Uninstalling bundled/preinstall O365 during Autopilot
We recently purchased a bunch of new HP ProBook 400 laptops that come bundled/preinstalled with O365 x64. However, since all staff use a 32-bit line of business application, we need to install and use O365 32-bit. We want to Autopilot the new laptops and have packaged and deployed O365 32-bit as a Win32 app (ie: using the Office Deployment Tool and a custom XML configuration). The XML file contains commands to remove any existing versions of Office before installing O365 32-bit. When we manually run the ODT setup.exe with xml file, it functions correctly (i.e., it uninstalls the 64-bit O365 and then installs the O365 32-bit). However, when we package this up as a Win32 app and set it as a mandatory app in the Autopilot deployment profile, it seems to fail or get ignored. All other Intune apps and configuration profiles install successfully, but the laptops still have O365 64-bit installed. Below is what we included at the top of the ODT XML file. Any suggestions would be greatly appreciated. <Configuration> <Remove All="TRUE"/> <Display Level="None" AcceptEULA="TRUE"/> <Property Name="FORCEAPPSHUTDOWN" Value="TRUE"/>
Computer only in Intune receive GPO for Windows Update causing blocking of update
Hello, it's several hours i'm trying to found the origin of this problem. The first symptom i seen is the message in Windows Update "Your organization has turned off automatic update": Windows 10 22h2 In advanced i can see Disable automatic updates Source Administrator Type Group Policy In the registry i can see the key NoAutoUpdate to 1. If i switch it to 0, after reboot or after gpupdate, it's switching back to 1 ?! Something change theses settings . I already tried the MDMWinOverGP with success applying. But in fact in the documentation https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict we can see : Nor does it apply to the https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update for managing Windows updates. It seems not affecting Windows Update. Any idea? Thank you! Julian
Conditional Access and -Online Device registration error
So there was an Issue creating new discussions yesterday and I ended up with a discussion with Heading only. :) We're using the Get-WindowsAutopilotInfo.ps1 script with the -Online switch to register our Entra Joined Devices, and the process is being blocked by Conditional Access. The sign-in logs point to Microsoft Graph Command Line Tools (App ID: 14d82eec-204b-4c2f-b7e8-296a70dab67e) as the blocker. Microsoft Support suggested whitelisting several apps, but unfortunately, that hasn’t resolved the issue—likely because the device doesn’t have the compliant state during online registration. We’re currently evaluating whether a dedicated service account with scoped permissions for Autopilot enrollment might be a workaround. Would be great to hear if anyone else has found a reliable solution.Configuring Intune settings for USB Read Only
Hi Team, After having blocked USB across the estate. We are trying 2 things: USB Read only USB Read and Write access. 2 works as expected but not 1, we aren't able to restrict to only READ into the contents within the USB? Current settings configured: Configuration settings>Administrative Templates>Custom Classes: Deny write access (User): Enabled What am I missing? Do we even need to configure the below? Custom Classes: Deny write access : Enabled?Can't update Intune firewall policy as Global admin
Hello, I tried to update group assignments of existing policy(policy type is Windows Firewall Rules) in Intune with Global administrator role. I add some Entra ID groups and click Save. However, nothing happens even though a notification appears that it was successfully changed. I created new policy and assigned some groups, after that tried to update group list but again the same issue. Does anyone have this experience? It's look like something related to Microsoft. ThanksGo Links on Edge Mobile
Dear community members, We use Intune managed computer and Zscaler that delivers DNS Search Domain. When user type a https://go/links in Edge browser, it automatically appends the FQDN to the address bar to become https://go.mycompanydomain.com/links. It is a quite common practice for Enterprise to provide convenience to access internal shortened URLs. With Intune managed mobile (also has Zscaler), can we achieve the same goal for Edge mobile? For the mobile use case, it is less of typing the go links directly in the browser. Because there are a lot of go links shared in Email and Chats from communications and newsletters, when user click them in Outlook or Teams on the phone, it will open in Edge. I am hoping when Edge opens these links, it automatically appends the search domain like on computers. I have looked up all Intune device and Edge documentation, chatted with three different LLMs, couldn't figure out a solution. All ideas are welcome! Thanks. Best regards,Google Meet Links Not Opening on Intune-Managed Devices
We recently encountered an issue where Google Meet links could not be opened on devices managed via Microsoft Intune. This behavior was consistent across multiple users and devices, and it raised questions about whether this was a configuration issue, a policy conflict, or something else entirely. Symptoms Clicking a Google Meet link (e.g., https://meet.google.com/xyz-abc-def) results in no action. Tried to open it from Outlook, Gmail or Google-Calendar When Opening with the Browser, we get a Redirection to Google-Play-Store, but the Google-Meet App ist already installed. Behavior is consistent across Outlook, Teams, and other apps that handle links. We tried different Default Browers (Edge and Chrome) and Outlook, Gmail, Google Calendar and Google Meets are configured as managed Apps Is this a known Issue or can this be fixed with Intune Configurations? Looking forward to your feedback.
sync error 0x80190190
Hi everyone, I'm getting this sync error 0x80190190 from time to time on some devices which they are domain joined. it register event ID 201: MDM Session: OMA-DM message failed to be sent. Result: (Bad request (400).) I tried different methods to solve it but the problem remains. Could you please help me with this issue? thank you in advance!!!
