cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

InTune MDM devices & Office 365 connectivity

BW_TJ
Copper Contributor

‎Dec 10 2018 08:28 AM

‎Dec 10 2018 08:28 AM

InTune MDM devices & Office 365 connectivity

Good evening all,

 

A question for all the brains out there that know InTune and o365 better than I.

 

We are moving from VMWare AirWatch to Microsoft InTune, for us the latter works considerably better. There is one issue that pertains to enrolled devices not being able to connect o365 apps.

 

So, what happens?

 

A device is enrolled and the pre-installed applications get pushed out.  This all works perfectly and by the time the user sees the screen, Teams, Office 365 Pro Plus, Chrome etc are all installed.  However, when the user goes to launch teams they are faced with an error stating they are not connected to the internet and that restarting the application might help (it doesn't).  

 

The complete error:

'Oh no ... we can't connect to the internet.  Check your connection'

Error Code - 0

Failed to connect to settings endpoint

 

Skype for business installs but refuses to log on with a similar message but this time failing to see a valid certificate.  If you run the Skype for business network test tool it comes back that it can't connect to the endpoint.

 

Outlook is a little different, rather than immediately finding the users e-mail address (UPN)(AirWatch enrolled devices work without issue and automatically insert the UPN), we have to type it in manually.  It then attempts to search for the account.  2 - 3 minutes later it fails asking if we are sure this account exists; it does.  If you click retry we get prompted about allowing out autodiscover server but it still fails.

 

Just to confirm, Outlook, Teams etc all work if you go to the browser based versions; the applications also work if signed in to a device enrolled via AirWatch and not InTune.

 

All our users are assigned InTune Licenses via the E3 mobility & security licensing.  Our setup is a Hybrid Azure AD / On-Prem with ADFS 3.0 configured.  We also have password hash enabled and Seamless SSO.

 

I've wiped our InTune environment and enrolled devices with the bare minimum interference to no avail.  I've refreshed our scheme on Azure AD Connect and also confirmed that even when connected with no proxy / firewall in place that the systems still don't work.

 

I'll also throw this in as I believe it might also be involved, Windows Hello allows us to configure it as normal but immediately throws up an error saying the credentials are required, please lock and login with the credentials.  This never goes away, even after logging back in with the correct credentials.

 

Any help would be greatly appreciated as MS have had 5 days of continued conversations (8-9 hours of phone calls by now) and they can't seem to suggest anything other than rebuild the laptop or re-install Teams.

1,174 Views
0 Likes
0 Replies
Reply
0 Replies