Application Protection Policy not applying to Microsoft 365 (office)
Hello Community, We have setup an APP for MS applications (android), that prevent users from saving attachments, or documents received by teams or even documents that reside on OneDrive to their local storage, we have also configured some security aspects like PIN code or biometric fingerprint to access the apps. Everything is working fine from Teams, Outlook, OneDrive, but when i use "Microsoft 365 (Office)" App, its like the policy is not applied to this specific application, i can download files, i can access the app with no need of PIN or Fingerprint, i can access a Word file and choose save as and put it in my local phone storage. i have already created a ticket to Microsoft, but they are veeery slow. can you please help.
Configuration Manager Client v2403 Error with Autopilot
Hi All, I have a test Autopilot environment setup with just one laptop. It's in an hybrid environment with SCCM. The laptop has been built and configured with SCCM for a few months now. (no issues) However after a refresh of the laptop I now get this error when CCM try's to install, "This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package. (0x80070653)" No changes have been made on the Intune side of things, has anyone else seen this error? On the laptop, a notification pops up and advises the software will be download and installed, shortly after a failed message appears. No CCM folder is created. Any help is appreciated. ThanksRemoving Outdated App Installation Errors in Microsoft Intune
Hello everyone, I'm experiencing an issue with my Microsoft Intune dashboard. It continues to show app installation errors for users who no longer exist on the Windows 11 devices, as they have been removed. These error messages relate to both Win32 apps and Microsoft Store apps and seem outdated, cluttering the dashboard. Is there a way to remove or clean up these outdated error messages? Is it possible to delete these error messages directly on the device or initiate a complete re-evaluation? For example, the Company Portal app was deployed as a Microsoft Store app for Windows 11 devices. The following image shows the existing installation error: Any tips or solutions would be greatly appreciated. Thank you in advance!
PIN is not asking in App protection Policy.
Hi Team, I am using Intune App Protection Policy more than 2000 user and its' working fine but last one week when user configure app protection policy than open outlook/Team and it is not asking PIN to open app This issue is started last one week before one week whenever user open company apps like teams/Outlook than it's prompt PIN or face lock. Please suggest any update from Microsoft team.
Deploy File to Intune Enrolled Devices as Win-32 App
I had a request to Deploy a pdf file to user's desktop and could not find clear documentation, hence here is how I successfully deployed it and decided to share is with this amazing community. Deploy File to Intune Enrolled Devices Deploy a file to Intune enrolled device's to "C:\Users\Public\Desktop" through Intune Step 1: Prepare the files: The File Install-file.ps1 Remove-file.ps1 Detect-file.ps1 Step 2" Create an Install, Remove & Detect script & save each scripts A. Install: #Installation Script: Install-file.ps1 $FileName = "FileToDesktop.pdf" $ScriptPath = [System.IO.Path]::GetDirectoryName($MyInvocation.MyCommand.Definition) Copy-Item -Path "$ScriptPath\$FileName" -Destination "$Env:Public\Desktop" B. Remove: # Remove Installation: Remove-file.ps1 $FileName = "FileToDesktop.pdf" Remove-Item -Path "$Env:Public\Desktop\$FileName" C. Detect: # save this in a separate folder #Detect File : Detect-file.ps1 $FileName = "FileToDesktop.pdf" if (Test-Path -Path "$Env:Public\Desktop\$FileName"){ Write-Output "0" } Step 3: collect Install-file .ps1, Remove-file .ps1 and the required files in one folder as shown above and create an Intune installation Package. PS C:\Intune\WindowsIntunePrepTool> .\IntuneWinAppUtil.exe Please specify the source folder: C:\DeployFile\FileToDeploy Please specify the setup file: FileToDesktop.pdf Please specify the output folder: C:\DeployFile Do you want to specify catalog folder (Y/N)?N Step 4. Deploy Intune installation file with the following commands Upload the IntunePackage as " App : Windows app (Win32) Install Command: %windir%\system32\windowspowershell\v1.0\powershell.exe -executionpolicy bypass -file "Install-file.ps1" Uninstall Command: %windir%\system32\windowspowershell\v1.0\powershell.exe -executionpolicy bypass -file "Remove-file.ps1" Operating system architecture = select both 32/64-bit Detection rule: use custom detection script and upload the Detect script created above. Following the above steps, it is straight forward and easy to deploy a file to Intune Enrolled devices when required.
Intune windows hello configuration questions
First off thank you to anyone that helps! We are looking to turn on Windows Hello for Buisness in intune for our Hybrid joined enviorment. We would like to use Cloud Keyberos for auth instead of cert. We would like to be able to have all user have the abilty for this but exclude certain tablets and devices from use. From what I understand we need the below 1 enable Cloud Keyberos 2 Create a csp to setup the settings for windows hello for buiness. 3 Create a csp to enable windows hello for buiness and also cloud keyberos 3.b - create a excluded group for the devices that we do not want to get windows hello enabled I know this is a very simplistic overview of what we need to do and I am looking for pointers on this or vides/articles to help guide us Again any help would be greatly appricated
