Hi all,

I just open my pc device from OOBE, and it takes 20mins to setup then it shows me this Error "Something went wrong Confirm you are using the correct sign-in information and that your organization uses this feature. You can try to do this again or contact your administrator with this error code 80070002."

Hope anyone could help. Appreciate your kindness :(

We want to move our shared devices from SCCM controlled to Intune and part of this is activating the computers. Currently we reimage our shared labs about once or so a school year and then our cart devices a couple more times than that. Currently they are activated by our KMS. We are thinking that we will use the key that's built into the system board/motherboard. We did have one of our test devices just decide it doesn't want to activate with that key anymore. How many times can you use and re-use a windows key on a device? I would assume that you can use it as many times as you would like, as long as it's the same computer and that key hasn't been used elsewhere.

With Intune, is it possible to deploy a Wifi profile that uses an EAP-TLS device cert to access Wifi prior to the user login and then switches to using the user EAP-TLS cert once the user is logged in to the device?

I've had this issue for a long time where after clean installing Windows 10 or 11, when the user gets logged in, Company Portal/Intune apps will all fail to install until I run Windows Updates and then reboot the computer. Once I do that, all of my apps start installing successfully. The only noncompliance action I have at the moment is mark device noncompliant. I shouldn't have any Conditional Access policies blocking right now either, only auditing currently. Has anyone else noticed this behavior? Thanks.

Is there a way to block screen share (block the iOS device from showing its screen) on iOS devices? I have screenshot blocked but I want to block screenshare from apps like FaceTime, Webex, Zoom, etc.

Hello everyone!

So the title says it all - my leadership team is asking me what conferences I want to travel to this year. The obvious answer was Microsoft Ignite.

Do you guys go to any other conferences that I could attend, maybe some I don't know of?

Kindest Regards,
Zab Rivera

I’m at an org that has allowed personal Windows and Mac machines, but is now ready to block them. I am planning on enabling device enrollment restrictions for Mac / Win. After I do that, what will happen (from the end-users perspective) to the devices that have already enrolled? What else should be set up to stop personal Mac / Win devices from accessing corporate data? Thanks!

Hi guys,

Trying to find a way to configure Messages to 1) only keep messages for 30 days, and 2) prevent iCloud backup.

This seems like such a simple, baseline thing we should be able to do, I have a hard time believing we can't. But App Protection only works for some apps, App configuration requires XML data I can't find... And there's a list of built-in (as in, actually built in to devices, not "wrapped with Intune's SDK" 'built in') bundle ids for using, but I'm not even sure how I'd use these.

If I create an app entry for Messages, I can disable iCloud backup. But that's not going to go to anyone unless I assign it, and give them a second copy of messages (or whatever would happen)

These devices are on a mix of personal and managed apples ids. Don't ask why

Where is the best place to find someone? Are there Intune consultants?

Hey everyone! Has anyone seen an issue recently where if a laptop (Lenovo Thinkpad series with Windows 11), becomes very slow and unresponsive if disconnected from wifi. Scenario for more details: We have staff at assisted living facilities that travel between facilities. Let's say they are connected to network A in building A. All works great, and before they go to building B they close (sleep) their laptop. When they open laptop in Building B and log in with PIN (Windows Hello), laptop becomes very slow and no responsive. They try to click on network icon near clock to get networks to pull up, and it just lags and spins. Settings opens but is very slow, and again very no responsive on network page. We've checked for newest drivers etc through both Windows update and Lenovo System update, all updated. The fix we are doing for now is to reboot the computer and get connected to wifi on the login page (before they enter their PIN to get logged in). Once connected to wifi, and logging in, the computer becomes responsive and behaves normally. I've documented this on 5 other occasions within the past 2 weeks.

Thanks for any input and let me know any questions I can help clarify. Anyone else running into something like this recently?

I'm relatively new to Intune Management and am in the process of taking over an environment from someone that somehow knows even less than I do

We are constantly getting phones falling out of compliance due to the "require the device to be at or under the device threat level" check failing. Is there any way of finding what is exactly causing this?

