Recent Discussions
Autologin to kiosk not working as expected
We recently answered a customer support question regarding kiosk and Windows desktop and figured it would be useful to share the answer here. The customer ran into a scenario where the kiosk profile was successfully deployed through Intune, but the autologin to the Kiosk account was not working as expected. Through the troubleshooting, we discovered the customer was using a VM for testing, which is not supported. While our Windows docs team is updating their documentation to share that kiosk does not support RDP, we also found Michael Niehaus' blog here: https://blogs.technet.microsoft.com/mniehaus/2018/06/07/deploying-a-kiosk-using-windows-autopilot/ which calls out that restriction in virtual TPM's.
Chrome OS
Hi All! We are looking into managing Chrome OS devices with Intune. I believe we need an Google Admin account, which has a monthly subscription cost. Can personal gmail accounts be used to login to the Chrome OS devices or do they require a different Google account. Are there any other cost's involved from Google? device licenses etc.. Thanks
Failed to create object ID in Intune for new onboarded device.
We are deploying Defender for Cloud with XDR onboarding. We are implementing Defender policy with Intune enforcement setting, everything is working for 98% of devices as well. But, for some devices like Arc enabled machines, after going through each step and Microsoft troubleshooting documentation. Some devices are not able to create the synthetic object in Intune to receive Defender XDR policies. No solution is provided in the documentation or in MDEclient parser. In the onboarding workflow, the synthetic object is normally created to apply the policy via Intune. But, when a device fails this process, we have no solution even after re-onboarding.
Allow Location Service on Windows 11 for Zoom
I am having no luck finding documentation here, likely using the wrong terminology, but I want to allow the desktop Zoom app to use location services on our windows computers. This is so that the phone service on Zoom can use location services for 911 calling when a user isn't in the office. I can find 'force location allow for apps' in the settings catalog when creating a policy, but I can't find the package family name for the Zoom desktop app to allow it. So first, is this the best way to allow the service here and if so, where can I find the Package Family Name? Second, if this isn't the best way to get there, what do you suggest? Thanks as always for any help you can give.
Application Protection Policy not applying to Microsoft 365 (office)
Hello Community, We have setup an APP for MS applications (android), that prevent users from saving attachments, or documents received by teams or even documents that reside on OneDrive to their local storage, we have also configured some security aspects like PIN code or biometric fingerprint to access the apps. Everything is working fine from Teams, Outlook, OneDrive, but when i use "Microsoft 365 (Office)" App, its like the policy is not applied to this specific application, i can download files, i can access the app with no need of PIN or Fingerprint, i can access a Word file and choose save as and put it in my local phone storage. i have already created a ticket to Microsoft, but they are veeery slow. can you please help.
Reporting for intune
Hi is there any useful reporting if an intune policy as applied correctly? I see there is some logging in the event viewer, but most of it doesn’t make sense when there is an error. Most of the error codes, it appears no one knows what they mean.. even co-pilot or MS don’t have the answer….
Microsoft Intune - Software installation
I am a beginner using Intune to manage PCs (Windows 11) and Android devices. When adding a new PC with Windows 11, the following happens: The user logs into the computer with their email account from our company administration and starts Windows 11 (Business) and complete the Device Registration in the "Unternehmensportal". The user (who is supposed to be a standard user) is set up with an "Administrator" profile. If I change the user to a standard user (logging in with the company's admin account on the same computer), I can no longer install any software and get the message "Installation is blocked" (or something similar) when running the installer. There's no prompt for admin rights or an option to run the installation file as an admin. On another user's computer, everything works without problems. No policies are configured, at least not to prevent software installations. The user should not be able to install software independently, and standard users should be standard users when first logging into a new device. Who can help me?How to enable/disable on iOS devices the setting: Notifications -> Civil Protection Pre-Alerts
We would like to have the possibility of enable/disable this notification service on iPhones from Intune. Intune already manages these devices. Is there a device configuration policy template, service catalalog, or something similar?Intune Shared-Device Configuration - Disallow Entra Login
Hello everyone, I am encountering an issue with our shared device setup in Intune. Our organization manages devices through Intune, and we have configured shared devices specifically for external guests who only need access to a laptop and Microsoft Office products. While the setup generally works as expected, we’ve noticed an issue where users are still able to log in using Entra (Azure AD) accounts from our tenant, despite setting the Guest account configuration to "Guest" in Intune. We would like to restrict access solely to the local guest account and prevent users from logging in with Entra accounts. Our current configuration for the shared device profile is as follows: Shared multi-user device settings: Shared PC mode: Enabled Guest account: Guest Account management: Enabled Account Deletion: At storage space threshold and inactive threshold Start delete threshold (%): 20 Stop delete threshold (%): 50 Inactive account threshold: 30 Local Storage: Enabled Power Policies: Enabled Sleep timeout (in seconds): 600 Sign-in when PC wakes: Enabled Maintenance start time (minutes from midnight): 60 Education policies: Disabled Is there a way to enforce this restriction, allowing only the local guest account and blocking Entra user access? Any guidance on this matter would be greatly appreciated. Thank you for your assistance.AutoPilot Question
