Forum Discussion
gtwood
Apr 04, 2023Copper Contributor
Win32 Content Prep tool doesn't work with FIPS mode
This issue on GitHub has been languishing unacknowledged for the past three years. Since the elder days of yore, the Win32 Content Prep tool - the only option for deploying non-MSI applications t...
Pat_Fetty
Microsoft
Hello,
Unfortunately this is 'by design' as we don't have plans on fixing the tool. The workaround for this is to run the tool on a machines/VM that is not in FIPS mode. I know for some customers this can be a pain (I am in the Intune PG and work only with Gov customers)... but at this time, this is the only option available.
Thanks,
Pat
Unfortunately this is 'by design' as we don't have plans on fixing the tool. The workaround for this is to run the tool on a machines/VM that is not in FIPS mode. I know for some customers this can be a pain (I am in the Intune PG and work only with Gov customers)... but at this time, this is the only option available.
Thanks,
Pat
A9G-Data-Droid
Jul 19, 2023Copper Contributor
Running a management system running out of FIPS mode would come up as a violation on a security audit. Having a management tool, like InTune, is required. What you are saying is that the only way to use InTune is in a non-compliant way. Which is to say that InTune should not be used in a GCC-High environment. Instead of using multiple tools for the same job this forces government customers to look for other MDM solutions for managing baseline configuration.
- nittajefAug 10, 2023Copper ContributorNot sure it would meet everyone's compliance requirements, but if allowable, the content prep tool should work in the Windows Sandbox feature that's enabled on a machine with FIPS enabled.