Recent Discussions
macOS unenrolled, but software updates still enforced
Hey all, I have enrolled and unenrolled a privately owned MacBook Pro M1. However I still get managed software update notifications, see screen shot. In English, this says "required managed update. unit must be charged at least 50% or connected to mains. The unit will be restarted to apply the update. You can cancel this update 4 more times before it will be installed automatically. This is a huge issue for me because I don't want to update to macOS 26 at this time. I unenrolled the MacBook from the company portal. It no longer appears in the list of managed devices. On the unit, under Settings, Device management, the profile list is empty: I don't know how to troubleshoot further. I would be very grateful to anyone who could point me to some next steps to try. Thank you Selwin Kadijk
Edge Mobile prompting users to Allow opening app using Custom URI Scheme
Somewhat recently, perhaps with release of IOS 26, Microsoft Edge began prompting users to "Allow" or "Don't allow" a site to open another application when using a Custom URI Scheme. This causes an unnecessary step in our user's authentication process especially when Conditional Access policies are enabled as Edge must be used to pass the CA conditions. This occurs even when the custom-intunemam:// scheme is used to open the Intune enabled application from Edge. I am wondering if there is an Edge Mobile - Intune configuration/setting that we could configure to bypass the prompt. Thanks!
Deploy Office 365 and uninstall stand-alone office at once?
Does anyone have a process to push Office 365 while removing older versions of stand-alone office (2016 or 2019) as part of that process? The deploy packages for Office 365 can have a remove option in the configuration file, but that always fails when an older stand-alone version is already on a machine. Our current Windows management tool allows for pre or post scripts, but I do not see that as an option for Intune. I could write a pre-install powershell/batch script if that were allowed.
Required Apps assigned to dynamic group are being skipped during pre-provisioning?
I have a few dynamic groups based on a group tag that gets assigned to the device during Intune enrollment. Each of those groups have a different set of applications that are installed on them. One of those dynamic groups just doesn't want to detect the required applications. There are supposed to be 5 apps. During pre-provisioning, it just jumps straight to the reseal page. If I let the device sit at the ESP page, the apps are installed in the background as if they aren't being tracked. If I quickly seal the machine before other apps are installed and unseal, it works like normal (tracking each of the apps and installing them). I can confirm the following: The device is in the proper dynamic group The Autopilot deployment profile and ESP settings are correct All of the applications are Win32 packages and install successfully during ESP This same setup works with my other dynamic groups fine. And it has worked previously with the trouble group before. I didn't change anything I tried: Removing and re-registering the device I'm about to delete and recreate the dynamic group or try to create a static group and see if I get the same results. Everything looks fine and I haven't been able to find something in the logs that points to why it doesn't see the apps as required. Again, if I let it sit, the apps install in the background fine. It's just baffling since my other dynamic groups work fine. Has anyone seen something similar?Google Play Web apps in Edge
Hi Community, We build quite a lot of Webapps in Managed Google Play and assign those to our Android devices managed in Intune as Dedicated with Entra ID Shared device mode. We run MS Edge as the default browser. Lately we have discovered that Webapps, pointing to web sites where you write text in a input field, especially if the text box is at the bottom of the screen, doesn´t behave as we expect. When the virtual keyboard is activated it often hides the text box, making it impossible to see what you write. If we open Edge and manually browse to the same site, it behaves better. I have also tested to open the Web app in Chrome which works as expected. It doesnt matter if I create the Web app with "Fullscreen" "Standalone" or "Minimal UI" display mode. First image shows the site opened manually in Edge. The textbox is moved above the keyboard Same site opened as a Web app. When activating the keyboard, the text box becomes hidden under the keyboardHaving trouble with MDM
I am trying to set up a surface pro with a business account. However I got a error saying looks like we can't connect to the URL for your organization's MDM terms of us. Error: invalid_client Error subcode: Description: failed%20to%20authenticate%20user Does anyone know a quick fix to this problem. Thanks,Best Kiosk Setup for Public Library PCs (Cloud-Only, File Explorer and Printing Issues)??
I’m trying to configure kiosk devices for a public library. I’ve tested configuring kiosks through the Intune Template option, where you can select a single app or multiple apps. However, I ran into an issue with the Start menu configuration — I want to display only Chrome, Edge, and the Downloads folder (via File Explorer). I then decided to switch to a custom OMA-URI configuration using an XML string <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"> <Profiles> <Profile Id="{7877df8d78fd7f8d7fdf-a454a45ae45-7sd777}"> <AllAppsList> <AllowedApps> <App DesktopAppPath="%ProgramFiles%\Google\Chrome\Application\chrome.exe"/> <App DesktopAppPath="%SystemRoot%\explorer.exe"/> </AllowedApps> </AllAppsList> <v5:StartPins> <![CDATA[ { "pinnedList": [ { "desktopAppLink": "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk" }, { "desktopAppLink": "%SystemRoot%\\explorer.exe" } ] } ]]> </v5:StartPins> <Taskbar ShowTaskbar="true"/> </Profile> </Profiles> <Configs> <Config> <AutoLogonAccount rs5:DisplayName="kioskläge"/> <DefaultProfile Id="{7877df8d78fd7f8d7fdf-a454a45ae45-7sd777}"/> </Config> </Configs> </AssignedAccessConfiguration> The problem is that File Explorer doesn’t appear on the Start menu, while Chrome launches correctly (because I use a PowerShell script for that). Based on your experience — what would be the best setup for public library computers that run pure cloud (no domain join), where public users will download documents and print them? If printing is required, would Universal Print be the best option, considering that the printers are on-premises?
