Password Complexity Error 2016281112(Remediation failed)
Hello, I've been having an issue with Intune device compliance. The main issue stems from the fact that the devices have a Microsoft account as the device profile, this means that users use their Microsoft password to log in to their devices. However, when setting password restrictions in Intune, it appears to only affect the device password (that isn't being used) instead of the Microsoft password. On its own this would be fine, however, I have been getting the error mentioned above: 2016281112 (remediation failed) on the "password complexity" setting in the device compliance policy. This doesn't make any sense to me as I have edited all of the settings related to passwords so they shouldn't be required at all. Unfortunately, due to the Microsoft account link I mentioned earlier, users cannot change their device passwords without being un-enrolled from Intune so it is very difficult to determine the cause of the issue, or work around it. Can anyone help me resolve this error please?
Issues with Windows 11 Autopilot Hybrid Joined Since last Week
Hi all, as of Thursday 4th December our Windows 11 Autopilot (Hybrid Joined) has ceased functioning. On the very first step, after the user attempts to enter their username&password, we can see the deployment profile gets downloaded to the device but then everything immediately stops with error "Something went wrong. Confirm you are using the correct sign-in information and that your organisation uses this feature. You can try and do this again and contact your system administrator with the error code 800004005". We can see that the ODJ process never starts. And we think we're seeing errors with the device reading the deployment profile JSON locally. Has anyone else had any errors? Wondering if Microsoft have made a change somewhere or have issues.
physicalMemoryInBytes always returns 0 with called from ServiceNow
Hello, I am trying to fetch physicalMemoryInBytes for Intune devices from ServiceNow. I tried calling this info by using below endpoints: https://graph.microsoft.com/beta/deviceManagement/manageddevices('1111-2222-3333-abc4-55aa55bb55')?$select=id,physicalMemoryInBytes https://graph.microsoft.com/beta/deviceManagement/manageddevices('1111-2222-3333-abc4-55aa55bb55')?$select=id,hardwareinformation,physicalMemoryInBytes In both cases I'm getting below error error: Failed to iterate on data stream: com.glide.transform.transformer.exceptions.InvalidPathException: Could not find path in stream: $.value I referred to this Intune article but no luck: https://techcommunity.microsoft.com/discussions/microsoft-intune/physicalmemoryinbytes-always-returns-0/3025721 Can someone help with this?Microsoft Graph Command Line Tools Blocked by CA
Hi All I hope you are well. Anyway, I recently turned ON a Conditional Access Policy Template, "Require MDM-enrolled and compliant device to access cloud apps for all users (Preview)" this seems to work fine until our IT Admins try to use the AutoPilot script which gets blocked based on: Microsoft Graph Command Line Tools Any ideas on how to allow AutoPilot / Microsoft Graph Command Line Tools through CA? Info appreciated
How is your company managing driver updates via Intune?
Hey folks, I’m currently reviewing our driver update strategy for Windows 11 devices managed via Intune. As you probably know, using Windows Update for Business (WUfB) gives us two main options for driver updates: Automatically allow drivers via WUfB Manually approve drivers via Intune + Windows Update for Business deployment service (WUfB-DS) Each approach has its own pros and cons: Automatic driver updates are great for keeping everything up to date with minimal effort, but they come with risks. We’ve seen networking components randomly break after an update, or newer GPU drivers triggering application compatibility issues. Definitely not zero-risk. Manual approval, on the other hand, gives you control and helps avoid surprises, but it also introduces operational overhead: identifying needed drivers, testing, scheduling approvals, and communicating with users — all of that takes time and effort. We’re debating internally whether the automation risk is worth the convenience, or if the manual path is the only safe option in an enterprise setting. So I’m curious: How is your company handling this? Are you letting Windows install driver updates automatically? Or are you manually controlling which drivers get deployed — and if so, how are you handling the process and workload? Would love to hear your thoughts, especially if you’ve found a good balance or process that works well in production! Thanks in advance!How to Seamless Transition from Local Active Directory to Microsoft Intune?
Our organization currently operates with a Local Active Directory (AD) setup, using Azure AD Connect to sync directories with Azure Entra. All organizational devices are domain-joined and managed via Local AD. We are planning to transition device management to Microsoft Intune while ensuring a seamless process with no user intervention and no loss of user data. What are the industry best practices for achieving this transition?
Restrict User Access to Specific Devices and Location Using Intune & Conditional Access
We have a customer requirement to restrict user sign-ins using Intune and Azure AD (Entra ID) Conditional Access. The goal is to allow access only from specific, managed devices and only from a specific geographic location. For example, users should be able to access corporate resources only when signing in from compliant/managed devices and only when located in Mumbai What would be the recommended approach or best practice to achieve this using Conditional Access and Intune? Any guidance on configuration, limitations (e.g., location accuracy), or real-world experiences would be appreciated.
What are the system requirements for hardware-accelerated BitLocker announced in ignite 2025?
Microsoft has recently announced hardware-accelerated Bitlocker (Ref. Link: https://techcommunity.microsoft.com/blog/windows-itpro-blog/announcing-hardware-accelerated-bitlocker/4474609) I would like to know system requirements (Specifically Hardware) that supports this functionality. The article also says below "Coordinate with your suppliers and keep an eye on listings from us and other vendors as PCs become available on the market." But I am unable to find any link for the listing from Microsoft. Does it support all the devices that has TPM 2.0 or does it require any other hardware?Scheduled deployment of Applications from Intune
Does Intune natively support scheduled deployment or rollout of applications to Windows end-user devices? i.e. like other MDM products (SCCM, Ivanti EPM etc..) you can add a specific time and date when you want to deploy the application package to targeted devices. Thanks, Amag
Win 10 Security Baseline: Issue with WHFB
Hi, I activated the Intune Win 10 security baseline on a set of devices. I know experience an issue with WHfB. My face and fingerprint is not recognized, rsp. the login process is giving an error, saying that I cannot be identified. One user reports, that when away from company WhfB works as expected, asking for face or fingerprint and as second factor a PIN. I have another policy in Intune that is giving MDM policies precedence over GPO, so I cannot understand why it works for that one user when outside of company. What settings in MDM security Baseline could possibly be the cause resp. be responsible for broken WHfB?
