Recent Discussions
HP TamperLock(Hardware) - Information in MS Intune
Can someone help me with this: I want to know if a HP hardware TamperLock(Cover removal sensor) feeds it's information into Microsoft Intune or SCCM. If yes, where can I see it? Irrelevant of whether the check boxes in BIOS are checked or not, if someone opens the back cover, then it should trigger in MS Intune.
Question About Moving SCCM Partially Out of Intune
Good afternoon, I've been given an environment that currently has SCCM integrated into InTune. Our department head would like to partially remove our servers from being managed by InTune, but still be managed by SCCM. Is such a thing possible? If so, could you link what documentation is available to lead me into that? I appreciate it!
Not able to use derived credentials on android
I have successfully enrolled a Samsung Galaxy S22 ultra using intune. All my apps are installed on the device. I am now trying to use derived credentials but I am not able to scan the QRCode. As soon as the QRCode comes up, the intune app crashes. Wanted to know if anyone else is seeing this issue. The intune app version is 2025.11.02.
Company Portal | App installation issues
Anyone else experiencing issues with downloading apps from company portal? Win32 apps, pressing install and just spins on βdownload pendingβ¦ your device is syncing and will begin downloading your app shortlyβ Experiencing this issues with 2 different tenants. In 2 different countries now.App Protection Policy and Siri Intents
Hello, I know that there is a MAM Policy setting to be checked "areSiriIntentsAllowed" to decide to allow or block a Siri intent for an Intune SDK integrated application but I am not seeing where in the App Protection Policy that I can change this value to allow the Siri intent. Is there an Intune Console setting that dictates what the "areSiriIntentsAllowed" will be set to? Here's the Intune SDK integration reference https://learn.microsoft.com/en-us/intune/intune-service/developer/app-sdk-ios-phase4#siri-intents Thanks!Modern endpoint managementβMicrosoft Intune at Ignite 2025
Security is a core focus at Microsoft Ignite this year, with the Security Forum on November 17, deep dive technical sessions, theater talks, and hands-on labs designed for security leaders and practitioners. Join us in San Francisco, November 17β21, or online, November 18β20, to learn why endpoint security and management are critical in todayβs hybrid environments. At Ignite, endpoint management sessions and labs will help you secure devices, automate management, and integrate with AI-powered security tools. Featured sessions: BRK242: Top Essentials for an Integrated, AI-Ready Security Foundation Learn what Microsoft Entra and Microsoft Intune bring across the M365 stack to help you reach a Zero Trust security posture with more compliance and control in the era of agentic AI. LAB542: Zero Trust Lab: Securing Identities and Devices with Intune & Entra Explore how Intune and Entra secure identities and devices, with new implementation indicators and cross-pillar guidance. BRK258: Inside Windows Security, from client to cloud Discover the latest innovations across Windows and Intune designed to improve your security posture and protect users, devices, and data. Explore and filter the full security catalog by topic, format, and role: aka.ms/Ignite/SecuritySessions Why attend: Ignite is the best place to learn about new Microsoft Entra capabilities for agentic AI, identity governance, and secure access. We will also share its vision for the future of identity and agent management. Security Forum (November 17): Kick off with an immersive, inβperson preβday focused on strategic security discussions and realβworld guidance from Microsoft leaders and industry experts. Select Security Forum during registration. Register for Microsoft Ignite >
Google Play Web apps in Edge
Hi Community, We build quite a lot of Webapps in Managed Google Play and assign those to our Android devices managed in Intune as Dedicated with Entra ID Shared device mode. We run MS Edge as the default browser. Lately we have discovered that Webapps, pointing to web sites where you write text in a input field, especially if the text box is at the bottom of the screen, doesnΒ΄t behave as we expect. When the virtual keyboard is activated it often hides the text box, making it impossible to see what you write. If we open Edge and manually browse to the same site, it behaves better. I have also tested to open the Web app in Chrome which works as expected. It doesnt matter if I create the Web app with "Fullscreen" "Standalone" or "Minimal UI" display mode. First image shows the site opened manually in Edge. The textbox is moved above the keyboard Same site opened as a Web app. When activating the keyboard, the text box becomes hidden under the keyboardSurvey | Intune Auditing Feedback
