Regarding the Compliance of corporate owned dedicated devices
Hi All, May I ask if anyone has used the corporate owned dedicated devices profile? Because my Android device is considered compliant on Intune but displays N/A on Azure after using the Compliance of corporate owned dedicated profile, which is blocked by the compliant set on the conditional access policy. If anyone has encountered similar problems, please reply again. Thanks. Intune Azure Conditional Access log
Reassigning a device to another user
What is the recommended process for reassigning a device to a new user in an environment where all devices are enrolled in Autopilot, Intune Defender, and Entra ID, and users have M365 E5 licenses? Currently, to maintain compliance while the device is awaiting reassignment, I have been deleting it from the Intune and Defender portals, but not from Autopilot. However, since the device remains in Autopilot, it cannot be deleted from Entra ID and continues to display the old name and user assignment, even after being renamed in Autopilot. Is there a better approach to this situation?About block download files from app with defender for cloud apps
Hi All, I have a requirement to prevent Android devices from downloading files, I checked the session control using condition access and the session policy using Defender for Clouds. I successfully blocked the M365 service on the broswer from download files, but the M365 app on mobile device was unable to block it. I thought the access policy could block it, but it had no effect at all. May I ask if there is a method error? Or is there another way? Thanks.
Join Devices using a provisioning package (.ppkg) in Azure AD - how does it work in detail?
For a project, we are checking whether there is a way to join the devices into AAD using a provisioning package. When creating a project with the Windows Configuration Designer under "Account Management" is the task for "Enroll in Azure AD" and "Get Bulk Token". Here are my questions about it: Which account do I normally used to register the token? Which rights and licenses must the account have? An enterprise app is being created, but I still must do something with the permissions? Something else needs to be done with the user that is created in AAD (package_)? Are there hurdles in sight regarding conditional access? I ask myself the questions because I tried it and failed with the following message (from the event log of the client which I wanted to integrate into AAD) Client: Windows 10 Pro 21H2, Windows 10 Enterprise 1909 (same Error) ProvXML category 'DeviceAADJoin' failed with '0x80180014' at CSP node 'AADJ/BPRT'. Provisioning failed
