Recent Discussions
Almost all devices show as Not Applicable in update rings
Currently almost all devices in our environment show not applicable in the standard windows update ring. Newly added devices seem OK. We previously used GPOs to push update settings. As this was conflicting with the Intune settings, we disabled the GPOs. Around that time (not sure exactly) our devices began showing not applicable for an update ring they were good with previously. Anyone seen this/have any ideas?
Intune Shared-Device Configuration - Disallow Entra Login
Hello everyone, I am encountering an issue with our shared device setup in Intune. Our organization manages devices through Intune, and we have configured shared devices specifically for external guests who only need access to a laptop and Microsoft Office products. While the setup generally works as expected, we’ve noticed an issue where users are still able to log in using Entra (Azure AD) accounts from our tenant, despite setting the Guest account configuration to "Guest" in Intune. We would like to restrict access solely to the local guest account and prevent users from logging in with Entra accounts. Our current configuration for the shared device profile is as follows: Shared multi-user device settings: Shared PC mode: Enabled Guest account: Guest Account management: Enabled Account Deletion: At storage space threshold and inactive threshold Start delete threshold (%): 20 Stop delete threshold (%): 50 Inactive account threshold: 30 Local Storage: Enabled Power Policies: Enabled Sleep timeout (in seconds): 600 Sign-in when PC wakes: Enabled Maintenance start time (minutes from midnight): 60 Education policies: Disabled Is there a way to enforce this restriction, allowing only the local guest account and blocking Entra user access? Any guidance on this matter would be greatly appreciated. Thank you for your assistance.
Does the Intune Management Extension enroll the Windows PC in InTune?
Intune Management Extension fails to install. The device is not visible in InTune. It IS visible in EntraID and Defender. Is the install failing because it's not enrolled in InTune or is it the opposite? This is a remote device, so I don't have direct access.Disable automatic app updates for specific apps in Intune
Hi, In our organization, I have enabled all three options below to install and manage traditional Android applications through Intune, However, we have encountered a situation where certain specific Android applications, such as the Google Play Private App, only work with lower versions of the OS. The higher version is not compatible, and Google Play Store is reporting it as an unsafe app and blocking it. Is there any option available in Intune that allows us to block automatic app updates for specific applications?
Problem running the Windows Feature Update Device Readiness Intune Report
I have a custom Intune role for our support staff. I want them to be able to run the Feature Update Device Readiness report. When they click on the Select target OS link, it shows "No data to display", instead of the OS list. They are able to click on Select scope tag and see a list of scope tags. Is there a permission they need that I'm missing? Here is what I have assigned for the custom role. Audit data Read Corporate device identifiers Create Delete Read Update Device compliance policies Read View Reports Device Configurations Read View Reports Endpoint Analytics Read Endpoint protection reports Read Enrollment programs Create device Delete device Read device Sync device Assign Profile Read Profile Managed apps Read Managed devices Delete Read Set Primary user Update View reports Organizations Read Remote tasks Clean PC Collect diagnostics Enable Windows IntuneAgent Get Filevault key Manage shared device users Reboot now Reset passcode Retire Set device name Sync devices Wipe Roles ReadMicrosoft Intune App Deployment
I have this autoinstall script for MATLAB 2024, the installer_input.text is configured with the right information inside it and every test I've done on my machine (locally) succeeded, however when I'm trying to deploy the software to a device and it creates a path in C:\Program Files\MATLAB however even though its creating this path at the installing stage it still not fully deploy the software like it should.. "%~dp0setup.exe" -inputFile "%~dp0installer_input.txt" TIMEOUT /T 120 /NOBREAK Exit 0 The install command in intune I set to cmd.exe /c autoinstall.bat what can i do to fix it? maybe the intune install command isn't good? or its within my autoinstall script
Disable sign in to Windows device (fast)
Hi, When using Intune along with WHfB PIN, what is the best approach to disable sign-in to Windows PC (using WHfB PIN)? Wipe command is not an option in this case, we just need to block access to the PC and do it fast as possible. In my testing blocking user, revoke session, disabling device is not preventing user from using cached PIN to enter and use computer. Yes, it's signed out from Office apps etc, but still has access to local files. I think there should be command in Intune that will efficiently do this. Thanks!Parameter is incorrect error at ESP phase of Autopilot device preparation policy (Autopilot V2)
Hi Team, I am testing the Windows autopilot device preparation profile (Autopilot V2). Here, I need to rename the device while it is enrolling to the Intune (during ESP). So, I created a script that has below command to rename the device and rebooting it. Rename-Computer -NewName $newname -ErrorAction 'Stop' -ErrorVariable err -Restart -Force The issue I am facing now is that, when the device is at ESP, it runs the script to rename the device and also it restart the device. But after restart it does not complete the device preparation set up and s an shows an error screen called with message "Parameter is incorrect" and after clicking on OK, I get to see the login screen. After logging in, I am able to use my machine fine and the device is also renamed as per my organization standards. Does anyone also have faced this kind of issue while testing the Autopilot V2 with reboot script at ESP. Regards, Ashish AryaError running on-premises Intune Connector for Active Directory (ODJ Connector).
Hi, I trying add AAD joined devices hybrid at my AD DS local whit Autopilot. I downloaded the ODJConnectorBootstrapper.exe file from the Microsoft Endpoint Manager > Devices > Enroll devices portal, the installation was successful, but after trying to sign in, an error occurred in the log file (C:\Program Files\Microsoft Intune\ODJConnector\ODJConnectorUI\ODJConnectorUI. log) and also in the Event Viewer (Application and Servecies Logs > ODJ Connector Service) .. ODJRequestHandlingPipelineDownload_Failure: Failed to download ODJ requests. InstanceId:We are unable to complete your request because a server-side error occurred. Please try again. [Exception Message: "DiagnosticException: 0x0FFFFFFF. We are unable to complete your request because a server-side error occurred. Please try again."], DiagnosticCode:514AE631-B83B-409A-9056-6095ADE99F21, DiagnosticText:Unknown_Error The IE Enhanced Security Configuration is already OFF, I've removed everything related to Intune and reinstalled only the ODJConnector, I've restarted the server, but the problem persists.
