Forum Widgets
Latest Discussions
Connect a second NDES server to enterprise CA
In preparation of the migration of our ~4500 MDM-devices from SCCM-Intune-Hybrid to Intune SA, I am trying to install a second NDES-server to be able to test and provide feature-parity before moving the first users. Anyone has an idea how to do so? Always get an error (during NDES setup wizard) stating, that the "endpoint is a duplicate". The same error can be found on the CA in the eventlog, but in my opinion, it should be able to connect to a CA from two servers, even as I use different system-users and also created a new cert-template for this purpos. Any thoughts on this are appreciated Thanks in advance JuliusJulius DiernhoferJul 01, 2026Tin Contributor2.1KViews0likes1CommentAllow Teams desktop on unmanaged Windows, but block Outlook desktop using Entra conditional access
I need to allow Teams to run on non Intuned devices but not allow Outlook desktop to be available I am looking for a solution for Windows and Mac and ideally linux as well The issue is Ig I have Office 365 Exchange Online as my resource, it blocks Microsoft Team Services as well How can I fix thisMarkGouldAurumJun 30, 2026Copper Contributor52Views1like1CommentIntune Platform Scripts never target devices (0 targeted devices) despite healthy Intune environment
Hi everyone, I'm hoping someone has seen this before because I've exhausted most of the obvious troubleshooting. Environment Microsoft 365 Business Premium Windows 11 Pro Microsoft Intune Microsoft Entra ID Joined devices Intune Management Extension (IME) installed and healthy The Issue Platform Scripts never target any devices. Regardless of the script, assignment or device, the script always remains at: 0 Devices 0 Succeeded 0 Errors The device never appears under Device Status. What works The Intune environment is otherwise functioning normally. Configuration Profiles deploy successfully. Settings Catalog policies apply successfully. BitLocker policies apply. Windows Firewall policies apply. Windows LAPS is working. Win32 applications deploy successfully Devices are Entra Joined and managed by Intune. What I've tested To eliminate variables I created: Created a brand new PowerShell script that simply creates a text file. Created a brand new assigned Security Group containing a single Windows 11 device. Assigned only that Security Group to the Platform Script. The result is still: 0 Devices 0 Succeeded 0 Errors Device checks completed On the client: dsregcmd /status shows AzureAdJoined = YES. Intune Management Extension service is running. Win32 apps are deploying correctly. Intune Management Extension logs appear healthy. AgentExecutor.log contains WinGet application activity but no evidence of any Platform Script ever being downloaded or executed. The IntuneManagementExtension registry contains SideCarPolicies but there is no evidence of any PowerShell script policy being received. Additional observations I reproduced the issue on two separate Windows 11 devices. I reproduced the issue using both dynamic and assigned device groups. I reproduced the issue using different PowerShell scripts. This makes me believe the issue is not device specific. Question Has anyone seen Platform Scripts remain permanently at 0 targeted devices despite Intune otherwise functioning normally? Is there a known tenant-side issue, prerequisite or licensing requirement that would prevent Platform Scripts from ever targeting devices while Win32 apps and Configuration Profiles continue to work? Any suggestions would be appreciated.HRZookJun 30, 2026Copper Contributor51Views0likes1CommentIntune Autopatch Reports - Expected Behavior
I utilize the Intune Autopatch Reports for Quality Updates to monitor the deployment of updates across our environment. We currently have a group of devices which have a 30-day deferral period due to the compliance/testing policy we have to follow. My Understanding is that the "Quality Update Status" Report will determine if the device is Up-to-Date based on if the device has the update that has been released to it but I am finding that all devices are marked as Not Up-to-Date even with the 2026.05 QU installed as the 2026.06 QU is not available for the devices. I am wondering if this is expected behavior or if this changed because before the changes to the reports in May (2026.05) it was showing correctly Thanks!jokellyJun 29, 2026Copper Contributor91Views0likes3CommentsSecure Score does not reflect settings in ASR rule
Hi, Our secure score ist pretty low, so I followed recommendations from M365 Security Center. The setting reside in one ASR rule, but Secure Score still does not reflect my settings still stating 0% achievement. I waited nearly a week. Defender is not the primary AV, but on other tenants the same setting led to success. Any ideas?heinzelrumpelJun 29, 2026Brass Contributor46Views0likes4CommentsIs it really impossible to force an Intune sync from the command line?
