Win 10 Security Baseline: Issue with WHFB
Hi, I activated the Intune Win 10 security baseline on a set of devices. I know experience an issue with WHfB. My face and fingerprint is not recognized, rsp. the login process is giving an error, saying that I cannot be identified. One user reports, that when away from company WhfB works as expected, asking for face or fingerprint and as second factor a PIN. I have another policy in Intune that is giving MDM policies precedence over GPO, so I cannot understand why it works for that one user when outside of company. What settings in MDM security Baseline could possibly be the cause resp. be responsible for broken WHfB?Deploy an application to Windows devices with specific serial numbers
I have a total of 200 new laptops which I would like to deploy a specific application using InTune. I have the serial number of all the laptops. These laptop are only identifiable by the serial number only and cannot use anything else. I've been searching for solutions but articles are not clear. Can someone please advise if this can be done? If so, can you guide me to a good article or with some points? Thanks in advance
Android 15 - CredentialProviderPolicy not surfaced by Intune
I have been having an issue with Android 15 devices. We use Authenticator as our password autofill provider. As soon as a device is updated from Android 14 to Android 15, the password autofill provider is no longer set and the setting to change it is 'blocked by work policy.' I have already tried removing all policies that apply to the devices (device config and device compliance policies) and factory resetting them. Simply having them enrolled as corporate owned fully managed devices causes this to happen. I raised the issue in the Android Enterprise community blog. A link to that is included below. Someone on that thread found that there is a policy in Android 14/15 called the credentialproviderpolicy. When that policy is blocked or unconfigured, this behavior happens. I cannot find anywhere in Intune where I can set this policy. It seems that it is allowed by default when managing Android 14 with Intune, but not set or blocked when the device switches to Android 15. Is there any way to specifically set a policy that is not reflected in the Intune UI? This is a blocker for being able to move more phones to Android 15. Link to Android Enterprise thread: https://www.androidenterprise.community/t5/admin-discussions/android-15-cannot-set-default-password-app/m-p/8827#M2105 Thanks, Tom
Biometrics - Some of these settings are hidden or managed by your organization
-When going in windows to ->Sign ins-> I am unable to set biometrics. *Some of these settings are hidden or managed by your organization. for e.g. Windows Hello Face This option is currently unavailable - Click to learn more -To try and solve this issue, I enabled Windows Hello for business from Intune -> Device -> enrollment -> Windows hello for business. But issue persists, What do you think could be the issue.
Multi-App Kiosk not applying on Samsung A55 (Android 16)
Hello everyone, I’m facing a critical issue with Android Enterprise Multi-App Kiosk mode on a Samsung Galaxy A55 (SM-A556B). The problem started suddenly last week without any configuration changes, and now no Android Enterprise configuration profiles apply anymore. What happened originally The device was running Android 15, and it had been working fine for months in Managed Home Screen (Multi-App Kiosk). Then suddenly: Managed Home Screen stopped showing all apps The device booted into MHS, but the screen was completely empty No policy changes were made on our side I tried several troubleshooting steps, but nothing fixed it. Eventually, I factory-reset the device and re-enrolled it as a Corporate-Owned Dedicated Device (COBO). Current situation after re-enrollment Even after a clean enrollment: No Android Enterprise device restriction profiles apply (Multi-App Kiosk doesn’t start at all) The device stays in the normal Samsung launcher Only very basic commands work: Remote restart App install/uninstall via group assignment All assigned apps show as Installed Profile status in Intune shows Success, but nothing is actually enforced I then upgraded the device to Android 16 (patch 2025-11-01). Unfortunately, the behavior did not change. Current configuration Android Enterprise → Device Restrictions → Multi-App kiosk Allowed apps: Teams, Managed Home Screen, Contacts Managed Home Screen installed Enrollment type: Android Enterprise – Fully Managed / Dedicated No OEM kiosk (no Samsung Knox settings) No Work Profile on the device Symptoms now Managed Home Screen never launches Kiosk mode is completely ignored Device is fully usable like a normal phone Only app deployments work, nothing else This began while still on Android 15 Updating to 16 did NOT resolve the issue Questions Has anyone seen this behavior where Android Enterprise policies stop applying entirely after MHS fails? Is there a known issue with Samsung A55, Android 15/16, or Managed Home Screen? Could this be related to a bug in the Fully Managed/Dedicated enrollment flow for the A55? Any recommended workarounds or known fixes? Any guidance is appreciated — this behavior is completely blocking Kiosk deployments for us. Thanks!
