Android Devices Not Evaluating
Hi All! I seem to encounter this kind of error several times a year for no apparent reason. It mainly happens on the Android side of things on newly created setups, and then corrects itself over time, which sometimes can be weeks. I recently created two Android dedicated device environments. Dynamic group linked to the enrolment profile name, etc etc I scan the device and follow the normal process, device get all the way to the end but doesn't receive its assigned apps. When I check in the Intune Admin Portal, the device is showing as not evaluated. There is no default compliance policy showing and its custom policy. When I click on Managed Apps, the list of apps the device is going to receive are showing as pending install. The Group Membership tab shows the correct dynamic group. So for me, the setup looks good. I have left the device for 24 & 48 hours in case its a sync issue. Enrolled the device via a different WiFi. Wiped the device and left it 24 hours before enrolling it. Checked spelling of groups etc. Anyone else experienced this issue, and found a solution? I have a Teams Meeting with our external support tomorrow, Have a good oneAutoPilot Profile ???
Hi All I hope you are well. Anyway, it has came to my attention that some of inexperienced Intune admins are using the AutoPilot Hardware Scripts at the OOBE screen. No issue there. However, they are NOT checking that the devices actually sync to Intune > Devices > Enrollment > Devices Furthermore, they then proceed with the OOBE enrollment WITHOUT waiting for an AutoPilot to be assigned. The result is that devices never appear in: Intune > Devices > Enrollment > Devices No AutoPilot profile is assigned Is there any way to avoid this? Info appreciated SK
macOS enrollment - prompt to change the Mac login password
Cheers everyone! We are in the pilot phase of our macOS Intune enrollment and I've created the compliance policy which blocks simple passwords and applied this to a few test machines. After the 1st reboot I got a prompt to change the Admin password to meet the requirements. All worked fine until I've changed the "Maximum minutes of inactivity before password is required". After the first reboot, both local admin accounts (one, the IT admin, the 2nd of the actual user) get again a prompt that in order to login the password needs to be changed. Did the changes again and the story repeats itself after changing some other parameter (not something related to the actual password complexity) and ended up in the same loop. It looks like everytime I edit something in the Compliance profile, the user will be prompted to change his password, which doesn't make sense to me. Does anyone know why this is happening and how this behaviour can be changed? I don't want to enable "simple passwords" as just a workaround. Thank you in advance! 🙂How to resync deleted Intune device by Clean-Up Rules?
Hi Guys, I set up the Clean-Up Rules on Intune to delete devices after 60 days. Now, I have a notebook that has been off for over 4 months and I no longer see it on Intune but it is on Entra and Autopilot. How can I bring it back as Intune managed? I read some articles that talk about clean Enrollments regedit keys and run some powershell commands but what is the correct procedure? Thank you so much. Luca
Microsoft Intune Company Portal for Linux and Conditional Access Issue
Greetings everyone, I have the following scenario implemented regarding conditional access: Rule#1: For pilotuser1, for all cloud apps, for all platforms --> require MFA Rule#2: For pilotuser1, for all cloud apps except Microsoft Intune Enrollment and Microsoft Intune, for all platforms --> Require Device marked as compliant This should allow me to enroll to Intune successfully a non-enrolled device and require the device compliance for the other workloads. For Windows it works just fine. The problem lies with Linux. Following the instructions on Enroll a Linux device in Intune | Microsoft Learn & Get the Microsoft Intune app for Linux | Microsoft Learn I installed Intune App and Edge (Version 109.0.1518.52 (Official build) (64-bit)) on a VM with Ubuntu 22.04. I open the Intune App and try to sign in: First step is to Register the Device on Azure AD, it goes without a problem --> On the next stage I get the following and press continue: At this stage Microsoft Edge opens and I sign in successfully but the Intune App throws an error:   The sign in logs on Azure AD show that even though I excluded Intune Enrollment from the CA policy, it is not enough. Sign-in error code: 530003 Failure reason: Your device is required to be managed to access this resource. Additional Details: The requested resource can only be accessed using a compliant device. The user is either using a device not managed by a Mobile-Device-Management (MDM) agent like Intune, or it's using an application that doesn't support device authentication. The user could enroll their devices with an approved MDM provider, or use a different app to sign in, or find the app vendor and ask them to update their app. More details available at https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-device-remediation Application: Microsoft Intune Company Portal for Linux Application ID: b743a22d-6705-4147-8670-d92fa515ee2b Resource : Microsoft Graph Resource ID: 00000003-0000-0000-c000-000000000000 Client app: Mobile Apps and Desktop clients Client credential type: None Resource service principal ID: 01989347-a263-48ef-a8d7-583ee83db9a2 Token issuer type: Azure AD Apparently something is different in the enrollment process of Linux because I had no issues with Windows 10 enrollment . Any thoughts on the subject would be appreciated. Kind Regards, PanosIntune for Linux - SSO authentication does not work (loops forever)
Hello everyone, I'm trying to enroll a Linux device (Ubuntu 22.04) with Intune. I've installed Edge and Intune, following the instructions at Enroll Linux device in Intune. I open Intune, enter my email address: I am then redirected to the SSO login page of my organization (Atos): I can choose a login option and enter my login information, the company's SSO page briefly indicates "Login successful", but then I'm back to the same page (SSO login). This is unusual: in other apps, after the "login successful" message, the page closes, the application gets all the required credentials and proceeds. It seems that the Intune client didn't pick up the successful auth. Therefore, I'm not able to go past this stage. Launching Intune from the Terminal doesn't give any helpful information. Is that a known bug? Are you aware of a way to get more logs from Microsoft Intune for Linux? Thank you for your help. Kind regards, GuillaumeIntune licensing when enrolling with DEM account then changing primary user
As I understand it, devices enrolled using a DEM account are device licensed and have the limitation listed on Enroll devices using a device enrollment manager account - Microsoft Intune | Microsoft Learn. After enrollment, if the primary user is changed to a non-DEM, Intune licensed user, does the license convert to user and the device operate without the limitations?
Enrollment method
Hi, We have list of around 100 users that needs to be enrolled in Intune. They are currently registered in Azure but not managed via MDM Which enrollment method would be best ? 1. Autopilot - If Autopilot then we would need to take backup of the device, import hash key and then then do complete reset to enroll ? 2. Bulk Enrollment method 3. Enrollment via Access work or School
Enroll Existing Azure AD Joined Machines to Intune
Hello Community, We have an environment with 1500 Devices consisting around 1000 Devices which are already Azure AD Joined & around 500 Devices which are Hybrid AAD joined connected to local AD. We want to onboard All devices to Endpoint Manager however we are unable to find a way to Bulk enroll devices to Intune. Our requirements are: Enroll Existing Azure AD joined device to Intune without User Interaction in Bulk or through some automated approach. (We do not want to manually enter Creds to enroll neither want to reset AADJ) Enroll Local AD joined devices in bulk without renaming the Computer Name as the Windows PPKG is forcing to rename the devices. How can we keep existing device name while enrolling. (We are aware of GPO Approach but did not tested it yet hence unaware of any Cons of using it) What we have Tried so far and our expectations? Created a Windows Provisioning Package but it does nothing on an Existing AADJ Machine except renaming its computer name. We do not want to perform Manual "Enroll Only in Device Management" Step but tested it and it does Enroll Device as Personal Device and not corporate. Provisioning package works well on a non-AADJ machine and enrolls the machine. We cannot disconnect AADJ or Reset Devices. We do not want our users to have local admin rights. (Optional) We would like to have current logged on user mentioned as Primary user in endpoint manager. (Optional) Do not want to use Provisioning package on Local Join Machine as it will rename them. (Optional) Tested some scripts but no success. Deep link do not work. Our Machines are not Managed through SCCM but we do have RMM Service in the environment which can deploy Apps and Packages on the devices. At the end our Motive is to enroll AADJ devices to Intune so we can start managing them, the enrollment process should not be a pain for our users or hampering their workflow. (We can ignore Optional requirement if its not possible to achieve ) Looking forward for some valuable suggestions! Thank you!
