From memory, the "business" SKU for Windows is a weird, one-off SKU that requires special handling and thus was not enabled for many/some of the CSPs behind these policies when we recently enabled them for the Pro SKU as up until earlier this year, some CSPs only worked on the Enterprise Windows SKU. Also from memory, this is set to be fixed "soonish", but I don't have or know details off-hand of when this will be.
Intune/MDM Configuration Profiles-Policy is rejected by licensing
Judging by some Google results, I'm not the only one who has experienced this error but no one seems to have had it in the same way I have.
So we have a number of Win10 Intune Configuration Profiles (we use Win10 Business 20H2), and 1 is to change desktop wallpaper and another is to start a program at user logon time. If we enroll a device (I've been doing it as an OOBE), enroll it using a standard user which results in the device being associated to them as the primary and enrolled user, all the policies get assigned to the user/device and the wallpaper is set and the program starts at logon. Perfect.
If a second user then logons on to the device those 2 polices get the event 827 "Policy is rejected by licensing" logged in the Device-Management-Enterprise-Diagnostics-Provider log even though the users have the same permissions/memberships. The issue also occurs if you change the primary user of the device to the second user ID.
If you reset the device to factory defaults and re-enroll it as the second user, the policies get assigned and work correctly.
Is this supposed to be the way it works? There doesn't seem to be any user or device reason as to why it shouldn't work for multiple users so its either a coded software restriction by MS or its a bug. I'm hoping its a bug and will be fixed at some stage.
Would like to try and get some official word or see if others experience the same issue and I'm not Robinson Crusoe
Cheers
4 answers
Sort by: Most helpful
-
Jason Sandys 31,286 Reputation points Microsoft Employee
2022-09-16T14:43:32.587+00:00 -
Jarvis Sun-MSFT 10,191 Reputation points Microsoft Vendor
2022-09-16T06:28:22.327+00:00 Hi @DevZero Thanks for posting in our Q&A.
For better troubleshooting, could you please provide more details such as configuration profile settings. We will do a similar experiment to test whether this is a common issue and give feedback here.Best Regards,
Jarvis
-
Bryan Hunt 0 Reputation points
2024-08-15T20:23:02.3433333+00:00 @Jarvis Sun-MSFT @Jason Sandys This is still a problem with several security settings:
MDM PolicyManager: Policy is rejected by licensing, Policy: (HypervisorEnforcedCodeIntegrity), Area: (VirtualizationBasedTechnology), Result:(0x82B00006) Unknown Win32 Error code: 0x82b00006.
MDM PolicyManager: Policy is rejected by licensing, Policy: (EnableVirtualizationBasedSecurity), Area: (DeviceGuard), Result:(0x82B00006) Unknown Win32 Error code: 0x82b00006.
These settings have been part of the administrative templates for a while now.
All of our devices are running Windows 11 Business version 23H2. They were all purchased with Windows 11 Pro licenses (yes, from one of the big vendors) and they were enrolled when activated by the end user with M365 Premium licenses so I suspect that @DevZero 's hypothesis is correct.
Thus every computer is shown in intune as having configuration assignment errors.
-
MichaelSilverman-1518 11 Reputation points
2024-08-20T19:41:50.23+00:00 I see the same error on my WIndows 11 23H2 Dell laptop and a test machine (Also Dell). M365 Business Premium license as well.
We have noted some issues we are currently working with Microsoft on which are:
- Intune install failure - oddly, it seems to be successful, most apps install, inventory populates however one symptom we have discovered is that not all apps deploy and there is a missing service for Intune in services (Intune Management Extensions) apprently. Possible manual install to resolve however we want to understand why it did not install in the first place.
- We have an example of an app (Dell Support Assist for Business PCs) that shows as installed however it does not appear to be installed on the local machine (no service/files/folders/control panel entry). This is more than likely a packaging issue rather than an Intune issue; working on it nonetheless.
- Diagnostic data is being reviewed now to understand what is happening with the device during enrollment as well as deployment; we have devices that work flawlessly while others not so much (two mentioned above) and others.
Mike.