No PIN / No Access
Hi All I hope you are well. Anyway, on Android Enterprise Fully Managed devices, I have an ask to to enforce a No PIN No Device Access policy. These devices have the usual, where the PIN requirements are set with a device config policy and then checked with a corresponding compliance policy. But no where can I see "restrict use of the device til a PIN is set" setting. Perhaps it's really obvious but is this possible? Only obvious option I can is in the compliance policy settings on Actions for noncompliance as below: Would this be the appropriate setting or are there others? And if the device is locked, is the user able to set a PIN? Info appreciated. SK
Intune iOS VPP OneDrive crash on iPad 13 and works on iPad 11
Hi everyone, I’m at my wits' end with this issue. We have a small Intune deployment with a few company-owned iPad Pro devices. All devices are enrolled via Apple Business Manager using a user-assigned profile and modern authentication. We’ve deployed nine apps through VPP, primarily Microsoft 365 apps. The Company Portal and Microsoft Authenticator are used for SSO. Our setup includes six iPad Pro 13-inch models and two iPad Pro 11-inch models. The problem arises when launching OneDrive on a 13-inch device—it either crashes immediately or remains blank without loading any content. The iPad generates a log file which is attached to this thread. I’ve tried everything to diagnose the issue, including disabling all iOS policies (even SSO), but nothing seems to help. As a test, I enrolled one of the 11-inch iPads using the exact same user and procedure, and surprisingly, OneDrive works perfectly on the smaller device. All settings, policies, and permissions are identical across devices. Has anyone encountered a similar issue or have any suggestions? Thanks in advance!Android Devices Not Evaluating
Hi All! I seem to encounter this kind of error several times a year for no apparent reason. It mainly happens on the Android side of things on newly created setups, and then corrects itself over time, which sometimes can be weeks. I recently created two Android dedicated device environments. Dynamic group linked to the enrolment profile name, etc etc I scan the device and follow the normal process, device get all the way to the end but doesn't receive its assigned apps. When I check in the Intune Admin Portal, the device is showing as not evaluated. There is no default compliance policy showing and its custom policy. When I click on Managed Apps, the list of apps the device is going to receive are showing as pending install. The Group Membership tab shows the correct dynamic group. So for me, the setup looks good. I have left the device for 24 & 48 hours in case its a sync issue. Enrolled the device via a different WiFi. Wiped the device and left it 24 hours before enrolling it. Checked spelling of groups etc. Anyone else experienced this issue, and found a solution? I have a Teams Meeting with our external support tomorrow, Have a good one
Automatically convert an unmanaged iOS app to a managed one
We need a solution to the following problem. All of our iOS devices are supervised and we have no BYOD. We offer various iOS apps to our users in the company portal. There are some apps that are set to "Required" and there are many apps that are set to "Available". The problem we have is this: When a user installs an app that we offer as "Available" in the company portal from the Apple App Store, it remains unmanaged. We need a way to convert the app automatically into a managed app, without user interaction. If an app is set up as required, it will be converted automatically. However, we cannot set all apps as required to perform the conversion. Other MDM providers, such as Ivanti/MobileIron, offer an option in the app settings so that you can convert any app that you offer in the internal app store, regardless of whether the app is required or not. Is there a solution to this problem in Intune? Example for what I wish: In the settings from the App Settings there should be a option like "Convert App in managed App".
CA policy enforcing users to use Edge browser on Co-owned devices
I'm trying to give control over while they're on personal devices, enforcing an app protection policy for edge, but still this policy is enforcing to use edge on co-owned devices, I have already excluded co-owned devices from the CA policy
Intune for BYOD mobile and Cross tenant compliance
We have 3 separate companies/tenants, and employees need to access mail from each tenant on a single iOS/Android device, with a CA policy requiring compliance or app protection policy. . I understand that Intune MAM currently will not work, but is on the road map for later this year for iOS (not sure on Android) Does Web based / JIT for BYOD work on iOS if I setup Cross-tenant access and enable "Trust compliant devices" trust setting? Or do we have to do full device based MDM enrollment? If not, what do I need to do in this scenario?
Feature Update Policy relationship to Update Ring Install Schedule
Hoping someone may be able to answer this question. I have not been able to find a definitive answer in KBs. Does the Install Schedule in an Update Ring also apply to Feature Update Policies if the same device group is assigned to both? We are using Intune Windows Update Ring for our monthly updates via an Update Ring. That update has an Install Schedule configured to Install every Tuesday at 11am. We are testing using Feature Update Policies to upgrade W10 devices to W11. So far our tests have been successful but the device group is downloading the Feature Update as soon as it checks in for the Policy and not at this scheduled Install Day/Time in the Update Ring. We are making this a Required update in the Feature Update policy and the Rollout Option is set to "Make Update available as soon as possible" but I guess I thought the Install Schedule in the Update Ring still affected when the installation actually begins. Are the RollOut Options the only way to schedule when the device starts downloading/installing the Feature Update?Clarity on Self-Service Experience, User-Driven Mode and OOBE
HI All, I need clarification on this subject please, as I have checked multiple Microsoft Learn pages to get an understanding. I'm still not 100% sure on this. My question is: Self-Service Experience is the user-driven portion of OOBE? Or are these three items different?Podcast Microsoft Ignite E05: Agent Builder
Excited to have Pascal Brunner join me in my Ignite series, where we dive into one of the hottest announcements AgentBuilder In this episode, we break down: -What AgentBuilder is all about. -How it empowers organizations with AI-driven automation. -Key takeaways YOUTUBE https://youtube.com/@shadykhorshed?si=c8CLxoCjMfUMfA19
