Microsoft Intune blog

Microsoft Intune is a cloud-based management tool by Microsoft designed for mobile devices. It offers unified endpoint management for both corporate and BYOD devices while safeguarding corporate data. This platform extends key features of Microsoft Configuration Manager (SCCM) from on-premises to the Microsoft Azure cloud.

Intune operates without the need for on-premises infrastructure, with management being conducted through a web-based portal available at https://intune.microsoft.com. For further insights on various Microsoft Intune topics, explore the Techuisitive Intune blog.

Recent posts:

• Set Windows 11 Time Zone with Intune Device Configuration Profile
  You can configure the time zone automatically or manually on Windows 10 and Windows 11 devices. The setting can be configured from Settings > Time & Language. When you manage the devices through Microsoft Intune, you can leverage device catalog settings to configure the time zone. However, this method may not be suitable for the… Read more: Set Windows 11 Time Zone with Intune Device Configuration Profile
• Bulk Update Autopilot Group Tag Using PowerShell
  Windows Autopilot group tags are used to categorize devices based on specific attributes. You can assign a group tag to a device during the autopilot registration or hash import. When you create rules using Autopilot device attributes, Autopilot devices that meet the criteria are automatically added to the group. This simplifies the device grouping during Autopilot… Read more: Bulk Update Autopilot Group Tag Using PowerShell
• Create an offline domain join configuration profile in Intune
  The offline Domain join feature was introduced in Windows Server 2008 R2. A command line utility named Djoin.exe allow you to join a computer to a domain without physically contacting a domain controller while completing the domain join process. The Windows Autopilot hybrid join use this feature to join the device to on-premises domain during… Read more: Create an offline domain join configuration profile in Intune
• Create Group Based on Windows Autopilot Group Tag
  Windows Autopilot group tags are used to categorize devices based on specific attributes. You can assign a group tag to a device during the autopilot registration or hash import. When you create rules using Autopilot device attributes, Autopilot devices that meet the criteria are automatically added to the group. This simplifies the device grouping during… Read more: Create Group Based on Windows Autopilot Group Tag
• How to Block Built-in Apps on iOS Using Intune
  Microsoft Intune includes some built-in settings to configure different Apple features on iOS and iPadOS devices. One of such configuration is to block built-in apps on iPhone & iPad. You can configure the policy to block built-in apps through the Microsoft Intune device restriction policy. This feature applies to iOS/iPadOS versions below. Most of these settings… Read more: How to Block Built-in Apps on iOS Using Intune
• How to Fix Autopilot error 80070002
  Issue You are trying to provision a device using Microsoft Intune Windows autopilot hybrid join setup. You enter your corporate credentials on the company branding screen after OOBE. The autopilot device provisioning gets stuck at the “please wait while we set up your device” screen for approximately 20-30 minutes and then shows the following error.… Read more: How to Fix Autopilot error 80070002
• How to Fix Intune Win32 App Error 0x87D30006
  I recently encountered this issue when deploying a GPL Ghostscript through the Microsoft Intune Win32 application. The Intune Win32 app installation failed on Windows 10 and 11 devices with the below error. Error code: 0x87D30006 Error description: Invalid detection rule or unable to parse detection rule. Cause & Solution The issue was due to Intune… Read more: How to Fix Intune Win32 App Error 0x87D30006
• Configure iOS Lock Screen Message through Intune
  Microsoft Intune includes some built-in settings to configure different Apple features on iOS/iPadOS devices. One such setting is to configure lock screen messages on iPhones & iPads. You can configure the lock screen message through Device feature profiles. This feature applies to below iOS/iPadOS versions. These settings are available for Automated Device Enrollment (Supervised) devices. Figure:… Read more: Configure iOS Lock Screen Message through Intune
• How to Fix Intune Enrollment Error 0x800705b4
  We encountered Intune enrollment error 0x800705b4 while enrolling Windows 10 / Windows 11 BYOD devices to Microsoft Intune. The device enrollment was failing at the device preparation stage. Stage: Device Preparation: Preparing your device for mobile management (0x800705b4). Error: Setup could not be completed. Please try again or contact your support person for help. Cause… Read more: How to Fix Intune Enrollment Error 0x800705b4
• Create ADE Enrollment Profile in Intune
  The corporate-owned devices purchased through Apple Business Manager or Apple School Manager can be enrolled in Microsoft Intune via Apple automated device enrollment. An ADE enrollment profile is required to enroll the device. A device enrollment profile defines the settings applied to a group of devices during enrollment. This article will demonstrate how to create… Read more: Create ADE Enrollment Profile in Intune
• Manage iOS Updates on Supervised Devices through Intune
  Microsoft Intune has built-in policies that can manage software updates on iOS/iPadOS supervised devices. It’s recommended to use these policies to manage software updates through Intune and not leave the responsibility to install software updates to the end users. Leaving iOS update responsibility to the end user may lead to different issues. Users can apply… Read more: Manage iOS Updates on Supervised Devices through Intune
