WDAC Managed Installer and Applocker Audit logs
Hello, I am looking to deploy WDAC to Intune managed Windows 11 devices. In testing I have followed guidance (link below) to create the required supporting Applocker ManagedInstaller rule: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer#create-and-deploy-an-applocker-policy-that-defines-your-managed-installer-rules-and-enables-services-enforcement-for-executables-and-dlls In testing, whilst this appears to work (in that an app deployed by Intune is allowed, but the same app installed locally by an admin is not), I have noticed that the configuration results in a excessive amount of logging to the Applocker Microsoft-Windows-AppLocker/EXE and DLL log, i.e. a 8003 audit event for pretty much every DLL execution: Does anyone know if this is expected? Seems an obvious question as I see how the configuration of the Applocker ManagedInstaller rule collection in audit mode could cause this: Just looking for some clarification that this is expected as I had not anticipated the use of this (MDAC) option to result in such aggressive logging by Applocker (which I am otherwise not looking to use)? I have seen no mention of this in the documentation, so I guess it is either deemed obvious (which one could argue is the case!) or I have miss configured something? Does anyone else have this configured and if so, do you see the same? Many thanks, Phil
upprinterinstaller.exe pop up windows
Hi everyone! we have just started deploying printers to intune clients using universal print. It works mostly fine, but after adding around 10 printers via policy, we see multiple upprinterinstaller.exe windows popping for a few minutes up each time the client synchronizes policy. Has anyone else experienced this, or found a solution to this? Ruslan
Biometrics - Some of these settings are hidden or managed by your organization
-When going in windows to ->Sign ins-> I am unable to set biometrics. *Some of these settings are hidden or managed by your organization. for e.g. Windows Hello Face This option is currently unavailable - Click to learn more -To try and solve this issue, I enabled Windows Hello for business from Intune -> Device -> enrollment -> Windows hello for business. But issue persists, What do you think could be the issue.
Cataloging Modern PC Management Ready PCs, Peripherals, and Software
I have started a shared spreadsheet for the community to share their experiences with "Autopilot Ready" PCs, Peripherals and Software. My hope is this will help admins find the rare gems and push OEMs to get with the times. Please contribute your own findings to the spreadsheet and discuss suggestions here. https://1drv.ms/x/s!AgG_boPR-xfWjN9i2Z_y_8ErM6t--A
Join Devices using a provisioning package (.ppkg) in Azure AD - how does it work in detail?
For a project, we are checking whether there is a way to join the devices into AAD using a provisioning package. When creating a project with the Windows Configuration Designer under "Account Management" is the task for "Enroll in Azure AD" and "Get Bulk Token". Here are my questions about it: Which account do I normally used to register the token? Which rights and licenses must the account have? An enterprise app is being created, but I still must do something with the permissions? Something else needs to be done with the user that is created in AAD (package_)? Are there hurdles in sight regarding conditional access? I ask myself the questions because I tried it and failed with the following message (from the event log of the client which I wanted to integrate into AAD) Client: Windows 10 Pro 21H2, Windows 10 Enterprise 1909 (same Error) ProvXML category 'DeviceAADJoin' failed with '0x80180014' at CSP node 'AADJ/BPRT'. Provisioning failedUniversal Print Intune error - Install (User) -2147418113 & -2138701812
I'm currently doing a PoC on Universal Print using connector installed on an on-premise server 2022. I successfully installed the printers on the Connector server, registered with Azure UP (Universal Printer), shared it and began configuring Intune (MEM) to deploy on Win 10 machines. I used printer provisioning from the configuration profile catalog and put all the required values. I targeted the profile on a group of users. The results were interesting. Two users installed the UP with no errors, 3 other users failed to install with error message details below. I could not find any of these errors documented any where. I have engaged MS Support and waiting on solution. These errors are not documented anywhere for MEM. Here are the errors in anyone might be able to help Install (User) -2147418113 Install (User) -2138701812 I have also attached screenshot from MEMFSLogix policies in Intune for multi session Azure Virtual Desktops hosts
Hi Tech Community, Is there a way we can deploy Fslogix policies via intune for multi session Azure Virtual Desktops hosts ? Currently I am doing it either via GPO or manual registry settings. I can run a powershell script in Intune to set the same registries but I was looking for a better way to do it via Intune configuration profiles. Thanks, Yash
Bitlocker 851 the system cannot find the path specified
Hi everyone, We are trying to migrate computers from domain joined to INTUNE. Every time we disjoin a computer the BitLocker has a problem suspending or even disabling and re-enabling. What we found is an error 851 the system cannot find the file specified. When we rejoin to The domain and enable BitLocker the error does not happen and BitLocker is enabled successfully. We also use a pin with the boot up. I tried searching the issue and attempted the repairs suggested with no luck. Any ideas would be appreciated. Rahamim
Azure Update Management for Intune and "feature upgrades"
Scenario: W10 Clients, 21H2 (by enablement package) Hybrid-joined to Intune MDM and on-prem AD DS. No SCCM / Co-Management Previously managed by WSUS policies All Intune Rings & Feature Update / Expedite Policies follow MS guidance. AD based GPO are successfully overide by Intune Policy All in all, Intune policies work as expected. The story: Implemented Intune management with hybrid join and policies and bells and whistles to leverage Update Compliance dashboard - also following the guidelines of Aria and the MS Mechanic team. The results are mixed. For some reasons I do not have section for quality updates only, just feature updates or expedited quality updates. Furthermore devices report "in-progress" for a feature upgrade to Windows 21H2, while they are already on Windows 10 21H2 (19043) and the compliance policies confirming this as well. Endpoint Manager Reports - Windows Updates Update Dashboard The issue: It seems like devices running on 21H2 by enablement package are recognized wrongly by the each of the dashboards. Reporting as if a feature upgrade would be missing. In addition I have not seen any Intune settings / nor settings catalog to prefer enablement packages over full upgrades either. Any ideas? cc AriaUpdated thanks for help in advance!WMI unknown account in security permissions
Hi everyone, We are using WMI on Azure AD computers to give our NAC system (PortNox) access to read a certain process in the client. We have an issue where for some reason the account was mistakenly deleted and in this case when opening the WMI CIMV2 namespace security we see that an unknown account remained in the security permissions. When I try to use PowerShell to remove the unknown account I get unknown error. Anyone has any idea what I can do to get out of this mess? Thanks in advance, Rahamim.
