Endpoint Management
21 Topics'$skiptoken' limit error for Microsoft Exchange online Reporting web service API
I was working on integratingMessageTrace report APIas a part of my SIEM integration: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace[?ODATA options] I have noticed that, whenever my $skiptoken reaches the limit 999999 , it throws the following error with 500 status code: { "odata.error": { "code": "UnknownError", "message": { "lang": "", "value": "An error has occurred on the server." } } } It was working fine for the 999998 value, but wasn't for the $skiptoken value 999999. Is there any limitations on $skiptoken value from the API itself? Also, need information, if $skiptoken value 999999 exists, for example, "odata.nextLink": "../../reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate%20eq%20DateTime'2024-12-02T00%3A00%3A00Z'%20and%20EndDate%20eq%20DateTime'2024-12-02T23%3A59%3A59Z'&$skiptoken=999999" then how can we request the data from next set of events? Can someone let me know, is there any max limit from Microsoft API side or for the $skiptoken?9Views0likes0CommentsMDE Platform stuck in Version 4.18.24080.9
We currently have Microsoft Defender for Endpoint for our Windows 11 Devices. Upon checking the devices in security portal most of them have "NOT UP TO DATE" PLATFORM. We tried the following to update the MDE on the clients: Get-WindowsUpdate -Install -KBArticleID KB4052623 -> Restart Update-MpSignature -> Restart Manual update by going to Virus & Threat Protection Settings -> Restart But we only see update on Security Intelligence.For MDE Platform it is stuck on Version 4.18.24080.9. What are we missing?27Views0likes0CommentsEdge, Rewrite with Copilot, Work Profiles
I was enjoying the rewrite with CoPilot (Alt +I) feature in edge when using my online database for communication notes. With the "improvement" to Microsoft 365 & edge, they locked it down with enterprise data protection. I get it and understand the need for it. But... I need to disable this. I am my own global admin to my Microsoft 365 premium subscription. I have 3 users/employees. (One is my spouse). I have spent the last several days going through my Entra settings and Edge/Copilot settings in the Admin panel to try and figure out how to turn this feature back on in our Edge Work Profiles. Could someone here please explain it to me like I am 5 years old, the process in which to enable this rewrite with Copilot feature again? I understand I need to override the data protection settings it cannot figure out how to get it to work. Some of the technet articles are beyond me with all these policy & profiles. Does it need to be so difficult?59Views0likes0CommentsHow to revert "Automatically Hiding Inactive Channels" (globally) ?
Hi, some colleagues reported that they cannot find some channels in Teams anymore. I found this: https://office365itpros.com/2024/07/03/teams-inactive-channels/ And now I am worried becaues I can expierence the same behavior. We have lots of customer teams that get created from a MS Flow following a certain structure (5 general channels for each team). Lots of these channels are hidden now. I already unchecked the button in MS Teams saying: "Clean up channel list" but it seems like this is not reverting it. In some customer teams we have more than 100 channels for existing projects and the general channels such as "Basic Information" for example is at the very bottom and I would need to manually make it visible. This is obviously now acceptable. Does anyone know: Is there a way to globally deactivate that feature via MS Teams Admin and/or Intune to prevent newly registered devices / teams from cleaning up the channel list? Could not find anything so far. How can I revert these changes on existing devices so that it was like it was before (the general channels are on the top again). Thanks!!208Views0likes0CommentsDeploy Sophos userspecific VPN-configurations
Is there a way to deploy with one app in intune for each user a specific Sophos SSL VPN Configuration. Each configuration is in the users OneDrive und needs to be copied in C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config. The users have no admin rights and can't write inC:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config.686Views0likes2CommentsHow to protect data and secure devices with Intune [App Protection Policy] 📱🔒
Protecting organization's data on mobile devices is crucial for companies. In this video, I'll talk about Microsoft Intune and how you can leverage the capabilities of App Protection Policy to secure your company data on mobile devices. Some scenarios covered include allowing copy/paste between trusted apps, avoiding screenshots and screen recording of organization data, sharing files only between managed apps, adding a PIN to access, and encrypting data. #DataProtection #MobileSecurity #MicrosoftIntune :mobile_phone::locked:354Views0likes0CommentsMicrosoft 365 networking - Proxy Endpoints
[New Blog Post] In my latest article, I have summarized the endpoints for #Microsoft365. These endpoints are relevant for proxy settings and for routing with direct brake out. #M365 #EXO #SPO #Azure #MSIntune #MVPbuzz https://www.msb365.blog/?p=5549409Views1like0CommentsDefender for macOS onboarding issue
