Intune
4048 TopicsIntune bulk enrollment issue with package
Hello, We are encountering an issue while trying to enroll a device in Microsoft Intune within a Windows 10/11 workgroup environment. Using Windows Configuration Designer, we created a provisioning package for device enrollment. However, after executing the package on the device, we observe the following error in the Event Viewer under: Applications and Services Logs>Microsoft>Windows>DeviceManagement-Enterprise-Diagnostics-Provider>Admin: MDM ConfigurationManager: Command failure status. Configuration Source ID: (fb5b5ed2-b681-475c-bb21-c31762a5953d), Enrollment Name: (Provisioning), Provider Name: (AADJ), Command Type: (SetValue: from Replace), CSP URI: (./Vendor/MSFT/AADJ/BPRT), Result: (Unknown Win32 Error code: 0xcaa2000c). Additionally, when reviewing the Entra Audit logs, we notice that the device gets registered but is immediately unregistered. Could someone help us identify the root cause of this issue or suggest steps to resolve it? Thank you106Views1like4Commentsexclude non Wi-Fi enabled devices for Wi-Fi Configuration Profile
Hi everyone We have a WiFi Configuration Profile in Intune that applies to all company users. Problem is now that the profile tries to apply these WiFi Settings to devices which don't have WiFi capability and Intune throws errors back on these devices. My idea is now to create a group or a script, which checks the device for the presence of a WiFi MAC. When the device has a WiFi MAC, the profile gets applied. Has anyone an idea about how I can achieve this? Or what are your solutions for this scenario? Thanks for every reply 🙂Solved3.3KViews0likes7CommentsPoly devices and the transition to Android Open Source Project (AOSP)
Today we had a handful of our Poly Teams meeting devices sign out and then refused to re-enroll afterwards. Our devices included Poly Studio X30, X50, X70 and TC8 touch panels. on the screens that were attached to the equipment, upon failure of sign-in and re-enrollment we saw a message on the screen saying "Signing out... This device isn't enrolled in device administrator. Contact your admin". The devices were still available in the Teams admin center so I was able to retrieve diagnostics from the devices. Within the CompanyPortalEventsLog* file in the root of the zip file containing the diagnostic data there was the following line TIMESTAMP CompanyPortalReasonCode: WORK_PLACE_JOINED CompanyPortalStatus: UNKNOWN FailureReason: ENROLLMENT_RESTRICTIONS After further investigation, the devices also had updates applied to them during the early morning hours. After some searching and reading through this article Moving Teams Android Devices to AOSP Device Management | Microsoft Community Hub - even though my devices weren't supposed to be available until February, I followed Step 1 to create an enrollment profile for Android Open Source Project (AOSP) with the settings outlined. However, in my tenant, "For Microsoft Teams Devices" was still being marked as preview. Once this profile/policy was in place I was successful in logging our devices in with their resource accounts. Lucky us that it happened on Friday and not one of our core work days. So, watch out for your Android Teams Room devices with this change/transition happening. Try to work ahead of it to prevent Teams Meeting Room Android devices and Android phones from experiencing downtime in your offices and set the policy up as soon as you can. There's a secondary step to make sure to have a Compliance policy in place for AOSP devices as well, be sure to have that set up so that your devices are still flagged as Compliant in your tenant. https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-android-aosp If anyone else sees any other symptoms of this issue post them to this thread to help others troubleshoot.17Views0likes0CommentsUnexpected error during installation.(0x80070643)
Hello Guys! I appreciate your help, I am trying to deploy the Microsoft 365 apps through Intune, but I got this error Unexpected error during installation. Check the installation logs for additional information (0x80070643), Any advise?4Views0likes0CommentsPowershell extract TPM and Envryption Readiness information from Intune
Hi, I'm trying to automate a report on Bitlocker coverage on Intune managed devices. I'm using Graph API to extract device information from Intune, querying this URL: "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices" The result have a property named "isEncrypted" which has true or false. But I also need the information that exists on the Encryption report, about the TPM Version and Encryption readiness. Basically I need what is shown here: How can I extract this information over powershell? Thanks1.3KViews0likes10CommentsDynamic device group from InTune user groups