• How to Show or Hide Native Apps on iOS via Intune
  Microsoft Intune includes some built-in settings to configure different Apple features on iOS/iPadOS devices. One of such setting is to show or hide built-in (native) apps. You can configure the policy for visible or hidden apps through Intune device restriction profiles. This feature applies to below iOS/iPadOS versions. These settings are available for Automated Device Enrollment… Read more: How to Show or Hide Native Apps on iOS via Intune
• Configure Home Screen Layout on iOS using Intune
  Microsoft Intune includes some built-in settings to configure different Apple features on iOS/iPadOS devices. One of such setting is to customize dock and home screen layout. The home screen layout setting applied to: When you apply a home screen layout through Intune policy, it’s overwrites any user defined layouts. Hence, it’s recommended to use this… Read more: Configure Home Screen Layout on iOS using Intune
• Fix Something went wrong – 2002 error on iOS | Intune
  When you try to sign-in to any M365 apps on Microsoft Intune managed iOS / iPadOS devices ( iPads / iPhones ), the messages something went wrong – 2002 may appear. The issue happens to all Microsoft 365 / o365 apps which includes MS Excel , Word , PowerPoint , OneDrive , Power BI etc.… Read more: Fix Something went wrong – 2002 error on iOS | Intune
• Dynamic Group Based on Enrollment Profile in Intune
  A dynamic group membership updates automatically based on defined rules. You can create attribute-based rules to update the group membership. You can create a dynamic group in Entra ID for users or devices. However, you can’t create rules that contain both the user and the device. You can add multiple membership rules in a dynamic… Read more: Dynamic Group Based on Enrollment Profile in Intune
• How to Restrict Website Access Using Web Content Filter | Intune
  The Apple Web Content Filter settings can be used to allow / restrict the website access on iOS / iPadOS ( iPhone & iPad ) devices. Microsoft Intune provide an option to configure web content filters on Intune managed iOS devices. These settings are available in device feature profile. These settings works for supervised device… Read more: How to Restrict Website Access Using Web Content Filter | Intune
• Deny M365 Apps access from Untrusted Locations | Intune
  Conditional Access is a feature of Microsoft Entra ID that helps organizations improve security and compliance. Conditional access policy includes sets of conditions which user or device must satisfy to access company resources. A conditional access policy can be used to allow or block access to company resources. In this blog post, we will demonstrate how to… Read more: Deny M365 Apps access from Untrusted Locations | Intune
• How to Export Endpoint Security Policies in Intune
  Microsoft Intune Endpoint security policies can be exported to JSON file using PowerShell Intune Samples script available on GitHub. These scripts are straightforward to use and come as a rescue when option to export the policy from Intune admin center is not available as of now. The option to Export Settings catalog policies are available in… Read more: How to Export Endpoint Security Policies in Intune
• How to Export Device Configuration Profiles in Intune
  You may have a requirement to export or import Microsoft Intune policies while working on Intune tenant to tenant migration as part of divestiture, merger or acquisition. It’s also required when you tested the policy in a test environment and later need to migrate the same to production environment. You can also have standard set… Read more: How to Export Device Configuration Profiles in Intune
• Export and Import Device Compliance Policies in Intune
  You may have a requirement to export or import Microsoft Intune policies while working on tenant migration or setting up a new environment. The export and import can save a lots of time when working on tenant migration or consolidation. You can also have standard set of policies in JSON to quickly import while working… Read more: Export and Import Device Compliance Policies in Intune
• How to Export Settings Catalog Policy in Intune
  Intune Settings catalog are new way of managing settings through Intune. Settings catalog lists all the settings you can configure, and all in one place. This feature simplifies how you create a policy, and how you see all the available settings. We can export Microsoft Intune policies using PowerShell scripts in JSON file. The exported… Read more: How to Export Settings Catalog Policy in Intune
• Export Device Configuration Profiles List in Intune
  While managing an Intune environment, the number of policies grow over the time. At some point of time you may need to review all existing policies to understand if they are still required, need to consolidated or retired. A review may also required if multiple tenants to be consolidated or policies to be migrated to… Read more: Export Device Configuration Profiles List in Intune
• How to Create and Manage Microsoft Intune Device Categories
  Microsoft Intune device categories allow you to manage easily and group devices. Intune device category can be used to create Azure AD group and Assignment Filters to manage policy deployments. The devices can be automatically added into Azure AD (Entra ID) groups or Assignment Filters based on the device category assigned to a device. Device… Read more: How to Create and Manage Microsoft Intune Device Categories
• Microsoft Intune – Step by Step Guides / Trainings
  Learn Microsoft Intune by following our step by step guides / training guides.
