Event banner
Event details
- ThomasTrombley
Microsoft
Thank you all for your questions and comments. This concludes our monthly Office Hours jam session! We'll be back next month, while attending to follow-ups on these questions below. - Another question regarding iOS and Intune. Our iOS security policies for managed device states that the user must change their PIN code every 90 days. When you setup a PIN code initially the numerical PIN keypad pops up. However, after 90 days when they are forced to change their PIN, instead of a numerical keypad the full QWERTY keyboard pops up asking the user to change their PIN. The crux is that the users are changing their PINs from a numerical PIN to a alphanumeric PIN and they get this confused with their network password. I've put in a ticket with MS Support on this and was advised that there's nothing they can do about this. Is that True or False? Is there anyway to change this full QWERTY keyboard layout to just a numerical PIN keyboard when the security policy dictates this? It's an issue I'd like to solve in our environment as we constantly get HelpDesk tickets regarding this.
- Joe_Lurie
Hi raydomingue Can you make sure the devices are not receiving a policy requiring alphanumeric PINs? From iOS/iPadOS app protection policy settings - Microsoft Intune | Microsoft Learn
>Set a requirement for either numeric or passcode type PINs before accessing an app that has app protection policies applied. Numeric requirements involve only numbers, while a passcode can be defined with at least 1 alphabetical letter or at least 1 special character.
Note: To configure passcode type, it requires app to have Intune SDK version 7.1.12 or above. Numeric type has no Intune SDK version restriction. Special characters allowed include the special characters and symbols on the iOS/iPadOS English language keyboard.- Correct, and that's already set in our environment. That's also what MS Support asked me to show them in our ticket.
Are you looking into to support Google Vision pro in MIcrosoft intune ? (Sorry, of course meant Apple vision pro)
- Joe_Lurie
AdrianMi1967 I assume you mean the Apple Vision Pro? When these were first announced they did not have an MDM stack, so we were unable to even think about managing them. Recently Apple announced that they are adding enterprise management to these devices. Since that announcement we are now investigating this platform.
Please go to https://aka.ms/IntuneFeedback if this is something you want us to prioritize.
- Thanks that is helpful to know. Will provide feedback through the channel directly
- 3 Intune iOS questions... 1) We've had several iOS devices that for whatever reason did not report in after some time. When we go back to those devices Comp Portal app is still there, we sign in and do a Check Status, but the device does not report back in on the server. It still shows "last connected (x) months ago". The device still has security policies in effect and won't allow those changes. The only fix we've found is wiping the device and re-enrolling. Thoughts on this? 2) When users setup their new iPhones and we do a restore from iCloud, the Comp Portal does not come down. We've had multiple instances where we've had to wipe again and start all over. After about 50/50 ... sometimes that app will eventually come down and sometimes it doesn't. Any help here? 3) We have some iPhones in our environment that do not have an Apple ID on those devices. After installation, the Comp Portal is there and those users are able download and install any O365 app there needed, However, recently it would not allow those users into the Comp Portal, it was forcing them to update bringing them to the App Store to update the app ... even though there was no Apple ID on those devices. The fix was to have those users wipe and re-enroll. If an Apple ID is not needed here, why was it forcing those users to install the app update? Shouldn't that have come from Intune to update? Any ideas here so this doesn't happen again?
- Any chance of enabling simple logging feature in office 365 where there is an upgrade.
- EricMoe
Check out How to enable Microsoft 365 Apps for enterprise logging - Microsoft 365 Apps | Microsoft Learn - it requires some registry keys to be added to the device to enable client-side logging. Keep in mind the logs can get really large, so you should not keep it enabled for long.
- With SCCM task sequences, I have had problems with reaching out to Windows update, instead its redirecting to WSUS even though we are trying to allow it to connect to windows update through clicking "Check online for updates from Windows update". Any advice on how to fix this? We didn't have this problem with Windows 10 but it has become an issue in the last year with Windows 11.
- Danny_GuilloryGoing to stick to my guns here as much as I can call out a ton of variables, if your systems going to WSUS, its being told to go there from some configuration. So I'm going to double down on find the setting that the device is listening to. HINT I would look at some Sysinternal tools to help you figure this out.
- Microsoft Intune question: I have a co-management scenario with computers deployed on-prem (not with Autopilot because we need hybrid AD joined devices). The orchestrator of co-management workloads is SCCM but it takes days(!!) to complete the enrollment and push all Intune policies, even enrolling the computers manually using a "Device Enrollment Manager". Is that expected? Is there any clear documentation on how to set up the environment?
- Danny_GuilloryDevice enrollment should not take days or hours, I would work with support and let them assist. There maybe something configured in your system (hint) that needs to be looked at. I do vaguely remember that there was a process in which SCCM followed for device enrollment. Again I would get with support to assist you through this.
- Does Intune Driver Update Policies have any logs for the backend processing? All our profiles stopped synchronizing 10 days ago (so not updating any drivers offered for auto-approval or approval). Manual sync also doesn't help. I have no idea for troubleshooting this.
David_GuyerHi Sigurd, This is something that you shouldn't have to worry about. Can you please DM me so we can get your tenant info since you have multiple policies. It's something we measure and track, and it's pretty rare to have sync stopping. -David- I have the same issue in our tenant. Our broad group is not syncing anymore. Stopped around 10 days (last sync was 4th or 5th of February)
- We have ongoing issue for last 3 weeks where Feature update from windows 10 21H2 to Windows 10 22H2 using Wufb does not gets upgraded. It takes almost 7 days even though we have defer feature policy set to 0 and feature policy set to immediatestart. We saw almost 10 devices where we see this pattern. Are there any way to check why this is happening? Support is not really helping us as this ticket is moving from one team to another internally. I still believe that there is some tenant issue as it is happening only to us. But getting that information is so difficult and time consuming. Any help please?
- David_Guyer
Hello Vinod,
The first thing to check is in the reports if the devices are in the OfferReady state, or later, such as downloading or installing. OfferReady indicates that the service has completed the process of making the update available to the device.
Once that state is reached, the most common problem is that devices are not successfully checking in with Windows updates. Check that they are active and can successfully check for updates.
Another issue I've seen that has caused devices to not be updated is mistakes in assigning devices to the policy, or accidentally placing a group in the excluded group.
Check the Feature update failures report as well, for reasons devices are not being updated, including Safeguard holds.
If none of these look like the problem, this web site may also help:-HTH
David
- Windows Update Question: I cannot get KB5034439 to install on Windows Server 2022 (Core) It even fails to install on a fresh installation from .ISO, with or without the recovery partition resized to 1GB. I've encountered this with both 2022 Core Standard and 2022 Core Datacenter. 2022 (Desktop Experience) encountered errors but proceeds after resizing the recovery partition. Is MS aware of and working on issues related to KB5034439 installing on Server 2022 Core?
- I am also interested to know the answer here. Can someone respond even though the live component has ended?