Deploying a Local Admin Account to Multiple Targets
Hello, Thanks for this forum and your time. I recently started using Intune to manage mobile devices for an organization. I recently went to do some admin work on intuned laptops and found that I could not make administrative changes even with a domain admin account. I learned that the way our Intune is set up if I want to make admin changes on a device, I have to set the device to an admin device for admin users. Then, when finished, set it back to a user device for standard users. I'm new to Intune but this seems a bit convoluted, so my first thought was how can I make it possible to do admin work on an Intune device without needing to change those settings each time? I decided the best way would be to use Intune to add local admin accounts on all the devices. Researching this, I found there are two common ways to do this. 1. Add a Powershell script that will create a local admin account on the device/s of my choice. Though my Powershell script worked when I ran it on the local machine, it wouldn't work using Intune. Either it would deploy but no admin account was created on the target machine, or it just wouldn't deploy. Because of this, I tried the other way of doing it which is Intune's LAPS (Local Administrator Password Solution). But after setting this up, it would never enable to built-in admin account, nor could I find any system-generated password in Intune for that account. In the end, I just want local admin accounts on all our surface pros deployed en masse.[On demand] Enterprise Application Management with Microsoft Graph
Dive into the latest updates for Microsoft Intune Enterprise App Management, then learn how to leverage Microsoft Graph to take it even further. Watch Enterprise Application Management with Microsoft Graph – now on demand – and join the conversation at https://aka.ms/EAMWithGraph. To help you learn more, here are the links referenced in the session: What’s what with app management in the enterprise Use the Microsoft Graph API - Microsoft Graph Developer's guide to Microsoft Graph Intune devices and apps API overview - Microsoft Graph Enterprise Application Management For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.[On demand] Secure helpdesk support using Intune Remote Help
Take a closer look at key features and functionalities of Microsoft Intune Remote Help for Windows, Android, and macOS devices so you can start utilizing it today. Watch Secure helpdesk support using Intune Remote Help – now on demand – and join the conversation at https://aka.ms/SecureHelpdeskSupport. For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.[On demand] AMA: Cloud native with Microsoft Intune
Find the answers you need to help your organization become cloud-ready. Watch AMA: Cloud native with Microsoft Intune – now on demand – and join the conversation at https://aka.ms/AMA/CloudNativeWithIntune. For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.[On demand] Device management for the frontline: Intune to the rescue
Secure, reliable, easy to use. Dive deep into the latest innovations in device management for frontline workers with Microsoft Intune. Watch Device management for the frontline: Intune to the rescue – now on demand – and join the conversation at https://aka.ms/IntuneToTheRescue. To help you learn more, here are the links referenced in the session: Work Trend Index Special Report: Technology Can Help Unlock a New Future for Frontline Workers Device Staging on Apple devices: To stage a device, set up VPP deployment for the Company Portal app, then configure and deploy a specific app configuration policy. To learn more, go to: https://aka.ms/Intune/FLW-home https://aka.ms/Intune/FLW-healthcare For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.Cannot install macOS Management Profile
Hi, all. I'm trying to get management of a macOS device working. This is the first device being enrolled, in a new setup. The device was pre-enrolled in ABM and synced to Intune. The device registers fine, and get the default management profile. I have added Company Portal, Microsoft 365 and Defender as apps to install. All these are being pushed, except Defender comes up with a missing license. I guess this is related to the issue below. I start up Company Portal and it instructs me to install a new management profile. When trying to install this profile, it fails with the error "Could not obtain final profile using the Encrypted Profile Service...". My guess is that there is a conflict with an already installed Management Profile, which is impossible to remove. Have tried both locked and unlocked enrollment. Any hints on how to resolve this?[On demand] Intune data platform and Advanced Analytics
Learn how to run smart queries and troubleshoot effectively with the latest capabilities and enhanced hardware inventory in Microsoft Intune. Watch Intune data platform and Advanced Analytics – now on demand – and join the conversation at https://aka.ms/IntuneAnalytics. For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.[On demand] Never trust, always verify: Tips for Zero Trust with Intune
Get tips on how to leverage the latest automation and tooling in Microsoft Intune to enforce security policies that require healthy, compliant devices before access to apps and data is granted. Watch Never trust, always verify: Tips for Zero Trust with Intune – now on demand – and join the conversation at https://aka.ms/AlwaysVerify. To help you learn more, here are the links referenced in the session: Zero Trust Workshop Microsoft Zero Trust Microsoft Cybersecurity Reference Architectures For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.[On demand] Utilize, configure, and manage Cloud PKI like a pro
Deepen your understanding of Microsoft Cloud PKI and see all the latest advancements. Watch Utilize, configure, and manage Cloud PKI like a pro – now on demand – and join the conversation at https://aka.ms/ProCloudPKISkills. For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.
Recent Blogs
- I'm Catarina Rodrigues and recently, I've had the opportunity to have several conversations with healthcare customers on how Intune can effectively manage devices in frontline critical environments. ...Feb 28, 2025
- So, here we are. You’ve been asked to start managing frontline devices for your organization with Intune. You may be a pro with Intune management - with experience managing Windows devices, personal ...Feb 28, 2025