• Deploy Win32 App using Microsoft Store app (new) | Intune
  Win32 apps can be now deployed through Microsoft store app (new). Win32 apps that are in the Microsoft Store are in preview at the time of publishing this article. The new Microsoft Store app is tightly integrated with Windows Package Manager (Winget.exe). This has expanded the catalog of applications which includes both UWP apps and Win32 apps. Third party vendors or publishers add Win32 / Universal Windows Platform (UWP) apps to the Microsoft Store and host the content in their respective infrastructure. You need to reach out to vendor or application owner to understand network firewall requirements if your devices are behind a firewall.
• How to manage local administrators group membership on Azure AD joined devices | Intune
  Starting with Windows 10 version 20H2, you can use Azure AD groups to manage local administrators group privileges on Azure AD joined devices with the Local Users and Group MDM policy. Organizations can use Microsoft Intune to manage these policies using Custom OMA-URI Settings or Account protection policy.
• How to Create Custom RBAC Role in Intune for LAPS Password Administrator
  Windows Local Administrator Password Solution (LAPS) from Microsoft allows you to manage and rotate local administrator passwords on Windows devices. A custom RBAC role in Intune is required if you want to delegate password administration to help desk members. The password administration for Windows LAPS includes retrieving the password for a Windows device from the… Read more: How to Create Custom RBAC Role in Intune for LAPS Password Administrator
• How to deploy Android .APK Apps in Microsoft Intune
  Use Manage Google Play App option in Intune to deploy custom Android apk files. This allows you to add LOB apps by submitting just the app APK and a title, directly within Intune. This method does not require you to have a Google developer account and does not require you to pay the fee to… Read more: How to deploy Android .APK Apps in Microsoft Intune
• Intune Bulk Enrollment with Provisional Package failed with Error 0xCAA2000C
  Using provisioning package device failed to complete AAD Join with error 0xCAA2000C. The issue can also be tracked under Audit Logs in Azure. You will get entry of the device that you are trying to onboard , looking at the Azure audit logs it shows that the device gets added and then gets removed immediately.
