Non persistent session on not joined devices
Hi, how do I create a conditional access policy within intunes that requires a non joined device and then specifies the persistent browser session to "never persistent". As I look ath the settings I am only be able to set "Require Microsoft Entra hybrid joined device". Thanks Cheers, heinzelrumpel
Android Personal Devices enrollment in Microsoft Intune
Hi, I want to enroll Android personal devices for my employees who use their phones to access company data like teams and mails. I need that even those who are already access outlook mobile with unmanaged devices be forced to enroll them before they access my company data. I have tried the following. Created managed google play account Turned on automatic enrollment Turned on: Personal and corporate-owned devices with device administrator privileges Created a device platform restriction policy which pointed to dynamic device group Created a compliance policy blocking rooted devices and requiring a password to access company apps Created a Conditional Access policy in Entra ID which requires devices to be marked as compliant before accessing any cloud app. This policy is pointing to a dynamic device group. I had first assigned it to all users, but it didn't work out. With the above settings, devices can enroll but even those which are not enrolled still have access to the cloud apps. How can I force those unmanaged devices not to access the company mails and teams, and then prompt them to download a company portal app and enroll their BYOD/Personal devices? NB: I have achieved the above on iOS but Androids failed Please advise me.
Excluding user to MFA with conditional access
Im having some issues with excluding users from MFA with conditional access. The user what im trying to exclude is an functional account. But the thing is, this account is both in the including and excluding part of this setting, because the user is member of the Azure group where all users are in. With this configuration, the user is still getting promped for MFA registration when login into Office365. So the exclusion doesnt seem to override the inclusion option. Do i need to remove this user from the Azure group where all users are members from, or is there another solution for this?
How to foce intune client in Ubuntu to synch automatically
Hello, in my company we have enrolled Devs Ubuntu devices to control some security setting and allow or not the access to our company apps and content. We have set compliance policies and enabled conditional access to check its. i have been surprised this morning by the last checking date of my Ubuntu laptops and ask my Devs of last signin in company portal client and the date match with the last checking date. I concluded, the company portal is synching only when the user open it and signin. This is a big problem for us because we are certified ISO27001 and we must check all devices compliance. Somebody has a script to deploy on those ubuntu devices and force a synch every day waiting for a Microsoft evolution of this process. Thanks a lot and regards MajidNEW Podcast Microsoft Ignite E04: AI & Copilot – The Biggest Talk at MSIgnite!
Podcast Microsoft Ignite E04: AI & Copilot – The Biggest Talk at MSIgnite! AI is transforming the way we work, and Copilot is leading the charge! To break it all down and get expert insights, I’m joined by Jannik Reinhard and Fabio Bonolo to discuss: Key AI takeaways from Microsoft Ignite How companies & admins can benefit The future of AI-powered productivity Youtube: https://youtu.be/uD5V5a2Ldqg?si=u3R8fSndeW6wCruIMicrosoft Graph Command Line Tools Blocked by CA
Hi All I hope you are well. Anyway, I recently turned ON a Conditional Access Policy Template, "Require MDM-enrolled and compliant device to access cloud apps for all users (Preview)" this seems to work fine until our IT Admins try to use the AutoPilot script which gets blocked based on: Microsoft Graph Command Line Tools Any ideas on how to allow AutoPilot / Microsoft Graph Command Line Tools through CA? Info appreciated🎙️Podcast: Microsoft Ignite E03
🎙️#Podcast: Microsoft Ignite E03 I had an incredible time chatting with @liorbela.bsky.social in my latest #MSignite podcast episode, where we delved into key highlights from Microsoft Ignite 2024 and exciting developments in the Intune world #msintune Youtube: https://youtu.be/mnxHRLz3EMg?si=pab6wByZpQ2tnf5P
IOS Device Registration Issue - Duplicate Devices
After configuring a Conditional Access Policy to require compliant devices, I noticed that user's IOS devices were failing the compliance check. Further investigation showed the devices as listed in Intune were compliant, but when looking in Azure AD, the user would have (2) devices - one compliant and Intune managed and one not compliant. The AzureAD Device ID in Intune corresponded to the compliant Intune managed device listed in AzureAD as expected. The Sign in logs indicated the device (Device ID) failing the compliance check in the conditional access policy was the non-Intune managed device that was indicating not compliant in AzureAD. Devices are Personally Owned, BYOD. We were using an Account Driven User Enrollment policy. Device enrollment into Intune seemed to be successful without any errors indicated. Devices were receiving the required apps upon enrollment. I've successfully reproduced the issue numerous times using a test device and test account. After enrolling into Intune, there is only 1 device - non-MDM managed in the AzureAD (Device does show in Intune as compliant). Upon signing into the Company Portal app, the 2nd Intune Managed device shows up in the AzureAD list. However, the device doesn't pass the conditional access policy when utilizing apps such as Outlook, conditional access policy sign in logs indicate conditional access policy failed due to non-compliant device. The Device ID indicated corresponds with the non-MDM managed device in AzureAD. Switching to user enrollment with Company portal, and utilizing the Company portal app to enroll, everything works, and I only end up with 1 device in AzureAD. I'm going crazy trying to resolve this. The Account driven enrollment was a few clicks easier for my very non-technical user base. Any insight or thoughts would be appreciated! I've got 100 devices enrolled, and I'm really not looking forward to having to re-enroll them all.