I am trying to onboard macOS devices in my organization with Microsoft Defender via Intune, and facing multiple issues with it, the configuration profiles are applied successfully only on few devices, only the first (manually installed) macOS is properly onboarded in Defender, and all of the other ones are complaining about missing license. Could someone answer few questions and maybe give some tips on how can I troubleshoot and resolve this: We haveMicrosoft 365 Business Premium license, and according to Defender documentation this is a sufficient license to use it on any endpoint device. However the error message on macOS devices states that there is a missingMicrosoft Enterprise license. Is there a special license needed or is this just the payload configuration profile issue? The kernel extension and onboarding profiles are generated in the Microsoft Defender Admin Center, however I did noticed that the OrgID in the onboarding profile file does not match my TenantID. Does that mean that those files are premade and I should adjust them to my organization details or it is simply a different ID assigned? The onboarding profile gets successfully applied on all devices however the kernel extension profile fails on almost every device, and the successful applications do not follow any pattern or macOS version. Can't really find any suggestions on the possible root cause of this issue. Did anyone had similar problems with the kext profile? TheMicrosoft Defender Admin Center does provide a installation package PKG file. However according to the Defender documentationI should useMicrosoft Defender for Endpoint (macOS) application that is ready to be applied directly from Intune Management Portal. Which is it? Or maybe both? Thank you in advance for any tips and / or answers 🙂909Views0likes0CommentsMobile Application Management for Windows (NEW)
This newly released product is now available in Public Preview, and I'm excited to share my initial impressions. MAM enables users to stay productive on any device while ensuring the security of our data. Mobile Application Management for Windows enables us to; Apply policies to corporate applications on personal devices. No enrollment required, just an Azure AD (or MEID) registration. Place restrictions suchas cut/copy/print and blocking incoming or outgoing data. Integration with the Mobile Threat Defense connector to detect local health threats. Block access or wipe corporate data based on specific conditions. In this blog post, I provide a first look at the configuration and user experience of MAM for Windows. First look at Mobile Application Management for Windows - Myron Helgering's Blog1.1KViews1like0CommentsProvision Windows devices from anywhere to support a mobile workforce
In this, our second chapter of the Enabling Remote Work for IT Pros web series, we focus on practical tips to help you effectively provision Windows devices from anywhere. We walk through a variety of strategies, from simple to complex, to help you better understand how to leverage Azure AD Join with Microsoft Intune, or Configuration Manager co-management and task sequences. We then present you with a clear list of the steps you can take now, start soon, or work on in the future. Learn more Here are links to the resources mentioned in this session: Automatic MDM enrollment Using Windows Hello for Business to Access On-Premises Resources Enable Kerberos Managing remote machines with cloud management gateway in Microsoft Endpoint Configuration Manager While not mentioned specifically in this session, here are some additional resources you might find helpful: Microsoft COVID-19 response site Enabling Remote Work Microsoft Endpoint Manager remote work blog Work remotely, stay secure 2 weeks in: what we’ve learned about remote work Frequently asked questions Q: For Hybrid Azure AD join, if we have a line of sight with the domain controller, is the Intune connector required? A: Yes, it’s what gathers an offline domain join blob from your domain controller. Q: Is there a way to define the complete computer name for devices provisioned via Windows Autopilot? A: For Azure AD Join devices, yes, there is a graph API. For Hybrid Azure AD devices, no, there is only the ability to prefix something onto the name. Q: Is there a list of supported VPN clients? A: We don’t have a supported list because we don’t support the configuration of third-party VPN clients. Customers will need to figure out if your VPN works in this scenario. The real question to ask is ‘does your VPN support pre-logon/start before logon auth?’ or some sort of AOVPN. If so, it will work. These are some of the VPN providers we expect to work: Cisco AnyConnect (Win32 client): “Start before Logon” Pulse Secure (Win32 client): “Credential Provider” GlobalProtect (Win32 client): “Pre-logon” Checkpoint (Win32 client): “Auto Connect/Always Connected” Citrix NetScaler (Win32 client): “Always on” SonicWall (Win32 client): “NetExtender on Startup” Note: We do not document or support how you configure your VPN as it is a third-party configuration. Q: Is there a way to get the device enrolled in Windows Autopilot remotely? A: The only way is if it’s currently managed through Intune. You can assign a Windows Autopilot profile with the “Convert devices to Autopilot” option enabled, and the hardware has will be automatically harvested at the next check in. Q: Are there any alternatives to enroll multiple devices, already deployed, besides Windows Autopilot and Bulk enroll using provisioning package files (PPKG)? A: All of the possibilities are documented here: https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods Q: Is there a way to use White Glove deployment with standard applications without pre-assigning the device to a particular user? A: If you target your applications to devices, then you don’t need to. If the apps are assigned to users, then you need to assign a user. Q: Are we able to deploy the provisioning package files through Intune? A: No, this is not currently supported. Feedback We hope you find this session useful. We'd love your feedback and ideas for future sessions so please fill out this short survey. Thank you!13KViews0likes0Comments