• How to Manage Windows LAPS with Intune
  Windows Local Administrator Password Solution – Windows LAPS is a free tool from Microsoft that allows you to manage and rotate local admin passwords on Windows devices. Microsoft Intune can be used to manage and rotate local admin password using Windows LAPS. By default, local administrator passwords on Windows devices are the same across all… Read more: How to Manage Windows LAPS with Intune
• Deploying Microsoft 365 Apps Stuck in Downloading in Company Portal
  Microsoft 365 Apps can be deployed using Intune and deploying the app as Microsoft 365 Apps Type. Making it available for self-service install in Intune company portal, you may experience that Microsoft 365 Apps stuck in downloading status. We recommend you to use Microsoft Documentation on troubleshooting install or download failure however if it gets… Read more: Deploying Microsoft 365 Apps Stuck in Downloading in Company Portal
• Deploy Microsoft SQL Server Management Studio 19.02 through Intune
  Microsoft SQL Management Studio (SSMS) 19.0.2 is the latest general availability (GA) version. If you have a preview version of SSMS 19 installed, you should uninstall it before installing SSMS 19.0.2. If you have SSMS 19.x installed, installing SSMS 19.0.2 upgrades it to 19.0.2. You can download Microsoft SQL Server Management Studio from https://aka.ms/ssmsfullsetup. In this blog… Read more: Deploy Microsoft SQL Server Management Studio 19.02 through Intune
• Organizing Laptop and Desktop in Intune Using Filters
  Organizing laptops and desktops in device management has always been a challenge. In SCCM we had to use Chassis type and in Intune, we can’t use that anymore. Problem Organizations may require deploying apps or policies only to desktops or laptops. We have often found in various forum Dynamic Group should be used to create… Read more: Organizing Laptop and Desktop in Intune Using Filters
• Get Hardware Hash for Windows Autopilot
  To identify a device with Windows Autopilot, the device’s unique hardware identify (hardware hash) must be captured and uploaded to the service. This is usually first step when you want to provision a machine using Windows Autopilot. The hardware hash can be uploaded by manufacturer / raeseller for new devices. However, hardware hash need to be collected manually for the devices which are already in corporate environment and not already enrolled into Microsoft Intune.
• How to Configure Windows Kiosk Using Microsoft Intune | Windows 10 / 11
  Windows kiosk is a lockdown mechanism to restrict device access to pre-defined applications. The applications appears on the desktop and user can only use those applications. Kiosk are mostly placed in public area to allow access to specific applications to authorized users or guests. For example, a self check-in kiosk at airport. We can use Microsoft Intune to deploy a Device configuration profile to configure Windows Kiosk on Windows 10 / 11 device as single app or multi-app kiosk.
• SCCM Dynamic Collection for Windows 10 / 11 Devices | ConfigMgr
  In ConfigMgr , a dynamic collection membership is based on query rules. A dynamic or query based collection can have multiple query rules and collection membership updates at each collection evaluation cycle. In this blog post, we will discuss about collection queries for Windows 10 and later devices. What are Collection Queries The collection queries… Read more: SCCM Dynamic Collection for Windows 10 / 11 Devices | ConfigMgr
• Windows 11 enrollment failed with error 0x800700b7
  You may encounter below error when trying to enroll Windows 11 device to Intune with provisioning package. Provisioning failure , Installation of a provisioning package failed. Please work with the package author to diagnose the problem. Reported error code: 0x800700b7
• Bulk enrollment of Windows 10 / 11 Devices to Intune Using Provisioning Package
  Provisioning package method can be used for bulk enrollment of Windows devices to Microsoft Intune. A provisioning package add devices in bulk to Azure Active Directory (AAD) and automatically enroll those devices into Microsoft Intune. This method can be used for corporate owned devices. This enrollment method requires a provisioning package which can be created using Windows Configuration Designer.
• That account info didn’t work – error when disconnecting Windows 10 / 11 Work or School account
  Issue: You may encounter the below error when try to disconnect Work or School account on Windows 10 / 11. The issue keeps happening with different local administrator accounts as well. Error: That account info didn’t work. Ensure you’re entering information for a local administrator account and try again. Cause: This issue may happen if… Read more: That account info didn’t work – error when disconnecting Windows 10 / 11 Work or School account
• How to Enroll Windows 11 Device to Intune through Azure AD Join method
  There are different methods available to enroll Windows 11 device to Intune. One of such method is Azure AD join method which enables the user to enroll a corporate-owned device into Microsoft Intune by using settings panel and adding a Work or School account. Once device joined to Azure AD, you need to login to the device using your corporate Azure Active Directory account.
• How to Deploy Google Chrome for Enterprise with Intune Win32 App
  Google Chrome is the most popular and widely-used desktop web browser. As of May 2022, Google’s Chrome is the leading internet browser in the world with a global market share of 64.91%. Hence Google Chrome deployment and management is a must for almost all organizations. The Chrome browser for the enterprise, sometimes referred to as Chrome Enterprise, is the same Chrome browser used by consumers. The difference is in how the browser is deployed and managed. Chrome Enterprise offers extra deployment and management features that cater to the sector’s increased needs for control and security.
