Known issue: Upgrading Microsoft Tunnel version 20260129.1
We identified an upgrade issue with the early March release of Microsoft Tunnel version 20260129.1 that caused servers to become stuck and unable to complete the upgrade. The issue can be resolved by uninstalling and reinstalling the server to a newer version (20260330.1 or later). Alternatively, we’ve created a script to help you update affected servers. This blog explains how to use the mstunnel-patch-2602 script to remediate the issue. Before you begin Before you run the script, make sure you have the following: Access to the Linux virtual machine hosting the Microsoft Tunnel server Permission to run commands with sudo The patch script downloaded to the server from https://aka.ms/mstunnel-patch-2602 When to use this script Use this script if your server is showing one or more of the following behaviors: The server remains on the affected version (20260129.1) and doesn’t move to the latest version In the Intune admin center, the server health state appears as Healthy, but the upgrade banner shows an error The server rolls back to the affected version because of a version mismatch in Agent Settings Identify impacted servers The issue affects servers on version 20260129.1, use the following hash to identify whether your deployment is on this version: Agent: sha256:abbdcd854aa5ac376aed32c828e4c84917e776a701855cd1e3febed18a3e4dae Server: sha256:ad57d6a7ffe21f64fc1577713063ae9b180914cf65bc70b4e49be21299cfc1d3 The issue was resolved with version 20260330.1, released March 30, 2026. You can verify your servers are on this version with the following hash: Agent: sha256:163214b94af6d91a5ef02690f891c5a41e87b1059b9530324716ee34778c1785 Server: sha256:dd62c292528e8e5aa4e7b84418efa42fd3830ec0db40467947cde8125aa17d7e Run the script After downloading the script to the server, complete the following steps. Step 1: Enable execution permissions If needed, make the script executable: chmod +x mstunnel-patch-2602.sh Step 2: Run the script Run the script with elevated permissions: sudo ./mstunnel-patch-2602.sh When the script runs, it performs the following actions automatically: Checks whether the current server is using the affected build hashes. Creates backups of the current configuration so the system can revert if the update fails. Stops the Tunnel agent and server services. Updates the configuration with version 20260330.1 hashes Pulls version 20260330.1 and forces mst-cli install without requiring additional user input Expected results After the script completes successfully, the server should be updated to the March 30, 2026 version 20260330.1. This remediation is intended to resolve upgrade failures caused by a version mismatch and eliminate the need for a manual uninstall and reinstall workflow. If you have any questions or issues running the script to update your servers, reply to this post or reach out to the team on X @IntuneSuppTeam.
All scheduled prompts failing — "couldn't be completed" error — Power Platform provisioning issue?
I'm hoping someone from Microsoft or the community has seen this. All my scheduled prompts are failing at execution time with this error: "This scheduled prompt couldn't be completed. It will be retried during the next scheduled run." Key facts: M365 Copilot license on a direct Business subscription The same prompts run correctly in Copilot Chat Even the simplest scheduled prompt fails: "List emails I received in the past 5 days. No analysis needed — just the list." The scheduling UI works fine — prompts appear in the Active list with correct schedules Failure is at execution time. Retries also fail. Admin-side investigation already completed: Power Platform environment: Ready No DLP policies in the tenant No admin toggle for scheduled prompts exists in M365 admin center (noted as unusual) Org-level optional connected experiences: enabled User-level optional connected experiences toggle absent (consistent with org locking it On) The absence of an admin toggle for scheduled prompts in the M365 admin center is the one thing that stood out — I wonder if this indicates the feature wasn't fully provisioned when the Copilot license was applied. Sharing here in case this is a known issue or others are experiencing the same. Any insight from Microsoft engineers or others who've resolved this would be appreciated.
