How to foce intune client in Ubuntu to synch automatically
Hello, in my company we have enrolled Devs Ubuntu devices to control some security setting and allow or not the access to our company apps and content. We have set compliance policies and enabled conditional access to check its. i have been surprised this morning by the last checking date of my Ubuntu laptops and ask my Devs of last signin in company portal client and the date match with the last checking date. I concluded, the company portal is synching only when the user open it and signin. This is a big problem for us because we are certified ISO27001 and we must check all devices compliance. Somebody has a script to deploy on those ubuntu devices and force a synch every day waiting for a Microsoft evolution of this process. Thanks a lot and regards MajidEntra ID LAPS and BitLocker on Hybrid AD–Joined Devices
Hi All, We have Hybrid AD–joined Windows devices with BitLocker managed on-prem via GPO and BitLocker recovery keys already escrowed to Microsoft Entra ID. If we enable Windows LAPS in Entra ID (cloud LAPS), will this have any impact on: Existing BitLocker recovery keys stored in Entra ID, or Current/future BitLocker configuration and escrow behavior? Is there any dependency or interaction between Entra ID LAPS and BitLocker on hybrid devices? Thanks in advance Dilan
Device Enrollment
Hi everyone, I need some guidance regarding a device-management scenario in my environment. We currently have Microsoft 365 Business Basic with the Intune Plan 1 add-on. All of our devices (about 150+) are Azure AD Registered, and I’m trying to determine the best method to enroll them into Intune using only our existing licenses. I’m unsure which enrollment method is most appropriate for this setup, and I haven’t been able to find a solid, recommended approach. I want to avoid unnecessary complexity and I cannot upgrade or change our licensing. I would really appreciate a well-structured explanation that covers: The best enrollment method for this scenario Why this method should be used Step-by-step guidance Pros and cons of the proposed method Any insights from those who have handled similar situations would be extremely helpful. Thanks in advance!
Issues with Windows 11 Autopilot Hybrid Joined Since last Week
Hi all, as of Thursday 4th December our Windows 11 Autopilot (Hybrid Joined) has ceased functioning. On the very first step, after the user attempts to enter their username&password, we can see the deployment profile gets downloaded to the device but then everything immediately stops with error "Something went wrong. Confirm you are using the correct sign-in information and that your organisation uses this feature. You can try and do this again and contact your system administrator with the error code 800004005". We can see that the ODJ process never starts. And we think we're seeing errors with the device reading the deployment profile JSON locally. Has anyone else had any errors? Wondering if Microsoft have made a change somewhere or have issues.Microsoft Intune for MSPs resource guide
Welcome to your home for all things #IntuneForMSPs! Our goal is to help you grow your Microsoft Managed Service Provider (MSP) business by combining productivity apps, intelligent cloud services, and the world-class security of Microsoft 365 with the multi-tenant management capabilities of you, our partners. Join us January 20 at 8:00 a.m. PST (4:00 p.m. UTC) on the Microsoft Intune Tech Community and kick off our new community meetup series with a guide to getting started with Microsoft 365 Business Premium. Hear first-hand experiences with configuring and managing customer tenants and learn best practices. Community meetups will feature subject matter experts on camera with Q&A in the chat (Comments) on Tech Community. Come curious and ready to learn! Jump to: Marketing and business development | Demos and tutorials | Partner resources | Microsoft communities | Select content from Microsoft MVPs In the spotlight Click the image below to watch the Microsoft Intune multi-tenant management video with Jonathan Edwards. Marketing and business development Start by joining Microsoft Partner programs: AI Business Solutions for Partners Microsoft Security Partners Join the Partner Skilling Hub for Free Go to Microsoft Partner Skilling Hub Create your free account Select Solution areas of interest Intune content: AI Business Solutions, Security Recommended modules: Implement with impact: Endpoint Management with Microsoft Intune | Microsoft Partner Skilling Hub Implement with impact: Implement Identity and access management with Microsoft Entra - Modules Demos and tutorials Whether deploying solutions for yourself or for your customers, these resources can help you with prescriptive ‘do this next’ guidance to get you up to speed quickly. Download this guide: Enhancing Security with Microsoft 365 Business: A Hands-on, Effective Guide Follow along with the companion videos: Achieve greater security and productivity with Microsoft Intune and Microsoft 365 Explore click-through interactive guides for more advanced instruction: Microsoft Intune guided demos Topics include configuring app protection policies, configuring Conditional Access, updating Windows from the cloud, configuring corporate devices, deploying and managing line of business (LOB) apps, enabling Universal Print, accessing corporate resources on personal-owned devices, setting up Windows Autopilot for new device delivery, and reducing bandwidth consumption with Delivery Optimization. Partner resources Nerdio knowledge hub Inforcer resources Microsoft communities Microsoft 365 Blog small and medium business-related posts Microsoft 365 Partner LinkedIn channel Select content from Microsoft MVPs To find an MVP near you, visit the Microsoft MVP home page. Peter Klapwijk - In The Cloud 24/7 Blog Ugur Koc - Ugur Koc Blog Andy Malone - Andy Malone on YouTube Rudy Ooms - Call4Cloud Blog Somesh Pathak - Intune IRL Blog Oktay Sari - AllThingsCloud Blog Jon Towles - Mobile Jon BlogWin 10 Security Baseline: Issue with WHFB