• How to Prepare Win32 App Installation source for Intune Using Intune WinAppUtil
  Win32 apps provide us greater control over the deployment of application. We can deploy 32 bit and 64 bit application through Microsoft Intune Win32 apps. The Win32 apps support deployment of multiple files via IntuneWin wrapper / Intune WinAppUtil (intuneWinAppUtil.exe). The IntuneWin Wrapper can be used to deploy multiple files such as MSI with transform (MST). The Win32 app also support the deployment of .EXE file by converting them to .intunewin format. IntuneWinAppUtil help you to prepare win32 app installation source for Microsoft Intune deployment.
• How to Configure Google Chrome settings using Administrative templates | Intune
  Microsoft introduced Intune administrative templates for Google chrome settings with Microsoft Intune Service release 2203. We can now avoid complicated process of using custom OMA-URI settings and use Intune administrative templates for quick configuration. In this blog post, we will configure the following settings for Google chrome using using Administrative templates. Create Google Chrome Device… Read more: How to Configure Google Chrome settings using Administrative templates | Intune
• How To Export Serial number of Multiple Devices using PowerShell SDK for Intune Graph API
  The PowerShell SDK for Intune Graph API helps IT professionals automate and manage their Microsoft Intune environment through PowerShell without going to the Endpoint Manager Admin Center. In this article, we will see how to export the serial number for multiple devices using the PowerShell module for Intune Graph API. If you don’t have PowerShell… Read more: How To Export Serial number of Multiple Devices using PowerShell SDK for Intune Graph API
• Configure Microsoft Edge Sleeping Tabs using Microsoft Intune
  Microsoft introduced sleeping tabs in Microsoft Edge Chromium. Sleeping tabs in Microsoft Edge are designed to improve the memory and CPU usage of the browser. To save system resources for better speed and responsiveness, Microsoft Edge will put tabs to sleep when you haven’t used them for a while, and then wake them as soon… Read more: Configure Microsoft Edge Sleeping Tabs using Microsoft Intune
• How to Export Managed Device Details from Intune
  Managed devices are devices that are under some sort of organization control. You administrator can setup or restrict some feature or control how device can be used. The devices managed by Microsoft Intune are called Intune Managed Devices. We can export managed device details from Microsoft Intune Admin Center. We can also use PowerShell SDK for Microsoft Intune Graph API to export the device details in CSV file.
• How to Get AAD Group Members Details Using PowerShell SDK for Microsoft Intune Graph API
  We will use PowerShell module for Microsoft Intune Graph API to get Azure AD group members details. If you have not already installed PowerShell SDK for Microsoft Intune Graph API then follow the steps provided in this article to install the PowerShell module and connect with MSGraph API with admin consent for the first time.… Read more: How to Get AAD Group Members Details Using PowerShell SDK for Microsoft Intune Graph API
• SCCM Device Collection Equivalents in Microsoft Intune for App Deployment
  We use collection in SCCM to target a deployment. let’s assume we have to apply a patch on all Dell computers to address an issue. The quick way to deploy a fix through SCCM was to create a collection with all Dell computers and target the deployment on that collection. Same concept was being used… Read more: SCCM Device Collection Equivalents in Microsoft Intune for App Deployment
• How to Install PowerShell SDK for Microsoft Intune Graph API
  Microsoft is deprecating the Azure AD PowerShell Module and MS Online module in 2022. So, admin need to migrate to either PowerShell SDK for Microsoft Intune Graph API or Microsoft Graph API. Let’s see how we can install PowerShell SDK for Microsoft Intune Graph API from PowerShell Gallery.
• Deny Write Access to USB Devices Using Intune Catalog Settings
  The USB devices are a quick way to move the data across different devices. However it’s also pose a huge risk to corporate data security. Hence organization either block the usage of USB devices or deny write access. In this blog post, we will discuss how to deny write access to USB devices using Microsoft… Read more: Deny Write Access to USB Devices Using Intune Catalog Settings
• Understanding Win32 App Requirements Rule in Microsoft Intune
  In Microsoft Intune , Win32 Apps Requirements are rules that must met for the application to get installed. You can specify the requirements when creating the Win32 app. The application will install only if requirements are met. For example, you want to install an application only if the hard disk has at least 5 GB… Read more: Understanding Win32 App Requirements Rule in Microsoft Intune
• How to Provision Windows 10 / 11 Device using Intune and Windows Autopilot
  As per Microsoft, Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose, and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that’s easy and simple. In this post, we will discuss about device provision using Windows 10 Autopilot for Azure Active Directory (AAD) joined devices.
