Recent Discussions
Intune LAPS custom Admin account not enabled
Hello, I have configured a policy in Intune to enable a custom admin account to an Intune Windows 11 device group, in order not to have the primary user as admin. However, the policy never creates the custom account as it says. Is there something else to check, besides enabling Intune → Endpoint security → Account protection → MyLAPSPolicy > Edit Configuration and enable settings in: Automatic Account Management Enabled Automatic Account Management Enable Account Automatic Account Management Randomize Name Automatic Account Management Target Best regards K
Intune Connection Issues in Defender for Endpoint
We have M365 E5 across the board which includes Defender for Endpoint P2. We're planning to enable Intune-MDE integration but getting this warning "A Microsoft Intune license was not found" Despite that message, I can still enable it (toggle the switch is allowed) and then the connection appears to be established.? But! more importantly, when it comes to the functionality, I cant create a "Auto from connector" EDR policy from Intune which could be due to the above glitch? "Create from Preconfigured Policy" option also greyed out. A custom policy also doesn't have the "Auto from connector" option to onboard devices. Has anyone seen this? Any inputs are highly appreciated ! Thank you Kev
Azure VPN issues - RasMan service - Unknown state
Azure VPN Client stopped working after KB5065813 update – RasMan service Unknown state Environment details: Azure VPN Client version: 4.0.4.0 (Microsoft Store) Windows version: Windows 11 Pro, 23H2 (fully updated) Issue Summary: The Azure VPN Client worked fine from Friday (14 November 2025) until Sunday (16 November 2025). On Sunday, Windows installed updates, and starting Monday morning (17 November 2025), Azure VPN stopped working. When I run the Prerequisites Test in Azure VPN Client, everything passes except: Rasman Windows Service Status Result: Unknown state. Please make sure Rasman windows service is in a running state. However, sRasMan service it's running Registry keys for RasMan exist, and Svchost\netsvcs includes RasMan What changed: I noticed that the update KB5065813 seems to be causing the issue. This KB is installed on my machine, but my colleagues have KB5041655 instead. As part of troubleshooting, I even changed my laptop to a brand-new device with a fresh OS install, and the issue persists after KB5065813 is applied. What I’ve tried: Restarted RasAuto and dependencies Reinstalled Azure VPN Client Installed older versions of Azure VPN Changed my laptop with a brand new one and a fresh OS install Questions: Is KB5065813 confirmed to break Azure VPN Client functionality? Is this related to the October 2025 RasMan vulnerability patch (CVE-2025-59230)? Any official Microsoft steps or scripts to fix this? Screenshots attached for reference.
Windows 11 and Office 365 Deployment Lab Kit
Hello, I am attempting to setup the most recent version of the Windows 11 and Office 365 Deployment Lab Kit, using the following link: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-11-office-365-lab-kit However, the evaluation periods for Windows Server, SQL, and MECM are all expired once the lab is setup. When can we expect a new version with fresh eval periods? Thanks.MDE vs Intune Windows Device Management
I have started applying security policies for Defender for Endpoint using MDE to manage them, adding the MDE tag to my Windows 11 machines. If I am migrating to Intune management, is it necessary to offboard the devices first, before applying the auto-enroll GPO and onboarding device configuration to the machines?
Existing required application deployments policy is not sent to devices
I have couple hundred applications in SCCM/MCM that are set to required and whenever there is a new device is built, all these required applications automatically get installed. I am on 2503 and 5 days ago i started seeing this issue. But if modify that deployment with current date and time then the application gets deployed right away if i run Application Deployment evaluation cycle. I also tested by deleting the existing deployment and created a new required deployment and run Application Deployment evaluation cycle then the application installs right away. The problem seems like the Primary server is not sending the policy to the client for existing deployments. The application compliance that we see for every deployment under Monitoring for all the devices moved to Error with Success. Not sure why this is happening. All these changes i noticed in the last one week. A week ago all these Already Compliant and Success status device count is under Success tab. Let me know if you have any suggestions.Applications deployed on device based collection are missing from devices.
