Microsoft Defender (for Business) not showing onboarded device via Intune
I am having some real fun with Devices not being shown in Microsoft Defender (for Business) after following the necessary instructions provided by Microsoft. Devices are not showing in the Microsoft Defender portal. I have used the local onboarding scripting method and gone directly through Intune. Would there be a conflict running the two? The account being used to perform these tasks is a Global Admin (even with Security Administrator rights). In respect of Intune, the Connection service between Intune and Defender for Endpoint (EDR) is fine. I have used a preconfigured EDR policy option to onboard the device, and I have checked the registry key HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection, which states an OnboardingInfo value, indicating that a device has been onboarded to Microsoft Defender for Endpoint. I do have an issue relating to Default Device Compliance Policy - Has a compliance policy assigned and a policy issue for 'create local admin user account', but Intune is saying the device is compliant. Would these issues cause an issue, and what else should I check for?
Are you unable to open Google Chrome or any other browser?
Cause & Solution: If you are using Microsoft Intune, the Microsoft AI system may have automatically created a rule that blocks third-party browsers such as Chrome and Firefox. To resolve this, you need to deactivate or delete the automatically generated rule under Windows Configuration Policies.Restrict some devices
Hi All I hope you are well. Anyway, I'm looking for some advice. We have identified some Intune enrolled, Entra ID joined devices that may be security risks (malware) and would like to restrict these devices from accessing things like M365 apps, Azure VPN etc etc. What's the best way to achieve this? Conditional Access and target a group with the devices as members? Info appreciated
Intune APK Upload Error
Good morning. Since Monday 8th June I have been unable to upload a private APK within our Intune Managed PlayStore portal. When uploading the APK file it errors, "Can't publish app. Try again in a few minutes." The error message is very generic and suggests its just a system global error but it's been on going for a few days now. I have also tried uploading a previously successful APK file with the same error returned and several different browsers. Is anyone else having this issue or has any idea on how to fix or contact for support?Jail Broken = Yes
Hi all, I have a Yealink MP56 Teams device reporting back into the portal as being Jail Broken. The device has been checked, and no evidence of it being jailbroken is evident. We have a few hundred of these devices, and they are all set up and running the same. I am in the process of implementing policies for all Android devices that would block rooted devices (all device settings) And have held off after doing a quick check and noticing this one device. Has anyone come across this before? Or have any suggestions? Also I have several hundred devices reporting back a status unknown against being jail broken, but this may be down to their low android os version. Any help is appreciated.MS Graph Device OS Reporting
On the Intune android device view, the OS is listed as ‘Android (fully managed)’ or ‘Android (corporate-owned work profile)’. The MS Graph command get-mgdevicemanagement just has ‘Android’ for the OS attribute. Using MS Graph, does anyone know how or where to get the ‘Android (corporate-owned work profile)’ value that shows in the device view?How to deploy M365 Companion app through Intune
Hi All, I have a requirement of deploying M365 companion app to a few users in the company. However, when I tried with Win32 apps in Intune, it gets failed every time even though the scripts success manually. Does anyone know how to deploy M365 companion app from Intune? I have downloaded the app from below link and used the below command: https://learn.microsoft.com/en-us/microsoft-365-apps/companions/overview#set-up-the-companion-apps Echo OFF m365companionsetup.exe /quiet Thanks in advanced, Dilan
Managed Home Screen MSAL - severe issuse
Hi Intune Community! We are currently experiencing severe issues with Managed Home Screen and MSAL on our shared Android devices, managed as dedicated with Entra Shared mode. Anyone else experiencing issues? Quite often when a user types her user name at the MHS sign in page and press the Sign In button, the screen only blinks and nothing happens. Only workaround is to restart the device and then it often works to sign in a user once or twice, until same issue happens again. It affects all devices and all users and we have tried both the latest version of MHS and some older version. No difference. Some things that we have seen is: If we exit kiosk mode and start the Intune app it says "Something went wrong" and shows a Register button. This is however gone when restarting the device. (see images below) If we start the Authenticator app, also after exit kiosk, it asks for "organization email" and shows a Register button. This is also back to normal once you restart the device. (see images below) If we let the device be after trying to sign in, 10-20 minutes later it has managed to sign in and asks for setting a Session PIN. The problem is that it is the user who last made a successful sign in who gets signed in. Huge security issue. We also see that Edge and Teams (probably other msal-enabled apps as well) doesn't behave as normal even if you successfully sign in. Teams ask what account to sign in with. Either selecting the suggested account or pressing the Back-button (<) signs you in. (see images below)Block All Software Installs
Hi All Is there a way to block all software installs on Windows devices except for those we push out via Intune? I have have a look in the Device Config settings but there seems to be some confusing settings in there and some stating set as "Disabled" when disabled isn't an option. Info appreciated.
