intune
12 TopicsDisable "Windows Hello"
I am an admin, and attempting to disable "Windows Hello for Business" also referred to as 2-step authentication. From what I gather, this option is set as "disabled" by default. I confirmed this. However Whenever I join a device to Azure AD, it is always prompted with "Windows Hello" and to create a pin. Where can I find the option that allows me to disable this?332KViews0likes27CommentsIntune Windows 10 Security Baseline IE Settings
We have deployed the Intune Windows 10 Security Baseline, which includes the default IE Settings. However, via GPO we have published intranet sites to the intranet security zone via... GPO setting \User Configuration\Preferences\Windows Settings\Registry\IE Settings, which creates registry entries at ...HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap and we also allow our users to add sites to the zones as they deem necessary. This works as expected and has for many years.... However, machines that are enrolled in the Intune Windows 10 Security Baseline have all internet explorer security settings blocked including adding sites... It appears the setting in the baseline "Internet Explorer users adding sites: Disabled" does not function. I have changed this to "Not Configured" and "Enabled" with no change.. the add sites box is greyed out along with all IE Security options... Changing the setting "Internet Explorer security zones use only machine settings" to disabled does allow the sites published via GPO to show and be effective.... We are looking to publish specific intranet sites along with a few internet sites while retaining the ability of our users to add custom sites.... Any Thoughts/suggestions...Solved12KViews0likes7CommentsCompliant intune device don't pass conditional access policy
Hey, I'm having problems configuring conditional access for unmanaged and managed devices when accessing ressources. I'm using the prebuild sharepoint CA rules(these are showing up in the CA portal when restricted access is activated in the ahrepoint admin portal under access controll menu) and added the condition that these rules are not applied when a hybrid joined or compliant device tries to get access. Unfortuantely this doesn't work, similar if I use a hybrid joined device or an intune joined compiant device. When I check the login logs in Azure AD I can see that the rules are applied and the fields(managed, compliant, connectiontype) under "device information" are empty so it seems Azure AD can't access the device state from the device itself when ressources are accessed from it. Does anyone know this issue, can reproduce it or have any ideas what needs to be done? Thanks and regards!1.1KViews0likes0CommentsAdding apps to Kiosk using Intune configuration policy
Hi All Is there away we can automatically install apps into the Intune Kiosk? We have over 100 users with Kiosk mobile phones with a selection of apps. All the phones are Android. The problem is we want to add more apps to the kiosk devices without the need for users interaction. I have tested it on a few test Android phones and it looks like the new apps first need to be installed on the devise before they can be added to the Kiosk. You can only install the apps through the Google App Store which can not be done within the kiosk. Maybe I am doing this wrong. Any help will be appreciated. Many thanks Alan1.1KViews0likes0CommentsHow to do a App Selective Wipe of a Mac computer. Intune App Protection policy.
Hi All, Is it possible to do an App Selective Wipe of an unmanaged Mac computer device? I know how to do it on an Android and iOS devices using App Protection Policies, but I need to test it on a Mac computer. The Mac computer is a personal device (BYOD) so I do not want to manage it using Intune. Maybe there is another way to do a App Selective Wipe of a Mac computer instead of using a App Protection policy. I hope you can help !! AlanSolved2.6KViews0likes3CommentsIntune and Conditional Access
Hi All, I have been asked a few questions about Intune and Conditional Access and I was hoping to get some advice. The question I was asked: ***************** As discussed we have a situation that I believe MS InTune would address. That said, I don’t know what I don’t know, so your direction around the subject would be appreciated. We have migrated 99% of the e-mail estate to Office 365. Over the next month, we will migrate our home and shared drives. In migrating the e-mail users, we have found that a small percentage of the estate, ~20% (15-20 users), were using Corporate e-mail on personal devices. The devices vary from iOS, Android, Mac OSX, Windows. We need to have full control of e-mail residing on third-party devices. It needs to be secure; we need to be able to monitor and track the e-mails. Note, we currently use SOTI for Android device management. We will need to understand if there are any implications associated with coexistence. In parallel to the above, we need to develop our full e-mail policy. We would also need documentation and training on how to administer Intune once live. The documentation is essential. Hopefully the above gives you enough to start with. Please let me know what it would cost to get the above in place. Ignore licenses, I’ll deal with those. While writing, do you know of a way to prevent Office 365 users from downloading or printing from a browser, but only when outside of the corporate network? ***************** Do you know how I would use Intune and Conditional Access to achieve these requirements? I hope you can help, Alan880Views0likes0CommentsHow to prevent a group of users downloading SharePoint and MS Teams documents
Hi All, We need to prevent a group of users downloading files from SharePoint, and MS Teams. We want them to be able to access and edit the files using office online, but not download and edit them locally. We have been able to do this for Outlook using these instructions https://www.b-fortyone.com/single-post/2016/06/07/Office-365-Prevent-downloading-attachments-via-Outlook-Web-App but we cannot do it for the SharePoint and MS Teams. I hope you can help Colin1.5KViews0likes0CommentsAzure Certified advise
Hi, I need to demonstrate my Azure Intune, Azure AD, and Azure Conditional Access skills. My manager would like me to get Microsoft Certified to demonstrate these skills to clients. My question is what Microsoft certificate should I aim for? Thanks Courtney694Views0likes0Comments