Are you a frequent user of Intune audit logs? Your input is critical to shaping the future of Intune's auditing capabilities. This survey aims to gather insights on what works well today and where improvements are neededβwhether itβs expanding audit coverage, enhancing search and filtering, or improving reporting experiences. By sharing your feedback, you help us prioritize features that deliver better visibility, stronger compliance, and a more intuitive experience. Thank you for helping us make Intune auditing smarter and more impactful! πTake the survey today: https://aka.ms/IntuneAuditSurvey
MMP-C Enrollment Failing
I discovered a few of our devices were running into an issue with EPM functioning properly because the devices were enrolled via MDM only enrollment. I've been following some posts to try to rectify that issue and was successful in enrolling of the devices the proper way. However, I'm now running into an issue where the device is failing to enroll in MMP-C with the following error even though the file enrollment exe exists: The scheduled task looks accurate for enrolling the device in MMP-C and I'm out of details on what to do for this. Please help!Using REST API to get / set device variables
Hi, I'm trying to set a couple of variables against a machine name, through using the REST API. These are the variables that are set that you can see in the console if you right click properties on a device and go to the 'Variables' tab. These are handy because they can later be referenced during Task Sequences / OSD. I just can't figure out how to do it with the REST API. I have no issues doing it with the powershell module using the 'New-CMDeviceVariable' command, but my solution i'm building at the moment requires the solution to be done with rest api, not with ps modules... I can connect to REST API using powershell using commands such as the below. This all works fine. $ConfigMgrServerURL = "https://SCCMserver.domain.local" $MachineName = "MachineName1" # Following command is a sample GET request, which works. (Invoke-RestMethod -Method Get -Uri "$ConfigMgrServerURL/AdminService/wmi/SMS_R_System?`$filter=Name eq '$MachineName'" -Credential $Credential) #I can also fetch "Custom Properties" via this command (Invoke-RestMethod -Method Get -Uri "$ConfigMgrServerURL/AdminService/v1.0/Device($ResourceID)/AdminService.GetExtensionData" -Credential $Credential) Now i just can't see where i can go to set a variable on the machine. Does anyone have any ideas ? Thanks!Are you unable to open Google Chrome or any other browser?
Cause & Solution: If you are using Microsoft Intune, the Microsoft AI system may have automatically created a rule that blocks third-party browsers such as Chrome and Firefox. To resolve this, you need to deactivate or delete the automatically generated rule under Windows Configuration Policies.
iOS 15.8.x iPad Air 2 Failed to retrieve configuration
We are getting "Failed to retrieve configuration" on all iPad Air 2 devices running iOS 15.8.x. I saw on the https://community.jamf.com/general-discussions-2/failed-to-retrieve-configuration-on-ipados-v15-8-4-48978 forums that it's a known issue by Apple and they are working on a fix but I have doubts that they will actually do anything since they no longer support that product. Has anyone else seen this issue and found a workaround?Re-Join SCCM Client to Intune for Co-Managed join Type
Hello, I have been using SCCM for a long time, I have it is setup for Co-management, and all my workloads are moved over to Intune. I have a few clients that for one reason or other have not been added to Intune. I can get them onboarded, but the join type always ends up Intune. I am trying to find out the correct recipe to reenroll an SCCM client to Intune. I have tried uninstalling the SCCM client and reinstalling. I have tried removing registry keys for Intune to ensure it joins again. I have used DSREGCMD to leave and join back. I have completely removed from Domain and deleted from Intune. I have tried combinations of all of these things together. I have yet to come up with a specific order to do them in. I still think there is some remnant that is preventing a rejoin. Does anyone have details that help me to get systems to rejoin via SCCM? Some may say what is the difference. The difference is there are tools that are not present if the Join type is incorrect. Best regards and thanks.
