No PIN / No Access
Hi All I hope you are well. Anyway, on Android Enterprise Fully Managed devices, I have an ask to to enforce a No PIN No Device Access policy. These devices have the usual, where the PIN requirements are set with a device config policy and then checked with a corresponding compliance policy. But no where can I see "restrict use of the device til a PIN is set" setting. Perhaps it's really obvious but is this possible? Only obvious option I can is in the compliance policy settings on Actions for noncompliance as below: Would this be the appropriate setting or are there others? And if the device is locked, is the user able to set a PIN? Info appreciated. SK
Problem running the Windows Feature Update Device Readiness Intune Report
I have a custom Intune role for our support staff. I want them to be able to run the Feature Update Device Readiness report. When they click on the Select target OS link, it shows "No data to display", instead of the OS list. They are able to click on Select scope tag and see a list of scope tags. Is there a permission they need that I'm missing? Here is what I have assigned for the custom role. Audit data Read Corporate device identifiers Create Delete Read Update Device compliance policies Read View Reports Device Configurations Read View Reports Endpoint Analytics Read Endpoint protection reports Read Enrollment programs Create device Delete device Read device Sync device Assign Profile Read Profile Managed apps Read Managed devices Delete Read Set Primary user Update View reports Organizations Read Remote tasks Clean PC Collect diagnostics Enable Windows IntuneAgent Get Filevault key Manage shared device users Reboot now Reset passcode Retire Set device name Sync devices Wipe Roles Read
"Change Primary User" On Device in Intune is Greyed Out
I am an IT Administrator and have all the permissions to manage my businesses Microsoft 365 accounts including Intune. When trying to update and change to primary users for devices in Intune, it is greyed out and doesn't allow me to change it. I need to get this resolved so we can properly have all devices showing the correct users. How can I get this resolved? I've uploaded a screenshot to this message.
Almost all devices show as Not Applicable in update rings
Currently almost all devices in our environment show not applicable in the standard windows update ring. Newly added devices seem OK. We previously used GPOs to push update settings. As this was conflicting with the Intune settings, we disabled the GPOs. Around that time (not sure exactly) our devices began showing not applicable for an update ring they were good with previously. Anyone seen this/have any ideas?Intune Shared-Device Configuration - Disallow Entra Login
Hello everyone, I am encountering an issue with our shared device setup in Intune. Our organization manages devices through Intune, and we have configured shared devices specifically for external guests who only need access to a laptop and Microsoft Office products. While the setup generally works as expected, we’ve noticed an issue where users are still able to log in using Entra (Azure AD) accounts from our tenant, despite setting the Guest account configuration to "Guest" in Intune. We would like to restrict access solely to the local guest account and prevent users from logging in with Entra accounts. Our current configuration for the shared device profile is as follows: Shared multi-user device settings: Shared PC mode: Enabled Guest account: Guest Account management: Enabled Account Deletion: At storage space threshold and inactive threshold Start delete threshold (%): 20 Stop delete threshold (%): 50 Inactive account threshold: 30 Local Storage: Enabled Power Policies: Enabled Sleep timeout (in seconds): 600 Sign-in when PC wakes: Enabled Maintenance start time (minutes from midnight): 60 Education policies: Disabled Is there a way to enforce this restriction, allowing only the local guest account and blocking Entra user access? Any guidance on this matter would be greatly appreciated. Thank you for your assistance.
Does the Intune Management Extension enroll the Windows PC in InTune?
Intune Management Extension fails to install. The device is not visible in InTune. It IS visible in EntraID and Defender. Is the install failing because it's not enrolled in InTune or is it the opposite? This is a remote device, so I don't have direct access.Disable automatic app updates for specific apps in Intune
Hi, In our organization, I have enabled all three options below to install and manage traditional Android applications through Intune, However, we have encountered a situation where certain specific Android applications, such as the Google Play Private App, only work with lower versions of the OS. The higher version is not compatible, and Google Play Store is reporting it as an unsafe app and blocking it. Is there any option available in Intune that allows us to block automatic app updates for specific applications?Microsoft Intune App Deployment
I have this autoinstall script for MATLAB 2024, the installer_input.text is configured with the right information inside it and every test I've done on my machine (locally) succeeded, however when I'm trying to deploy the software to a device and it creates a path in C:\Program Files\MATLAB however even though its creating this path at the installing stage it still not fully deploy the software like it should.. "%~dp0setup.exe" -inputFile "%~dp0installer_input.txt" TIMEOUT /T 120 /NOBREAK Exit 0 The install command in intune I set to cmd.exe /c autoinstall.bat what can i do to fix it? maybe the intune install command isn't good? or its within my autoinstall script
Disable sign in to Windows device (fast)
Hi, When using Intune along with WHfB PIN, what is the best approach to disable sign-in to Windows PC (using WHfB PIN)? Wipe command is not an option in this case, we just need to block access to the PC and do it fast as possible. In my testing blocking user, revoke session, disabling device is not preventing user from using cached PIN to enter and use computer. Yes, it's signed out from Office apps etc, but still has access to local files. I think there should be command in Intune that will efficiently do this. Thanks!