Issues with Windows 11 Autopilot Hybrid Joined Since last Week
Hi all, as of Thursday 4th December our Windows 11 Autopilot (Hybrid Joined) has ceased functioning. On the very first step, after the user attempts to enter their username&password, we can see the deployment profile gets downloaded to the device but then everything immediately stops with error "Something went wrong. Confirm you are using the correct sign-in information and that your organisation uses this feature. You can try and do this again and contact your system administrator with the error code 800004005". We can see that the ODJ process never starts. And we think we're seeing errors with the device reading the deployment profile JSON locally. Has anyone else had any errors? Wondering if Microsoft have made a change somewhere or have issues.Close the Year Strong with Surface for Business Deals
As organizations look to maximize their remaining budget and prepare for 2026, now is the moment to modernize device fleets with Surface for Business. Through December 24, limited-time Surface promotions make it easier to accelerate refresh cycles, strengthen endpoint security, and equip employees with devices that are AI-ready from day one. Surface for Business devices combine productivity-forward design, leading AI capabilities, and Microsoft security at multiple layers. Whether refreshing a subset of users or upgrading entire departments, organizations can close the year with hardware that helps reduce risk, assists in lowering management overhead, and positions teams for the next wave of AI-driven productivity. Secure by Design Surface for Business devices deliver hardware-based protections aligned with Secured-core PC standards. Hardware-based security, advanced firmware protections, and memory-safe drivers help reduce exposure across the stack, providing peace of mind that clears the way for AI innovation. AI-Ready With advanced processors including powerful AI chips on supported models, Surface for Business devices are ready to help employees maximize their skills using AI to drive business forward. From a dedicated Copilot key 1 to Foundry on Windows for developing local agents, these devices provide the foundation for people to achieve their best. Learn more about unlocking AI innovation in our new eBook. Ready to Deploy Surface for Business devices support Windows Autopilot 2 , enabling IT teams to deploy devices directly to employees, preconfigured with corporate profiles and security baselines, without imaging or desk-side setup. Combined with centralized management through Microsoft Intune 3 , organizations can reduce deployment time and help keep endpoints consistent from day one. Make the Most of Year-End Purchasing Opportunities Maximize remaining 2025 budget by exploring end-of-year savings on select Surface for Business devices. Work with your preferred reseller to capitalize on year-end spend, or purchase directly through Microsoft Store in the US 4 to take advantage of available offers that make modernizing your device fleet easier as you prepare for 2026. Resellers can help organizations align device selection, deployment plans, and support needs while optimizing budget utilization. Businesses purchasing through Microsoft Store benefit from fast, free shipping and a 60-day return window on most physical products. 5 Across both channels, Surface for Business offers provide a cost-effective path to refresh devices now rather than deferring upgrades—helping IT leaders complete their roadmap, meet procurement targets, and deliver new value to end users before the new year. Find a reseller [https://www.microsoft.com/surface/business/where-to-buy-microsoft-surface Buy from Microsoft Store US [https://www.microsoft.com/en-us/store/collections/surface-deals-bundles] References Feature availability varies by device and market. See Key Support for details. Windows Autopilot device preparation depends on specific capabilities available in Windows client and Microsoft Entra ID. It also requires a mobile device management (MDM) service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs. Additional licenses required, not included with Surface. Offers and promotions vary by market. Terms apply. Microsoft Store only ships to certain countries; see Shipping options, costs, and delivery times - Microsoft Support for details.Outlook Mobile Stuck in Login Loop on Intune Shared Android Devices
We’re having an issue on our Intune-managed shared Android Enterprise devices that are set up in Dedicated/Kiosk mode. When users try to open the Outlook mobile app, it launches and recognizes the signed-in user through AAD/Intune, but then it just gets stuck in a loop. It keeps showing messages like "Finding your account…" or "Identifying account…", and never actually loads the mailbox or even shows the normal login screen. Has anyone else run into this issue, and is there a known fix or workaround?Zoom Workplace
Hi All, We have setup an MSI App deployment for Zoom Workplace which has deployed to all machines successfully. However it will not Auto-Update? it is still on the same deployment version from months ago... These are the command line arguments added: AudioAutoAdjust=”1″ ZoomAutoUpdate=True zConfig="AU2_EnableAutoUpdate=true;AU2_InstallAtIdleTime=True" Can I change the MSI file to the latest one and will it deploy and overwrite existing? Any advice greatly appreciated! Thanks, Scott
