intune
4041 TopicsAutopilot - User Driven
I am trying to get Microsoft Surface Pro onboarded to autopilot and once it updates the windows and all those good things complete and it comes to login screen, I try to enter the UPN credentials, and it would not allow me to login. I reset the device couple of times and nothing happens. It would not allow me at all. Autopiloting Microsoft Surface out of the box step by step - Google Search Same steps I am following9Views0likes0CommentsIntune - remove local admins
Hello All, In our workgroup environment, users currently have local admin rights. After performing Entra join and onboarding devices to Intune, how can we remove all users from the local administrators group, keeping only the default administrator account? Note that users will continue logging in with their local accounts, not Entra accounts. Additionally, is there a simpler way to update the IP addresses on these devices? Thanks!75Views0likes6CommentsCloud PKI - Rolling Out to ChromeOS?
Hi all, Will try to summarize my goal and current issue..hoping someone out there has ran across something similar to this implementation. Essentially I have 20 Cloud PKI licenses on users in my tenant to get a proof of concept going. We have a mixed bag in my org of people using Intuned Windows devices, as well as Enterprise Enrolled Chromebooks in a Google Tenant. The goal is to utilize Cloud PKI, create a root and issuing CA, and utilize Google Admin to roll certificates out to Chromebook users via SCEP from Cloud PKI. The Chromebook users are already using Entra ID SSO to log into the Chromebooks. Then use these certificates to follow Google's documentation on using Defender for Cloud Apps for Conditional Access on ChromeOS to only allow devices with these certificates to access company resources. So far I have the root and issuing certs created. I have my Google tenant recognizing the root cert, but when I try rolling out my SCEP profile is where everything is falling apart. I assume my issue lies in the SCEP profile on the Google admin side..But before I lose my mind trying to get it to work..Is Cloud PKI even designed to allow SCEP requests and cert issuing in scenarios like this? One example being the SCEP URI has that {{CLOUDPKIFQDN}} piece in it...for the life of me I can't be sure how to substitute for this dynamic piece if I'm trying to use SCEP somewhere other than Intune or Entra. Thank you for any ideas or input, it's greatly appreciated.12Views0likes0CommentsRe-Installing Native apps removed via intune
Hi All, I have ~30 phones set up with device management in our enviornment. When these phones were originally set up, their profile was set up to remove a number of native apps. This was accomplished through blocking the app bundle id's of these apps as shown below: Obviously this configuration caused issues and we've removed it, but although the configuration was removed and we've synced the phones over countless times these native apps are not reinstalling. Is there a way to push native apps back out via intune?16Views0likes0CommentsNo Discovers Apps Not Listed
I'm new to Intune. I have two devices that we recently enrolled. They are marked as corporate owned. No apps are discovered. I saw instructions to run a discovered app job, but there is no option under Apps > Monitor > Discovered Apps to create a new job. Any suggestions on how to fix this?8Views0likes0CommentsGuidance on Applying Security Baselines
Hello everyone, We plan to apply the security baseline for Windows 10 and 11 devices. There’s already a predefined baseline available at Endpoint Security > Security Baselines > Security Baseline for Windows 10 and later, where we can create and assign profiles to devices. If we later want to remove these Security Baseline settings from specific devices, is it sufficient to simply remove those devices from the assignment, or will additional steps be required? Alternatively, similar settings can be applied via Devices > Configuration Profiles by creating a custom policy from scratch. Which method is recommended: Security Baseline Policy or Device Configuration Policy? Your guidance will be appreciated. Thanks,17Views0likes0CommentsAndroid Enrollment - Corportate-owned Dedicated Devices can't see all the Policies created
Good morning everyone, Last week, I noticed that none of the new enrollment profiles I created are appearing on the page, and some old ones that I need to use are also "invisible." Is anyone else experiencing this issue, or is it just me? To ensure the profiles weren't deleted, I made an export and can see them all. Only 4 are appearing on the console, and on the report i have 13... Thank you.17Views0likes0CommentsChrome Enterprise OS
Hi All, Has anyone gone through the process of managing Chrome OS devices within Intune? We have no subscriptions with Google. I seem to have hit a brick wall when trying to find out what Google Admin subscriptions are required. So far the more I click through setting up the Google Admin side of the things, the more subscriptions are required. I am a little nervous about asking the business to pay for a subscription that I don't is required or will make the connection to Intune work. Google Admin console is requesting these subscriptions. Any help / guidance is appreciated.18Views0likes0CommentsDeploying Microsoft Teams Rooms via Autopilot in Self-Deployment Mode
Description: We are experiencing issues with deploying our Microsoft Teams Room (MTR) systems via Windows Autopilot in Self-Deployment Mode. Despite following the official Microsoft documentation (Autopilot Autologin for Teams Rooms), the device fails to complete the login process. Setup Details: Device: Certified Intel NUC, previously in use. OS Installation: Windows 11 Pro pre-installed. Autopilot Import: The device was successfully imported into Autopilot. Group Assignment: GroupTag "MTR-ConsoleName" has been correctly assigned. Dynamic Group: The device appears in the associated dynamic MTR group. Profiles and Assignments: Deployment Profile and Enrollment Status Page (ESP) are assigned to the device. Teams Room Update App: Deployed via Intune and assigned to the MTR group (also included in ESP). LAPS: Local Administrator Password Solution (LAPS) is active on the device. Teams Rooms Pro Console: The device appears in the console and has been assigned to a resource account with a Teams Room Pro license. Issue: After completing the deployment process, the device hangs on the login screen and cannot connect to the resource account. This prevents the self-deployment process from completing. Steps Already Taken to Resolve the Issue: The device has been completely removed from Intune and Autopilot and re-added. A custom device restriction policy was created to ensure the device is allowed. All Intune and Azure policies were reviewed and optimized to avoid conflicts. Despite these efforts, the issue persists. Questions: Are there specific requirements or limitations that we might have overlooked? Are additional settings or policies required to ensure the device connects to the resource account successfully? Could existing policies, such as LAPS, interfere with the login process? Are there any known issues related to Autopilot and Teams Room deployments, particularly for previously used devices? We urgently request your assistance in identifying and resolving this issue, as these MTR systems are critical for our operations. Thank you for your support!7Views0likes0Comments