Intune App Failure
I am experiencing repeated installation failures with the applications I have created in the Microsoft Intune Admin Center. I have tried deploying them both as Windows MSI line-of-business apps and as IntuneWin apps, but regardless of the file format used, the installations consistently fail with the error: “Fatal error during installation (0x80070643).” Could you please assist in identifying the cause of this issue?
Portions of Threat Severity section missing in Intune policy
I was updating our Intune Antivirus policy today and noticed that the threat severity section is gone. When I saved the changes, I did another review of the Defender settings and they have been removed from the policy. Anyone else seeing this or know how to get them back?Google Meet Links Not Opening on Intune-Managed Devices
We recently encountered an issue where Google Meet links could not be opened on devices managed via Microsoft Intune. This behavior was consistent across multiple users and devices, and it raised questions about whether this was a configuration issue, a policy conflict, or something else entirely. Symptoms Clicking a Google Meet link (e.g., https://meet.google.com/xyz-abc-def) results in no action. Tried to open it from Outlook, Gmail or Google-Calendar When Opening with the Browser, we get a Redirection to Google-Play-Store, but the Google-Meet App ist already installed. Behavior is consistent across Outlook, Teams, and other apps that handle links. We tried different Default Browers (Edge and Chrome) and Outlook, Gmail, Google Calendar and Google Meets are configured as managed Apps Is this a known Issue or can this be fixed with Intune Configurations? Looking forward to your feedback.Survey | Intune Auditing Feedback
Are you a frequent user of Intune audit logs? Your input is critical to shaping the future of Intune's auditing capabilities. This survey aims to gather insights on what works well today and where improvements are needed—whether it’s expanding audit coverage, enhancing search and filtering, or improving reporting experiences. By sharing your feedback, you help us prioritize features that deliver better visibility, stronger compliance, and a more intuitive experience. Thank you for helping us make Intune auditing smarter and more impactful! 👉Take the survey today: https://aka.ms/IntuneAuditSurveyUnderstanding DEM accounts and licensing
We are trying to understand the right way to deploy corporate devices that I'll call "shared" among staff. Specifically iOS devices. We started out thinking we needed to buy tens of thousands of device licenses as they weren't tied to a user. Then start reading about this DEM account idea. If I'm understanding it right, I can create 150 of these DEM accounts and each can enroll 1,000 devices. So then I could enroll 150,000 devices without paying for any licenses? Or do I just need to buy 150 "user" licenses and can enroll 150k of devices for no more cost? What if I need to move to like plan 2 for these devices for say tunnel capabilities. Do I have to pay per device or just for the 150 "user" licenses? Is it really free vs paying even for the "DEM" accounts? Curious if anyone can explain how these accounts work as even though we have an enterprise account with MS no one there seems to be able to explain it to my satisfaction.
Intune Management Agent (v1.95.103.0) crashing
We’re seeing repeated crashes of the Intune Management Agent (Microsoft.Management.Services.IntuneWindowsAgent.exe) after updating to version 1.95.103.0. No such crashes are identified in previous versions. Symptoms: Faulting application name: Microsoft.Management.Services.IntuneWindowsAgent.exe, version: 1.95.103.0 Faulting module name: WindowsPackageManager.dll_unloaded, version: 1.26.430.0 Exception code: 0xc0000005 (Access violation) Crash counts are high, with variations pointing to WindowsPackageManager.dll, wintypes.dll, icu.dll, ucrtbase.dll, and others (often marked as “_unloaded”). In some cases, we also see ucrtbase.dll with 0xc0000409 (stack buffer overrun) and ntdll.dll with 0xc0000374 (heap corruption). The agent establishes new connections not seen in 1.94.153.0 (Teams endpoints, OCSP/CRL checks, agents.msub01.manage.microsoft.com, etc.). Crashes are not consistent but occur frequently during app management tasks. Questions: Is this a known issue or under investigation? Are there recommended mitigations (e.g. App Installer stable vs preview, disabling WinGet integration, rollback to previous IME)? Some statistics:
Intune Android: Shared Device mode Teams calls
I am currently testing the shared device mode, we would also like to use Teams calls on the devices (Samsung). It rings but the interface does not appear. I can't even accept a call in the app. Do you have the same problem? And how did you solve it? I have already added the following ‘apps’. com.samsung.android.incallui com.android.server.telecom com.samsung.android.app.telephonyui
Device don't report to Windows Update for Business reports
We start using Autopatch. I setup all thigs for this report. Create LA and setup it. https://learn.microsoft.com/en-us/windows/deployment/update/wufb-reports-overview But from 750 device i see only 42. I try creating new LA, and onboard it but number of computers is same. On my NB i try even script but nothing works https://learn.microsoft.com/en-us/windows/deployment/update/wufb-reports-configuration-script Any help?Outlook cache mode set to download 3 months of emails
Hi ladies and gents, We have a requirement to set Outlook cache mode set to download 3 months of emails. The environment consists of Exchange Online, Intune and M365 and the devices are cloud native Win 11. Could you please advise the best way to achieve this. GPO is not an option, and Intune does not have a policy for this.
Recent Blogs
- Easily recover, help secure, and manage devices with Intune—now linked with Intel vPro hardware-level controls for modern IT.Oct 15, 2025
- By: Janusz Gal – Sr Product Manager | Microsoft Intune Microsoft Intune Advanced Analytics empowers IT admins and enterprise users to gain deep insights into device health, user experience, and...Oct 08, 2025
