Having trouble with MDM
I am trying to set up a surface pro with a business account. However I got a error saying looks like we can't connect to the URL for your organization's MDM terms of us. Error: invalid_client Error subcode: Description: failed%20to%20authenticate%20user Does anyone know a quick fix to this problem. Thanks,Google Meet Links Not Opening on Intune-Managed Devices
We recently encountered an issue where Google Meet links could not be opened on devices managed via Microsoft Intune. This behavior was consistent across multiple users and devices, and it raised questions about whether this was a configuration issue, a policy conflict, or something else entirely. Symptoms Clicking a Google Meet link (e.g., https://meet.google.com/xyz-abc-def) results in no action. Tried to open it from Outlook, Gmail or Google-Calendar When Opening with the Browser, we get a Redirection to Google-Play-Store, but the Google-Meet App ist already installed. Behavior is consistent across Outlook, Teams, and other apps that handle links. We tried different Default Browers (Edge and Chrome) and Outlook, Gmail, Google Calendar and Google Meets are configured as managed Apps Is this a known Issue or can this be fixed with Intune Configurations? Looking forward to your feedback.
Understanding DEM accounts and licensing
We are trying to understand the right way to deploy corporate devices that I'll call "shared" among staff. Specifically iOS devices. We started out thinking we needed to buy tens of thousands of device licenses as they weren't tied to a user. Then start reading about this DEM account idea. If I'm understanding it right, I can create 150 of these DEM accounts and each can enroll 1,000 devices. So then I could enroll 150,000 devices without paying for any licenses? Or do I just need to buy 150 "user" licenses and can enroll 150k of devices for no more cost? What if I need to move to like plan 2 for these devices for say tunnel capabilities. Do I have to pay per device or just for the 150 "user" licenses? Is it really free vs paying even for the "DEM" accounts? Curious if anyone can explain how these accounts work as even though we have an enterprise account with MS no one there seems to be able to explain it to my satisfaction.Outlook cache mode set to download 3 months of emails
Hi ladies and gents, We have a requirement to set Outlook cache mode set to download 3 months of emails. The environment consists of Exchange Online, Intune and M365 and the devices are cloud native Win 11. Could you please advise the best way to achieve this. GPO is not an option, and Intune does not have a policy for this.Remed Script to delete Reg Value
Hi All I hope you are well. Anyway, pulling hair out this one, so could someone help me compile a Detect and Remed script to delete the following Reg key please: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate Value I need removed is the SetActiveHours one as below Any help would be greatly appreciated.
Enroll existing macOS devices to Intune
Hey, How do you handle/enroll existing business macOS devices, which are not yet managed by Intune or any other MDM? I believe if i somehow add them to ABM: if reseller adds them i can run enrollment profile, no wipe needed i can add them with configurator for iPhone, wipe needed Is for direct enrollment (without user affinity) device license needed? And user (with Intune license) will then use device. As stated here :https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/licenses#device-only-licenses no direct enrollment is mentioned (manual install profile). What other options do i have for properly manage macOS devices (not byod but corporate) ? Thanks, Tom
InTune policies blocking callback from Edge browser
InTune policies blocking callback from Edge browser I'm using a BYOD Android phone enrolled in our company's InTune company portal. A few months ago, I ran into an issue where I'm unable to authenticate to a MatterMost chat server from the MM app in my work profile. When I enter the server address and click log in, it takes me to a browser window inside the MM app (but using Edge) to authenticate using the host organization's SSO. Once I enter my credentials, it sends a callback using this URI scheme: mmauth://callback?MMAUTHTOKEN=<token>&MMCSRF=<more data>. However it looks like Edge prevents this callback from reaching the MM app because I get a popup saying: No available apps There are no apps currently configured on this device that your organization allows to open this content. Please ensure you are signed in with your work or school account to your managed apps or contact your organization's support team. I assume this is because our IT has either "Restrict web content transfer with other apps" or "Allow app to transfer data to other apps" policy settings enabled. In general things are pretty locked down so that data can't be shared between non-Microsoft apps, and even then some things can't be copied and pasted from one Microsoft app to another. I reached out to our company IT support but he seemed to think the only possible solution was to allow Chrome inside the Work profile to bypass the Edge restrictions. For obvious reasons, no one in IT or the company leadership wanted to implement this solution. Are there any other solutions where MatterMost or even just that specific "mmauth" URI can be white-listed in InTune to allow MatterMost to complete the authentication? Not looking to try to get around policies, but would like to have a informed discussion with our IT on maybe adjusting the policy to be more functional.Deploy an application to Windows devices with specific serial numbers
I have a total of 200 new laptops which I would like to deploy a specific application using InTune. I have the serial number of all the laptops. These laptop are only identifiable by the serial number only and cannot use anything else. I've been searching for solutions but articles are not clear. Can someone please advise if this can be done? If so, can you guide me to a good article or with some points? Thanks in advance
MS Graph Device OS Reporting
On the Intune android device view, the OS is listed as ‘Android (fully managed)’ or ‘Android (corporate-owned work profile)’. The MS Graph command get-mgdevicemanagement just has ‘Android’ for the OS attribute. Using MS Graph, does anyone know how or where to get the ‘Android (corporate-owned work profile)’ value that shows in the device view?
