EPM Service Account Breaks User Context In Apps
Hi, I am working with a customer who is wanting to make use of EPM for their developer team to run some applications with elevated permissions. They have noticed that when elevating certain applications with EPM that a service account is used (see MEM\AzureAD_AdeleVance_$ below), which therefore runs the app with a new user profile, removing things like user preferences, context and also breaks some apps that rely on domain permissions/credentials. From my testing, this service account only seems to be used by EPM when elevating already installed applications, not application installers. Is this by design and is there a possible workaround that avoids EPM using this service account?Intune 403 error - When accessing InTune Portal
Hi Intune Community, I have two users who I have given them the Application Manager role with full access, under Tenant Admin --> MEM roles but they are receiving following access error when they try to reach Intune/Endpoint Manager: I read https://techcommunity.microsoft.com/t5/microsoft-intune/401-and-403-error-when-logging-into-endpoint-admin-center/m-p/1713817#M5226 link, which does not apply to our environment. As we already have the MDM set-up and running. Any thoughts/help appreciated.Universal Print Intune error - Install (User) -2147418113 & -2138701812
I'm currently doing a PoC on Universal Print using connector installed on an on-premise server 2022. I successfully installed the printers on the Connector server, registered with Azure UP (Universal Printer), shared it and began configuring Intune (MEM) to deploy on Win 10 machines. I used printer provisioning from the configuration profile catalog and put all the required values. I targeted the profile on a group of users. The results were interesting. Two users installed the UP with no errors, 3 other users failed to install with error message details below. I could not find any of these errors documented any where. I have engaged MS Support and waiting on solution. These errors are not documented anywhere for MEM. Here are the errors in anyone might be able to help Install (User) -2147418113 Install (User) -2138701812 I have also attached screenshot from MEM
How to remove MDE managed devices in MEM?
Hi, I had two windows server VMs with MDE(Microsoft Defender for Endpoint) onboarded. For test purpose, I turned on the security settings management in MDE to let MEM deploy some security policies to them. It worked fine. I got corresponding device entries in AAD and MEM and was able to manage the VMs like other Intune managed devices. After I deleted the VMs, I found the device entries are somehow lingering. For MDE, I knew there is a data retention time which is 30 days in my case. I waited for a month and the VMs do disappear from MDE. But I can still see them in AAD and MEM till now. I can't do anything to them in MEM, while I can temporarily delete them in AAD and see them respawn next day. According to the doc, there is a way to solve this problem, but I can't see how. Use Intune to manage Microsoft Defender for Endpoint Security on devices not enrolled with Microsoft Intune | Microsoft Learn Does anyone know what "be removed from the scope of Configuration Management in the Security Center" means and how to perform it? Thanks for reading this post.
Azue AD Device Management
Good day, I am new to Azure; currently moving workstations to the Cloud (Azure). There are several Windows "devices" DT-23, LT-12, that are visible on the Azure Active Directory devices that are duplicates; with a different 'owner' for the device. How would I ascertain which device should be deleted from the Azure AD? There are more than twice as many devices in the Azure AD than the devices in the organization. What, if any steps, do I take to prevent this?
iOS DEP enrolled devices missing Enrollment Profile (breaking dynamic group and filter logic)
Starting 31/05/2022 new iOS enrollments via Apple Business Manager Device Enrollment do not have an Enrollment Profile attribute assigned under Hardware, generally we use this attribute to define dynamic groups/filters. I have seen this on at least two different customer tenants so far. Example of a filter no longer matching a device enrollment. (previous enrollments still show the correct Enrollment Profile Note: Testing 3 tenants we only see two in APAC impacted so far. Asia Pacific 0101 Asia Pacific 0201