Hey guys, In my SCCM environment we are facing an issue. Its a co-managed environment where apps are deployed via SCCM. All of a sudden the apps deployed on Device based collection are not reaching the end user devices. The policies related to these app are also not reaching the device. The compliance status for these apps also went down even though if it is installed on the device the SCCM reports as Non-Compliant\Error. Has anyone faced this issue or can help me to identify what could be causing the issue.Enrollment on Intune disabling Android systems app
Hello everyone, Some explanation first: We use some handheld Unitech EA520 rugged smartphones with built-in scanners and when i enroll these into Intune, half of the built-in system apps are disabled. This includes the Unitech scanner service which is used to control the scanner. When i check under system apps on the device it says "Not installed for this user". I haven't setup any restrictions ofr the device yet and when i do, there is no possibility to enable these system apps. Even weirder is that i enrolled 5 of the exact same devices with same android version about half a year ago and they had no issues what so ever. These are also fully dedicated, company owned devices. Did anyone experience something similar before, as i am quite stuck ?restore Personal Iphone on onother supervised iphone
Good morning, Our employees would like to keep their iPhone settings on the company phone supervised by Intune. How can we restore a personal iPhone from iCloud to an iPhone supervised with Intune? I've heard of a method that allows a restore on an intermediate device before moving to the supervised one. Has anyone already solved that problem?
Microsoft Managed Home Screen: Unwanted Samsung One UI 8.0 Elements Appearing
Hello Tech Community, Our organization is currently deploying a configuration in Microsoft Intune using a Corporate-owned dedicated device enrollment profile. We’ve applied a device restriction policy to configure Samsung tablets in Multi-app Kiosk mode, with Managed Home Screen set as the launcher. Instead of using an app configuration policy, Managed Home Screen is configured through the device restrictions policy. We’ve left the device navigation options unconfigured, which should hide the following UI elements: Android Overview button Android Home button Android App drawer Once all policies and required apps are installed, Managed Home Screen successfully acts as the launcher for end-users to sign in. Overall, this works well; however, we’ve encountered an intermittent issue: After multiple lock/unlock cycles, the navigation bar sometimes reappears, showing the Overview, Home, and App Drawer buttons. This allows users to access background apps that are not exposed through Managed Home Screen, which defeats the kiosk experience. Device details: Samsung Galaxy Tab S10 FE Android 16, One UI 8.0 Managed Home Screen version: 2.2.0.107721 Has anyone experienced this behavior or have recommendations to prevent these UI elements from reappearing? I’ll gladly provide additional details about our configuration if needed. Thank you!iOS 15.8.x iPad Air 2 Failed to retrieve configuration
We are getting "Failed to retrieve configuration" on all iPad Air 2 devices running iOS 15.8.x. I saw on the https://community.jamf.com/general-discussions-2/failed-to-retrieve-configuration-on-ipados-v15-8-4-48978 forums that it's a known issue by Apple and they are working on a fix but I have doubts that they will actually do anything since they no longer support that product. Has anyone else seen this issue and found a workaround?Outlook for iOS (MAM only Call Identification)
In order of the implementation of O365/M365 and with it Microsoft Intune, Outlook for iOS has become the standard mail client on iOS devices for many customers today. This is due to the excellent user experience and the constant stream of new features implemented by Microsoft. From a security perspective, in addition to the provision on managed devices (managed by Intune), the secure use on unmanaged devices with MAM or App Protection Policies (APP) is a big argument for using Outlook for iOS. Currently, many ouf our customers are working on a BYOD setup for blue collar worker, who typically have a maximum of one email inbox. A big pain point for many users who use Outlook for iOS in an MAM-only setup (and for MDM setup with Intune) is the missing caller identification of Exchange Online (EXO) contacts. Outlook for iOS supports a one-way contact export process whereby contacts from within Outlook for iOS can be exported into the personal (unmanaged) part of the native iOS Contacts app. This means a contact must first be imported into the users personal contacts directory of EXO and then exported from Outlook for iOS to the native (unmanaged) iOS Contact app in order to see who is calling. This functionality enables Caller-ID, iMessage, and FaceTime integration for users’ Outlook contacts. The exported Outlook contacts are considered