Is it really not possible to force an Intune sync on a client computer from the command line? It seems like such a simple thing to do. Rather than make me dig 3 subpages deep to click a button, just let me fire off a DOS command and get on with my day. I'm familiar with the https://timmyit.com/2019/06/04/intune-invoke-sync-to-all-devices-in-intune-with-the-intune-powershell-sdk/, but honestly, clicking a "Sync" button should never be as complicated as that. I'm also familiar with Michael Neihaus' method... Get-ScheduledTask | ? {$_.TaskName -eq 'PushLaunch'} | Start-ScheduledTask That has never worked, but don't tell anyone because there are a lot of admins out there who think it does, and I'd hate to spoil their day. Am I just too dim to figure this out or is there really no way to sync from a CLI? Thanks,Dr_SnoozeJun 24, 2026Brass Contributor117KViews4likes20CommentsHow to Manually Sync the Compliance Policies
Hi All, We have come across an incident where we need to exclude a device from a device compliance policy after the device got non-compliant according as per the policy. We have exclude the specific user from the compliance policy to meet the requirement (we have assigned the policy to user groups). However, the issue is that the device not get back to the compliant state event after passed 4 days. I would appreciate if anyone could help me here to manually get the device into the compliant state. Please note that, when we go to specific device > device compliance policies, we are not able to see the compliance policy anymore and other applied policies in complaint state (refer image01). However, the device is still showing as non-compliant in devices in Intune (refer image 02). Last checking time is continuously updating as well. Further, We have tried below troubleshooting but there is no luck yet. We are not still take a remote session to the device yet as we have some challenges to get a remote session from the end user. Sync the device from Intune Portal. remotely login into the PowerShell of the device and run below command. Start-Process -FilePath "C:\Program Files (x86)\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe" -ArgumentList "intunemanagementextension://synccompliance" Image01 We are not able to see the excluded compliance policy under policy name anymore and the all the applied policies are in complaint state as below. Image02 Thanks in advance Dilan2.1KViews0likes2CommentsEdge displays a splash screen saying ‘Sign in to sync your data’
Hello When the user logs in to a device for the first time and launches Edge, the following splash screen appears, even though we have created the Intune configuration below, which is intended to prevent this. We have following Intune configuration: Why does the splash screen still appear?staeheliJun 24, 2026Copper Contributor137Views0likes3CommentsMicrosoft #IntuneForMSPs resource guide
Welcome to your home for all things #IntuneForMSPs! Our goal is to help you grow your Microsoft Managed Service Provider (MSP) business by combining productivity apps, intelligent cloud services, and the world-class security of Microsoft 365 with the multi-tenant management capabilities of our partners. Navigate to: Guidance and tutorials | Marketing and business development | Multi-tenant management partners | Additional resources #IntuneForMSPs community meetups Gain valuable insights from first-hand experiences with configuring and managing customer tenants. Up next: Follow this page for the next batch of #IntuneForMSP Community Meetups. We will reconvene in September. On demand: #IntuneForMSPs Community Meetup: June edition Hands on with device configuration and policy From box to business‑ready with Windows Autopilot Advanced automation and PowerShell for Intune Planning your customers' Intune migration Getting started with Microsoft #IntuneForMSPs Guidance and tutorials We hear from many MSPs that time for learning is limited. To help you ramp up quickly, we’ve pulled together ready-to-use decks, videos, and interactive demos you can follow step-by-step for the most common scenarios. A great place to begin is the checklist available by downloading Enhancing Security with Microsoft 365 Business: A Hands-on, Effective Guide. Microsoft 365 Business Premium deployment best practices Download PowerPoint decks that build on the videos listed below. They go deeper with additional guidance, context, and tips you can apply in customer environments. Identity and access controls (14.81 MB) Device enrollment (15.92 MB) Email and app protection (38.84 MB) Device security (17.89 MB) Data security (36.49 MB) Videos and demos ▶️ Achieve greater security and productivity with Microsoft Intune and Microsoft 365 - Follow along with each step of the checklist with complementary videos. Watch on one screen and follow along in your own tenant on the other. We’ll keep expanding this playlist with new content that goes beyond the checklist, so follow along on our social channels for the latest updates. 