10 devices do not have a compliance policy set......yet however I am seeing a mixture of machines where it reports its compliance as success however when I dig into the policy settings I am seeing: Enrolled user exists - Compliant Has a compliance policy assigned - Error - 65001 (Not applicable) Error code 0xfde9. Is active - Compliant The error is picking up a default device compliance policy. Is there anyway this can be ignored or removed? 2. The customer is also using Defender Security centre and are leveraging the Threat and Vulnerability dashboard which reports the state of security patching for Windows, Office, IE, Edge across the estate. The customer is using Windows update for business to manage this however we are finding it's taking a long time for data to be refreshed in Defender ATP for example if the latest quality update has been applied. Intune is stating it has been installed but this isn't being reflected in DATP. Is this expected? Many Thanks RAutopilot Error (0x81036502) - Endpoint Manager
Dear community members, I am facing an issue with my Endpoint Manager's autopilot feature. It suddenly stopped working and I am receiving error code 0x81036502. I would greatly appreciate any help or advice on how to resolve this issue. According to my research, this error is related to either a timeout issue or with the Windows 10 version 22h2. I am running Windows 10 version 22h2 on my endpoint. I have tried several troubleshooting steps but to no avail. If anyone has any information or suggestions, please share them with me. Thank you for your time and assistance. Best regards, Rashad Bakirov
Microsoft Intune - "Device Compliance Policy" error codes
I see different error codes "Device Compliance Policy". I am unable to find resolution for the error codes. Could you please me with resources where I can learn about "Device Compliance Policy" error codes. For example I see error code "0xfde9". unable to find any resource about these error codes online.
Company Portal Stuck In Download Pending/Device Syncing Loop
Hi all, We published our first internal app and are attempting to distribute it with the Company Portal. I have it set to be available to all users. When I try to install it, it says "Download pending... Your Device Is Syncing and will begin downloading your app shortly". After a few seconds, it just says "Download pending..." for a few seconds and then goes back to "Download pending... Your Device Is Syncing and will begin downloading your app shortly". It repeats in this loop forever. If I go to settings in the app, will appear to be syncing, then it will appear to complete (with success). I can manually sync with no errors. Thoughts? T
Windows Autopilot Error Code 0x800705b4 Preparing device for mobile management
We are implementing a number of Windows Autopilot via Lenovo Thinkbook 15-ITL. These are being deployed to authorised users whether they are at home connected to their home broadband or in the office connect to the Wide Area Network. Despite lots of testing, we randomly see the the error (see attached). If we wipe the device a couple of times, it seems to remedy the issue. I've tried to look online about this about various posts talk about the TPM, which it is not. I've tried to look through the logs from the device - what a minefield of information that means something to someone. Has anyone any ideas? Thanks MartinIntune Management Extension not installing
I am testing Intune/EMS on Windows 10 (1709) PCs and trying to get Powershell scripts to run without success. I think the issue is with the Intune Management Extension not installing but cant find much information on how to troubleshoot this particular issue. Can anyone advise how I get Powershell scripts to run ? TIA Scott
Why is "Activate device admin app" displaying when setting up Outlook on Android?
Hi Everyone, I'm not very experienced with the Intune product set and within my tenant I don't have admin access to manage any settings related to mobile access management. From the beginning of this week, I'm receiving reports from people installing the Outlook for Android app and connecting to our tenant that they are seeing an additional "Activate device admin app" screen that we were not expecting to see. The screen is that which is displayed at the following URL https://support.office.com/en-us/article/set-up-email-in-the-outlook-for-android-app-886db551-8dfa-4fd5-b835-f8e532091872 None of the admins have reported making any changes at tenant level. Are there any reasons why this message will have started appearing at this stage? Could Microsoft have made a change to the configuration settings? (perhaps one that has been announced already) Thanks everyone.
Manipulating the registry via Intune push
Our goal is simple: Manipulate the registry as part of application deployment or PowerShell script. Use case: When we install our VPN client, there are a raft of registry updates that need to be made to configure it for use in our environment. The easiest way of doing this is simply by importing a .reg file we've created. The problem that I just can't seem to overcome is how to import a .reg file using PowerShell as part of an Intune deployment. For testing purposes, I've created a simple test registry file and I'd ideally like to use a PS script that simply has the command "reg.exe import .\1Test.reg" in it. The command runs perfectly from CLI but when I try pushing it as part of a Win32 app, it fails. When I build in other diagnostic steps, everything in the script runs perfectly except for the actual import. I've tried using the script to create a temporary directory, copy the files to it, set it as the working directory, and importing from there in case there were path issues. Everything works perfectly all the way up to the actual import, which never works. I've tried using "regedit.exe /silent" as well as "reg.exe" and I've spun it off as a separate process; nothing seems to work. I think it needs to run in the user instead of system context so I've tried both of those. I'm currently at a 100% failure in my ability to figure this out and I'm hoping that someone out there in the community has dealt with this and knows the incredibly simple secret and can demystify it for me. Thanks in advance for your help!
