Intune
4263 TopicsIs it really impossible to force an Intune sync from the command line?
Is it really not possible to force an Intune sync on a client computer from the command line? It seems like such a simple thing to do. Rather than make me dig 3 subpages deep to click a button, just let me fire off a DOS command and get on with my day. I'm familiar with the MS-Graph method, but honestly, clicking a "Sync" button should never be as complicated as that. I'm also familiar with Michael Neihaus' method... Get-ScheduledTask | ? {$_.TaskName -eq 'PushLaunch'} | Start-ScheduledTask That has never worked, but don't tell anyone because there are a lot of admins out there who think it does, and I'd hate to spoil their day. Am I just too dim to figure this out or is there really no way to sync from a CLI? Thanks,101KViews3likes17CommentsDevice shows twice in Intune and Entra after upgrade, still not activating Enterprise
Hi everyone — I'm looking for advice on a device we're trying to onboard into Intune with proper licensing and Entra join. Background: I have a user whose device was: Originally on Windows 11 Home Manually upgraded to Pro using a generic key (unactivated) Then upgraded to Enterprise using a generic key Factory reset in an attempt to trigger proper OOBE and Entra join Current Problem: Now, we have two device records for the same machine in both Entra ID and Intune: One device is marked Entra registered (personal), showing Windows Pro The other is Entra joined (corporate), showing Windows Enterprise but still not activated (0xC004C003) The user is correctly signed in with their work account Device did not trigger the expected work/school OOBE flow Subscription activation is not completing What I've Tried: Factory reset and cleanup using slmgr /upk and systemreset -cleanpc E5 license is properly assigned Verified login during OOBE is using the correct organizational account Device shows as compliant and managed in Intune But Windows remains unactivated on Enterprise What I'm Wondering: Could the duplicate records (personal and corporate) be interfering with activation? Should I delete both and start fresh? Is there a better way to force clean OOBE + Entra join when recovering a Home device? Should I stop using generic product keys and let subscription activation take over? Any insight would be hugely appreciated — I'm in the middle of deploying Intune across 75 devices by the end of August. Thanks in advance!20Views0likes1CommentDefender Browser Protection Extension for Chrome
Has any one noticed how pointless this extension is? Deployed using Intune with tamper protection so the user is forced to use it, but Microsoft has built in a disable feature to the extension that can not be controlled, or can it? Any ideas on how to harden this, or something for Microsoft to fix? Tamper Protection enabled: User can bypass by disabling the protection:49Views1like1CommentIntune - Issues with Account-Driven User Enrollment Issues on iOS 18.5
Hello everyone, Since the release of iOS 18, Apple has deprecated profile-based user enrollment via the Company Portal app, requiring the use of Account-Driven User Enrollment. While this change enhances user experience, I'm encountering challenges in implementing it. Steps Taken: Apple Business Manager (ABM) Account: Created and linked the ABM account to Intune using the token. Corporate devices are successfully appearing in Intune. MDM Server Configuration: Set Intune as the default MDM server for all devices in ABM. Domain Federation: Established Entra ID federation in ABM to synchronize all users. Intune Enrollment Profile: Created an 'Enrollment Type Profile' of type 'Account-Driven User Enrollment.' MDM Push Certificate: Configured and validated the MDM Push certificate. Issue Encountered: According to https://support.apple.com/guide/deployment/account-driven-enrollment-methods-dep4d9e9cd26/web, starting with iOS 18.2, hosting a service discovery file on a web server is no longer mandatory. The device should automatically contact the ABM organization associated with the Managed Apple ID if no web server is found. On an iOS 18.5 device, I navigate to: Settings > General > VPN & Device Management > Sign in to Work or School Account After entering my Microsoft email address (which matches my Managed Apple ID due to federation), I consistently receive the error: "Your Apple ID does not support the expected services on this device." In ABM, under "Access Management" > "Apple Services," all services are activated. Could I be missing a crucial step in the configuration? Any guidance or insights would be greatly appreciated. Thank you in advance for your help. Best regards,56Views1like4CommentsHow to Enforce Office Add-In Restrictions via Intune for Azure AD-Joined Devices (Office 2013–2021)
Dear Community, We are currently migrating users from a traditional Windows Active Directory environment (where we used GPOs to restrict Office add-in management) to Microsoft 365 with Azure AD-joined devices. Our goal is to prevent users from disabling critical Office add-ins across multiple standalone Office versions — specifically Office 2013, 2016, 2019, and 2021. We are looking for guidance on: How to implement similar restrictions using Microsoft Intune and Microsoft 365 Admin Center. Whether there are Intune configuration profiles or administrative templates that support this use case. Any limitations or compatibility issues with standalone Office versions (non-Microsoft 365 Apps). Recommended best practices or documentation links for enforcing add-in policies in a cloud-native setup. Any help or shared experiences would be greatly appreciated! Thank you.17Views0likes1CommentTo check admin rights access on windows 10 & later devices
We have windows 10 and later devices managed by Microsoft Intune. I want to get the list of users who are having admin rights access on their devices. Could anyone assist how can I get that. Thanks & Regards, Ayyaz Mahboob21Views0likes1CommentRemove Autopilot Deployment Profile From Devices
Hello, Has anyone found a way (preferably programmatically) to remove an Autopilot deployment profile from a device in Autopilot? From what we've seen, these profiles are permanently stuck on devices and cannot be removed or changed. I've heard it's possible to switch them but haven't personally seen it and wanted to get a better understanding about this. We would like to be able to remove profiles, but keep the device in Autopilot with no profile assigned for OSD task sequence builds at times. Any thoughts or info others have would be greatly appreciated! Thank you!14KViews0likes5CommentsAutoPilot Hardware hash error, You cannot call a method on a null-valued expression
When we trying to download the hardware hash for Autopilot via Powershell, we recently are getting null-valued expression errors on random laptops W11P laptops . So far on W10P we never hard problems. Is there a way to exclude $model, $make? Or can we adjust the script? our script: @ECHO OFF echo Enabling WinRM PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command Enable-PSRemoting -SkipNetworkProfileCheck -Force echo Gathering AutoPilot Hash PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command %~dp0Get-WindowsAutoPilotInfo.ps1 -ComputerName $env:computername -OutputFile %~dp0compHash.csv -append echo Done! pause3.3KViews1like5CommentsMGP Keep apps on certain version
Hi All I hope you are well. Anyway, a wee urgent one here. Is there any way to keep apps from the Managed Google Play to a certain version number? Apparently, the latest version of one of our apps is flawed. This is an app that is available publicly and not an LOB / APK etc. Info appreciated. Stuart18Views0likes0Comments