We've onboarded a number of users into InTune, and we're all new to it. Previously, they were on MaaS360, which had both device groups and user groups, and you could assign to either individually. A bit shocked InTune can only assign down to the group level. (I know Filters exist, but these only filter by Devices, and take longer than just creating a new group)... Anyway, trying to rebuild things as closely to MaaS as possible. For onboarding, we created user groups, so when a user enrolled, they would automatically get the right policies. We couldn't create a device group until the devices were enrolled AND logged in, and showing in Entra. However, the tenant actually wants the groups to be by DEVICE for various reasons (replacing people, for example). So I have two questions - Is there a way to dynamically generate the device groups, based off each user's group association? Also, since devices can't be grouped without an associated Entra ID (either dynamically or manually), if a user leaves/signs out, will that device automatically lose all it's group associations? if there is another way to get the structure the tenant wants, I'm all ears. But essentially, the devices have different hardware, and they want their department to be tracked even if they have no user.70Views0likes3CommentsAndroid enrolment stuck at installing apps
Hi, We are seeing some issues lately with device enrolment on Android with the wizard getting stuck at installing required apps, even with one app (Intune). I've seen a few posts at the start of the year where this issue also persisted which suggested it was a Google issue, which would seem true here as the issue occurs across multiple tenants. So far we've tried: Leaving the device for 2 hours to install apps Different Android enrolment profiles (Dedicated is primary method) Enrolling via Knox and QR methods Multiple devices Multiple Wi-Fi networks Multiple tenants (one being completely green-field) Removing all entries of the device in Intune and Entra ID before attempting re-enrolment Removed all apps from configuration, leaving just the Intune app as default Unassigned all enrolment restrictions Intune does create a device entry for the device despite not reaching the home screen, with configuration policies showing as successfully applied. Registering the device with Entra is more temperamental though. As mentioned, Dedicated enrolment is our primary method. We did see that a previously enrolled device did successfully enrol when using Fully Managed but this doesn't help us. A new device that had never been enrolled before did enrol successfully and quickly but have yet to it again. We are using Samsung devices running Android 14.353Views0likes1CommentIntune - Multi-App Kiosk Mode Android - Managed Home Screen - How to Toggle Between Open Apps?
Hi there, We use Intune - Multi-App Kiosk Mode for Android - Managed Home Screen quite a bit. However, we'd like to be able to see open Apps and switch between them like you can on a standard Android phone (using the 3 vertical lines icon). I can't find an equivalent function in Managed Home Screen. Any ideas? Ta, Ian HearnesSolved36Views0likes3CommentsMicrosoft Graph Command Line Tools Blocked by CA
Hi All I hope you are well. Anyway, I recently turned ON a Conditional Access Policy Template, "Require MDM-enrolled and compliant device to access cloud apps for all users (Preview)" this seems to work fine until our IT Admins try to use the AutoPilot script which gets blocked based on: Microsoft Graph Command Line Tools Any ideas on how to allow AutoPilot / Microsoft Graph Command Line Tools through CA? Info appreciated460Views0likes13CommentsHow to Getting Started with Intune: SOE Deployment, CIS Compliance, and Device Upgrades
We are planning to use Intune as our endpoint management tool and need guidance to get started. Our environment consists of: Windows 10/Windows 11 Professional devices Some Windows 10 Home Edition devices macOS devices Questions: Where should we begin? My initial plan is to upgrade the Windows 10 Home devices to Windows 11 Professional. How can we deploy a Standard Operating Environment (SOE) using Intune? We need to comply with CIS benchmarks. Considering the numerous configurations required, configuring everything manually via device profiles seems time-consuming. Is it possible to use a pre-configured image and deploy it through Intune? Your guidance and suggestions will be greatly appreciated!29Views0likes1Comment