Recent Discussions
I like to update win32 Clevershare 3.3v to latest Clevershare5.6.0.3497
I tried other apps earlier with no issues, but when I tried to uninstall this app and assign it to another, I had no luck. I also attempted to change a couple of uninstall settings, but still had no luck. I tried the Supersedence method as well, but the test machine kept receiving notifications of failed installation. I received a notification that the old version would be replaced with the new one, but I kept encountering errors. I tried this command for uninstall: Start-Process "C:\Program Files (x86)\Clevershare\Uninstall.exe" -ArgumentList "/QN". I tried both this command but no luck: "C:\Program Files (x86)\Clevershare\Uninstall.exe" /s /quiet. Can anyone help me to sort out this app deployment through Intune, please?
Intune management extension disappears from devices
Hey, I encountered a very strange issue with the Intune management extension on my custoemrs hybrid joined devies. Devices are hybrid joined successfully, synced to Azure AD, visible and compliant in Intune, software is installed from Intune and on-premise via gpo, policies are applied and then after some short time the Intune management extension is uninstalled automatically and no Azure AD joined status visible in settings. Via dsregcmd I can see that the device is still joined to both but even after manually isntalling the extension, it is uninstalled again and again. Do you have any ideas regarding this issue? Thanks and regards
Shared PC Mode Scope Change
We have the “Shared multi-user device” configuration profile scoped to “All Devices” with “Shared PC mode” turned on. As we are approaching our 5th or 6th year with Intune and continually trying to work on better cybersecurity standards, we have desire to change this to where our staff have Shared PC mode off on staff machines to where they are the “sole owner” of their device Students remain with Shared PC mode enabled since we don’t individually assign devices to them Our lab and presenter room environments set to Shared PC mode enabled with domain/guest mode enabled so that we are no longer having to deal legacy local accounts (we shamefully use legacy standard local accounts that auto login, obviously we want it changed). That brings me to this question - if we un-scope the profile from “All Devices”, what impact will this have? Will the Entra-cached staff accounts be suddenly removed from their computer? If we set a new staff “Shared multi-user device” policy with Shared PC mode “not configured”, will they then have their own profile “bubble” on the login screen? I presume we’ll have to assign the user to the device in Intune, correct? My fear is it being a destructive configuration profile change where we now have to reconfigure the staff computers.
The Android app is being deleted by the administrator; how can I prevent this?
Hello, I am facing the following issue: In Intune, I added an app under "Line-of-Business apps" for Android, assigned it to a group, and then targeted this group to specific devices. However, the automatic deployment of the app via Intune is not working as expected. Therefore, I installed the app manually on each device. After a certain period, however, the devices display a message indicating that the app was removed by the administrator. How can I prevent the app from being automatically uninstalled? Thank you for your assistance.Failed to create object ID in Intune for new onboarded device.
We are deploying Defender for Cloud with XDR onboarding. We are implementing Defender policy with Intune enforcement setting, everything is working for 98% of devices as well. But, for some devices like Arc enabled machines, after going through each step and Microsoft troubleshooting documentation. Some devices are not able to create the synthetic object in Intune to receive Defender XDR policies. No solution is provided in the documentation or in MDEclient parser. In the onboarding workflow, the synthetic object is normally created to apply the policy via Intune. But, when a device fails this process, we have no solution even after re-onboarding.Microsoft Graph Command Line Tools Blocked by CA
Hi All I hope you are well. Anyway, I recently turned ON a Conditional Access Policy Template, "Require MDM-enrolled and compliant device to access cloud apps for all users (Preview)" this seems to work fine until our IT Admins try to use the AutoPilot script which gets blocked based on: Microsoft Graph Command Line Tools Any ideas on how to allow AutoPilot /Microsoft Graph Command Line Tools through CA? Info appreciated
Enrollment on Intune disabling Android systems app
Hello everyone, Some explanation first: We use some handheld Unitech EA520 rugged smartphones with built-in scanners and when i enroll these into Intune, half of the built-in system apps are disabled. This includes the Unitech scanner service which is used to control the scanner. When i check under system apps on the device it says "Not installed for this user". I haven't setup any restrictions ofr the device yet and when i do, there is no possibility to enable these system apps. Even weirder is that i enrolled 5 of the exact same devices with same android version about half a year ago and they had no issues what so ever. These are also fully dedicated, company owned devices. Did anyone experience something similar before, as i am quite stuck ?Monitor low disk space for computers
