Forum Discussion
Error 0x800B0109 and 0x80072f8f when deploying apps from Intune
Hi,
We have recently started to test how we can deploy apps from Intune, and we did run in to a load of problems.
Computer registers fine with MDM, the intune management extension installs without problem
All good.
Then we come to the actual app deployment, which caused a lot of frustrations.
First error is 0x80072f8f - something with time/certificates/whatever. Quite vague and a lot of useless/pointless suggestions.
Net result is nothing installed.
I allied with our firewall guy, and we started to look what happened with traffic.
It turns out the certificates used by Microsoft are NOT PUBLIC TRUSTED !!!!
So running SSL inspection - which should be mandatory - will fail the inspection as the certificate is not public trusted.
We started to exclude the IP addresses from inspection and got a bit further, now banging our head against 0x800B0109 - third party updated failed to install
Back to firewall log and it turns out there are more untrusted certificates and IP's to exclude.
How do you handle this? Excluding IP's seems to be an impossible mission, you never know when a new one pops up.
So far we have more or less proved deploying apps through Intune is hopeless and not fit for enterprise use.
Any advice would be appreciated.
Regards Torben
- https://learn.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints#access-for-managed-devices , these are the url's. If you whitelist those (And your firewall understands fqdns and doesn't need just addresses or ranges, you should be done relatively quickly.
Intune works for a lot of enterprises, explicitly adding those ranges and fqdns is not needed for most of our customers at least.
- https://learn.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints#access-for-managed-devices , these are the url's. If you whitelist those (And your firewall understands fqdns and doesn't need just addresses or ranges, you should be done relatively quickly.
Intune works for a lot of enterprises, explicitly adding those ranges and fqdns is not needed for most of our customers at least. - Did that help?
- TslaikjerCopper ContributorThanks, just back from vacation and trying to catch up on everything.
I will have my FW colleague to implement this, and we can check.- Great, let us know!