Zebra OEMConfig APP not in the APP policy list in Intune
Hi, I have a question about adding an APP policy in Intune. I installed the Zebra OEMConfig Powered by MX app through the Intune Google Managed Play Store. When I try to create an app policy for this app, it doesn't show up in the app list. A lot of other apps do, but this one specifically doesn't. The app does appear in the all apps list in Intune. According to Microsoft, the app is fully supported in Intune. Does anyone have experience with this or any tips on how to get the app to appear? I hope someone can help me out! TIA.
Ubuntu 24.04 LTS + Entra ID Authentication + Intune Enrollment
Hi Community I want to combine in Ubuntu 24.04 LTS the new user authentication with Entra ID along with enrollment in Intune using the new version of the intune portal. The goal is that the user can log in Ubuntu with the local user created during the Device Authentication process and then be able to enroll in Intune and sign in to the portal whenever he wish. During my tests, I have seen that if you install the necessary components for authentication with Entra ID, along with Microsoft Edge and the Intune company portal using the Ubuntu installation user, and then authenticate with the Entra ID user after the device authentication process, you get this error when you try to enroll using the company portal: Continuing with my tests, I have seen that if you start Microsoft Edge you can save a default keyring with a password. This security feature is specific to GNOME as far as I have read. With this keyring, it will be possible to enroll the device in Intune later. When starting the company portal, the default keyring password is requested, and after entering it, enrollment can be completed. From then on, the user can sign in to the portal as long as they enter that password However, the generation of this default keyring is a process that we do not want to leave in the hands of the user. The goal is to deliver the device to the user with all the necessary software, so that once they have authenticated the device with Entra ID, they can open the company portal and enroll in Intune. Does anyone know if there is a way to avoid using such keyrings in a scenario like this? On a machine with only Ubuntu and Edge, it is possible to make this process transparent, by disabling user autologin or setting an empty password for this keyring, but in the scenario of Ubuntu + Entra ID + Intune, I can't manage it. Thanks for your help and I wish you a great 2025
Company Portal | App installation issues
Anyone else experiencing issues with downloading apps from company portal? Win32 apps, pressing install and just spins on “download pending… your device is syncing and will begin downloading your app shortly” Experiencing this issues with 2 different tenants. In 2 different countries now.
App Protection Policy and Siri Intents
Hello, I know that there is a MAM Policy setting to be checked "areSiriIntentsAllowed" to decide to allow or block a Siri intent for an Intune SDK integrated application but I am not seeing where in the App Protection Policy that I can change this value to allow the Siri intent. Is there an Intune Console setting that dictates what the "areSiriIntentsAllowed" will be set to? Here's the Intune SDK integration reference https://learn.microsoft.com/en-us/intune/intune-service/developer/app-sdk-ios-phase4#siri-intents Thanks!
Uninstalling bundled/preinstall O365 during Autopilot
We recently purchased a bunch of new HP ProBook 400 laptops that come bundled/preinstalled with O365 x64. However, since all staff use a 32-bit line of business application, we need to install and use O365 32-bit. We want to Autopilot the new laptops and have packaged and deployed O365 32-bit as a Win32 app (ie: using the Office Deployment Tool and a custom XML configuration). The XML file contains commands to remove any existing versions of Office before installing O365 32-bit. When we manually run the ODT setup.exe with xml file, it functions correctly (i.e., it uninstalls the 64-bit O365 and then installs the O365 32-bit). However, when we package this up as a Win32 app and set it as a mandatory app in the Autopilot deployment profile, it seems to fail or get ignored. All other Intune apps and configuration profiles install successfully, but the laptops still have O365 64-bit installed. Below is what we included at the top of the ODT XML file. Any suggestions would be greatly appreciated. <Configuration> <Remove All="TRUE"/> <Display Level="None" AcceptEULA="TRUE"/> <Property Name="FORCEAPPSHUTDOWN" Value="TRUE"/>
Computer only in Intune receive GPO for Windows Update causing blocking of update
Hello, it's several hours i'm trying to found the origin of this problem. The first symptom i seen is the message in Windows Update "Your organization has turned off automatic update": Windows 10 22h2 In advanced i can see Disable automatic updates Source Administrator Type Group Policy In the registry i can see the key NoAutoUpdate to 1. If i switch it to 0, after reboot or after gpupdate, it's switching back to 1 ?! Something change theses settings . I already tried the MDMWinOverGP with success applying. But in fact in the documentation https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict we can see : Nor does it apply to the https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update for managing Windows updates. It seems not affecting Windows Update. Any idea? Thank you! JulianConditional Access and -Online Device registration error
So there was an Issue creating new discussions yesterday and I ended up with a discussion with Heading only. :) We're using the Get-WindowsAutopilotInfo.ps1 script with the -Online switch to register our Entra Joined Devices, and the process is being blocked by Conditional Access. The sign-in logs point to Microsoft Graph Command Line Tools (App ID: 14d82eec-204b-4c2f-b7e8-296a70dab67e) as the blocker. Microsoft Support suggested whitelisting several apps, but unfortunately, that hasn’t resolved the issue—likely because the device doesn’t have the compliant state during online registration. We’re currently evaluating whether a dedicated service account with scoped permissions for Autopilot enrollment might be a workaround. Would be great to hear if anyone else has found a reliable solution.Configuring Intune settings for USB Read Only
Hi Team, After having blocked USB across the estate. We are trying 2 things: USB Read only USB Read and Write access. 2 works as expected but not 1, we aren't able to restrict to only READ into the contents within the USB? Current settings configured: Configuration settings>Administrative Templates>Custom Classes: Deny write access (User): Enabled What am I missing? Do we even need to configure the below? Custom Classes: Deny write access : Enabled?Can't update Intune firewall policy as Global admin
Hello, I tried to update group assignments of existing policy(policy type is Windows Firewall Rules) in Intune with Global administrator role. I add some Entra ID groups and click Save. However, nothing happens even though a notification appears that it was successfully changed. I created new policy and assigned some groups, after that tried to update group list but again the same issue. Does anyone have this experience? It's look like something related to Microsoft. Thanks
