Edge Mobile prompting users to Allow opening app using Custom URI Scheme
Somewhat recently, perhaps with release of IOS 26, Microsoft Edge began prompting users to "Allow" or "Don't allow" a site to open another application when using a Custom URI Scheme. This causes an unnecessary step in our user's authentication process especially when Conditional Access policies are enabled as Edge must be used to pass the CA conditions. This occurs even when the custom-intunemam:// scheme is used to open the Intune enabled application from Edge. I am wondering if there is an Edge Mobile - Intune configuration/setting that we could configure to bypass the prompt. Thanks!
macOS unenrolled, but software updates still enforced
Hey all, I have enrolled and unenrolled a privately owned MacBook Pro M1. However I still get managed software update notifications, see screen shot. In English, this says "required managed update. unit must be charged at least 50% or connected to mains. The unit will be restarted to apply the update. You can cancel this update 4 more times before it will be installed automatically. This is a huge issue for me because I don't want to update to macOS 26 at this time. I unenrolled the MacBook from the company portal. It no longer appears in the list of managed devices. On the unit, under Settings, Device management, the profile list is empty: I don't know how to troubleshoot further. I would be very grateful to anyone who could point me to some next steps to try. Thank you Selwin Kadijk
Deploy Office 365 and uninstall stand-alone office at once?
Does anyone have a process to push Office 365 while removing older versions of stand-alone office (2016 or 2019) as part of that process? The deploy packages for Office 365 can have a remove option in the configuration file, but that always fails when an older stand-alone version is already on a machine. Our current Windows management tool allows for pre or post scripts, but I do not see that as an option for Intune. I could write a pre-install powershell/batch script if that were allowed.
Required Apps assigned to dynamic group are being skipped during pre-provisioning?
I have a few dynamic groups based on a group tag that gets assigned to the device during Intune enrollment. Each of those groups have a different set of applications that are installed on them. One of those dynamic groups just doesn't want to detect the required applications. There are supposed to be 5 apps. During pre-provisioning, it just jumps straight to the reseal page. If I let the device sit at the ESP page, the apps are installed in the background as if they aren't being tracked. If I quickly seal the machine before other apps are installed and unseal, it works like normal (tracking each of the apps and installing them). I can confirm the following: The device is in the proper dynamic group The Autopilot deployment profile and ESP settings are correct All of the applications are Win32 packages and install successfully during ESP This same setup works with my other dynamic groups fine. And it has worked previously with the trouble group before. I didn't change anything I tried: Removing and re-registering the device I'm about to delete and recreate the dynamic group or try to create a static group and see if I get the same results. Everything looks fine and I haven't been able to find something in the logs that points to why it doesn't see the apps as required. Again, if I let it sit, the apps install in the background fine. It's just baffling since my other dynamic groups work fine. Has anyone seen something similar?Google Play Web apps in Edge
Hi Community, We build quite a lot of Webapps in Managed Google Play and assign those to our Android devices managed in Intune as Dedicated with Entra ID Shared device mode. We run MS Edge as the default browser. Lately we have discovered that Webapps, pointing to web sites where you write text in a input field, especially if the text box is at the bottom of the screen, doesn´t behave as we expect. When the virtual keyboard is activated it often hides the text box, making it impossible to see what you write. If we open Edge and manually browse to the same site, it behaves better. I have also tested to open the Web app in Chrome which works as expected. It doesnt matter if I create the Web app with "Fullscreen" "Standalone" or "Minimal UI" display mode. First image shows the site opened manually in Edge. The textbox is moved above the keyboard Same site opened as a Web app. When activating the keyboard, the text box becomes hidden under the keyboardHaving trouble with MDM
I am trying to set up a surface pro with a business account. However I got a error saying looks like we can't connect to the URL for your organization's MDM terms of us. Error: invalid_client Error subcode: Description: failed%20to%20authenticate%20user Does anyone know a quick fix to this problem. Thanks,Best Kiosk Setup for Public Library PCs (Cloud-Only, File Explorer and Printing Issues)??
I’m trying to configure kiosk devices for a public library. I’ve tested configuring kiosks through the Intune Template option, where you can select a single app or multiple apps. However, I ran into an issue with the Start menu configuration — I want to display only Chrome, Edge, and the Downloads folder (via File Explorer). I then decided to switch to a custom OMA-URI configuration using an XML string <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"> <Profiles> <Profile Id="{7877df8d78fd7f8d7fdf-a454a45ae45-7sd777}"> <AllAppsList> <AllowedApps> <App DesktopAppPath="%ProgramFiles%\Google\Chrome\Application\chrome.exe"/> <App DesktopAppPath="%SystemRoot%\explorer.exe"/> </AllowedApps> </AllAppsList> <v5:StartPins> <![CDATA[ { "pinnedList": [ { "desktopAppLink": "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk" }, { "desktopAppLink": "%SystemRoot%\\explorer.exe" } ] } ]]> </v5:StartPins> <Taskbar ShowTaskbar="true"/> </Profile> </Profiles> <Configs> <Config> <AutoLogonAccount rs5:DisplayName="kioskläge"/> <DefaultProfile Id="{7877df8d78fd7f8d7fdf-a454a45ae45-7sd777}"/> </Config> </Configs> </AssignedAccessConfiguration> The problem is that File Explorer doesn’t appear on the Start menu, while Chrome launches correctly (because I use a PowerShell script for that). Based on your experience — what would be the best setup for public library computers that run pure cloud (no domain join), where public users will download documents and print them? If printing is required, would Universal Print be the best option, considering that the printers are on-premises?
Intune App Failure
I am experiencing repeated installation failures with the applications I have created in the Microsoft Intune Admin Center. I have tried deploying them both as Windows MSI line-of-business apps and as IntuneWin apps, but regardless of the file format used, the installations consistently fail with the error: “Fatal error during installation (0x80070643).” Could you please assist in identifying the cause of this issue?
