Understanding DEM accounts and licensing
We are trying to understand the right way to deploy corporate devices that I'll call "shared" among staff. Specifically iOS devices. We started out thinking we needed to buy tens of thousands of device licenses as they weren't tied to a user. Then start reading about this DEM account idea. If I'm understanding it right, I can create 150 of these DEM accounts and each can enroll 1,000 devices. So then I could enroll 150,000 devices without paying for any licenses? Or do I just need to buy 150 "user" licenses and can enroll 150k of devices for no more cost? What if I need to move to like plan 2 for these devices for say tunnel capabilities. Do I have to pay per device or just for the 150 "user" licenses? Is it really free vs paying even for the "DEM" accounts? Curious if anyone can explain how these accounts work as even though we have an enterprise account with MS no one there seems to be able to explain it to my satisfaction.
Threat Severity missing in Intune policy
I was updating our Intune Antivirus policy today and noticed that the threat severity section is gone. When I saved the changes, I did another review of the Defender settings and they have been removed from the policy. Anyone else seeing this or know how to get them back?
Device don't report to Windows Update for Business reports
We start using Autopatch. I setup all thigs for this report. Create LA and setup it. https://learn.microsoft.com/en-us/windows/deployment/update/wufb-reports-overview But from 750 device i see only 42. I try creating new LA, and onboard it but number of computers is same. On my NB i try even script but nothing works https://learn.microsoft.com/en-us/windows/deployment/update/wufb-reports-configuration-script Any help?Google Meet Links Not Opening on Intune-Managed Devices
We recently encountered an issue where Google Meet links could not be opened on devices managed via Microsoft Intune. This behavior was consistent across multiple users and devices, and it raised questions about whether this was a configuration issue, a policy conflict, or something else entirely. Symptoms Clicking a Google Meet link (e.g., https://meet.google.com/xyz-abc-def) results in no action. Tried to open it from Outlook, Gmail or Google-Calendar When Opening with the Browser, we get a Redirection to Google-Play-Store, but the Google-Meet App ist already installed. Behavior is consistent across Outlook, Teams, and other apps that handle links. We tried different Default Browers (Edge and Chrome) and Outlook, Gmail, Google Calendar and Google Meets are configured as managed Apps Is this a known Issue or can this be fixed with Intune Configurations? Looking forward to your feedback.
Outlook cache mode set to download 3 months of emails
Hi ladies and gents, We have a requirement to set Outlook cache mode set to download 3 months of emails. The environment consists of Exchange Online, Intune and M365 and the devices are cloud native Win 11. Could you please advise the best way to achieve this. GPO is not an option, and Intune does not have a policy for this.Remed Script to delete Reg Value
Hi All I hope you are well. Anyway, pulling hair out this one, so could someone help me compile a Detect and Remed script to delete the following Reg key please: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate Value I need removed is the SetActiveHours one as below Any help would be greatly appreciated.
Enroll existing macOS devices to Intune
Hey, How do you handle/enroll existing business macOS devices, which are not yet managed by Intune or any other MDM? I believe if i somehow add them to ABM: if reseller adds them i can run enrollment profile, no wipe needed i can add them with configurator for iPhone, wipe needed Is for direct enrollment (without user affinity) device license needed? And user (with Intune license) will then use device. As stated here :https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/licenses#device-only-licenses no direct enrollment is mentioned (manual install profile). What other options do i have for properly manage macOS devices (not byod but corporate) ? Thanks, Tom
InTune policies blocking callback from Edge browser
InTune policies blocking callback from Edge browser I'm using a BYOD Android phone enrolled in our company's InTune company portal. A few months ago, I ran into an issue where I'm unable to authenticate to a MatterMost chat server from the MM app in my work profile. When I enter the server address and click log in, it takes me to a browser window inside the MM app (but using Edge) to authenticate using the host organization's SSO. Once I enter my credentials, it sends a callback using this URI scheme: mmauth://callback?MMAUTHTOKEN=<token>&MMCSRF=<more data>. However it looks like Edge prevents this callback from reaching the MM app because I get a popup saying: No available apps There are no apps currently configured on this device that your organization allows to open this content. Please ensure you are signed in with your work or school account to your managed apps or contact your organization's support team. I assume this is because our IT has either "Restrict web content transfer with other apps" or "Allow app to transfer data to other apps" policy settings enabled. In general things are pretty locked down so that data can't be shared between non-Microsoft apps, and even then some things can't be copied and pasted from one Microsoft app to another. I reached out to our company IT support but he seemed to think the only possible solution was to allow Chrome inside the Work profile to bypass the Edge restrictions. For obvious reasons, no one in IT or the company leadership wanted to implement this solution. Are there any other solutions where MatterMost or even just that specific "mmauth" URI can be white-listed in InTune to allow MatterMost to complete the authentication? Not looking to try to get around policies, but would like to have a informed discussion with our IT on maybe adjusting the policy to be more functional.How to foce intune client in Ubuntu to synch automatically
Hello, in my company we have enrolled Devs Ubuntu devices to control some security setting and allow or not the access to our company apps and content. We have set compliance policies and enabled conditional access to check its. i have been surprised this morning by the last checking date of my Ubuntu laptops and ask my Devs of last signin in company portal client and the date match with the last checking date. I concluded, the company portal is synching only when the user open it and signin. This is a big problem for us because we are certified ISO27001 and we must check all devices compliance. Somebody has a script to deploy on those ubuntu devices and force a synch every day waiting for a Microsoft evolution of this process. Thanks a lot and regards Majid
