Recent Discussions
Site drop down missing when trying to push client
Good afternoon, all. I just changed permissions for my helpdesk. For some reason they were nearly full admins from historical setup. Created a collection that is a copy of "all PC Clients" and called it "All PC clients for deployments" added a new security role called "Helpdesk" Setup a new group in AD and placed the helpdesk in said group under administration > overview > security > Administrative users, i've added the group, gave them security roles as "helpdesk" Set security groups to only the specified collection of "all PC clients for deployments", Security scope for Helpdesk and all unknown computers. Under security roles, i copied the same security role they had previously and created the name "helpdesk" I've looked at everything under both within "permissions" and everything matches as far as i can see. Does anyone know what sets this specific permission? Mine is perfectly fine, but i am a full administrator.11Views0likes1CommentMAM policy and IOS Numbers.
Looking for some advice, have recently applied MAM policy, we have users that use IOS numbers on their iPhones and would like to share these files with Microsoft applications. We have now changed Send org data to other apps to All Apps to get around this but does anyone have experience with creating an exemption for this or any other IOS application? We do not want to open up all apps.11Views0likes1Comment[On demand] From admin to standard user with Endpoint Privilege Management
Get actionable insights and practical tips for deploying Endpoint Privilege Management using Microsoft Intune. Watch From admin to standard user with Endpoint Privilege Management – now on demand – and join the conversation at https://aka.ms/AdminToStandardUser. For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.9Views0likes0Comments[On demand] Intune 'fast lane' - Let's talk about all things latency
What happens from the time you click the save button on an assignment in Microsoft Intune to when your devices receive the updated changes? Watch Intune 'fast lane' - Let's talk about all things latency – now on demand – and join the conversation at https://aka.ms/IntuneFastLane. For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.9Views0likes0Comments[On demand] Enhance and supercharge IT management with Copilot in Intune
Get valuable tips to help you get the most out of Copilot in Intune—and find an easier path to policy management, troubleshooting, insights, and overall efficiency. Watch Enhance and supercharge IT management with Copilot in Intune – now on demand – and join the conversation at https://aka.ms/SuperchargeITManagement. For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.5Views0likes0Commentsintune app errors The unmonitored process is in progress, however it may timeout. (0x87D300C9)
when trying to install barco click share appp i get the below errors: Error unzipping downloaded content. (0x87D30067) The unmonitored process is in progress, however it may timeout. (0x87D300C9)24KViews0likes4CommentsAndroid 15 - CredentialProviderPolicy not surfaced by Intune
I have been having an issue with Android 15 devices. We use Authenticator as our password autofill provider. As soon as a device is updated from Android 14 to Android 15, the password autofill provider is no longer set and the setting to change it is 'blocked by work policy.' I have already tried removing all policies that apply to the devices (device config and device compliance policies) and factory resetting them. Simply having them enrolled as corporate owned fully managed devices causes this to happen. I raised the issue in the Android Enterprise community blog. A link to that is included below. Someone on that thread found that there is a policy in Android 14/15 called the credentialproviderpolicy. When that policy is blocked or unconfigured, this behavior happens. I cannot find anywhere in Intune where I can set this policy. It seems that it is allowed by default when managing Android 14 with Intune, but not set or blocked when the device switches to Android 15. Is there any way to specifically set a policy that is not reflected in the Intune UI? This is a blocker for being able to move more phones to Android 15. Link to Android Enterprise thread: Re: Android 15 - Cannot set default password app - Android Enterprise Customer Community - 8708 Thanks, Tom982Views5likes3CommentsAndroid App for different enrolments
Hi Most of our Android devices on Intune are registered as Corporate owned, fully managed and the apps are all installed as 'required' assigned to user groups. I have been asked to set up BYOD for Android so I am trying to create the Work profile set up. The problem is that it automatically installs all apps we've assigned for corporate owned devices. How do I separate the apps from each type of enrolment bearing in mind that the same app (eg Outlook), might be installed on both types of enrolment? We are assigning apps by user so I can't think of a way to prevent it. ThanksSolved36Views0likes2CommentsSeeking Advice on Intune Windows Updates Management for Win10 to Win11 Upgrade
