Member: MatAitAzzouzene | Microsoft Community Hub

Recent Discussions

Re: What's New in Windows Autopatch - New Feature: Tenant Management Blade
What about the "old" configuration profiles using OMA-URI in Intune (Modern Workplace..)? Can we delete them?
Nov 08, 2022 Place Windows Autopatch
2.9KViews
0likes
3Comments
Conditional Access "Require App Protection Policy" blocks first launch
Hi all, When I launch OneDrive on a brand new iPhone theConditional Access policy "Require App Protection" blocks the app since the app protection is not yet configured. If I disable the CA policy, launch OneDrive so it can apply App Protection then reenable the CA policy it works fine. Is it the normal behavior? Do we have to disable the CA policy everytime we prepare a new phone?
Solved
Jan 15, 2022 Place Microsoft Entra
Azure Active Directory (AAD)
Conditional Access
microsoft intune
2.6KViews
0likes
4Comments
Re: Connector for Active Directory enrollment fails
OK I finally figured out what was the problem: one URL is missing in the Microsoft doc for Intune network requirements. Indeed, the doc tells us to allow "*.manage.microsoft.com" but does not mention "manage.microsoft.com", which is not included in "*.manage.microsoft.com" because of the dot before. Once the network team added manage.microsoft.com, everything went fine!
Dec 09, 2021 Place Microsoft Intune
7KViews
1like
1Comment
Re: Connector for Active Directory enrollment fails
Hi! Unfortunately I don't have access yet to the firewall logs. I would love to allow everything temporarily but my customer is a huge company with a cautious security team... Yeah I disabled IESC, I even tried to force TLS 1.2 using the registry, still no clue... I also have doubts about the network but the security team claims all Intune URLs are opened. I can't access to portal.office.com from this server, since this is not a required URL for Intune, but I have access to config.office.com.
Dec 03, 2021 Place Microsoft Intune
7.4KViews
0likes
1Comment
Re: "Work or School account" option missing in chinese Android Authenticator App
Thanks Jonas for your reply Do you mean your chinese users have the "Work or School Account" option in the Android Microsoft Authenticator app?
Dec 02, 2021 Place Security, Compliance, and Identity
4.5KViews
0likes
0Comments
Connector for Active Directory enrollment fails
Hi all, My customer is unable to enroll its Intune Connector for Active Directory. Once he signs in the UI keeps coming back to the enrollment page. I had a look at the ODJConnectorUI.log file but I don't understand why does the connection close: "ODJ Connector UI Information: 0 : User clicked on SignIn DateTime=2021-12-02T09:31:21.9240384Z ODJ Connector UI Information: 0 : Navigating to URL https://portal.manage.microsoft.com/Home/ClientLogon DateTime=2021-12-02T09:31:21.9240384Z ODJ Connector UI Information: 0 : Browser loaded page https://portal.manage.microsoft.com/Home/ClientLogonSuccess DateTime=2021-12-02T09:31:23.4746356Z ODJ Connector UI Information: 0 : Getting the URL for EnrollmentService from https://manage.microsoft.com/RestUserAuthLocationService/RestUserAuthLocationService/ServiceAddresses DateTime=2021-12-02T09:31:23.5296295Z ODJ Connector UI Error: 2 : ERROR: Enrollment failed. Detailed message is: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream. at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetResponse() at ODJConnectorUI.Enrollment.GetURLFromLocationService(String userToken, String LSUrl, String key) at ODJConnectorUI.Enrollment.webBrowser_LoadCompleted(Object sender, NavigationEventArgs e) DateTime=2021-12-02T09:31:23.5747625Z" I tried multiple reinstall but I keep getting the same error. The connector is installed on a fully updated Server 2019 (en-US), intune endpoints URLs are opened, the user is Intune Administrator and has an Intune license.
Solved
Dec 02, 2021 Place Microsoft Intune
Intune
7.6KViews
0likes
5Comments
Re: "Work or School account" option missing in chinese Android Authenticator App
If Microsoft does not provide a workaround, it is more than notoriously complicated, it is unusuable. China is the most populated country in the world, all the biggest companies work with or in China. If Azure MFA does not work in China, Azure MFA is pretty useless since it can't protect almost 1,5 billion of human being...
Nov 30, 2021 Place Security, Compliance, and Identity
4.5KViews
0likes
2Comments
Re: "Work or School account" option missing in chinese Android Authenticator App
Here is the answer from Microsoft Support: From the case description, the attached picture shows you cannot add work account in Android Authenticator in China. I can’t be much help on this query, its bydesign that MS Authenticator does not work with Huawei phones on Enterprise level. I’m sorry to say that this issue is due to some political reasons. The United States has stopped some related features of Huawei, and the work account cannot be added to the authenticator due to the above-mentioned reasons. We don’t want such a thing to happen, but it is true that this problem is an unexpected incident, hope you could understand. Here are some workarounds, 1. Using other two-step verification method, e.g. phone call and SMS (However in China, this also has certain restrictions, because if you use phone verification, it will be blocked due to anti-fraud settings set by government) https://support.microsoft.com/en-us/account-billing/change-your-two-step-verification-method-and-settings-c801d5ad-e0fc-4711-94d5-33ad5d4630f7 2. Also noticed that there are other third-party authenticators that can perform verification services, but what we want to say is that we do not support any third-party services, if there is something wrong happened, we will not give any support services, you should go to the third-party and find the corresponding response. OK fine, but it does not work on other Android phones too. Anyone aware of an authenticator app working in China?
Nov 26, 2021 Place Security, Compliance, and Identity
4.5KViews
0likes
4Comments
"Work or School account" option missing in chinese Android Authenticator App
Hi all, I am currently facing a mystery with Android phones in China. Users are able to download the Authenticator App from the store (ex Huawei AppGallery) but the "Work or School account" option does not exist in the add account pane. I already read the documentation about Azure MFA in China but Microsoft don't mention such behavior: Authenticator for Android in the public cloud in China Are you aware about such issue? Cheers
Nov 25, 2021 Place Security, Compliance, and Identity
Azure Active Directory
Multifactor Authentication
4.7KViews
0likes
5Comments
Re: Deploying RemoteApp and Desktop Connections via Intune
Ben_Allgood It is for Windows Insiders
Aug 18, 2021 Place Microsoft Intune
37KViews
0likes
0Comments
Re: Autopilot Self-Deploying mode - who uses the device?
burningice "Am I missing out on some similar user-driven functionality here? " Yes, you are missing theWindows Autopilot for pre-provisioned deployment(ex White Glove)
Feb 10, 2021 Place Microsoft Intune
3.5KViews
0likes
0Comments
Re: Microsoft Teams - Windows App - Enlighten app / Windows Information Protection
Ryan__W Microsoft Teams is an enlightened app.
Apr 24, 2020 Place Microsoft Teams
2.6KViews
0likes
0Comments
Re: Conditional Access "Require App Protection Policy" blocks first launch
VasilMichev One more thing, if you exclude the user from the CA policy requiring App Protection, launch Teams once, then include back the user in the CA policy, it works! Seems like the CA policy does not let Teams applying the App Protection before checking access so you have to apply the App Protection first then apply the CA policy.
Aug 21, 2019 Place Microsoft Entra
2.4KViews
0likes
0Comments
Re: Windows Autopilot Hybrid Azure AD join fails
Unit2777thank you for your reply. We already tried to delete the HWID then reupload it, sometimes it works, sometimes not. We use the latest 1809 ISO from MSDN, not 1903, and it used to work perfectly for months before it started to fail randomly.
Aug 21, 2019 Place Microsoft Intune
11KViews
0likes
2Comments
Re: Conditional Access "Require App Protection Policy" blocks first launch
VasilMichev All prerequisites are OK! I found out this happens with MS Teams, not with OneDrive. I think I figured out what is the problem, the"Azure Active Directory Conditional Access settings reference" doc indicates only 5 apps are currently supported (Cortana, Edge, OneDrive, Outlook and Planner): https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference#app-protection-policy-requirement But the"Require app protection policy for cloud app access with Conditional Access (preview)" does not mention it: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-protection-based-conditional-access So this policy can't apply to Teams and other unsupported apps, meaning it is pretty useless for now, until all cloud apps become supported...
Aug 14, 2019 Place Microsoft Entra
2.5KViews
0likes
2Comments
Re: Intune - Hybrid Active Directory with Autopilot
My Company has a federated domain, ADFS configured in Azure AD Connect and uses Windows Autopilot Hybrid Azure AD join without issue
Jan 26, 2019 Place Microsoft Intune
7.1KViews
0likes
7Comments

