Forum Widgets
Latest Discussions
Intune - Phishing-Resistant MFA
Good Afternoon, So sorry but I'm quite novice. I am trying to merge all Intune users to phishing-resistant MFA (PR-MFA) only (excluding break-the-glass users/admins). On Entra, I do this by disabling Microsoft-Managed MFA and setting a new authentication strength with all three (PR-MFA) modalities selected as the only allowable MFA. Then, I set a conditional access policy to grant all users to access all resources only if they have PR-MFA registered, because I don't want them to use other MFA like SMS. This makes all existing users switch over and disables weaker methods (like text messages), but I can't onboard new users. I reviewed the log for a test user who I could not register, and I saw that the issue is that during registration, the passkey must already exist BEFORE the new user can set up a passkey or other PR-MFA method, which is impossible. Is there a way to let Intune use just the new user's password alone for initial PR-MFA registration?
How to block 24H2 to be installed on Windows 11
We are not pushing any 24H2 but I see that there are several devices that are already getting it and updated. I am not sure how they got it. All these devices are managed in Intune. Can this be the reason that it is getting its updates? Feature Update deferral period which is set to 0 and I cannot block it or stop it or go beyond 30 days. So, I am not sure how they are getting into some of the computers? These are the Update Rings settings
can't add default access role to enterprise application
I have added a user for my Enterprise Manager, but I noticed the role assigned is not the 'Default Access' role. It's a different role ('Tester'). When I initialy created this user, there was no option for the 'Default Access' role. It only had 'Tester'. I want to change the role of this user to 'Default Access', but I couldn't find where to change it. I was wondering if you know where to change the role?
Migrating UserRights Policies: Integrating AD Groups into Intune CSPs in a Hybrid Environment
Hello We are operating in a hybrid Azure AD Join environment and are currently migrating UserRights GPO settings to Intune CSPs. In our Active Directory, user rights are assigned to AD groups. Would it be a good idea to use these same AD groups in Intune to manage user rights via CSPs? Are there any best practices or limitations we should be aware of?
Any Intune polices applicable for personal Laptops, that are not enrolled to Microsoft Intune
Hi All, I have a requirement, where i will provide the AVD machines to vendors, using that AVD machines they will access my applications, but they will use their windows machines and home internet to connect the AVD machines given by us. We cannot enroll their windows machines to the Microsoft Intune that belongs to our tenant (where the AVD services are hosted) Is there a way to ensure the windows machines used by them should need to have the basic level of hygiene (Latest OS, Antivirus and latest browser versions), before the access is granted to them to connect AVD machines? Also, if they register their windows machines as Entra ID in our tenant, without enrolling their windows machines to Microsoft Intune, what level of controls/checks that i can do in their machine level before i allow them to connect the AVD services? Please share your thoughts.App visibility for Userless devices
I did userless configuration. After enrollment of a userless device, I can see all avaialble apps are visible under Manaaged apps, in this case we should see only those apps which are assigned for device based but can see other apps as well but however those apps are not available to device as expected. Would like to understand why we are able to see those all apps under Managed apps.Office Updates
We had issues with Office Updates through Intune Rings and we started updating everything through Cloud and I think that is how Office updates are coming nowadays (If I am correct) and I thought they said that would be the best which Microsoft suggests keeping your computers updates? Lately I got a popup which I have never seen before. I click on update now the windows disappear. Having the users computers getting the updates directly from the cloud does it affect in any way? Why would it be an issue through Rings?
When i quit Teams, it stays active on my iPhone
When i stop working on my computer, and shut it down (Including Teams :) ), on the iPhone i am still available, i find this very annoying, I there a way to "sync" this, when i quit Teams on the pc, I should not be available anymore on my phone? Thanks!
Intune app install issue with .exe installer
Hi, There is an issue while installing application from Intune, issue is limited to specific scenario, otherwise all application install works fine. Issue: When an installer file which is a .exe file runs, it opens another cmd prompt for short while then close automatically. In this case Intune install fails, if we run same command syntax manually, it works. Tried to wrap in start-process /wait, no success. Any suggestion? ThanksAdmin Protection - Remove Administrator not Work
Hi Everyone , a few day ago, our secuity team request IT team to remove user admin right i set up a policy in Account Protection and create a policy (Local user group membership) Group - Administrator Group and user action - Remove(Update) User select type - All UK Office Users / All HK Office User The status show XX is Completed , but i check the user pc the administrator group still include the user
