Disable "Windows Hello"
I am an admin, and attempting to disable "Windows Hello for Business" also referred to as 2-step authentication. From what I gather, this option is set as "disabled" by default. I confirmed this. However Whenever I join a device to Azure AD, it is always prompted with "Windows Hello" and to create a pin. Where can I find the option that allows me to disable this?
Azure Virtual Desktop and Azure AD Join with Enroll VM in Intune - possible pitfall!
Dear Azure Virtual Desktop friends, If you want to set up Azure Virtual Desktop infrastructure in Azure and you have chosen Azure AD Join and with Enroll VM with Intune, you may get the following error message: -------------------- [{"code":"VMExtensionProvisioningError","message":"VM has reported a failure when processing extension 'AADLoginForWindows'. Error message: \"AAD Join failed with status code: -2145648509. AzureSecureVMJoinOperation: DeviceEnroller::AzureSecureVMEnroll failed 0x801c0083.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot "}]} -------------------- This could possibly be because you have reached the limit for adding devices to Intune. You can find this information in the Intune Admincenter and increase the value. Either edit the default settings or set up a new Restriction policy. I realize it's not super, great, extra news, but I ran into these limitations during a deployment and the hints weren't necessarily obvious. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
Azue AD Device Management
Good day, I am new to Azure; currently moving workstations to the Cloud (Azure). There are several Windows "devices" DT-23, LT-12, that are visible on the Azure Active Directory devices that are duplicates; with a different 'owner' for the device. How would I ascertain which device should be deleted from the Azure AD? There are more than twice as many devices in the Azure AD than the devices in the organization. What, if any steps, do I take to prevent this?
Compliant intune device don't pass conditional access policy
Hey, I'm having problems configuring conditional access for unmanaged and managed devices when accessing ressources. I'm using the prebuild sharepoint CA rules(these are showing up in the CA portal when restricted access is activated in the ahrepoint admin portal under access controll menu) and added the condition that these rules are not applied when a hybrid joined or compliant device tries to get access. Unfortuantely this doesn't work, similar if I use a hybrid joined device or an intune joined compiant device. When I check the login logs in Azure AD I can see that the rules are applied and the fields(managed, compliant, connectiontype) under "device information" are empty so it seems Azure AD can't access the device state from the device itself when ressources are accessed from it. Does anyone know this issue, can reproduce it or have any ideas what needs to be done? Thanks and regards!Adding apps to Kiosk using Intune configuration policy
Hi All Is there away we can automatically install apps into the Intune Kiosk? We have over 100 users with Kiosk mobile phones with a selection of apps. All the phones are Android. The problem is we want to add more apps to the kiosk devices without the need for users interaction. I have tested it on a few test Android phones and it looks like the new apps first need to be installed on the devise before they can be added to the Kiosk. You can only install the apps through the Google App Store which can not be done within the kiosk. Maybe I am doing this wrong. Any help will be appreciated. Many thanks Alan