Hi All Apologies if this has been asked before. Anyway, we use Intune DEM accounts to setup new devices and download / run the AutoPilot script to import our devices into Intune. This is fine. What we find though, is that the DEM accounts are still presented with the OOBE setup screens which the AutoPilot profile is supposed to strip out. Am I missing a trick here? Would a reboot after the AutoPilot script has been ran etc solve it? Any ideas?Microsoft Graph Command Line Tools Blocked by CA
Hi All I hope you are well. Anyway, I recently turned ON a Conditional Access Policy Template, "Require MDM-enrolled and compliant device to access cloud apps for all users (Preview)" this seems to work fine until our IT Admins try to use the AutoPilot script which gets blocked based on: Microsoft Graph Command Line Tools Any ideas on how to allow AutoPilot /Microsoft Graph Command Line Tools through CA? Info appreciated
Issue with Autopilot after move to SSO
Hello there, I use my company login to add devices to Intune with Autopilot. The account is also in the Device enrollment managers group. We moved all company logins to use SSO and since then I cannot add devices anymore. I get an error "we didnt find that email address in your organization" It looks like this is caused because of the move to SSO, has anyone else come up against this, and how would I go about resolving it? Thanks!Deploying and Activating Microsoft Defender on Android Kiosk Devices Without User Interaction
I’m working with an Android Kiosk device that deploys two applications. This device is enrolled under 'Corporate-owned dedicated devices' Enrollment Profiles and isn’t assigned to any specific user. Our company requires Microsoft Defender on all devices, but I’m encountering issues with Defender activation —it won’t activate without a user login. Since this is a dedicated Kiosk device with no assigned user, this setup doesn’t align well with our needs. Are there any options to deploy and activate Microsoft Defender on Android Kiosk devices without requiring user interaction? Any guidance on configuring Defender in this scenario would be greatly appreciated."Adobe Creative suite Intune package
Hi Team, I am trying to package Adobe Creative suite on Intune, has anyone packaged this before? If yes, can you please share the installation instructions such as the installation command, uninstallation command and the detection rule, I read some articles in online forums and have been advised to use the .msi, however, on the Adobe website, I can only see a setup.exe. And unable to package it as a store app as the latest package isnt available. Thank you in advance. Regards, Vijay.
Since CB 2403, downloading applications through CMG during task sequence not working anymore
Hello everyone, since the 2403 ConfigMgr Upgrade we have the issue that during task sequences downloading applications doesn't work anymore. TS is stuck on "Install Application" until it times out after hours. This happens only, if content is being retrieved by a CMG. Packages are working pretty fine, it is just applications. On Reddit, a few others are reporting the same. One solution provided was to disable Branch Cache in client settings, but this doesn't help during a task sequence. Downloading the same applications within Windows and the Software Center through CMG is working well. Anyone experienced this issue and may have a solution? Cheers, RayCorporate owned work profile Android - Cannot access photo
Hello, We are in the process of distributing smartphones to all our employees and currently have around 200 samsung onboarded with a corporate owned work profile. However, we have the problem that our employees have to take a lot of photos for work purposes. They use the “Camera” and “Galery” applications in the professional profile. However, these images must then be accessible via their computer, except that when the phone is plugged in, the entire professional section is inaccessible --> can understand that point. How do I access the photos in the Professional profile ? We're talking about hundreds of photos, they can't be transferred by email and we don't have onedrive yet. Do we have a solution here ?
Conflict status after having 2 Local user group membership Policy
Hello, I have an issue with applying two "Local User Group Membership" policies on a PC. The Intune policy report shows a conflict between having two "Local User Group Membership" policies despite having different configurations. For example, one is a Global Policy, which applies an admin privilege to all PCs, and the other one is more specific to a certain group, and it is just about giving remote access to the PCs on this group. So, my question is, why does Intune mark these two policies as a conflict of each other? If it is not possible to have two "Local User Group Membership" policies applying to the PC. Is there a way to have a global policy for admin users on the PC and one more private policy for remote user access using "Local User Group Membership"?Work or School Account Problem just after Hybrid AD Joined Autopilot
Hi All, We are doing the Hybrid AD joined Autopilot and the issue is just after finish the process and user has signed in, there is a notification for sign in again to fix your work or school account. if we are not sign in and let be there, we didn't get company portal app installed for about 3 to 4 hours. however, if we click the notification and sign in the user account, we will get the company portal app installed within 5 minutes. if we go to Account settings, we could see hybrid ad joined done properly and policies has been pushed by Intune too (image2). We have deployed the Company Portal app to All users at the moment. I want a help to identify is this by design or something wrong with our configurations? image1: image2: Thanks, Dilan
Recent Blogs
- 4 MIN READNew unified settings for device configuration policies in Microsoft Intune!Nov 08, 2024
- Read this post to learn more about changes to Managed Google Play apps in Intune.Nov 08, 2024