We’re preparing to upgrade a group of devices from Windows 10 to Windows 11 using a feature update deployment policy and Ring update policy. Our goal is to provide our users with the most notifications and control possible before the mandatory deadline is reached, allowing them the opportunity to initiate the update themselves. However, I’m confused about the deadline and grace period countdown. According to this article, the countdown starts after the installation completes. Enforce compliance deadlines with policies - Windows Update for Business | Microsoft Learn Is there a way to use Intune Windows Updates management to allow users to control when they launch the Windows 11 upgrade process before it becomes mandatory, while also providing notifications to the user? Thanks in advance for your help!22Views0likes1CommentDisable sign in to Windows device (fast)
Hi, When using Intune along with WHfB PIN, what is the best approach to disable sign-in to Windows PC (using WHfB PIN)? Wipe command is not an option in this case, we just need to block access to the PC and do it fast as possible. In my testing blocking user, revoke session, disabling device is not preventing user from using cached PIN to enter and use computer. Yes, it's signed out from Office apps etc, but still has access to local files. I think there should be command in Intune that will efficiently do this. Thanks!3Views0likes0CommentsWhich Windows Licenses are required to manage BitLocker through Intune
License Confusion for Managing BitLocker via Intune Scenario: We are managing BitLocker through Intune, with recovery keys backed up to Entra ID for both Hybrid and Entra ID-joined devices. Our devices run Windows 10/11 Professional, and we have EMS E3 licenses. Confusion: Most Microsoft documents state that Windows 10/11 Professional is sufficient to enable and manage BitLocker. However, one document mentions that Windows 10/11 Enterprise is required to manage BitLocker using CSP (Configuration Service Provider). We need clarification on whether Windows 10/11 Professional is fully capable of BitLocker management via Intune or if Enterprise is required for CSP-based management. I am providing reference Microsoft articles and screenshots to support this. BitLocker Enablement: https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/#windows-edition-and-licensing-requirements BitLocker Management: https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/configure?tabs=common#windows-edition-and-licensing-requirements Encrypt Devices with Intune: https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices#view-details-for-recovery-keys You can find this paragraph in above document. "Information for BitLocker is obtained using the (CSP). BitLocker CSP is supported on Windows 10 version 1703 and later, Windows 10 Pro version 1809 and later, and Windows 11." Contradictory Statement Document: https://learn.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp31Views0likes1CommentIntune Security baseline - Defender settings
Hello All, We're configuring the Security Baselines policy for Windows in Intune and noticed a section for Defender settings. We have Intune Plan 1 license, and don't have a Defender for Endpoint license and are using the default Windows Defender on Windows 10/11. After we enroll the device to Intune and configure the Security baseline policy, can someone confirm if settings like ASR, Network Protection, Cloud Protection, Local Admin Merge, etc., under the Defender section, will apply to our devices if configured? Thanks,Solved52Views0likes5CommentsCannot install macOS Management Profile
Hi, all. I'm trying to get management of a macOS device working. This is the first device being enrolled, in a new setup. The device was pre-enrolled in ABM and synced to Intune. The device registers fine, and get the default management profile. I have added Company Portal, Microsoft 365 and Defender as apps to install. All these are being pushed, except Defender comes up with a missing license. I guess this is related to the issue below. I start up Company Portal and it instructs me to install a new management profile. When trying to install this profile, it fails with the error "Could not obtain final profile using the Encrypted Profile Service...". My guess is that there is a conflict with an already installed Management Profile, which is impossible to remove. Have tried both locked and unlocked enrollment. Any hints on how to resolve this?10Views0likes0CommentsNon persistent session on not joined devices
Hi, how do I create a conditional access policy within intunes that requires a non joined device and then specifies the persistent browser session to "never persistent". As I look ath the settings I am only be able to set "Require Microsoft Entra hybrid joined device". Thanks Cheers, heinzelrumpel44Views0likes4CommentsWindows 11 upgraded from W10 Rolled back and now no upgrade available!?