Built-in Device Compliance Policy - is active - Not Compliant
I have an enrolled windows device (we are using Azure AD, no hybrid), where I changed the primary user. The compliance policy and the build-in device compliance policy for the new primary user is showing compliant. But the build-in compliance policy for the user, who has enrolled the device is showing "not compliant" see screenshots Do you have any ideas how to solve this?
Intune Compliance Policy: Device not compliant because of missing machine risk score: deactivated?
Dear all, I have this curious compliance issue for which I cannot find any information online or on docs.microsoft.com. Any help or suggestions are appreciated. We are testing Windows Defender ATP in combination with Intune compliance policies on a limited amount of devices. We had a first test group of three devices, and a second test group of four devices. So 7 in total. In Intune our 'second wave' of test devices is somehow marked as "non compliant" because a violation of our rule that "Require the device to be at or under the machine risk score = clean, low,...". However, these machines are onboarded in Windows Defender ATP and are showing to have no issues. In Intune the table in Device Compliance -> Device Compliance shows that for these machines the Device Threat Level is "Deactivated". (Our other test machines report "Secured", machines outside the test group are reporting "Unknown".) I cannot find any documentation where this state of "deactivated" is discussed. We identified three other differences between or first test group and the second test group: - License level was on Microsoft E3 for the non-compliant machines, instead of E5 - Windows version was 1803 for the non-compliant machines, instead of 1809 - The very first test group was onboarded in Windows Defender ATP using a script. The second non-comliant group was onboarded using a configuration policy in Intune. To test if any of these three differences could have caused the issue I did three separate tests: 1) I moved one user to Microsoft E5, as I understand for Windows Defender ATP this is required. 2) I had one other machine upgraded to Windows 10 1809 3) I ran the manual onboarding script once more on a third machine But none of these machines would be compliant afterwards. I onboarded the first test group to ATP using a script downloaded from ATP. They were active for a few weeks with just the ATP link. I then assigned both the compliance policy and the final ATP configuration at the same time to this first group. The second group was onboarded by the ATP configuration policy in Intune. I assigned the identical compliance policy a day later. I assume that the compliance check fails because the machines do not communicate their threat level (shown as "deactivated" in the Intune portal) properly. One widget in the device compliance screen does show 5 of the 7 devices to be clean: I do not understand why it counts 5 devices. What with the remaining two? And if these 5 are indeed clean, why do at least two of them (7 minus 5) report as having a threat level "deactivated" and "non-compliant"? Does anyone know why the Device Threat Level of the second test group is "deactivated"? What causes this? How can I solve this? Thanks for your help! Best regards, WimTrying to learn Intune - stuck at MDM "Your device is already being manged by an organization"
I'm trying to learn Intune and Endpoint manager so I'm going through the Pluralsight course Implementing Mobile Device Management (MDM) with Microsoft Intune by Greg Shields. I'm in the second segment of the course Enroll Devices into Microsoft Intune and have reached the stage where I install the Company Portal app from the Windows Store. Installing the app, I successfully sign into one of the user AAD accounts, then go into the MDM part. Clicking next Clicking Connect Using the same valid AAD account as is already signed in and clicking next In Windows Settings, Accounts, Access work or school, the test user account is listed. Clicking info shows that it is managed by mddprov account. There are no errors in the DeviceManagement-Enterprise-Diagnostics-Provider event log section. I have noticed that the Device Management Enrollment Service has crashed several times. This is a clean new install of windows 10 pro in eval mode. The crash occurs when I open Company Portal. Exception code 0xc0000005 in module windows.inernal.management.dll The device is registered in AAD, MDM is listed as None and no devices are listed Endpoint Manager. I'm lost as to a solution. If anyone has suggestions of how I can resolve this issue, I'd appreciate it.
Recent Blogs
- By: Anya Novicheva – Sr Product Manager | Microsoft Intune Expected in Q2CY25, iOS/iPadOS automated device enrollment (ADE) policies will move to a new infrastructure which enables Intune to spee...Mar 14, 2025
- I'm Catarina Rodrigues and recently, I've had the opportunity to have several conversations with healthcare customers on how Intune can effectively manage devices in frontline critical environments. ...Feb 28, 2025
