ActiveX Controls
Hello, I want to enable the exact settings as below: Steps to enable ActiveX controls if you are confident the file is safe While enabling ActiveX controls is not recommended due to security concerns, you can enable them through the Trust Center if necessary. Caution: Changing ActiveX settings will apply to all files in Office applications: Word, PowerPoint, Excel, and Visio – not just the file in which you make the change. Select File, then Options. Select Trust Center, then the Trust Center Settings button. Select ActiveX Settings, then make sure Prompt me before enabling all controls with minimal restrictions. Select OK, then OK again to save your settings and go back to your document. For optimal security, Microsoft strongly encourages leaving ActiveX controls disabled unless absolutely necessary. I have intended to apply this however I am struggling to find the relevant settings for this within intune. One example of a setting I have applied is "ActiveX Control Initialization(user) using value 6. This is still flagging an issue with an excel file, alongside not allowing a prompt to allow it. Anyone got any ideas at settings they may have applied for this? This is to run in the most minimal way as possible. Thank you, Jamie.MGP Keep apps on certain version
Hi All I hope you are well. Anyway, a wee urgent one here. Is there any way to keep apps from the Managed Google Play to a certain version number? Apparently, the latest version of one of our apps is flawed. This is an app that is available publicly and not an LOB / APK etc. Info appreciated. Stuart
Acrobat DC Install via Intune
Has anyone been success on deploying Acrobat DC Professional via Intune? I downloaded the package from Adobe and used the IntuneApp to create a package but so far it refuses to install failing with a (0x80070005) error. I can deploy the reader without issue. Deployed Dreamweaver and Photoshop CC without error but this one is puzzling. This like all of CC is subscription based now, so not sure what I am missing...
How is your company managing driver updates via Intune?
Hey folks, I’m currently reviewing our driver update strategy for Windows 11 devices managed via Intune. As you probably know, using Windows Update for Business (WUfB) gives us two main options for driver updates: Automatically allow drivers via WUfB Manually approve drivers via Intune + Windows Update for Business deployment service (WUfB-DS) Each approach has its own pros and cons: Automatic driver updates are great for keeping everything up to date with minimal effort, but they come with risks. We’ve seen networking components randomly break after an update, or newer GPU drivers triggering application compatibility issues. Definitely not zero-risk. Manual approval, on the other hand, gives you control and helps avoid surprises, but it also introduces operational overhead: identifying needed drivers, testing, scheduling approvals, and communicating with users — all of that takes time and effort. We’re debating internally whether the automation risk is worth the convenience, or if the manual path is the only safe option in an enterprise setting. So I’m curious: How is your company handling this? Are you letting Windows install driver updates automatically? Or are you manually controlling which drivers get deployed — and if so, how are you handling the process and workload? Would love to hear your thoughts, especially if you’ve found a good balance or process that works well in production! Thanks in advance!
We’re running into an Intune issue where a Win32 app with a dependency sits at "Download Pending"
Setup: Main App: Installs in User Context Dependency: Installs in System Context Dependency Detection: Hosts file modification detection script Direct file detection does NOT work either When the hosts file modification is present (detection is met), detection works, and everything installs fine manually The Problem: If detection passes (exit 0) → Everything installs fine. If detection fails (exit 1) → Intune never moves forward, just stays at "Download Pending" indefinitely. Happens with both file-based detection and script-based detection. Dependency app as well at parent app install fine via Intune on their own as well as manual testing. What We Need to Know: Does Intune get stuck in "Download Pending" instead of moving forward when dependency detection fails? Could the install context mismatch (dependency in SYSTEM, main app in USER) be causing this? Myth or fact? Does Intune break the install process if a dependency app is in system context and the parent app is in user context? Again, both apps work fine independent of each other. Thanks for any help!
Deploying Script as Win32 App
Hi all, I created a script that is supposed to check if a certain app was installed from a managed installer, then create a file in the C:\Temp folder if it was installed from a managed installer. I would deploy this as a Win32 app so that I could use the detection rules in the Win32 App deployment to check which device was installed via a managed installer. However, it doesn't seem to work. I created a transcript log as well to check if I would get an output from the variables, but it seems to only run the else block in the If Statement. We use a Business Premium license, so I don't access to Enterprise license capabilities like proactive remediation scripts. It is run using the System credentials, I've tested the script locally which works. Thank you, I've included some images of the script and transcript log. Script: Transcript Log Output:
