Error 0x800B0109 and 0x80072f8f when deploying apps from Intune

Tslaikjer · ‎Jul 19 2023

Hi,

We have recently started to test how we can deploy apps from Intune, and we did run in to a load of problems.

Computer registers fine with MDM, the intune management extension installs without problem
All good.

Then we come to the actual app deployment, which caused a lot of frustrations.

First error is 0x80072f8f - something with time/certificates/whatever. Quite vague and a lot of useless/pointless suggestions.
Net result is nothing installed.

I allied with our firewall guy, and we started to look what happened with traffic.
It turns out the certificates used by Microsoft are NOT PUBLIC TRUSTED !!!!
So running SSL inspection - which should be mandatory - will fail the inspection as the certificate is not public trusted.
We started to exclude the IP addresses from inspection and got a bit further, now banging our head against 0x800B0109 - third party updated failed to install

Back to firewall log and it turns out there are more untrusted certificates and IP's to exclude.

How do you handle this? Excluding IP's seems to be an impossible mission, you never know when a new one pops up.
So far we have more or less proved deploying apps through Intune is hopeless and not fit for enterprise use.

Any advice would be appreciated.

Regards Torben

Tslaikjer · ‎Jul 21 2023

https://learn.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints#access-for-managed-device... , these are the url's. If you whitelist those (And your firewall understands fqdns and doesn't need just addresses or ranges, you should be done relatively quickly.

Intune works for a lot of enterprises, explicitly adding those ranges and fqdns is not needed for most of our customers at least.

Harm_Veenstra · ‎Jul 24 2023

Did that help?

Tslaikjer · ‎Aug 14 2023

Thanks, just back from vacation and trying to catch up on everything.
I will have my FW colleague to implement this, and we can check.

Harm_Veenstra · ‎Aug 14 2023

Great, let us know!

Tslaikjer · ‎Aug 18 2023

Great article!
It actually turned out to be SSL inspection that wrecked everything, disabling that on mentioned URL's, solve it.

Harm_Veenstra · ‎Aug 18 2023

Nice, great to hear and you're not the first one running into that issue :)

Tslaikjer · ‎Jul 21 2023

https://learn.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints#access-for-managed-device... , these are the url's. If you whitelist those (And your firewall understands fqdns and doesn't need just addresses or ranges, you should be done relatively quickly.

Intune works for a lot of enterprises, explicitly adding those ranges and fqdns is not needed for most of our customers at least.

View solution in original post

Error 0x800B0109 and 0x80072f8f when deploying apps from Intune

Error 0x800B0109 and 0x80072f8f when deploying apps from Intune

Re: Error 0x800B0109 and 0x80072f8f when deploying apps from Intune

Re: Error 0x800B0109 and 0x80072f8f when deploying apps from Intune

Re: Error 0x800B0109 and 0x80072f8f when deploying apps from Intune

Re: Error 0x800B0109 and 0x80072f8f when deploying apps from Intune

Re: Error 0x800B0109 and 0x80072f8f when deploying apps from Intune

Re: Error 0x800B0109 and 0x80072f8f when deploying apps from Intune

Re: Error 0x800B0109 and 0x80072f8f when deploying apps from Intune

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Error 0x800B0109 and 0x80072f8f when deploying apps from Intune