Windows hello for business for Hybrid Entra Join
Environment: -No UPN matching between onprem AD and Azure, Third party federation and User provisioning . -Hybrid Entra Joined devices -Enrolled to Intune using device credentials as SCCM is setup with co management (Cloud Attach). Question: Whether setting up Windows hello for business (Which was working before enrollment) using GPO / or Intune. An error is returned. Pin: "this sign in option is only available when connected to your organization's network" "Fingerprint and Face" "The option is currently unavailable" Multiple methods to setup WFH was attempted and none worked so far. -Devices -> Win 10 -> Enrollment -> "Configure Windows hello for business" -Using Custom settings as described here(CSP or GPO): https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/configure -Biometrics devices updated/ Windows updates installed/ All devices and users affected in the organization. -What could be the issue? Any best effort to get the windows hello for business working again?Upgrading Windows 11 on Co-Managed Entra Joined Devices with Intune
Dear Support, All of our Windows 10 devices are managed through SCCM and Microsoft Intune, with shared workloads piloted through Intune. Below are the details from one of our testing devices, Here is the testing device details, Co-management configuration settings: As per the instructions provided , I have created a profile under "Update rings for Windows 10 and later" and manually synced it from the company portal, Intune device console, and Account or Work School > Info > Sync. However, I do not see any prompts or progress regarding the Windows 10 upgrade. I verified in event viewer, Application and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider -> admin, I see there was an error “MDM Session : OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x801901ad)” I checked in google the error message indicates that, the device was unable to sync because of network connection issues so restarted the device to see if this error get rid from the event viewer but I got another issue in event viewer , “MDM ConfigurationManager: Command failure status. Configuration Source ID: (E97E6844-D6DA-4626-8E08-2981CAC4E66F), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified Not sure whether because of this error windows 11 upgrade is failed? Dsregcmd /status , WUfB Policy registry entries and values: Could you please assist in providing guidance on how to upgrade Windows 10 for hybrid devices?
After enabling co-management users get prompt
Hi, I Enabled co-management, computers registers in AAD, enrolls in Intune, it seems that everything works - intune status - co-managed. But users get prompt that there is a problem with work or school account and they have to login. Until user logins there is also an mdm sync error under info button in work or school account. Then user logins sync error disappears. Why there is such prompt? I thought that sccm would enroll devices with device credentials and that would be enough? MS documentation states that co-management supports: "Ability to enroll devices without user interaction". 2fa isn’t used. What I am missing here?