🖱️ Microsoft Intune guided demos - Learn how to configure app protection policies and Conditional Access, update Windows from the cloud, manage corporate devices, deploy and manage line of business (LOB) apps, enable Universal Print, protect corporate resources on personal-owned devices, utilize Windows Autopilot for new device delivery, and reduce update bandwidth consumption. Marketing and business development Step 1: Join Microsoft Partner programs AI Business Solutions for Partners Microsoft Security Partners Step 2: Join the Partner Skilling Hub Go to the Microsoft Partner Skilling Hub and create your free account. Select solution areas of interest. (Hint: Intune content: AI Business Solutions, Security) Explore these recommended modules: Implement with impact: Endpoint management with Microsoft Intune Implement with impact: Implement identity and access management with Microsoft Entra Step 3: Download turnkey campaign assets "Protect my devices" campaign-in-a-box (119.20 MB) Multi-tenant management partners Microsoft Intune is proud to collaborate with leading global providers of multi-tenant Intune management solutions. These companies are building innovative capabilities on top of Microsoft Intune, Microsoft Security solutions, and the broader Microsoft 365 platform. Their companion solutions empower you to: Centrally view and manage all customer tenants and action items through a unified partner dashboard. Take action across environments, leveraging Intune for device management, cloud security, and compliance. Standardize security settings, automate onboarding, and ensure policy consistency at scale-no more repetitive, manual tasks or risky policy drift. Want an introduction to multi-tenant management? ▶️ Watch this video from Jonathan Edwards. AvePoint is the global leader in data protection, unifying data security, governance, and resilience to provide a trusted foundation for AI. More than 28,000 customers rely on the AvePoint Confidence Platform to secure, govern, and rapidly recover data across multi‑cloud environments. Through AvePoint Confidence Platform: Elements Edition, AvePoint extends Microsoft Intune with secured multi‑tenant automation, lifecycle management, and centralized visibility—enabling partners to scale Intune delivery profitably and consistently across customers. With a single platform for governance, lifecycle control, and recovery, partners reduce operational overhead, prevent sprawl, and accelerate Copilot readiness. AvePoint supports a global partner ecosystem of 6,000 MSPs, VARs, and SIs, with solutions available in over 100 cloud marketplaces. CyberDrain CIPP provides MSPs with a centralized, multi-tenant management platform for Microsoft 365. It enables partners to securely manage tenants at scale, automate common administrative tasks, enforce standards across environments, and gain deep visibility into tenant security and configuration. With built-in automation, governance controls, and extensibility, CIPP reduces reliance on custom scripts and manual processes. MSPs can standardize operations, streamline user and tenant management, monitor security posture, and respond quickly to issues across all customers from a single interface. CIPP is supported by one of the largest and most active MSP communities in the Microsoft ecosystem, with thousands of partners contributing feedback, automation ideas, and best practices. As one of the most widely adopted platforms for Microsoft 365 multi-tenant management, CyberDrain CIPP continues to evolve rapidly to meet the needs of modern MSPs. inforcer empowers MSPs to standardize Microsoft 365 and Intune policies across all tenants, automate environment configuration, monitor compliance in real time, and reduce risk through policy drift detection. Its reporting and automation features free teams from manual, error-prone scripting and help deliver consistent, secure customer experiences, setting MSPs up to deliver advanced AI services to their customers. Nerdio brings deep automation and analytics to Intune, Windows 365, Azure Virtual Desktop, and the broader Microsoft cloud. MSPs benefit from multi-tenant dashboards, global policy insights, role-based access, centralized app deployment, and automatic policy versioning with rollback and drift correction. Nerdio’s tooling is designed specifically for MSPs and scales from small teams to large enterprise portfolios. Tenant Manager helps MSPs run Microsoft Intune across multiple customer tenants with consistency and control. MSP teams can standardize policies, manage applications and devices across environments, monitor