Hi All, We have a requirement to monitor low disk space, particularly on devices with less than 1GB of available space. We were considering creating a custom compliance policy, but this would lead to blocking access to company resources as soon as the device becomes non-compliant. Therefore, we were wondering if there are any other automated methods we could use to monitor the logical disk space (primarily the C drive) using Intune or Microsoft Graph. Thanks in advance, DilanWork or School Account Problem just after Hybrid AD Joined Autopilot
Hi All, We are doing the Hybrid AD joined Autopilot and the issue is just after finish the process and user has signed in, there is a notification for sign in again to fix your work or school account. if we are not sign in and let be there, we didn't get company portal app installed for about 3 to 4 hours. however, if we click the notification and sign in the user account, we will get the company portal app installed within 5 minutes. if we go to Account settings, we could see hybrid ad joined done properly and policies has been pushed by Intune too (image2). We have deployed the Company Portal app to All users at the moment. I want a help to identify is this by design or something wrong with our configurations? image1: image2: Thanks, Dilan
How to block users from downloading files in the Teams or Outlook app on a windows desktop?
I am only seeing EDGE as something to configure in the application protection policy but I need a way to block downloading/copy/paste/print when using the fully installed teams/outlook application. Does anything exist for windows device enrolled with Intune?[NEW] Podcast06: Setup MAM for Windows In Intune
Podcast06: Setup MAM for Windows In Intune. Upcoming Podcast joines me Joery Van den Bosch to focus MAM on securing and managing mobile applications within an organization. Through MAM, organizations can control app configurations, protect data, manage access, and ensure apps are updated. This approach is especially valuable for securing corporate data on personal devices, without requiring full device enrollment. Key Benefits of MAM: Enhanced Data Security Increased Flexibility App Protection Policy Levels: Level 1 – Basic Data Protection. Level 2 – Enhanced Protection. Level 3 – High Data Protection. Youtube: https://youtube.com/shorts/GNWsX1B_Io8?si=I7EySot5pTgVBXa6UPN Not getting updated on Azure
Hello team, Infrastructure: we are currently supporting Windows Autopilot (Entra Hybrid Joined). As expected, we see two device objects in Azure for each device we provision. One for Entra joined and another one for Entra Hybrid joined. Issue: Sometimes we receive requests to change the primary user of a device in Intune. When we change the primary user in intune, the new UPN is getting updated only on "Entra Hybrid Joined" object in Azure. If I check the "Entra joined" object, we still see the UPN of whom initially provisioned the device. It is not possible to update the UPN in Azure or delete the object. Due to this issue, the azure device limit has been reached for many service desk persons who help employees to setup the devices on behalf of users.Microsoft Intune - Software installation
I am a beginner using Intune to manage PCs (Windows 11) and Android devices. When adding a new PC with Windows 11, the following happens: The user logs into the computer with their email account from our company administration and starts Windows 11 (Business) and complete the Device Registration in the "Unternehmensportal". The user (who is supposed to be a standard user) is set up with an "Administrator" profile. If I change the user to a standard user (logging in with the company's admin account on the same computer), I can no longer install any software and get the message "Installation is blocked" (or something similar) when running the installer. There's no prompt for admin rights or an option to run the installation file as an admin. On another user's computer, everything works without problems. No policies are configured, at least not to prevent software installations. The user should not be able to install software independently, and standard users should be standard users when first logging into a new device. Who can help me?
Firewall Off despite policy being enabled
In Firewall and network protection, It says Firewall is off for all Network types. However it should be on. Is this normal/expected? However, In Sec. providers, Firewall is enabled. ========== In PS, Firewall appears to be enabled too. C:\Windows\System32>netsh advfirewall Show allprofiles Domain Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Private Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Public Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Ok. =========== In the Intune Firewall Policy the three options are enabled:
Recent Blogs
- Read on to learn more about a known issue with Windows Security Center connector and the Windows MAM Health Check.Nov 14, 2024
- Learn more about implementing strong mapping in Microsoft Intune certificates.Nov 14, 2024
