Intune 403 error - When accessing InTune Portal
Hi Intune Community, I have two users who I have given them the Application Manager role with full access, under Tenant Admin --> MEM roles but they are receiving following access error when they try to reach Intune/Endpoint Manager: I read https://techcommunity.microsoft.com/t5/microsoft-intune/401-and-403-error-when-logging-into-endpoint-admin-center/m-p/1713817#M5226 link, which does not apply to our environment. As we already have the MDM set-up and running. Any thoughts/help appreciated.Microsoft Intune in GCC and GCC High Overview + CMMC Applications
Organizations can meet CMMC compliance for specific practices across several different domains using Microsoft Intune in GCC or GCC High in combination with configuration settings and policies in Azure Government and Microsoft Defender for Endpoint.Manage USB Devices with Intune/Endpoint Manager
Hi We have just rolled out our new laptops using autopilot and managed through intune. I want to use EndPoint Manager to create some prevent/allow rules to manage usb devices i.e. I want to block everything but allow exceptions i.e. all keyboards, mice etc but only particular models of phones or usb storage devices. I thought of using "Allow installation of devices that match any device id" and the "Prevent installation of devices not described" This doesn't seem to block drives that are already installed. Is there are way of doing this? Thanks Alistair
Enroll Existing Azure AD Joined Machines to Intune
Hello Community, We have an environment with 1500 Devices consisting around 1000 Devices which are already Azure AD Joined & around 500 Devices which are Hybrid AAD joined connected to local AD. We want to onboard All devices to Endpoint Manager however we are unable to find a way to Bulk enroll devices to Intune. Our requirements are: Enroll Existing Azure AD joined device to Intune without User Interaction in Bulk or through some automated approach. (We do not want to manually enter Creds to enroll neither want to reset AADJ) Enroll Local AD joined devices in bulk without renaming the Computer Name as the Windows PPKG is forcing to rename the devices. How can we keep existing device name while enrolling. (We are aware of GPO Approach but did not tested it yet hence unaware of any Cons of using it) What we have Tried so far and our expectations? Created a Windows Provisioning Package but it does nothing on an Existing AADJ Machine except renaming its computer name. We do not want to perform Manual "Enroll Only in Device Management" Step but tested it and it does Enroll Device as Personal Device and not corporate. Provisioning package works well on a non-AADJ machine and enrolls the machine. We cannot disconnect AADJ or Reset Devices. We do not want our users to have local admin rights. (Optional) We would like to have current logged on user mentioned as Primary user in endpoint manager. (Optional) Do not want to use Provisioning package on Local Join Machine as it will rename them. (Optional) Tested some scripts but no success. Deep link do not work. Our Machines are not Managed through SCCM but we do have RMM Service in the environment which can deploy Apps and Packages on the devices. At the end our Motive is to enroll AADJ devices to Intune so we can start managing them, the enrollment process should not be a pain for our users or hampering their workflow. (We can ignore Optional requirement if its not possible to achieve ) Looking forward for some valuable suggestions! Thank you!Manage Windows Updates From the Cloud Using Endpoint Manager
Still jumping through hoops to curate Windows updates to meet your organizational needs? Make the process easier and faster by having them delivered directly from the Windows Update cloud service following the policies you set in Endpoint Manager.
MSI Elevated privilege request
Hi, I have been using Intune to try and stop staff being able to install without entering Admin Credentials, it is working for .exe as each user is a standard user, but whatever I try for .msi files either does nothing, or it blocks the install completely and also stops the intune apps installing when setting up the machines. Does anyone have any tips for me?Microsoft Store-App (Legacy) - Url for Endpoint Manager
Hello Everyone, can anybody tell me, where i can find the "Appstore-Url" for every app within the MS App Store. In the past you were able to find it under the headliner "Developer and IT" --> Endpoint Manager. The link should look something like this: I want to deploy some apps via Microsoft Store-App (legacy) Thanks a lot!Android Enterprise (COPE) - Device password not prompting
Hi, i'm experience the following weird problem: When enrolling Android devices with android enterprise COPE mode (fully managed with work profile) the password setup prompt isn't showing up for the end-user. Afterwards the device is, of course, not compliant, because we want a passcode to be present. Reffering to the these MS Docs: Device default (default): Most devices don't require a password when set to Device default. If you want to require users to set up a passcode on their devices, configure this setting to something more secure than Device default. -> Of course i've already configured a more secure type than default (in this case Numeric). By the way: All the other configuration profiles works just fine. Any idea on how to deal with this? At this moment i'm using a workaround with Conditional Access: When not compliance you can't do anything with the M365 world in your hands, unless you're device gets compliant. 😄 Thanks in advance. Greetings, Patrick
Storing bitlocker recovery password in AD/Azure AD for Removable drives
Hello We have applied Bitlocker through Intune for OS, and Fixed drives for enrolled devices. Recovery passwords are saved on Azure AD/AD. We have a requirement to apply the same for Removable drives, Subset of the settings are there in Intune, but it seems that we can't save the recovery password for removable drives on AD/Azure AD. As shown below, those settings are not supported in MDM. can we apply the setting by custom OMA-URIs ?
