Deploy an application to Windows devices with specific serial numbers
I have a total of 200 new laptops which I would like to deploy a specific application using InTune. I have the serial number of all the laptops. These laptop are only identifiable by the serial number only and cannot use anything else. I've been searching for solutions but articles are not clear. Can someone please advise if this can be done? If so, can you guide me to a good article or with some points? Thanks in advance
Intune, winget, PowerShell
Hello everyone, I'm trying to use Intune to deploy a script that schedules a task to run winget silently to update most of our 3rd party applications automatically. I can get the script to deploy, but not run. I keep getting an error saying "winget not available for system", which I've verified it is. Any ideas? What am I doing wrong? Thanks for your help,
Custom Compliance to check for Software Version
Hi all, I was trying to implement a custom Windows compliance item using PS/JSON to check for a particular Software version. In my case this was the AntiMalware client (not using Defender). I tried a lot of different aproaches w/o success. I've had results from eval error, ivalid JSON message or the item is simply ignored. Has anyone implemented something similar with success? thx, Miguel
Microsoft Defender (for Business) not showing onboarded device via Intune
I am having some real fun with Devices not being shown in Microsoft Defender (for Business) after following the necessary instructions provided by Microsoft. Devices are not showing in the Microsoft Defender portal. I have used the local onboarding scripting method and gone directly through Intune. Would there be a conflict running the two? The account being used to perform these tasks is a Global Admin (even with Security Administrator rights). In respect of Intune, the Connection service between Intune and Defender for Endpoint (EDR) is fine. I have used a preconfigured EDR policy option to onboard the device, and I have checked the registry key HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection, which states an OnboardingInfo value, indicating that a device has been onboarded to Microsoft Defender for Endpoint. I do have an issue relating to Default Device Compliance Policy - Has a compliance policy assigned and a policy issue for 'create local admin user account', but Intune is saying the device is compliant. Would these issues cause an issue, and what else should I check for?MMP-C Enrollment Failing
I discovered a few of our devices were running into an issue with EPM functioning properly because the devices were enrolled via MDM only enrollment. I've been following some posts to try to rectify that issue and was successful in enrolling of the devices the proper way. However, I'm now running into an issue where the device is failing to enroll in MMP-C with the following error even though the file enrollment exe exists: The scheduled task looks accurate for enrolling the device in MMP-C and I'm out of details on what to do for this. Please help!
PowerShell install updated Sysmon
Attempting to install an updated Sysmon to a computer. Sysmon has been uninstalled prior to updating; however, when running PowerShell in Intune to install it, it appears that Sysmon64.exe is copied to C:\Windows\, but no service is created for Sysmon64. This is running in System context, with WORKGROUP\SYSTEM for a user. Running the following command in a PowerShell script only copies the file, but doesn't create the service: Start-Process -Wait "sysmon64.exe" -ArgumentList "-i -accepteula" Running the above line in PowerShell ISE, as myself outside of the Intune deployment, the service is created without issue. What am I missing? Thanks!Conditional Access Policy Loop with Edge on BYOD Devices – Need Help!
Body: Hello Tech Community, I’m facing an issue with an Azure AD Conditional Access Policy that seems to be causing a loop when users access Office 365 resources using Microsoft Edge on Windows 11 24H2 BYOD devices. Here’s the scenario: Problem: The policy is titled "Require App Protection Policy for Edge on Windows for All Users when Browser and Non-Compliant-v1.0" and continuously prompts users to switch profiles in Edge. These devices are BYOD and intentionally excluded from full Intune management (non-compliant by design). However, Edge repeatedly requests authentication or profile switching, creating a frustrating experience. Policy Details: Applies to: Windows devices using browsers (primarily Edge). Excludes: Compliant devices or those with trustType = ServerAD. Includes: Office 365 applications. Excludes Groups: Certain groups that should bypass the policy. What I’ve Tried: Verified device compliance status in Azure AD and Intune. Checked Azure AD Sign-In Logs for errors or repetitive authentications. Cleared Edge browser cache and cookies. Ensured Edge is configured to use Windows sign-in information. Adjusted the App Protection Policy settings for Edge. Questions: Could this be an issue with how Edge handles profile authentication in Conditional Access scenarios? How can I ensure that BYOD devices remain excluded from full Intune management but still work seamlessly with this policy? Are there specific adjustments I can make to the Conditional Access or App Protection Policy to avoid these loops? Additional Context: My goal is to secure access using App Protection Policies (MAM) for BYOD scenarios without requiring full device enrollment in Intune. Any insights, suggestions, or similar experiences would be greatly appreciated! Thank you in advance for your help!Are you unable to open Google Chrome or any other browser?
Cause & Solution: If you are using Microsoft Intune, the Microsoft AI system may have automatically created a rule that blocks third-party browsers such as Chrome and Firefox. To resolve this, you need to deactivate or delete the automatically generated rule under Windows Configuration Policies.Microsoft multi-tenant management resource guide
Welcome to your home for all things #IntuneforMSP. Our goal is to help you grow your Microsoft Managed Service Provider (MSP) business with productivity apps, intelligent cloud services, and the world-class security of Microsoft 365 combining with the multi-tenant management capabilities of our partners. So, where to start—and where to go to take the steps after that? Right here! We’ll soon be announcing dates for a series of regular webinars, where Microsoft and our partner share expertise and insights specifically related to the world of the MSP. Until then, here are some resources to help. Follow or favorite this page as we’ll be updating it frequently with new events and new readiness materials. Jump to: Marketing and business development | Demos and tutorials | Partner resources | Microsoft communities | Select content from Microsoft MVPs In the spotlight Click the image below, to watch the Microsoft Intune multi-tenant management video with Jonathan Edwards. Marketing and business development Start here: Microsoft 365 Business Premium Partner Playbook and Readiness Series Sign up for more sales training: Level Up CSP Training: Modern Work and Business Applications Explore similar offers: Microsoft Security Partners And, if you haven’t already, sign up with the Microsoft Partner Center. Demos and tutorials Whether deploying solutions for yourself or for your customers, these resources can help you with prescriptive ‘do this next’ guidance to get you up to speed quickly. Download this guide: Enhancing Security with Microsoft 365 Business: A Hands-on, Effective Guide Follow along with the companion video: Achieve greater security and productivity with Microsoft Intune and Microsoft 365 Explore click-through interactive guides for more advanced instruction: Microsoft Intune guided demos Topics include configuring app protection policies, configuring Conditional Access, updating Windows from the cloud, configuring corporate devices, deploying and managing line of business (LOB) apps, enabling Universal Print, accessing corporate resources on personal-owned devices, setting up Windows Autopilot for new device delivery, and reducing bandwidth consumption with Delivery Optimization. Partner resources Nerdio knowledge hub Inforcer resources Microsoft communities Microsoft 365 Blog small and medium business-related posts Microsoft 365 Partner LinkedIn channel Select content from Microsoft MVPs To find an MVP near you, visit the Microsoft MVP home page. Peter Klapwijk - In The Cloud 24/7 Blog Ugur Koc - Ugur Koc Blog Andy Malone - Andy Malone on YouTube Rudy Ooms - Call4Cloud Blog Somesh Pathak - Intune IRL Blog Oktay Sari - AllThingsCloud Blog Jon Towles - Mobile Jon Blog