Apologies for repeated prompts – account works but restricted / Cuenta ok pero restringida
Hola, mi cuenta fue marcada por una infracción de “Abuso de la plataforma” en M365 Copilot. Ya verifiqué con soporte de inicio de sesión y confirmaron que no hay problemas con mi cuenta. Sin embargo, sigo experimentando errores y desconexiones al usar Copilot. ¿Alguien del equipo de Microsoft puede ayudarme a revisar este bloqueo o indicarme cómo apelar la restricción? Este problema me impide usar Copilot con normalidad. Utilicé un promt una y otra vez intentado hacer una gráfica de pastel y la IA estuvo "alucinando" datos. Intenté tanto que me enojé. Me disculpo. Gracias. Hello, My account was flagged for a “Platform abuse” violation in M365 Copilot. I have already contacted sign-in support, and they confirmed that there are no issues with my account. However, I am still experiencing errors and disconnections when using Copilot. Could someone from the Microsoft team help review this restriction or guide me on how to appeal it? This issue is preventing me from using Copilot normally. I used a prompt over and over trying to make a pie chart and the AI was 'hallucinating' data. I tried so much that I got angry. I apologize. Thank you. Puedes responder en inglés o español, gracias. | You can respond in English or Spanish, thank you.
Determine Availability Group Synchronization State, Minimize Data Loss When Quorum is Forced
First published on MSDN on Nov 11, 2014 When Windows Cluster quorum is lost either due to a short term network issue, or a disaster causes long term down time for the server that hosted your primary replica, and forcing quorum is required in order to quickly bring your availability group resource online, a number of circumstances should be considered to eliminate or reduce data loss.Unpacking Endpoint Management is back - and we’ve got a lot to talk about
If you've been missing real, candid conversations about endpoint management, good news! Unpacking Endpoint Management is officially back. This series is all about what actually works. No fluff, just practical tips, proven strategies, and honest discussions to help you optimize and simplify the way you manage and secure endpoints today (and prepare for what's next). We're bringing together people from across Microsoft Intune, Security, and Customer Experience engineering and product teams, along with guest practitioners, to share what's worked, what hasn't, and what we've learned along the way. And yes…we're absolutely here for the tough questions. A quick update on the hosts Danny Guillory, a familiar face to the community and a Product Manager for Intune and Configuration Manager, will continue to host the series. He's joined this season by Rachelle Blanchard as co‑host, bringing a strong community and discovery lens to the series. Rachelle focuses on surfacing real customer questions and guiding conversations toward practical outcomes, helping ensure each episode reflects how endpoint management works in the real world. Up next Policy: from hybrid to cloud-native May 28, 2026 - 9:00 a.m. PDT June 2026 episode (topic TBD) June 30, 2026 – 9:00 a.m. PDT July 2026 episode (topic TBD) July 29, 2026 – 9:00 a.m. PDT Sign in to the Tech Community and follow this post for the latest updates on upcoming episodes. Catch up on demand Curious what it takes to secure endpoints in today’s Zero Trust world? Watch our most recent episode on Device security with Microsoft Intune, now on demand! What's the format? This web series is streamed live on Tech Community, LinkedIn, YouTube, and X. In addition to open discussion, we answer your questions so sign in (or sign up for) the Tech Community and RSVP to submit questions early and throughout the live show. How do I join? There's no call or meeting to join. Simply head to aka.ms/JoinUEM. Show up at start time, watch live, and jump into the discussion with us. Help shape the series This series is for you - so tell us what you want to hear. Drop a comment below with: Topics you'd like us to cover Tough questions you want answered Speakers you'd love to hear from We can't wait to get started - and even more excited to hear from you along the way. Join the Community to get early insight into what's coming for Intune, connect with experts, and share real-world feedback that helps shape the product. 👉 aka.ms/JoinIntuneCommunityHas anyone had issues with images not loading properly/at all?