Hi, I activated the Intune Win 10 security baseline on a set of devices. I know experience an issue with WHfB. My face and fingerprint is not recognized, rsp. the login process is giving an error, saying that I cannot be identified. One user reports, that when away from company WhfB works as expected, asking for face or fingerprint and as second factor a PIN. I have another policy in Intune that is giving MDM policies precedence over GPO, so I cannot understand why it works for that one user when outside of company. What settings in MDM security Baseline could possibly be the cause resp. be responsible for broken WHfB?Close the Year Strong with Surface for Business Deals
As organizations look to maximize their remaining budget and prepare for 2026, now is the moment to modernize device fleets with Surface for Business. These limited-time Surface promotions make it easier to accelerate refresh cycles, strengthen endpoint security, and equip employees with devices that are AI-ready from day one. Surface for Business devices combine productivity-forward design, leading AI capabilities, and Microsoft security at multiple layers. Whether refreshing a subset of users or upgrading entire departments, organizations can close the year with hardware that helps reduce risk, assists in lowering management overhead, and positions teams for the next wave of AI-driven productivity. Secure by Design Surface for Business devices deliver hardware-based protections aligned with Secured-core PC standards. Hardware-based security, advanced firmware protections, and a growing number of memory-safe drivers help reduce exposure across the stack, providing peace of mind that clears the way for AI innovation. AI-Ready With advanced processors including powerful AI chips on supported models, Surface for Business devices are ready to help employees maximize their skills using AI to drive business forward. From a dedicated Copilot key 1 to Foundry on Windows 2 for developing local agents, these devices provide the foundation for people to achieve their best. Learn more about unlocking AI innovation in our new eBook. Ready to Deploy Surface for Business devices support Windows Autopilot 3 , enabling IT teams to deploy devices directly to employees, preconfigured with corporate profiles and security baselines, without imaging or desk-side setup. Combined with centralized management through Microsoft Intune 4 , organizations can reduce deployment time and help keep endpoints consistent from day one. Make the Most of Year-End Purchasing Opportunities Maximize remaining 2025 budget by exploring end-of-year savings on select Surface for Business devices. Work with your preferred reseller to capitalize on year-end spend, or purchase directly through Microsoft Store in the US 5 to take advantage of available offers that make modernizing your device fleet easier as you prepare for 2026. Resellers can help organizations align device selection, deployment plans, and support needs while optimizing budget utilization. Businesses purchasing through Microsoft Store benefit from fast, free shipping and a 60-day return window on most physical products. 6 Across both channels, Surface for Business offers provide a cost-effective path to refresh devices now rather than deferring upgrades—helping IT leaders complete their roadmap, meet procurement targets, and deliver new value to end users before the new year. Find a reseller [https://www.microsoft.com/surface/business/where-to-buy-microsoft-surface Buy from Microsoft Store US [https://www.microsoft.com/en-us/store/collections/surface-deals-bundles] References Feature availability varies by device and market. See Key Support for details. Some capabilities may require additional subscriptions not included with Windows or Surface devices. Windows Autopilot device preparation depends on specific capabilities available in Windows client and Microsoft Entra ID. It also requires a mobile device management (MDM) service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs. Additional licenses required, not included with Surface. Offers and promotions vary by market. Terms apply. Microsoft Store only ships to certain countries; see Shipping options, costs, and delivery times - Microsoft Support for details.Deploy an application to Windows devices with specific serial numbers
I have a total of 200 new laptops which I would like to deploy a specific application using InTune. I have the serial number of all the laptops. These laptop are only identifiable by the serial number only and cannot use anything else. I've been searching for solutions but articles are not clear. Can someone please advise if this can be done? If so, can you guide me to a good article or with some points? Thanks in advanceAndroid 15 - CredentialProviderPolicy not surfaced by Intune
I have been having an issue with Android 15 devices. We use Authenticator as our password autofill provider. As soon as a device is updated from Android 14 to Android 15, the password autofill provider is no longer set and the setting to change it is 'blocked by work policy.' I have already tried removing all policies that apply to the devices (device config and device compliance policies) and factory resetting them. Simply having them enrolled as corporate owned fully managed devices causes this to happen. I raised the issue in the Android Enterprise community blog. A link to that is included below. Someone on that thread found that there is a policy in Android 14/15 called the credentialproviderpolicy. When that policy is blocked or unconfigured, this behavior happens. I cannot find anywhere in Intune where I can set this policy. It seems that it is allowed by default when managing Android 14 with Intune, but not set or blocked when the device switches to Android 15. Is there any way to specifically set a policy that is not reflected in the Intune UI? This is a blocker for being able to move more phones to Android 15. Link to Android Enterprise thread: https://www.androidenterprise.community/t5/admin-discussions/android-15-cannot-set-default-password-app/m-p/8827#M2105 Thanks, Tom
Biometrics - Some of these settings are hidden or managed by your organization
-When going in windows to ->Sign ins-> I am unable to set biometrics. *Some of these settings are hidden or managed by your organization. for e.g. Windows Hello Face This option is currently unavailable - Click to learn more -To try and solve this issue, I enabled Windows Hello for business from Intune -> Device -> enrollment -> Windows hello for business. But issue persists, What do you think could be the issue.