User Profile

MatAitAzzouzene

User Widgets

Recent Discussions

Re: What's New in Windows Autopatch - New Feature: Tenant Management Blade

Conditional Access "Require App Protection Policy" blocks first launch

Re: Connector for Active Directory enrollment fails

Re: Connector for Active Directory enrollment fails

Re: "Work or School account" option missing in chinese Android Authenticator App

Connector for Active Directory enrollment fails

Re: "Work or School account" option missing in chinese Android Authenticator App

Re: "Work or School account" option missing in chinese Android Authenticator App

"Work or School account" option missing in chinese Android Authenticator App

Re: Deploying RemoteApp and Desktop Connections via Intune

Re: Autopilot Self-Deploying mode - who uses the device?

Re: Microsoft Teams - Windows App - Enlighten app / Windows Information Protection

Re: Conditional Access "Require App Protection Policy" blocks first launch

Re: Windows Autopilot Hybrid Azure AD join fails

Re: Conditional Access "Require App Protection Policy" blocks first launch

Re: Intune - Hybrid Active Directory with Autopilot

Groups

Recent Blog Articles

Re: Intune expands OEM integration in partner portal

Re: Intune expands OEM integration in partner portal

Re: Intune expands OEM integration in partner portal

Re: Intune expands OEM integration in partner portal

Re: Intune expands OEM integration in partner portal

Re: Coming soon to Intune: Windows driver and firmware updates

Re: Coming soon to Intune: Windows driver and firmware updates

Re: Update to Windows Autopilot pre-provisioning process for app installs

Re: Microsoft Intune announces device-only subscription for shared resources

Re: Introducing Microsoft Connected Cache: Microsoft’s cloud-managed cache solution