The standard fix that we would do is nuke the apps and management profile and reset it up fresh but that is time/labour intensive and I'm trying to see if there is a better way

Hi quick post have security baselines in Intune been superseded or any big improvements in security baselines just looking at it from point of view of how baselines work with CIS standards etc

Greetings, we have successfully federated Entra to Google so that users can log in to their machines using their Google login. Edge has been configured through Configuration Policies to automatically sign in a user, so there is no problem accessing MS365 apps. When I go to Google apps, like mail.google.com it prompts for sign in. How can I get SSO to work in this case, given that the system already has a google sign in?

So we have to put a hold on our intune deployment for a few red tape reasons. We have quite a few orders on new pcs coming in from Dell that are already loaded in to autopilot. Anything special I'd need to do other than remove them from autopilot then load our image on manually?

I'm having the same issues as previously discussed on this post:

https://www.reddit.com/r/Intune/s/LcHiPvDVB5

Android 15, Samsung Galaxy S25U.

All was set up correctly yesterday, but after some technical and access issues with Company Portal I had to delete my work profile and start again.

However, now I get the unable to create work profile error.

I have followed the steps in the above link to delete Google accounts then add work account, but that fix hasn't worked.

I have no work profile on the device to delete, and by devices are not showing as registered in the MS online device manager my company uses.

I have access to all the relevant user groups according to company IT help desk, but no matter what happens I can't create a new work profile.

As I said though, it was all working fine yesterday prior to me deleting the work profile.

Any ideas?

Thanks

We use the InTune Company Portal in single app mode so that employees are required to log in before using the iPad. Sometimes an iPad will get "stuck" at the Company Portal with any of various issues that require either sending a wipe command from InTune or restoring the device using iTunes on a Mac. It's annoying but hasn't been a huge issue... until now.

We're phasing out our old devices and replacing them with 10th-gen iPads. I've noticed these iPads freeze with an unresponsive touch screen at the Company Portal; I think it is caused by the iPad timing out before the end user has a chance to log in but I'm not 100% sure on that. Power cycling the device works, but the touch screen is still unresponsive after the iPad powers back on.

So far the only fix has been to wipe them from InTune, but that's frustrating because- since this issue occurs when an end user HASN'T logged into the Company Portal yet, the device doesn't show as enrolled under a user in the InTune admin center and because of that our technicians can't see them there. They have to ask us to send the wipe command for them, and then walk the end user through the iPad setup process.

Has anyone else experienced this? It would occasionally happen with older iPad models too but it's happening way more often with these 10th-gen iPads.

I'm trying to setup my first device configuration profile but it isn't attaching the device to the policy. The Android device is showing in Azure AD and I've added it to an Azure group. The group is assigned to the configuration policy but the Device and user-status check-in is showing no devices Succeed, Error or conflict. The Android device has Company Portal installed and signed in under my account. Is there another step or something I'm missing? TIA

Edit: I found that I need to enroll the device before configuration policies can apply. From what I've read, I have to wipe the device first before then enroll it. That's not possible in our case because some necessary software is already preinstalled that we can't reinstall so we might not be able to do configuration profiles.

Is there a way to do this? I have UP deployed, the user has to sign in and add a printer manually by searching for it by name. Is there a way to deploy them to the user so they show up already without searching the name? OR just by having them sign into Universal Print, they install automatically?

Hey everyone,

I recently ran into an issue while trying to manage policies through Microsoft Intune, and I wanted to share my experience while also seeking advice from the community.

The Issue:

We discovered that Local Group Policy Objects (LGPO) configured during the OS image build process were overriding policies applied via Intune. Even after setting the corresponding Domain Group Policy (GPO) to "Not Configured," the LGPO still took precedence. The only way we could override it was by explicitly setting the Domain GPO to "Enabled" or "Disabled"—which isn’t always ideal.

What I Tried:

1. Domain GPO Override: Setting it to "Not Configured" didn’t help.
2. Intune Scripts: Attempted to remove LGPO using PowerShell via Intune—this didn’t work either.
3. Manual Removal: Possible on a per-device basis, but we need a bulk solution.

