Forum Widgets
Latest Discussions
Does the Intune Management Extension enroll the Windows PC in InTune?
Intune Management Extension fails to install. The device is not visible in InTune. It IS visible in EntraID and Defender. Is the install failing because it's not enrolled in InTune or is it the opposite? This is a remote device, so I don't have direct access.SolvedWill44Mar 06, 2025Copper Contributor99Views1like5Comments
Intune Security baseline - Defender settings
Hello All, We're configuring the Security Baselines policy for Windows in Intune and noticed a section for Defender settings. We have Intune Plan 1 license, and don't have a Defender for Endpoint license and are using the default Windows Defender on Windows 10/11. After we enroll the device to Intune and configure the Security baseline policy, can someone confirm if settings like ASR, Network Protection, Cloud Protection, Local Admin Merge, etc., under the Defender section, will apply to our devices if configured? Thanks,SolveddrivesafelyMar 02, 2025Brass Contributor62Views0likes5Comments
Android App for different enrolments
Hi Most of our Android devices on Intune are registered as Corporate owned, fully managed and the apps are all installed as 'required' assigned to user groups. I have been asked to set up BYOD for Android so I am trying to create the Work profile set up. The problem is that it automatically installs all apps we've assigned for corporate owned devices. How do I separate the apps from each type of enrolment bearing in mind that the same app (eg Outlook), might be installed on both types of enrolment? We are assigning apps by user so I can't think of a way to prevent it. ThanksSolvedJamesIVHFeb 28, 2025Copper Contributor48Views0likes3Comments
Intune Endpoint Privilege Management - FIDO2
we have begun testing out Intune EPM as a replacement for local admin accounts in our org. We have users that authenticate with PIV certs via Smartcard as well as FIDO2 with Yubikeys. PIV authentication works no problem, but i cannot find a way to enable FIDO2 to work with EPM. Has anyone found a solution for this?Solved46Views0likes3Comments
Block iMessage backup to iCloud
Hello. Trying to block the backup of messages on some iPhones. ABM managed, ADE-enrolled devices. I see through both the restrictions template and settings catalogue, this is not available. So I thought maybe I could do this through an App configuration policy. Turns out, no - because Messages is not listed under public apps. Then I thought to do it through App Protection policies... but again, Messages does not appear. But I noticed App Protection policies can apply to managed apps, so why not just add Messages to my managed apps? And conveniently, the "Add app" tool has a "built-in app" button. But none of those apps are built-in apps. Not one of them, from what I can tell. Anyone able to help out here? This seems.. bizarre.SolvedunderQualifriedJan 30, 2025Brass Contributor58Views1like2CommentsDynamic device group from InTune user groups
We've onboarded a number of users into InTune, and we're all new to it. Previously, they were on MaaS360, which had both device groups and user groups, and you could assign to either individually. A bit shocked InTune can only assign down to the group level. (I know Filters exist, but these only filter by Devices, and take longer than just creating a new group)... Anyway, trying to rebuild things as closely to MaaS as possible. For onboarding, we created user groups, so when a user enrolled, they would automatically get the right policies. We couldn't create a device group until the devices were enrolled AND logged in, and showing in Entra. However, the tenant actually wants the groups to be by DEVICE for various reasons (replacing people, for example). So I have two questions - Is there a way to dynamically generate the device groups, based off each user's group association? Also, since devices can't be grouped without an associated Entra ID (either dynamically or manually), if a user leaves/signs out, will that device automatically lose all it's group associations? if there is another way to get the structure the tenant wants, I'm all ears. But essentially, the devices have different hardware, and they want their department to be tracked even if they have no user.SolvedunderQualifriedJan 21, 2025Brass Contributor244Views0likes3Comments
Unable to access devices | configuration
Hi All! HNY to you all. Just trying to access devices\configuration from the Intune Admin Console, and get this error. And no policies are displayed. I have tried accessing via an Incognito window and get the same message. Everything else is working and accessible. Anyone else got this issue or seen it before? ThanksSolvedUpNorthIntuneJan 03, 2025Iron Contributor387Views0likes4CommentsLocal admin creds via Powershell via Intune
Hello! I have what I hope is a fairly simple question. I am trying to run the Winget upgrade process using a Powershell script deployed in Intune. The problem is that it fails on laptops because it requires elevated privileges. It works for those who are local admins but not for those who are not. Has anyone deployed this successfully? Using the command below in the PS1 file.... winget upgrade -h --all Or as an alternative, has anyone any good advice running Winget from Intune across all users within a specific security group? Thanks all!SolvedmatthewrosierJan 02, 2025Copper Contributor68Views0likes1Comment
Intune - Multi-App Kiosk Mode Android - Managed Home Screen - How to Toggle Between Open Apps?
Hi there, We use Intune - Multi-App Kiosk Mode for Android - Managed Home Screen quite a bit. However, we'd like to be able to see open Apps and switch between them like you can on a standard Android phone (using the 3 vertical lines icon). I can't find an equivalent function in Managed Home Screen. Any ideas? Ta, Ian HearnesSolvedIan_HearnesDec 27, 2024Copper Contributor65Views0likes3CommentsIntune - Phishing-Resistant MFA
Good Afternoon, So sorry but I'm quite novice. I am trying to merge all Intune users to phishing-resistant MFA (PR-MFA) only (excluding break-the-glass users/admins). On Entra, I do this by disabling Microsoft-Managed MFA and setting a new authentication strength with all three (PR-MFA) modalities selected as the only allowable MFA. Then, I set a conditional access policy to grant all users to access all resources only if they have PR-MFA registered, because I don't want them to use other MFA like SMS. This makes all existing users switch over and disables weaker methods (like text messages), but I can't onboard new users. I reviewed the log for a test user who I could not register, and I saw that the issue is that during registration, the passkey must already exist BEFORE the new user can set up a passkey or other PR-MFA method, which is impossible. Is there a way to let Intune use just the new user's password alone for initial PR-MFA registration?SolvedaguenthartDec 26, 2024Copper Contributor163Views0likes2Comments
Resources
Tags
- Intune4,030 Topics
- Mobile Device Management (MDM)2,171 Topics
- Mobile Application Management (MAM)801 Topics
- Conditional Access439 Topics
- Software Management429 Topics
- Graph API235 Topics
- Azure Friday160 Topics
- Autopilot106 Topics
- android65 Topics
- ios56 Topics
