Portions of Threat Severity section missing in Intune policy
I was updating our Intune Antivirus policy today and noticed that the threat severity section is gone. When I saved the changes, I did another review of the Defender settings and they have been removed from the policy. Anyone else seeing this or know how to get them back?Time Zone configuration profiles and policies
Hello, I'm trying to find out the way to control "automatic time zone change" option to allow users to turn it off or on. On the Intune side there is a configuration profile using OMA-URI settings ("./Device/Vendor/MSFT/Policy/Config/UserRights/ChangeTimeZone" with string "LOCAL SERVICEAdministratorsUsers"). This one controls whether user can change the Time Zone manually in the Control Panel (the old school way) and it also reflects in the Settings when the "Set time zone automatically" is turned off however we have some users that have this option greyed out and I have not found a way how to change this from the Intune side. Users are normally standard users and they do not have administrative rights by default but they should be able to change some of the settings when they invoke "elevation mode" eg in the 1st picture below if I would switch "Set time zone automatically" on I would be presented with authentication dialog and after authentication the setting would turn on. 1st case - user can change the "set time zone automatically" option on/off but is not in the group that is allowed to manually change the time zone hence it does not even show the time zone choices (this reflects the configuration profile mentioned above) 2nd case - user can change the "set time zone automatically" option on/off and is in the group that is allowed to manually change the time zone => shows additional options Time Zone and DST. 3rd case - user can not change the "set time zone automatically" option at all means can't change the TZ or DST in Settings, but is able to change time zone via Control Panel (see below) And the question for the million $$$ 🙂 is if or where is the option / configuration that makes the "Set time zone automatically" greyed out. Any ideas? Thanks
Intune Custom Compliance Policy - Struggling
Any assistance or guidance on this is greatly appreciated. For over a week I struggled with a custom compliance policy that will do the following. - Search for a specific installed software and version and produce the following results: - Application is not installed - Compliance Status set to "Not Applicable" - Application is installed but is not the desired version. - Compliance status set to "Not Compliant" - Application is installed, meets the version requirements - Compliance status set to "Compliant" - Multiple versions of application exist, one of which meet the requirements. Compliance status set to "Not Compliant" If I run the discovery script on a local device and output the findings it is 100% successful, every time. However, when applying the policy in Intune not every works correctly. Here are both the JSNO file and discovery script. -------JSON------ { "Rules": [ { "SettingName": "ComplianceStatus", "Operator": "IsEquals", "DataType": "String", "Operand": "Compliant", "MoreInfoUrl": "https://example.com/compliance-info", "RemediationStrings": [ { "Language": "en_US", "Title": "Software Compliance Check", "Description": "The required software version is installed and compliant." } ] }, { "SettingName": "ComplianceStatus", "Operator": "IsEquals", "DataType": "String", "Operand": "NonCompliant", "MoreInfoUrl": "https://example.com/compliance-info", "RemediationStrings": [ { "Language": "en_US", "Title": "Software Compliance Check", "Description": "The required software version is not installed or is outdated. Please install or update to the required version." } ] }, { "SettingName": "ComplianceStatus", "Operator": "IsEquals", "DataType": "String", "Operand": "NotApplicable", "MoreInfoUrl": "https://example.com/compliance-info", "RemediationStrings": [ { "Language": "en_US", "Title": "Software Compliance Check", "Description": "The software is not applicable for this device." } ] } ] } ------- Discovery Script _------- $softwareName = "Autodesk Single Sign On Component" $requiredVersion = [version]"13.7.7.1807" # Get the installed software information $installedSoftware = Get-CimInstance -ClassName Win32_Product | Where-Object { $_.Name -eq $softwareName } # Initialize the result hash $result = @{ SoftwareInstalled = $false SoftwareVersion = "0.0.0.0" ComplianceStatus = "NotApplicable" } # Process each instance if any are found if ($installedSoftware) { $result.SoftwareInstalled = $true $isCompliant = $false $multipleCopies = ($installedSoftware.Count -gt 1) foreach ($software in $installedSoftware) { $installedVersion = [version]$software.Version $result.SoftwareVersion = $installedVersion.ToString() if ($installedVersion -ge $requiredVersion) { $isCompliant = $true } } # Determine overall compliance status if ($multipleCopies) { $result.ComplianceStatus = "NonCompliant" } else { $result.ComplianceStatus = $isCompliant ? "Compliant" : "NonCompliant" } } # Return the result as JSON $result | ConvertTo-Json -Compress
Looking to create policy that excludes users using MS 365 resource on personal mobile phones
Hi. I'm relatively new to admining Intune. I have been set a task to create a policy that excludes users from using any MS 365 resources on their personal mobile phones. I am hitting a wall with how to achieve this. Any help would be appreciated.Chrome Bookmark
I am trying to apply an applicaiton policy to create a bookmak on an iOS device. Configuration Key ManagedBookmarks String [{"toplevel_name": "Managed Bookmarks"}, {"name": "Nuvolo", "url": "nuvoloXXXoem.service-now.com"}] The policy is applying but the tablet is reporting an error. I am not sure if the syntax is wrong, but according to Google, it is formatted correctly.
