application

4 Topics

Error on Connect-MSGraph
Hello, I would like to use Powershell to sync Intune devices but when I launch the Connect-MSGraph command and enter the user credentials it responds with the following error message: AADSTS700016: Application with identifier d1ddf0e4-d672-4dae-b554-9d5bdfd93547 was not found in the directory 'Contoso'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant. Is there a problem with Azure Graph app? How can I fix it? Thank you very much.
LUCA NAVIGLIO
Jan 08, 2025 Place Microsoft Intune
361Views
3likes
0Comments
Intune installed desktop shortcut needs to be removed
I created a desktop shortcut via intune windows app (win 32). Here is my script New-Item -Path "c:" -Name "mem" -ItemType "directory" -Force Copy-Item "S:\Shortcuts\UKG.ico" -Destination "c:\mem\UKG.ico" $Shell = New-Object -ComObject ("WScript.Shell") $ShortCut = $Shell.CreateShortcut("C:\users\public\desktop\UKG.lnk") $ShortCut.TargetPath="-------------------------------------" $Shortcut.Arguments="------------------------------------" $ShortCut.IconLocation = "c:\mem\UKG.ico"; $ShortCut.Description = "UKG Shortcut"; $ShortCut.Save() (I replaced the path with ————————) The app works fine and copies the ico file from a network share and places it on the c drive in a folder it creates named mem. Now after creating the shortcut they have decided to use SSO which is a new address. I need to delete the ico file in the mem folder and remove the desktop shortcut. I created a simple script. $ShortcutFile = "$env:Public\Desktop\UKG.lnk" if (Test-Path $ShortcutFile){ Remove-Item $ShortcutFile } else { Write-Output "Shortcut Not Found" } To just delete the shortcut. When I run the script as an admin in powershell it works just fine. If I try and run the script in a normal powershell it fails and says it doesn't have access to the public desktop. I ran the file in Intune as just a script and it fails. I converted it to an intunewin file and added it as an intune windows app (win 32). It successfuly runs on all my pcs but does not remove the icon. I'm at a loss and I really need to remove this icon so I can push the new one. Any suggestions on how to remove it via a script or app? I've checked into remediation scripts but that isn't going to be an option for now.
Solved
Jesse13579
Jan 11, 2024 Place Microsoft Intune
5.8KViews
0likes
23Comments
How to Uninstall an application assigned to All Devices in phased approach on Intune for Android
Hi, We currently have a 4000+ device estate on Intune, mainly consisting of Samsung Android Devices. When we migrated our phones to Intune, we deployed Samsung Calendar as a "System App" to "All devices" from inside Intune as Samsung Knox has been set to hide all System Apps. We've now come to a point where we want to remove Samsung Calendar from all phones as the preferred option is to use Calendar from inside the Outlook app. However, we want to remove Samsung Calendar in a phased approach. The first part of this is pretty easy, we've created a removal group and assigned it to exclude devices from "Required" and include it under "Uninstall" - This ensures the devices we put inside the removal group will have Samsung Calendar removed and won't be included as part of "All devices" However, This won't stop new devices enrolling into Intune downloading Samsung Calendar as we've still got the "All devices" option under Required and we don't want to keep putting new devices into the removal group. I'm worried that if I remove "All devices" from the Required section, that it will uninstall Calendar from all existing devices (including the one's we've not put in the removal group yet), which makes our phased approach null and void - is this correct? I can't exactly risk trying it because by the time I find out, it will be too late. Any help and Advice would be great. Thank you.
Faizan1995
Nov 06, 2023 Place Microsoft Intune
3.1KViews
0likes
1Comment
Intune Graph API permissions - no Application permissions - why?
I'm hoping to gain an understanding why all Intune Graph resources and actions only allow Delegated permissions. This essentially means no unattended administration available, at least not App-only. I can't figure out why it is like this. The Intune PowerShell SDK (i.e. Microsoft.Graph.Intune PowerShell gallery module) can be used unattended'ly, but the sample for this that is on GitHub is using ConvertFrom-SecureString | Out-File. That's not really secure, nor is sending plain text password to MS Graph (not referring to the sample with the latter comment, rather this: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc). So Application permissions, enabling Certificate (or Client Credential) authentication would be far superior. Referenced sample script: https://github.com/microsoftgraph/powershell-intune-samples/tree/master/Authentication Use cases that I'm particularly talking about are ones like resetPasscode, or remoteLock. We should be able to trigger these actions with an App Registration that has Application permissions. We could then script automatic reactions, such as remoteLock upon a particular Azure AD Sign-In event or risk detection. Can somebody please tell me why Intune's Graph permissions are strictly only Delegated? This same issue applies to about every single thing an Admin might want to use MS Graph API's for. I wish there was a TON of focus in this area by Microsoft. If magically all of a sudden customer administrative automation was catered to, this would be a massive positive thing leading to mass embracement from customers. Right now, it sometimes seems like MS doesn't want customers automating things with unattended intention. Thanks in advance.
Solved
JeremyTBradshaw
Jun 11, 2020 Place Microsoft Intune
4.4KViews
0likes
7Comments