configuration drift, perform device actions across their entire estate, and maintain cross-tenant visibility through reporting with scheduled email delivery and customer-facing report access, from a single platform. The platform runs entirely on Microsoft Azure with region-selectable deployment for your data protection requirements. It includes CIS certified security baselines, Secure Score monitoring, and license harvesting, helping MSPs deliver secure, repeatable Intune services as their customer portfolios grow, even without in-depth Intune knowledge . Additional resources Microsoft 365 Blog: small and medium business content Microsoft 365 Partner on LinkedIn Microsoft Intune Blog: MVP community contentLior_BelaJun 18, 2026Microsoft12KViews9likes5CommentsIntune application migration & app management
Migrating applications from Configuration Manager and other on-prem solutions to Microsoft Intune cloud native remains a challenging and time consuming undertaking, especially when dealing with complex line-of-business, legacy, and custom home-grown applications. Some organizations pursuing a full cloud-native management vision are encountering blockers related to application compatibility, re-packaging, and the scale of existing app estates - all while trying to maintain business continuity, device compliance, and preparing for the AI and Copilot era. Start here Read Face the future today by moving your application to cloud native Bookmark the Microsoft Intune planning guide Navigate to: Why app migration matters | Application packaging partners | Frequently asked questions Why app packaging matters Centralizing application management in Intune can deliver operational benefits such as unified enforcement and improved security posture—while supporting broader modernization goals. Common blockers that slow cloud-native adoption include: App compatibility and dependency complexity Manual repackaging effort at scale Risk of disruption during cutover Application packaging partners To address the complex realities of app migration, the Microsoft partner ecosystem has stepped up with specialized offers designed to reduce risk and accelerate cloud adoption. As part of this initiative our Microsoft partners Rimo3 and Robopack are offering no-cost, time-limited app migration service to all Intune customers who are looking to move from Configuration Manager to Intune. These services can help IT teams automate assessment, package conversion, and remediation for various app types, helping organizations realize the full value of Intune faster and with less disruption. Note: The app migration services listed on this page are offered directly by partners and are subject to their terms. Microsoft makes no guarantees or commitments regarding availability or outcome. Rimo3 helps IT professionals modernize, migrate, and manage applications at enterprise scale. The platform eliminates manual effort by automating packaging, validation, and patch testing. With patented IP, Rimo3 ensures every app is compatible, secure, and visible for dependencies and update readiness before deployment. Automated, unattended workflows reduce migration timelines from months to days, while contextual patch validation minimizes production risk. Rimo3 keeps environments evergreen with zero-touch app management and enhances Microsoft Intune with bulk operations, advanced controls, and unified reporting. Robopack is a cloud-native Intune app lifecycle platform that lets you package, deploy, and keep third-party apps updated, across one or many tenants, with phased control and PowerShell App Deployment Toolkit (PSADT)-based customization. Start with a self-service migration readiness report, mapped to the library of 41,000 pre-packaged, fully documented apps ready to go, or upload your own apps to be analysed and converted. Robopack Radar discovers apps installed across your estate, allowing you to quickly migrate to Intune and uncover Shadow IT. Frequently asked questions Q: Is this a Microsoft-managed service? A: No. Partner offers are provided directly by partners and subject to partner terms; Microsoft makes no guarantees regarding availability or outcomes. Q: What kinds of apps can these paths help with? A: The published focus is on helping migrations from Conifguration Manager to Intune, including complex legacy and line-of-business apps. Q: Where do I start if I’m early in planning? A: Start with the Intune Planning Guide and Migration Guide.Lior_BelaJun 18, 2026Microsoft518Views1like1Comment
Tags
- intune4,350 Topics
- mobile device management (mdm)2,320 Topics
- Mobile Application Management (MAM)850 Topics
- Software Management475 Topics
- Conditional Access462 Topics
- Graph API255 Topics
- Azure Friday166 Topics
- Autopilot118 Topics
- android75 Topics
- ios62 Topics