Starting last week, the Copilot application has not been properly rendering generated images for several users - I have pasted several examples below, along with the errors I am receiving in various tools. Has anyone had a similar issue and/or been able to resolve it on their end? Is it possible to disable Copilot in Agent mode (i.e., return to Work mode)? Thank you! Please let me know if I can clarify with any additional details.Azure Data Sync: Fixing “Cannot find the user ‘DataSync_executor’” When Creating a New Sync Group
Summary When creating a new Azure SQL Data Sync group, customers may encounter the following error during setup—even when no active sync groups exist: “Failed to perform data sync operation: Cannot find the user 'DataSync_executor', because it does not exist or you do not have permission.” This failure typically occurs during certificate and symmetric key creation as Azure attempts to grant permissions to the DataSync_executor role. In this post, we’ll walk through: The common scenario where this issue appears Why cleanup scripts alone may not fix it A supported, reliable resolution approach to restore Data Sync successfully The Problem Scenario A customer attempts to create a brand-new Azure SQL Data Sync group (hub + members), but the operation fails with an error similar to: Cannot find the user 'DataSync_executor', because it does not exist or you do not have permission. Creating certificate Creating symmetric key Granting permission to [DataSync_executor] on certificate Key observations from affected cases: No active sync group exists Cleanup scripts (including Data Sync complete cleanup.sql) were already executed The failure persists even after retrying the setup Why This Happens Azure SQL Data Sync depends on system-managed database roles that must be created and configured only by the Azure Data Sync service itself. If these roles (or related permissions) are: Missing Partially deleted Left in an inconsistent state then Data Sync may fail while attempting to create certificates or grant required permissions. Important: Manually creating or partially restoring these roles is not supported and often leads to repeated failures. How to Detect the Issue Before troubleshooting further, confirm whether the required Data Sync roles are missing. 1. Run the Data Sync Health Checker Ask the customer to run Data Sync Health Checker, then review SyncDB_Log. Common warnings include: DataSync_reader IS MISSING DataSync_executor IS MISSING Missing EXECUTE/SELECT permissions on dss and TaskHosting schemas This confirms the root cause is role and permission inconsistency. Supported and Effective Resolution Step 1: Verify Roles Are Missing Run the following query on each affected database (hub and members): SELECT name FROM sys.database_principals WHERE name IN ('DataSync_executor', 'DataSync_reader'); If no rows are returned, the roles are missing and must be recovered by Azure Data Sync itself - not manually. Step 2: Fully Clean Up Leftover Data Sync Objects Do this only if the database is not actively syncing -- Remove roles if partially present DROP ROLE IF EXISTS DataSync_executor; DROP ROLE IF EXISTS DataSync_reader; -- Drop DataSync schema IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = 'DataSync') BEGIN DROP SCHEMA DataSync; END This ensures there are no partial or orphaned Data Sync objects left behind that could interfere with setup. Step 3: Recreate the Sync Group (Critical Step) Do not manually recreate roles or permissions Instead: Delete the existing (failed) Sync Group from the Azure Portal Recreate the Sync Group from scratch Re-add the hub and member databases During this process, Azure will automatically: Recreate DataSync_executor and DataSync_reader Assign all required permissions Deploy the correct schemas, certificates, and procedures Key Takeaways DataSync_executor and DataSync_reader are service-managed roles Cleanup scripts alone may not fully reset a broken state Manual role creation is not supported Deleting and recreating the Sync Group is the only reliable recovery method once roles are missing Final Recommendation If you encounter Data Sync setup failures referencing DataSync_executor, always: Validate role existence Fully clean up broken artifacts Let Azure Data Sync recreate everything by rebuilding the Sync Group This approach consistently resolves the issue and restores a healthy Data Sync deployment.
Cannot Share Fabric Data Agent
I created Fabric Data Agent. I published it to M365 Copilot. I shared it to user A, B, C. I copy the link https://m365.cloud.microsoft/chat/?titleId=T_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&source=agentCenterDialog. I generated an QR Code using canva. User A, B, C tried to scan the QR Code using their phone, but it returned an error as seen in picture 1. However, when user A, B, C opened it via laptop browser, it was not error. how to solve this problem?