What I Need:

• A reliable way to remove or override LGPO in bulk via Intune or any other automated method.
• Ensuring that future policies are enforced only through Intune without conflicts from pre-applied LGPO.

Questions for the Community:

• Has anyone successfully removed or overridden pre-configured LGPO in bulk?
• Are there registry tweaks or PowerShell commands that can force LGPO removal when applied during the imaging process?
• What’s the best practice to ensure that only Intune policies take effect?

I'm trying to find out why we're having trouble registering devices in Intune, and checking the Entra admin center > Devices > Audit Logs, I can see that there's a Register Device, followed almost immediately by Unregister Device, each time we try to enroll a laptop.

Does anybody have any idea what might be happening here, or even just point me in the right direction.

is there a way to run a report/query or even graph api on all cloud pcs that might show a particular error in the Performance>Connectivity Status history blade. we want to view how many devices are experiencing a particular error

Got some 820 g10’s, out the box brand new but bit locker isnt completed and gets stuck at 80-98% therefore need to manually fix it.

Are hp devices not meant to be fully encrypted in their factory?

Yo all, as the title says I cleared my md102 last week with 840. What should be my next logical step here? I have done sc200, az104 already. I am gearing up to be a SecOps Engg. We are heavy in Azure, vmware and Windows, ms stack

Tia

Hi everyone,

I work at a school where we use Surface Laptop SE devices for our students, and I'm currently managing our environment using Microsoft Intune. I'm looking for any profiles and scripts you might be willing to share that could help streamline device management and improve our setup.

If you've had success with your configurations or have any tips for optimizing Intune for an educational setting, I'd really appreciate it if you could share your insights or resources. Whether it’s a script for policy enforcement, a profile configuration for user settings, or any other useful setup you’ve developed, please let me know.

Thank you in advance for your help!

Lars

Hi all,

After setting up and configuring intune for my company (tested, working and being used in multiple regions) they have now asked me to sit a formal qualification to prove I can do it. Would the MD-102 be best or is there another you recommend? I currently have AZ-104 but nothing else other than a few 900 certs

Hello everyone,

I have a complex situation of many devices on Intune having the Configuration Manager status in ‘’Could not connect‘’ (consider that we have Co management between SCCM and Intune).

We checked the logs and the status of the SCCM client and on some devices it was not active but it was not possible to reinstall it in any way, we performed checks on the distribution points which did not report any anomalies. if this has happened to anyone how did you solve it?

We also think that this problem is also related to the fact that we have about 500 devices (out of 5000) that have a patch status that is more than 90 days old (we carry out updates and patch distribution via SCCM) we have a Compliance that will go into production shortly and all these devices would go into a Non Compliant status that would block their use. is it possible that these aspects are related? has this happened to you? if so how did you solve it?

Thank you in advance, we have been in this situation since November and we cannot solve it.

I have created a video and blog about what is Microsoft Intune Support Assistant and how to use it

The Support Assistant leverages AI to enhance your help and support experience, ensuring more efficient issue resolution.

You can check them out here: youtu.be/XVs8KdiOK7g or read it here

Hello everyone,

I am setting up a test Tenant wit custom Domain, with one Business Premium license so far.

The goal of this tenant is: learning the enrollment/management of Android/Apple/Windows devices

budget isn't big issue (i can go up to 50eur/$ per month but the less the better)

What i would like to have is the following:

one Global admin user (me@customdomain.com) with registered Android + Macbook with office installed

- this i can license with current Businnes Premium i guess

one Dummy user (dummy@customdomain.com) with registered Android + Windows 10/11 (virtual or physical) without necessarily office installed

- for this i am having problems understanding the licensing: Business Basic? Business Premium? F3?

Thanks!

Hello,

At this moment, I am testing Intune Android Enterprise (Work Profile) and managing approved applications that are required to be installed in users' Work Profiles. This setup is working fine, and we can properly manage application control.

However, if there are situations where users need to freely install applications on their own in the Work Profile, what setting in Intune should I configure to achieve this?

Thank you so much!

A nice how to, simple and fast

https://lukasz.de/anleitungen/copilot-von-windows-10-und-windows-11-mit-intune-entfernen/