Recent Discussions
Window 11
Hello I am using windows 11 few weeks ago I received windows update after update my windows started asking Bitlocker key i didn’t used Bitlocker my computer is stuck almost 2 weeks I don’t know what I do I didn’t used Bitlocker I buyed HP company alsmost 2 years. please help me to find solution without bitlocker key i can’t access my computer. thank you
Win 10 Security Baseline: Issue with WHFB
Hi, I activated the Intune Win 10 security baseline on a set of devices. I know experience an issue with WHfB. My face and fingerprint is not recognized, rsp. the login process is giving an error, saying that I cannot be identified. One user reports, that when away from company WhfB works as expected, asking for face or fingerprint and as second factor a PIN. I have another policy in Intune that is giving MDM policies precedence over GPO, so I cannot understand why it works for that one user when outside of company. What settings in MDM security Baseline could possibly be the cause resp. be responsible for broken WHfB?
Intune - Issues with Account-Driven User Enrollment Issues on iOS 18.5
Hello everyone, Since the release of iOS 18, Apple has deprecated profile-based user enrollment via the Company Portal app, requiring the use of Account-Driven User Enrollment. While this change enhances user experience, I'm encountering challenges in implementing it. Steps Taken: Apple Business Manager (ABM) Account: Created and linked the ABM account to Intune using the token. Corporate devices are successfully appearing in Intune. MDM Server Configuration: Set Intune as the default MDM server for all devices in ABM. Domain Federation: Established Entra ID federation in ABM to synchronize all users. Intune Enrollment Profile: Created an 'Enrollment Type Profile' of type 'Account-Driven User Enrollment.' MDM Push Certificate: Configured and validated the MDM Push certificate. Issue Encountered: According to https://support.apple.com/guide/deployment/account-driven-enrollment-methods-dep4d9e9cd26/web, starting with iOS 18.2, hosting a service discovery file on a web server is no longer mandatory. The device should automatically contact the ABM organization associated with the Managed Apple ID if no web server is found. On an iOS 18.5 device, I navigate to: Settings > General > VPN & Device Management > Sign in to Work or School Account After entering my Microsoft email address (which matches my Managed Apple ID due to federation), I consistently receive the error: "Your Apple ID does not support the expected services on this device." In ABM, under "Access Management" > "Apple Services," all services are activated. Could I be missing a crucial step in the configuration? Any guidance or insights would be greatly appreciated. Thank you in advance for your help. Best regards,
How to feed third party intelligence feed into Microsoft Intune
We want to create a connector/integration which can connect to Third Party Intelligence product and ingest that data into Microsoft Intune. Is it possible to create such a connector/integration? if yes then how, also do specify if there are any other ways to achieve this use case.Autopilot failing while hardwired in but face no issue on the Wi-Fi
We are in the process of migrating from SCCM to Intune. The issue we are facing is that when the device is hardwired in, the autopilot process fails and says network connection lost. When the device is connected to the wireless network, it goes through the entire autopilot process and successfully enrolls the device. Has anyone faced this issue before?Conditional Access Policy Not Allowing Users to Access AVD
We have an existing conditional access policy which requires a users' device to be marked as "compliant" in order to access "All Agent Resources". We are trying to deploy an AVD as an alternative to allowing users to use personal devices, but this CA policy seems to be interfering with users being able to access the AVD via Windows App. Yhe device they're accessing from isn't "Compliant" with Intune enrollment being one of the requirements for being compliant. Again, we do not want to allow personal devices into Intune which the MSP allowed previously. For the CA policy it's applied to all users EXCEPT for specific users in an exclusion group. Putting users in this exclusion group allows them to access the AVD via Windows App but at this point they can just access all resources from their personal machine defeating the purpose of the AVD. Target Resources Include All Resources Exclude: The AVD Itself, Windows 365, Azure Virtual Desktop, Azure Windows VM Sign-in Conditions Device Platforms - Windows, MacOS Client apps - Browser, Mobile apps and desktop clients, exchange ActiveSync clients, other clients are checked Grant Access Require MFA and Require device to be marked as compliant are both checked. Access to the AVD works in the browser but not in Windows App.MacOS ADE Error
Hello everyone. I am running into an enrollment error when rolling out ADE for MacoOS devices. I have a macbook pro I have added to Apple Business Manager using the Apple Configurator for IOS. The device appears in ABM, syncs to my Intune MDM, and I have assigned it an enrollment profile. I then Factory Reset the Macbook. Upon first boot it loads the AD Account sign in page and lets me input login credentials, then throws the following error message. "Something went wrong - We're sorry, we ran into a problem. Please retry. If this happens again, factory reset your device to start over or contact your IT support person to do it for you." I have tried changing networks, creating new profiles, removing the device from ABM and Intune and adding it again to the same result. I have my profile set with modern authentication with User Affinity. Any help with this would be appreciated.Cert Based Auth no longer working on Android devices.
Curious as to how wide spread this is/will be. Windows and iOS is fine, only affecting android. You can easily test this by revoking MFA sessions on a user who is using cert based auth on a android phone. I'm not sure if there has been a update recently to Android Microsoft Office apps where it thinks the certs live inside the intune company portal and is not looking for certs in the phones cert store. BYOD work profile Android 14 phones are being problematic, when a user changed their password and Azure revoked their sessions for a reauth, the issue started occurring. I tested this on another user manually revoking their MFA sessions without changing their password same issue occurred. I also setup a brand new Android phone and had the same issue after enrolling it. The issue is when the user opens outlook or teams and goes to sign in, it will pop up asking to use a cert on the device or a physical key. When selecting on the device the phone will freeze it will then eventually say ""company portal isn't responding" with the options of wait or cancel. Opening chrome in the work profile and going to a office app site will popup asking for the cert and works fine. So the issue doesn't appear to be the phone getting the cert, just the Office Apps are not accessing the Phones cert Store. I can confirm the Cert is inside the work profile as a browser or cert viewer app inside the workprofile can see it, auths work fine when using a browser in work profile, just not outlook or teams inside the work profile.Applications deployed on device based collection are missing from devices.
