Deploy custom apk (LOB) to android enterprise kiosk mode Intune
Hello all, i have a question about deploying custom build apps ( from external partners or build in house) for android. We use mainly android enterprise kiosk mode on our tablets ( about 300 of them) no issues there. they use google play…
Why our Mozilla Firefox apps deployment is being failed using Intune with Win32 app method?
Why our Mozilla Firefox apps deployment is being failed using Intune with Win32 app method? See below error
how to block specific windows updates
Hi, I need to block specific updates from the defender. Every time the system updates 3 specific updates, nvidia card is not detected on device manager. Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version…
The Microsoft 365 Apps (Windows 10 and later) app is not installing the (New) Microsoft Teams (work or school) and (New) Outlook
Hello, I've been looking into our Office 365 apps recently in Intune and while testing new provisions, the Office 365 Business app is not installing the (New) Microsoft Teams (work or school) and (New) Outlook pictured below. Will this app be updated…
How to block USB devices in Mac from Intune.
Hi tried to block USB devices from Intune was creating the policy and getting the below error. MAC Usb policy .png
your system administrator has blocked this program. for more info contact your system administrator
I am using a domain account and, as per company policy, I cannot create a local account. Additionally, I am unable to access the User Account Control (UAC) window to add or remove programs on this system. Could you please provide assistance with this…
KB5039212 update causing explorer error
after the KB5039212 a few of our windows 11 machines that we have gp on to block the users from accessing the windows store and games. the last couple of days we have had them lose the task bar / start menu / explorer.exe not working for some all i had…
Best Practices for Securing services in the Azure ecosystem : Tools for Access Logging and Monitoring?
Good morning, Our organization utilises Azure for hosting web services, SQL Server instances, and SQL Server on virtual machines to re-design our current data warehouse structure. Ensuring robust data security protection across these environments is…
CMPivot query
Hello, I have this query used by CMPIVOT: Registry('HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate') | where Property == 'WUServer' | order by Value Now I would like a query which will gives me the registry missing this WUServer…
machine inactivity timer
In Entra, I find the inactivity timer set to 3 hours. Unable to find setting in Azure or Intune. The issue we are having is that the client wants to machine inactivity set to 60 minutes. What they are experiencing is that at 15 minutes, the screen will…
Order of upgrading OS & SQL Server
Is the following order fine for us to proceed with? Back Up of both WS & SQL DBs Upgrade SQL 2014 Enterprise RTM to SQL 2014 SP3 Enterprise Upgrade WS 2012 R2 to WS 2019 DC Upgrade Roles & File server, SCCM Upgrade SQL 2014 Enterprise SP3 to…
android intune COPE enrollment
Is Android Corporate-owned devices with work profile (COPE) enrollment broken ? I have not been successful on Android 14 and Android 13 samsung devices using manually feeding the enrollment token on factory-reset devices. I am meeting all…
Get the SID of currently enrolled user from Registry
Hi, Is there a way I can get the SID of a currently enrolled user from registry. I found this Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\499B59E9-637E-493D-91D8-9A5FE2D5B450 registry key which contains the SID. But I somehow also…
the Built-in Endpoint Security Manager role is assigned to two AD groups, but this role for whatever reason cannot modify policy?
In Intune the built-in Endpoint Security Manager role, is assigned to two AD Groups SG-xxx-MDATP-Administrators and SG-xxx-MDATP-Operator, this role for whatever reason cannot modify policy?
In my organization devices are azure ad registered(intune enrolled)+ domain joined .when i enable entra hybrid join it shows dual state like entra registered(intune) and entra hybrid joined in entra id.How can i make entra hybrid joined to Intune enrolled
In my organization devices are azure ad registered(intune enrolled)+ domain joined .when i enable entra hybrid join it shows dual state like entra registered(intune) and entra hybrid joined in entra id.How can i make entra hybrid joined to Intune…
Microsoft Key Management (Handling, Storage, Encryption...etc.)
Hello everyone, as I am working on Intune in my organization I am having a hard time understanding the key management performed by Microsoft. To further clarify, we are simply trying to comprehend how keys are being stored (Bitlocker in our case), how…
Admin issue win 11 devices
Hi Team,, Currently, my credentials as an admin are not working on some machines, even though my username is set as a global admin. My username works as an admin on all machines except a few. All machines are autopilot machines. Is there any policy we…
How to set 'Account lockout duration' with an intune device policy
Good morning For the Security Recommendation "Set 'Account lockout duration' to 15 minutes or more" I want to deploy this setting with the value "15" as a device configuration policy. I know I can set the LockoutPolicy with a OMA-URI…
SUP : Release Upgrade To Windows 11
MCM v2309. We would like to start releasing what is needed to upgrade Windows 10 systems to Windows 11. Which of the following should we release? "Upgrade to Windows 11 (business editions) en-us x64". or "Windows 11, version 23H2 x64…
Verifying BitLocker recovery key of Azure endpoint device
Hi, What's the process to verify whether the BitLocker recovery key of an endpoint device on Azure is correct or not? Thanks ZB