Android COPE - Google Zero Touch Enrollment - Device Resets automatically
Hello, Encountered a strange behavior of an Android mobile phone, enrolled in Intune through Google's Zero Touch method. Device is a Samsung running Android 15. Device is enrolled, reports that all necessary configurations and compliance policies are met, yet the device is prompted with a pop-up notification saying that it belongs to the company and that in order for the device setup to be complete, it will be reset, with a countdown of ~ 2 hours. Multiple resets occurred, yet it's stuck in the same loop. Any idea what might trigger this behavior? No other COPE enrolled phone does this. The user's current Android 14 device is running properly, but it's enrolled as BYOD.Windows App Application Protection Policy
I have been testing out an Intune MAM policy to restrict copy/paste and drive redirection to AVD session hosts based on the link here: https://learn.microsoft.com/en-us/windows-app/require-device-security-compliance-intune?tabs=web#related-contentHowever, I've run into problems (in two separate tenants) that have halted me from being able to test. Setup Intune App Protection Policy targeting Windows Devices & Microsoft Edge\ Conditional Access Policy enforcing App Protection Policy when users access 'Azure Virtual Desktop' target resource via https://windows.cloud.microsoft.com Results First When signing into a user account targeted by the policy, they are prompted to Switch Edge Profile which signs in the user to a new Edge profile for 'Work or School Account'. The account has to sign in again. The account can access Windows App resources When launching a desktop session, this authentication page pops up for an account "local@debugonly" Second When signing into a user account targeted by the policy, they are prompted to Switch Edge Profile which signs in the user to a new Edge profile for 'Work or School Account'. The account has to sign in again. After sign in, the account loops with 'Switch Edge Profile' and gets stuck here I'm curious if anyone has gotten this to work and what was your setup? Or if Microsoft or provide some assistance or if this is in the wrong forum, any help would be appreciated.Intune is unable to register Ubuntu 24.04.2 device
Hey, Writing this issue since I found no source code/repo, and no other issues here matched my symptoms. Anyone got any hints on how I could proceed? Or maybe even better, where to find the source code and build instructions for `intune-portal` so I can build towards the current libraries... 2025-06-26 08:46:50+02:00: ~ w/ο¨βοΈ w/π§ took 2s x10an14@ubuntu β― : intune-portal 2025-06-26 08:47:41 INFO Command line arguments args=PortalArgs { common: CommonArgs { interactive: false, socket_path: "/run/intune/daemon.socket" } } version="1.2503.10" 2025-06-26 08:47:45 INFO Starting a new login Could not create default EGL display: EGL_BAD_PARAMETER. Aborting... 2025-06-26 08:47:48 WARN oneauth{tag="9a8hm"}: HTTP status: 404 2025-06-26 08:47:48 WARN oneauth{tag="5fsch"}: Failed to get image from Graph ^CError: nu::shell::terminated_by_signal Γ External command was terminated by a signal ββ[entry #143:1:1] 1 β intune-portal Β· βββββββ¬ββββββ Β· β°ββ terminated by SIGINT (2) β°ββββ 2025-06-26 08:47:56+02:00: ~ w/ο¨βοΈ w/π§ took 14s x10an14@ubuntu β-2 β― : lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 24.04.2 LTS Release: 24.04 Codename: noble 2025-06-26 08:48:08+02:00: ~ w/ο¨βοΈ w/π§ x10an14@ubuntu β― : grep -HIRnC 10 'microsoft' /etc/apt/sources.list.d/ /etc/apt/sources.list.d/microsoft-prod.list:1:deb [arch=amd64,arm64,armhf signed-by=/usr/share/keyrings/microsoft-prod.gpg] https://packages.microsoft.com/ubuntu/24.04/prod noble main 2025-06-26 08:48:27+02:00: ~ w/ο¨βοΈ w/π§ x10an14@ubuntu β― : history | last 11 βββ#ββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββcommandββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ 12135 β grep -HIRnC 10 'microsoft' /etc/apt/sources.list.d/ 12136 β sudo apt purge intune-portal microsoft-edge-stable microsoft-identity-broker 12137 β ^find ~/.local ~/.cache ~/.config -iname '*microsoft-identity*' -or -iname '*intune*' e> /dev/null | lines | tee { each {|d| rm -r $d}} | each {|d| echo $"Deleting: ($d)"} 12138 β ^find ~/.local ~/.cache ~/.config -iname '*microsoft*' -or -iname '*intune*' e> /dev/null | lines | tee { each {|d| rm -r $d}} | each {|d| echo $"Deleting: ($d)"} 12139 β systemctl --user daemon-reload 12140 β sudo apt install intune-portal 12141 β systemctl --user daemon-reload 12142 β ^find ~/.local ~/.cache ~/.config -iname '*microsoft-*' -or -iname '*intune*' e> /dev/null | lines | tee { each {|d| rm -r $d}} | each {|d| echo $"Deleting: ($d)"} 12143 β intune-portal 12144 β lsb_release -a 12145 β grep -HIRnC 10 'microsoft' /etc/apt/sources.list.d/ 