User Profile
SebastiaanSmits
Iron Contributor
Joined May 05, 2023
User Widgets
Recent Discussions
Re: The Android app is being deleted by the administrator; how can I prevent this?
I you are using Android Enterprise you are unable to deploy apps as inhouse LOB app, see for example this discussion: https://www.reddit.com/r/Intune/comments/1abfbdy/deploying_inhouse_apk_to_android_devices/ You need to follow the following procedure: https://learn.microsoft.com/en-us/mem/intune/apps/apps-add-android-for-work#managed-google-play-private-lob-appsRe: Device Notification
Hi I think the best options (if you are unable to use Mail or Teams messages in this scenario) is using Powershell. You could create a Powershell script and deploy via Platform Scripts in Intune. I used a while back the BurnToast module to create notifications: https://github.com/Windos/BurntToast not sure if it still works, I also do not see if it works on Win11 for example so something to test. But you can also research further there are some other notification options or even write your own solution..Re: Microsoft Graph Command Line Tools Blocked by CA
The app is probably removed or was never created in the first place. Can you try Connect-MgGraph -Scopes $scopes -TenantId $tenantIdwith an admin account to see if it connects or you run into a consent screen for the Enterprise App (like here: https://learn.microsoft.com/en-us/answers/questions/1619076/microsoft-graph-command-line-tools-enterprise-appl ) Could you also try the tip in the reply in the above mentioned article an try to find the app in the Enterprise app section, with the app id: 14d82eec-204b-4c2f-b7e8-296a70dab67e. Just to rule out some weird search issues with the earlier attempt of locating the app.Re: Exclude/Allow Particular non-managed devices from Conditional access policy without enrolling
This will not work, the device needs an Entra Registration for the Conditional Access conditions to work, so you are unable to create something specific for a unknown device and logical so, in my opinion. You could for example exclude certain network segments from a policy, but this is not close to what you are looking for..Re: Monitor low disk space for computers
Hi, You could us a pro active remediation script that triggers on disk space that fall below 1GB. See more info here: https://learn.microsoft.com/en-us/mem/intune/fundamentals/remediations As example a detection script for this scenario I asked ChatGPT to create (purely as example and needs to be checked and refined further): $ErrorActionPreference = "Stop" # Set the threshold (1 GB) $thresholdGB = 1 $thresholdBytes = $thresholdGB * 1GB # Get the free space on the C: drive (you can change this if needed) $drive = Get-PSDrive -Name C # Check if free space is below threshold if ($drive.Free -lt $thresholdBytes) { # Return a failure exit code for Intune remediation Write-Host "Disk space is below 1 GB. Triggering remediation." exit 1 } else { # Disk space is sufficient Write-Host "Disk space is above the 1 GB threshold." exit 0 } You can trigger remediation script to perform something, not sure what you like to do but that should be a second script. Hope this helps. Regards, SebastiaanRe: Microsoft Graph Command Line Tools Blocked by CA
How we deal with this is by excluding Microsoft Graph Command Line Tools in your CA Policy in the Target Resource section in the Policy. After this you can restrict it's use by going to Entra ID portal > Enterprise Application > find the Microsoft Graph Command Line Tools > go to properties > and configure 'Assignment required'. Now only explicitly assigned users can use the App.Re: Custom Scheduling Intervals for Intune Proactive Remediation
Raman220 Hi maybe not really an answer to your question but in this case you can create Win32 app and create a scheduled task, for an example see here: https://www.nielskok.tech/intune/schedule-powershell-script-intune/ I am not sure that 2 minute intervals with proactive remediation would be feasible because it is not a 'ondevice' logic, devices need to check in for the logic to work and two minutes will be too much. Regards, SebastiaanRe: Company Apps on Android stopped working saying using a rooted device
There some more people with comparable issues: https://techcommunity.microsoft.com/t5/microsoft-intune/company-portal-says-rooted-device-but-it-s-not-android/m-p/4196482 Are you able to check with a Factory Reset to see if it resolves the issue?Re: Wi-Fi publish via work profile on personal devices
vzhabur This are indeed the settings you have for Work Profile devices, as you can verify here: https://learn.microsoft.com/en-us/mem/intune/configuration/wi-fi-settings-android-enterprise#fully-managed-dedicated-and-corporate-owned-work-profile Connecting to a WPA2 PSK WiFi is more an consumer way of using WiFi and on a Work Profile device this is considered as something for the private side of the device and in this profile not reachable by the Company. But most Enterprises have a Enterprise WiFi with EAP TLS for example, you can use this. What is your usecase? Regards, SebastiaanRe: remove click to run with intune script
Jesse13579 Hi, I use the following script: $OfficeUninstallStrings = ((Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*") | Where {$_.DisplayName -like "*Click-to-Run*"} |Select UninstallString).UninstallString ForEach ($UninstallString in $OfficeUninstallStrings){ $UninstallCommand = (($UninstallString -split ' ')[1] -replace '/I','/X') + ' /q'` Start-Process msiexec.exe -ArgumentList $UninstallCommand -Wait} , RegardsRe: How to enroll ios device by Apple business manager
shotime Ok that is different from you previous screenshots, the Apple Configuration Section is a different and incompatible setup from the 'Enrollment Program tokens' section, can you please let us know what you are trying to do: The Apple Configurator section is meant for not ABM Reseller bought devices you like to get into ABM. You need Apple Configurator on a macBook to upload those devices to ABM. The Enrollment program tokens section is used when you have the devices in ABM, this is the normal usecaseRe: How to enroll ios device by Apple business manager
Ok I see you use the Apple Configurator section (did not notice this before), this is not the best option but should work. It looks like you changed the MDM server in ABM. It should be set to: Can you please confirm you performed the steps in the Apple Configurator on your macBook, like this: https://learn.microsoft.com/en-us/mem/intune/enrollment/apple-configurator-enroll-ios#create-an-apple-configurator-profile-for-devices So follow the steps in the above documentation, do not change the MDM server in ABM and it will work most of the time, I must admit this setup does not work 100 percent of the time.. To be sure you only perform these steps if you like to get a device into ABM that is not bought as ABM device through reseller. If this is not what you are trying to and you already have your devices in ABM you should do something else, this setup wont work.Re: iPadOS chrome configuration
oryxway I can confirm the link you send is the only way, the AppConfig for Chrome on iOS only has this key-value So no settings besides the dreaded enrollment token. ------ Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.Re: How to enroll ios device by Apple business manager
In the first picture you also have a profile attached to the device? (an enrollment profile) If this is all in place and correctly setup you only have to reset your device, or take it out of the box and after the network setup step you should see the first Company (ABM) screen and you will be guided through the ABM enrolment..
