User Profile
kkeirstead
Copper Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Activation lock bypass code report?
We currently have all of our iOS devices enrolled via Apple Business Manager and set to supervised without managed Apple IDs so all of the activation lock codes are stored in Intune. However by the time a device makes it back to IT support its usually already been wiped (or cleaned up by device clean up rules) and the device record, with the activation bypass code, has been deleted from the Intune console. It seems a bit silly that the code is stored with the device record, but you don't really know if you need the code until the device is wiped and then the device record is deleted, so then our only recourse is to go through Apple support and wait 2-10 business days for a response. Is there any sort of report that stores the codes?Samsung Email - Need Admin Approval
Hello, Recently we are running into a few issues with the native mail client on Samsung devices. These devices are still device admin (I know, I know). Heres what we are seeing: 1. Users device working fine. 2. User updates their password 3. Email account prompts for the new password 4. After password is entered they get MFA challenge and accept 5. User is brought to a page that says "Samsung Email needs Admin approval" 6. User deletes email profile from device 7. User syncs device through Company portal 8. Email profile comes down and user signs in without issue Is there anyway to fix this from occurring? I understand Managing user content, but why does this prompt not come up when users sign into the email app the initial time and why when updating their password?Device clean up rules not working?
We currently have device clean up rules set up in our tenant to be set at 90 days. However I am seeing roughly 690 devices that have checked in past 90 days (some dating back to 2018), is there any reason why these devices aren't being deleted? Majority of them do see to be Android Enterprise dedicated devices, but there is a mix of all device types. We enabled the clean up rules over a year ago and it has been cleaning up some devices, but these older ones seem stuck.Android Enterprise SCEP user and device issuing errors
Hi, We are attempting to deliver Android Enterprise SCEP certificates (both user and device based) and both seem to fail. We have our environment set up for iOS SCEP and Android Device Admin SCEP certificates and they work fine. Using the same settings in the Android Enterprise profiles they fail with the error of "0 (No error code)" Does anyone know of anything that might be causing this? I reached out to the networking team to look in the logs, but they don't see any that sticks out that would cause this to fail.iOS Wifi Profile not getting delivered
For the past few months we have had a profile set up that gets a restriction profile that locks the device into kiosk mode for an app and also has the setting "Join Wi-Fi networks only using configuration profiles" configured. We push out our Wi-Fi network to the devices along with root cert + SCEP profile for certificate based authentication. This has been working great for the past few months. Starting last we were enrolling iPads as we have been doing, but when enrolling the device into Intune it gets the green check mark for 'Get your device managed' and goes to 'Update device settings' and can never confirm device settings. Looking at the device its been disconnected from the WiFi network. Going to Settings -> WiFi; theres no networksavailable (I have verified there are multiple networks available)and it says 'Your iPad can only join WiFi networks that are configured by yourorganization'sadmin'. Checking the management profile on the device I can see all the restrictions and both the SCEP certificate and rootcertificate, but the WiFi profile is not listed in there. Checking the device in Intune shows that the WiFi profile is still 'pending' for the device, along with the management profile, root cert and SCEP cert. If I enroll a regular user based device assigned the same WiFi profile (but not restrictions profile) it gets the profile and connects without issue. It seems like the device is getting the policy to only allow access to the network from the configuration profile and disabling WiFion the device before it gets the WiFiprofile. Has anyone run into this or have a solution? We can remove"Join Wi-Fi networks only using configuration profiles" but I'm not sure how that would impact the already enrolled ~80 devices.Guided Access enrollment issues
We recently switched over our DEP enrollment process to use VPP to download the company portal and then using locked enrollment (guided access) to force the user to enroll their iOS devices into Intune. We are running into a few issues, if the user is on wifi only (majority of our iPads) and for whatever reason leaves the WiFi network, they cannot reconnect to the network as there doesn't seem to be a wayto break out of the guided access mode. They are then presented with a screen that says "Guided Access is unavailable. Please contract an administrator" is there anything we can do at this stage other than connecting to a computer and wipe the device? Another issue we are running into with some devices is they seem to be locked into guided access mode and unable to switch to Safari to download the management profile, the error they are presented with is "Could not add your device. Safari has been disabled, Please contact your administrator." I'm not sure what users are doing to get to this state, but is there any way to troubleshoot these devices other than wiping?Device already enrolled iOS enrollment error
We have a few users that are currently unable to enroll their devices into Intune. Under the troubleshooting blade under enrollment failures it lists "Device already enrolled". I've seen this error before and typically I would go to all devices -> search with the SN and then delete the old device record. However ever since we turned on Device Clean Up rules, the devices are deleted but the users are still unable to enroll (Before configuring device clean up rules I did an export of all devices and I can see the old device record located in that export). I went into the Device Enrollment -> Apple and tried to reassign the DEP profile but that doesn't seem to fix the issue. Has anyone seen this or know how to fix?