Hi I guess there must be some bug in the way Intune detects if Windows 11 is installed or not, when rolled back to Windows 10 after an Windows 11 upgrade. I am testing Update rings with also feature update policy setup. The Upgrade was then available and upgrade to W11 from W10 went without issues. Then I wanted to test roll back (Go back) option used on the client, just to know how to if a user should need that. Roll back to W10 went smoothly. Now no W11 upgrade is available to install anymore. Tried a couple of basic stuff like restart(ofc 🙂 ) , deleted "SoftwareDistribution" folder, ran "sfc /scannow", triggered multiple Intune syncs from different areas like sync from Intune, sync from work/school in windows and from the task schedule "EnterpriseMgmt" -> "Schedule #3 created by enrollment client" Maybe a reg key needs to be deleted or changed manually?220Views0likes2CommentsIn Grace Period- After Joining in Autopilot
I have 2 surfaces that I joined to Intune through Autopilot but they are showing as "In grace period". It should sync and should be in compliance and not sure why it says as in grace period. The applications are not downloading full that are being pushed. Could it be due to network issue and what about the grace period, how to fix it. thanks in advance29Views0likes1CommentGuidance with Outlook App Configuration Policies and Conf.Keys for Android
First off, I'm referring to the Configuration Key com.microsoft.intune.mam.AllowedAccountUPNs, documented here https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune#organization-allowed-accounts-mode-settings-1 For Android, there is one Configuration Key listed, this one. The page doesn't tell us the value type, though by its name, it seems like it should be an array of strings. When it comes down to using it, we have to set it to String for the type, and then I'm having hit and miss results with the initial account setup. Sometimes, it's letting me setup just the UPN of the current user, and then later I can add additional accounts that are also listed in the array. This is what I would say is the good alternative to the On/Off switch for Organizational Accounts Only Mode. However, sometimes, new Outlook setups will show all the UPNs in the array, as if it is one string, which obviously doesn't work at all. I am hoping somebody can help me here with how this key is supposed to work, or not. Anyone have much experience with this that can shed any light? Thanks in advance.Solved8.2KViews0likes12CommentsAndroid KIOSK Device - WiFi Browser Login, not appearing
Morning All, I have an Android KIOSK device with managed home screen applied. The device has a WiFi configuration applied for our network. But when the user goes to another customer's site, there WiFi prompts for a login to be made via a browser page. This page isn't displaying. There is a browser deployed to the tablet, and have got the end user to open the browser app before trying to connect to the WiFi, but it still doesn't work. As a temporary measure, I have used the "Remove apps and Configuration" option against the device and removed the Configuration profile. When the tablet is without the profile, the user can successfully connect to the WiFi, the browser appears. I am currently going through my setup that is applied to the device but can't see an option that is blocking the browser when connecting to a WiFi. Anybody come across this issue? Or know of a solution? The device config\setup is used to many different aspect of the business, so I have to be mindful of what change I make. Don't want to give them the ability to exit KIOSK mode etc Thanks275Views1like1Comment
Events
Happening Now
Explore the seamless integration of Microsoft Intune with Microsoft Defender for Endpoint. Get comprehensive endpoint protection, real-time threat intelligence, and streamlined management across devi...
Tuesday, Mar 04, 2025, 08:00 AM PSTOnline
2likes
461Attendees
3Comments
Recent Blogs
- I'm Catarina Rodrigues and recently, I've had the opportunity to have several conversations with healthcare customers on how Intune can effectively manage devices in frontline critical environments. ...Feb 28, 2025326Views3likes0Comments
- So, here we are. You’ve been asked to start managing frontline devices for your organization with Intune. You may be a pro with Intune management - with experience managing Windows devices, personal ...Feb 28, 2025326Views0likes0Comments