Hey guys, In my SCCM environment we are facing an issue. Its a co-managed environment where apps are deployed via SCCM. All of a sudden the apps deployed on Device based collection are not reaching the end user devices. The policies related to these app are also not reaching the device. The compliance status for these apps also went down even though if it is installed on the device the SCCM reports as Non-Compliant\Error. Has anyone faced this issue or can help me to identify what could be causing the issue.Error 80190190 Entra Join Device
Yesterday we could enroll devices fine until about 10am. After that we can no longer complete an Entra join on a corporate laptop. It gives an error code of 80190190. In the logs it shows the device registered/enrolls then shows a removal less than a minute later. Successfully joined device using account type Successfully deleted the device with identifier
Outlook Mobile Stuck in Login Loop on Intune Shared Android Devices
We’re having an issue on our Intune-managed shared Android Enterprise devices that are set up in Dedicated/Kiosk mode. When users try to open the Outlook mobile app, it launches and recognizes the signed-in user through AAD/Intune, but then it just gets stuck in a loop. It keeps showing messages like "Finding your account…" or "Identifying account…", and never actually loads the mailbox or even shows the normal login screen. Has anyone else run into this issue, and is there a known fix or workaround?
Disable Bluetooth on Android Fully Managed Devices
Hi All, Got an issue on an Android fully managed setup. I have set the option in the config profile to Block the Bluetooth Configuration, and this apply's to the devices, however Bluetooth is enabled by default, which is an issue as it has to be switched off. The config of Bluetooth on the device is locked down as per the setting. Any idea on how to turn Bluetooth off? It's not Samsung device so can't use KNOX. And Managed Home Screen also just blocks the config of Bluetooth and doesn't turn it off. Hoping this is possible 🤞 Thanks
Developer Options on Android Device
Hi all, I have an Android device enrolled in InTune and I'm trying to enable developer options. This would normally be done by tapping on the build number 7 times, however, when I try it on this device, nothing happens. There's no pop-up or error message, just nothing. I've tested on other identical devices and it works. It's got developer options enabled in the configuration policy, compliant in InTune, and was freshly reset/set-up, any ideas why it's not working?
Manged Home Screen: Outlook
We are running into issues with the Managed Home Screen and Outlook. Once the user has logged into the Managed Home Screen and tries to access Outlook, it gets stuck in an authentication loop. Loops: Discovering Accounts -> Accounts Found -> Back to Discovering accounts. This is affecting multiple devices/accounts. This only affects
Issues with Capturing Windows11 25H2
I have been trying to capture an updated image from vsphere8 and sccm. I had zero issues with 22H2 and 23H2 but now I cannot get sysprep to pass generalizing. This error keeps coming up but I have tried most things the great Google had to offer. Any one else running into this issue?
Intune Connection Issues in Defender for Endpoint
We have M365 E5 across the board which includes Defender for Endpoint P2. We're planning to enable Intune-MDE integration but getting this warning "A Microsoft Intune license was not found" Despite that message, I can still enable it (toggle the switch is allowed) and then the connection appears to be established.? But! more importantly, when it comes to the functionality, I cant create a "Auto from connector" EDR policy from Intune which could be due to the above glitch? "Create from Preconfigured Policy" option also greyed out. A custom policy also doesn't have the "Auto from connector" option to onboard devices. Has anyone seen this? Any inputs are highly appreciated ! Thank you KevIntune LAPS custom Admin account not enabled
Hello, I have configured a policy in Intune to enable a custom admin account to an Intune Windows 11 device group, in order not to have the primary user as admin. However, the policy never creates the custom account as it says. Is there something else to check, besides enabling Intune → Endpoint security → Account protection → MyLAPSPolicy > Edit Configuration and enable settings in: Automatic Account Management Enabled Automatic Account Management Enable Account Automatic Account Management Randomize Name Automatic Account Management Target Best regards KError 65000 with Settings Catalog
Hello Community! This is my first posting looking for answers. I'm pretty new to Intune and Endpoint Manager. In doing some testing, I have created a configuration profile using the settings catalog. I'm trying to disable the News and Interests from the taskbar. I have applied this to my testing group. Below is a screenshot of the settings I used. After the policy pushes to the device, it errors out. I get the following Error details for this device. I've tried looking for information on this error with no luck. Any help would be appreciated! DuncanDevice Enrollment
Hi everyone, I need some guidance regarding a device-management scenario in my environment. We currently have Microsoft 365 Business Basic with the Intune Plan 1 add-on. All of our devices (about 150+) are Azure AD Registered, and I’m trying to determine the best method to enroll them into Intune using only our existing licenses. I’m unsure which enrollment method is most appropriate for this setup, and I haven’t been able to find a solid, recommended approach. I want to avoid unnecessary complexity and I cannot upgrade or change our licensing. I would really appreciate a well-structured explanation that covers: The best enrollment method for this scenario Why this method should be used Step-by-step guidance Pros and cons of the proposed method Any insights from those who have handled similar situations would be extremely helpful. Thanks in advance!
Recent Blogs
- Microsoft 365 extends advanced security and AI-powered endpoint management to more customersDec 04, 2025
- Recommended videos and articles from the Intune MVP community.Dec 03, 2025
