User Profile
kkeirstead
Copper Contributor
Joined Dec 10, 2018
User Widgets
Recent Discussions
Activation lock bypass code report?
We currently have all of our iOS devices enrolled via Apple Business Manager and set to supervised without managed Apple IDs so all of the activation lock codes are stored in Intune. However by the time a device makes it back to IT support its usually already been wiped (or cleaned up by device clean up rules) and the device record, with the activation bypass code, has been deleted from the Intune console. It seems a bit silly that the code is stored with the device record, but you don't really know if you need the code until the device is wiped and then the device record is deleted, so then our only recourse is to go through Apple support and wait 2-10 business days for a response. Is there any sort of report that stores the codes?Samsung Email - Need Admin Approval
Hello, Recently we are running into a few issues with the native mail client on Samsung devices. These devices are still device admin (I know, I know). Heres what we are seeing: 1. Users device working fine. 2. User updates their password 3. Email account prompts for the new password 4. After password is entered they get MFA challenge and accept 5. User is brought to a page that says "Samsung Email needs Admin approval" 6. User deletes email profile from device 7. User syncs device through Company portal 8. Email profile comes down and user signs in without issue Is there anyway to fix this from occurring? I understand Managing user content, but why does this prompt not come up when users sign into the email app the initial time and why when updating their password?Device clean up rules not working?
We currently have device clean up rules set up in our tenant to be set at 90 days. However I am seeing roughly 690 devices that have checked in past 90 days (some dating back to 2018), is there any reason why these devices aren't being deleted? Majority of them do see to be Android Enterprise dedicated devices, but there is a mix of all device types. We enabled the clean up rules over a year ago and it has been cleaning up some devices, but these older ones seem stuck.Re: Android Enterprise SCEP user and device issuing errors
pejtan66 I wish I had more information to give you. The main issue we were having is the root cert we were deploying didn't match the root certificate on the NDES server. I am seeing some successful deployments on some devices but on others I'm seeing the same "Error 0" error on those devices. I can't tell what would be different between those devices, they are enrolled into the same profile, the same OS and the same tablet type.Android Enterprise SCEP user and device issuing errors
Hi, We are attempting to deliver Android Enterprise SCEP certificates (both user and device based) and both seem to fail. We have our environment set up for iOS SCEP and Android Device Admin SCEP certificates and they work fine. Using the same settings in the Android Enterprise profiles they fail with the error of "0 (No error code)" Does anyone know of anything that might be causing this? I reached out to the networking team to look in the logs, but they don't see any that sticks out that would cause this to fail.Re: iOS Wifi Profile not getting delivered
If any one else runs into this issue or is looking for a solution this appears to be a known issue where it can't control what policies are being applied first. The solution seems to be enroll the devices and have only the wifi profile + certs applied. Once all devices are enrolled and have the wifi profile + certs installed then you can apply the restrictions profile.Re: App Protection with Attachments
Daniel Schmidt Ran into this a few weeks ago with .wav files on Android. It doesn't appear that there is a MAM enabled app that supports the playing of .wav files on Android. What we had to do was make an exception to the 'Send Org data to other apps' and list Google Play Music (com.google.android.music). Once we put that setting in .wav files were able to be played in a pop up menu. For images and text files I believe you can use the Microsoft Azure Information Protection Viewer app.iOS Wifi Profile not getting delivered
For the past few months we have had a profile set up that gets a restriction profile that locks the device into kiosk mode for an app and also has the setting "Join Wi-Fi networks only using configuration profiles" configured. We push out our Wi-Fi network to the devices along with root cert + SCEP profile for certificate based authentication. This has been working great for the past few months. Starting last we were enrolling iPads as we have been doing, but when enrolling the device into Intune it gets the green check mark for 'Get your device managed' and goes to 'Update device settings' and can never confirm device settings. Looking at the device its been disconnected from the WiFi network. Going to Settings -> WiFi; theres no networks available (I have verified there are multiple networks available) and it says 'Your iPad can only join WiFi networks that are configured by your organization's admin'. Checking the management profile on the device I can see all the restrictions and both the SCEP certificate and root certificate, but the WiFi profile is not listed in there. Checking the device in Intune shows that the WiFi profile is still 'pending' for the device, along with the management profile, root cert and SCEP cert. If I enroll a regular user based device assigned the same WiFi profile (but not restrictions profile) it gets the profile and connects without issue. It seems like the device is getting the policy to only allow access to the network from the configuration profile and disabling WiFi on the device before it gets the WiFi profile. Has anyone run into this or have a solution? We can remove "Join Wi-Fi networks only using configuration profiles" but I'm not sure how that would impact the already enrolled ~80 devices.Re: Guided Access enrollment issues
Hi AndrewDawson Thanks for your reply, but all of our issues are on iPhone and iPads, I don't believe there is a way to cache the servers for iPhones and iPads is there? All of the devices are coming directly from Apple and will have the latest versions of iOS or should be.Guided Access enrollment issues
We recently switched over our DEP enrollment process to use VPP to download the company portal and then using locked enrollment (guided access) to force the user to enroll their iOS devices into Intune. We are running into a few issues, if the user is on wifi only (majority of our iPads) and for whatever reason leaves the WiFi network, they cannot reconnect to the network as there doesn't seem to be a wayto break out of the guided access mode. They are then presented with a screen that says "Guided Access is unavailable. Please contract an administrator" is there anything we can do at this stage other than connecting to a computer and wipe the device? Another issue we are running into with some devices is they seem to be locked into guided access mode and unable to switch to Safari to download the management profile, the error they are presented with is "Could not add your device. Safari has been disabled, Please contact your administrator." I'm not sure what users are doing to get to this state, but is there any way to troubleshoot these devices other than wiping?Device already enrolled iOS enrollment error
We have a few users that are currently unable to enroll their devices into Intune. Under the troubleshooting blade under enrollment failures it lists "Device already enrolled". I've seen this error before and typically I would go to all devices -> search with the SN and then delete the old device record. However ever since we turned on Device Clean Up rules, the devices are deleted but the users are still unable to enroll (Before configuring device clean up rules I did an export of all devices and I can see the old device record located in that export). I went into the Device Enrollment -> Apple and tried to reassign the DEP profile but that doesn't seem to fix the issue. Has anyone seen this or know how to fix?