2025-06-26 08:48:48+02:00: ~ w/ο¨βοΈ w/π§ x10an14@ubuntu β― : Here are the relevant logs I was able to find: x10an14@ubuntu β― : sudo journalctl -t intune-portal -t microsoft-identity-broker -f Jun 26 08:47:41 ubuntu intune-portal[261043]: Command line arguments args=PortalArgs { common: CommonArgs { interactive: false, socket_path: "/run/intune/daemon.socket" } } version="1.2503.10" Jun 26 08:47:45 ubuntu intune-portal[261043]: Starting a new login Jun 26 08:47:45 ubuntu microsoft-identity-broker[261088]: I/IdentityBrokerService: [2025-06-26 06:47:45 - thread_id: 1, correlation_id: UNSET - ] Starting DBus Service for Microsoft Identity Broker... Jun 26 08:47:46 ubuntu microsoft-identity-broker[261088]: SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". Jun 26 08:47:46 ubuntu microsoft-identity-broker[261088]: SLF4J: Defaulting to no-operation (NOP) logger implementation Jun 26 08:47:46 ubuntu microsoft-identity-broker[261088]: SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. Jun 26 08:47:46 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:46 - thread_id: 1, correlation_id: UNSET - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:46 ubuntu microsoft-identity-broker[261088]: I/MapDbStorage:getDb: [2025-06-26 06:47:46 - thread_id: 1, correlation_id: UNSET - ] Attempting to open DB File at path: /home/x10an14/.local/state/microsoft-identity-broker/broker-data.db Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 1, correlation_id: UNSET - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 1, correlation_id: UNSET - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/IdentityBrokerService: [2025-06-26 06:47:47 - thread_id: 1, correlation_id: UNSET - ] DBus Service for Broker has been started! Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/getAccounts: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: UNSET - ] Received method call from UID [1000], with correlationId [ffba9791-791b-4237-b485-2101a8cd85b9]. Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/MapDbStorage:getDb: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] Attempting to open DB File at path: /home/x10an14/.local/state/microsoft-identity-broker/account-data.db Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/BrokerUtil:getCacheRecordListFromBrokerCache: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] This client ID is not known to brokerOAuth2TokenCache. Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/BrokerUtil:getCacheRecordListFromBrokerCache: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] No accounts available in client app cache, trying the FOCI cache. Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerPlatformComponents:getDbFileRootDir: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] STATE_DIRECTORY is /home/x10an14/.local/state/microsoft-identity-broker Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: W/DefaultBrokerApplicationRegistry:getMetadata: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] Metadata could not be found for clientId, environment: [b743a22d-6705-4147-8670-d92fa515ee2b, null] Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/AuthSdkOperation:isAppInBrokerApplicationRegistry: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] App in broker application registry: [false] Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/AuthSdkOperation:addDeviceAccountIfNeeded: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] App in registry is allowed to access WPJ: [false] Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/AuthSdkOperation:addDeviceAccountIfNeeded: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] is a known FoCI App: [true] Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/LinuxBrokerServiceOperation:getAccounts: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] Received get account result for correlation id: ffba9791-791b-4237-b485-2101a8cd85b9 Jun 26 08:47:47 ubuntu microsoft-identity-broker[261088]: I/BrokerDBusV1Impl:getAccounts: [2025-06-26 06:47:47 - thread_id: 39, correlation_id: ffba9791-791b-4237-b485-2101a8cd85b9 - ] Sending result back to calling application for correlation id: ffba9791-791b-4237-b485-2101a8cd85b9 Jun 26 08:47:48 ubuntu intune-portal[261043]: oneauth{tag="9a8hm"}: HTTP status: 404 Jun 26 08:47:48 ubuntu intune-portal[261043]: oneauth{tag="5fsch"}: Failed to get image from Graph
Recent Blogs
- Starting with version 2609, Microsoft Configuration Manager will transition to an annual release cadence. This change is a formalization of the direction weβve communicated at events and in customer ...Nov 05, 2025
- By: Jon Callahan β Sr Product Manager | Microsoft Intune Cloud services donβt just rely on the network. They redefine it. As organizations adopt Microsoft Intune and advance their Zero Trust st...Nov 03, 2025
