CA policy enforcing users to use Edge browser on Co-owned devices
I'm trying to give control over while they're on personal devices, enforcing an app protection policy for edge, but still this policy is enforcing to use edge on co-owned devices, I have already excluded co-owned devices from the CA policy
Intune for BYOD mobile and Cross tenant compliance
We have 3 separate companies/tenants, and employees need to access mail from each tenant on a single iOS/Android device, with a CA policy requiring compliance or app protection policy. . I understand that Intune MAM currently will not work, but is on the road map for later this year for iOS (not sure on Android) Does Web based / JIT for BYOD work on iOS if I setup Cross-tenant access and enable "Trust compliant devices" trust setting? Or do we have to do full device based MDM enrollment? If not, what do I need to do in this scenario?Podcast Microsoft Ignite E05: Agent Builder
Excited to have Pascal Brunner join me in my Ignite series, where we dive into one of the hottest announcements AgentBuilder In this episode, we break down: -What AgentBuilder is all about. -How it empowers organizations with AI-driven automation. -Key takeaways YOUTUBE https://youtube.com/@shadykhorshed?si=c8CLxoCjMfUMfA19New Blog Post: Android: Browser Access to be Enabled by Default for All Android Users
🔐#Android in #msintune: Upcoming Security Update for Microsoft Entra ID on Android! Starting July 2025, Microsoft Entra ID device registration will be hardware-bound, enhancing security and automatically enabling browser access. 🚀 Key Changes: ✅ Device identities will be tied to hardware for stronger security. ✅ Enable Browser Access (EBA) will be retired. ✅ Browser access will be enabled by default during registration. 📌 No action needed—this change will be applied automatically! Stay informed and prepare for a more secure device registration process. #MicrosoftIntune #MicrosoftEntraID #Android #mvpbuzz https://www.linkedin.com/pulse/microsoft-entra-browser-access-enabled-default-all-android-khorshed-5d8ee?utm_source=share&utm_medium=member_ios&utm_campaign=share_via
Non persistent session on not joined devices
Hi, how do I create a conditional access policy within intunes that requires a non joined device and then specifies the persistent browser session to "never persistent". As I look ath the settings I am only be able to set "Require Microsoft Entra hybrid joined device". Thanks Cheers, heinzelrumpelAndroid Personal Devices enrollment in Microsoft Intune
Hi, I want to enroll Android personal devices for my employees who use their phones to access company data like teams and mails. I need that even those who are already access outlook mobile with unmanaged devices be forced to enroll them before they access my company data. I have tried the following. Created managed google play account Turned on automatic enrollment Turned on: Personal and corporate-owned devices with device administrator privileges Created a device platform restriction policy which pointed to dynamic device group Created a compliance policy blocking rooted devices and requiring a password to access company apps Created a Conditional Access policy in Entra ID which requires devices to be marked as compliant before accessing any cloud app. This policy is pointing to a dynamic device group. I had first assigned it to all users, but it didn't work out. With the above settings, devices can enroll but even those which are not enrolled still have access to the cloud apps. How can I force those unmanaged devices not to access the company mails and teams, and then prompt them to download a company portal app and enroll their BYOD/Personal devices? NB: I have achieved the above on iOS but Androids failed Please advise me.
Excluding user to MFA with conditional access
Im having some issues with excluding users from MFA with conditional access. The user what im trying to exclude is an functional account. But the thing is, this account is both in the including and excluding part of this setting, because the user is member of the Azure group where all users are in. With this configuration, the user is still getting promped for MFA registration when login into Office365. So the exclusion doesnt seem to override the inclusion option. Do i need to remove this user from the Azure group where all users are members from, or is there another solution for this?How to foce intune client in Ubuntu to synch automatically
Hello, in my company we have enrolled Devs Ubuntu devices to control some security setting and allow or not the access to our company apps and content. We have set compliance policies and enabled conditional access to check its. i have been surprised this morning by the last checking date of my Ubuntu laptops and ask my Devs of last signin in company portal client and the date match with the last checking date. I concluded, the company portal is synching only when the user open it and signin. This is a big problem for us because we are certified ISO27001 and we must check all devices compliance. Somebody has a script to deploy on those ubuntu devices and force a synch every day waiting for a Microsoft evolution of this process. Thanks a lot and regards MajidNEW Podcast Microsoft Ignite E04: AI & Copilot – The Biggest Talk at MSIgnite!
Podcast Microsoft Ignite E04: AI & Copilot – The Biggest Talk at MSIgnite! AI is transforming the way we work, and Copilot is leading the charge! To break it all down and get expert insights, I’m joined by Jannik Reinhard and Fabio Bonolo to discuss: Key AI takeaways from Microsoft Ignite How companies & admins can benefit The future of AI-powered productivity Youtube: https://youtu.be/uD5V5a2Ldqg?si=u3R8fSndeW6wCruI
