Software Management
393 TopicsMicrosoft Intune - Software installation
I am a beginner using Intune to manage PCs (Windows 11) and Android devices. When adding a new PC with Windows 11, the following happens: The user logs into the computer with their email account from our company administration and starts Windows 11 (Business) and complete the Device Registration in the "Unternehmensportal". The user (who is supposed to be a standard user) is set up with an "Administrator" profile. If I change the user to a standard user (logging in with the company's admin account on the same computer), I can no longer install any software and get the message "Installation is blocked" (or something similar) when running the installer. There's no prompt for admin rights or an option to run the installation file as an admin. On another user's computer, everything works without problems. No policies are configured, at least not to prevent software installations. The user should not be able to install software independently, and standard users should be standard users when first logging into a new device. Who can help me?69Views0likes2CommentsExclude/Allow Particular non-managed devices from Conditional access policy without enrolling
Hello Experts How to Exclude or Allow some Personal ( Non-company Managed) Particular devices from Conditional access policy without enrolling or joining them to Intune or Entra. For Example I have created some Conditional access polices and now We want to allow some personal devices to be able to Login to Office or Outlook from some two or three personal Android devices which are Unmanaged or not company managed. Can we achieve using these Devices unique ID or ICCID ? If possible please give some hint or clue. Thank you.151Views0likes2CommentsWindows Autopilot and Configuration Management Client Installation Methods
I'm using Windows Autopilot to build my machines with AzureAD hybrid join. Currently as part of the ESP we deploy the configuration manager client and our VPN software (both Win32 apps) to them so we can get them co-managed ASAP. We also do this in ESP as blocking apps to control the device availability to users until they are completed. Our implementation partner advised us to install the Configuration Manager client in this manner to speed up co-management. Autopilot works (albeit slow at _ 60 mins). I am confused though on whether or not adding the configuration manager client into the autopilot build in this manner is supported? Reading this (Co-manage internet-based devices - Configuration Manager | Microsoft Learn) it states: You can't deploy the Configuration Manager client while provisioning a new computer in Windows Autopilot user-driven mode for hybrid Azure AD join. This limitation is due to the identity change of the device during the hybrid Azure AD-join process. Deploy the Configuration Manager client after the Autopilot process.For alternative options to install the client, seeClient installation methods in Configuration Manager. So reading this it seems what we are doing is invalid. So question 1: Is it incorrect/unsupported to install the configuration manager client as a Win32 app during autopilot (ESP or otherwise)? Furthermore I read here (Co-manage internet-based devices - Configuration Manager | Microsoft Learn) that it appears there is no longer a need to to deploy configuration manager client as an app at all but it can simply be configured in it viaHome -> Device -> Enroll Devices -> Windows Enrollment > Co-management Authority You no longer need to create and assign an Intune app to install the Configuration Manager client. The Intune enrollment policy automatically installs the Configuration Manager client as a first-party app. The device gets the client content from the Configuration Manager cloud management gateway (CMG), so you don't need to provide and manage the client content in Intune. Is this method only valid post autopilot?Solved4.6KViews3likes7CommentsFirewall Off despite policy being enabled
In Firewall and network protection, It says Firewall is off for all Network types. However it should be on. Is this normal/expected? However, In Sec. providers, Firewall is enabled. ========== In PS, Firewall appears to be enabled too. C:\Windows\System32>netsh advfirewall Show allprofiles Domain Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Private Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Public Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Ok. =========== In the Intune Firewall Policy the three options are enabled:Solved85Views0likes6Comments[NEW] Podcast06: Setup MAM for Windows In Intune
Podcast06: Setup MAM for Windows In Intune. Upcoming Podcast joines me Joery Van den Bosch to focus MAM on securing and managing mobile applications within an organization. Through MAM, organizations can control app configurations, protect data, manage access, and ensure apps are updated. This approach is especially valuable for securing corporate data on personal devices, without requiring full device enrollment. Key Benefits of MAM: Enhanced Data Security Increased Flexibility App Protection Policy Levels: Level 1 – Basic Data Protection. Level 2 – Enhanced Protection. Level 3 – High Data Protection. Youtube: https://youtube.com/shorts/GNWsX1B_Io8?si=I7EySot5pTgVBXa618Views0likes0CommentsIssues with WIN32APP USER Installation behavior
Hello everyone, whenever I set the installation behavior of an WIN32APP to user it won't start and sets it to "Not Applicable". I wanted to copy files to %APPDATA% thats why i choose USER. Any suggestions on what I'am doing wrong? If I can provide any information lets me know.10KViews0likes10CommentsAllow Location Service on Windows 11 for Zoom
I am having no luck finding documentation here, likely using the wrong terminology, but I want to allow the desktop Zoom app to use location services on our windows computers. This is so that the phone service on Zoom can use location services for 911 calling when a user isn't in the office. I can find 'force location allow for apps' in the settings catalog when creating a policy, but I can't find the package family name for the Zoom desktop app to allow it. So first, is this the best way to allow the service here and if so, where can I find the Package Family Name? Second, if this isn't the best way to get there, what do you suggest? Thanks as always for any help you can give.24Views0likes0CommentsRemoving Outdated App Installation Errors in Microsoft Intune
Hello everyone, I'm experiencing an issue with my Microsoft Intune dashboard. It continues to show app installation errors for users who no longer exist on the Windows 11 devices, as they have been removed. These error messages relate to both Win32 apps and Microsoft Store apps and seem outdated, cluttering the dashboard. Is there a way to remove or clean up these outdated error messages? Is it possible to delete these error messages directly on the device or initiate a complete re-evaluation? For example, the Company Portal app was deployed as a Microsoft Store app for Windows 11 devices. The following image shows the existing installation error: Any tips or solutions would be greatly appreciated. Thank you in advance!114Views0likes0Comments