unmanaged and are accessible by unmanaged, personal apps. Especially for European customers who are subject to GDPR compliance, this is a no go, as personal data and company data must not be mixed. The unintentional outflow of contact data worthy of protection to commercial platforms, such as WhatsApp or Google, and the unintentional synchronization of address books with social media apps, represents a significant GDPR risk. Although the user's personal EXO contacts can be synchronized, there is currently no option to synchronize the GAL. Furthermore, there is currently no provision in Outlook for iOS to synchronize the GAL cyclically. The user has to add a GAL contact to his personal contacts as described above and then within the Outlook for iOS app export the contact to his native iOS contacts app to be able to see who is calling. To meet the GDPR compliance, we need to prevent the contact export. So this is not a solution. The question to ask is: Why does a user need to export a GAL/personal contact to their native iOS Contact app? There are already several paid app solutions that close exactly this gap (ebf Contacts, Secure Contacts, etc.) which offer more or less the same range of functions. The app builds a container and downloads the managed address books (GAL, personal) of the user and then enables the resolution of the CallerID or identification of the caller via the so-called Apple CallKit integration. Apple has been offering the so-called CallKit integration for years. With CallKit you can integrate your calling services with other call-related apps on the system. CallKit provides the calling interface, and you handle the back-end communication with your VoIP service. For incoming and outgoing calls, CallKit displays the same interfaces as the Phone app, giving your app a more native look and feel. CallKit also responds appropriately to system-level behaviors such as Do Not Disturb. In addition to handling calls, you can provide a Call Directory app extension to provide caller ID information and a list of blocked numbers associated with your service. When a phone receives an incoming call, the system first consults the user’s contacts to find a matching phone number. If no match is found, the system then consults your app’s Call Directory extension to find a matching entry to identify the phone number. This is useful for applications that maintain a contact list for a user that’s separate from the system contacts, such as a Outlook for iOS. For example, consider a user who is a colleague to Jane, but doesn’t have her phone number in their contacts. If the Outlook for iOS app has a Call Directory app extension, which downloads and adds the phone numbers of all of the user´s colleagues. When the user gets an incoming call from Jane, the system displays something like “(App Name, e.g. Outlook) Caller ID: Jane Appleseed” rather than “Unknown Caller”. The effort to integrate the Call Directory Extension is minimal and would solve many pain points from both a security and user experience perspective. Apple has documented CallKit excellently on the developer site: https://developer.apple.com/documentation/callkit With the possibility of using Apple CallKit in combination with Outlook for iOS and the contact synchronization (personal/GAL) of a managed EXO mailbox, the use of M365 in a BYOD scenario for customers Blue Collar workers will massively increase. Furthermore, the use of contact synchronization is then also possible for devices managed by Intune. This creates an outstanding user experience while increasing user adoption! This article was also published as feedback in the Outlook Forum for iOS: https://feedbackportal.microsoft.com/feedback/idea/a80414f4-9598-ed11-a81b-000d3ae32cd0 There are already other requests within the Microsoft community that I would like to link here: PatrickF11 : Outlook for iOS + Caller Identification - Microsoft Community Hub Daniel Huttenlocher: https://feedbackportal.microsoft.com/feedback/idea/bbfc8763-da97-ed11-a81b-000d3ae32cd0
Autopatch reporting Errors and Conflicts, but I can't find them...
Greetings all. I am fairly new to Intune. I setup Autopatch to do Windows Updates (Quality & Features). I was looking over some of the stats today and noticed that some computers (<10%) have issues. When I click on one of the computers I get a list of Profile Settings... If I click on any of these (even the success, I get Not Found... How do I figure out what the error or conflict is so I can correct it? I thought I might have had another Windows Update policy (Non-Autopatch), but I deleted it a while back when I switched to Autopatch. Thanks in advance for your time. J
Recent Blogs
- 8 MIN READDiscover the latest innovations from Intune and see how integrating AI is reshaping endpoint management.Nov 18, 2025
- By: Roger Southgate - Sr. Product Manager | Microsoft Intune Myth vs reality Myth: Cloud-native Windows devices can’t access on-premises resources such as file shares or legacy applications. Re...Nov 14, 2025