• How to Configure Enrollment Status Page (ESP) in Microsoft Intune
  The Enrollment Status Page (ESP) shows the progress of device provisioning when a new device enrolled to Intune or a new user sign in to the device. You can show ESP during the default out-of-box experience (OOBE) for Azure AD join, Windows Autopilot scenarios or when new user sign into the device for the first time. In this article, we will create a new Enrollment Status Page profile for Windows Autopilot devices.
• SCCM Client Installation Failed with error 0x87d0027e
  ConfigMgtr | SCCM client installation may fail with below error when management point is configured for HTTPS. [CCMHTTP] ERROR: URL=http://CMSRV01.techuisitive.local/ccm_system/request, Port=80, Options=1248, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE Failed (0x87d0027e) to send location request to ‘CMSRV01.techuisitive.local’. StatusCode 403, StatusText ‘Forbidden’ GetDPLocations failed with error 0x87d0027e Failed to get DP locations as the expected version from MP ‘CMSRV01.techuisitive.local’. Error 0x87d0027e
• Microsoft Endpoint Manager: Error Code Reference
  This post is a collection of Microsoft Endpoint Manager / Intune error codes and reference articles. Intune : Win32 App Deployment Intune : Win32 app deployment failed with error code 0x87D300C9 Error code : 0x87D300C9 Error Description: The unmonitored process is in progress, however it may timeout. Intune : Win32 app deployment failed with error… Read more: Microsoft Endpoint Manager: Error Code Reference
• MDM Enroll: Device Credential, Failed (Unknown Win32 Error code : 0xcaa9001f
  On a hybrid setup, you may experience a workstation failing to Enroll after being Hybrid Join. Navigating to Event Viewer-Applications and Services-Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational, you will get Unknown Win32 Error code : 0xcaa9001f. Microsoft Docs has a solution that might work if the setup and the problem are identical to what Microsoft explains in the docs or… Read more: MDM Enroll: Device Credential, Failed (Unknown Win32 Error code : 0xcaa9001f
• Understanding Win32 App Detection Rules in Microsoft Intune
  In Microsoft Intune Win32 App Detection Rules are used to determine the presence of a Win32 App. The detection rules ensure that app installation only start if it’s not installed yet. A Win32 App can have multiple detection rules and all detection rule must be met to detect the application. However in the case of an Uninstall, only one detection rule should match in order to trigger uninstall.
• Intune – Win32 App Deployment failed with error code 0x80070643
  The Win32 app deployment may fail with error code 0x80070643 in Microsoft Intune. The Fatal error during installation (0x80070643) can caused by many reasons. Sometimes issues can be quickly identified. However, many times you need to generate a verbose log to determine the root cause of the issue. Let’s deep dive to understand why this… Read more: Intune – Win32 App Deployment failed with error code 0x80070643
• Win32 App Deployment Failed with Error 0x87D1041C
  The Win32 application deployment in Microsoft Intune may fail with error 0x87D1041C – The application was not detected after installation completed successfully.- The issue may happen due to incorrect detection rule.
• Win32 App Deployment with Dependencies | Microsoft Intune
  Windows Apps (Win32) in Microsoft Intune / Endpoint Manager provide us greater control over the deployment of applications. The Win32 apps allow us to configure additional parameters similar to Configuration Manager application model features such as Detection methods, Dependencies & Supersedence. In this blog post, we will undersatnd what are application dependencies and how we… Read more: Win32 App Deployment with Dependencies | Microsoft Intune
• Intune – Win32 App Deployment failed with error 0x87D300C9
  Microsoft Intune Win32 App deployment may fail with error 0x87D300C9. The error code translates to The unmonitored process is in progress, however it may timeout. This error usually occur when process get stuck during execution. See the full article for more details.
• Intune Win32 App Deployment failed with error code 0x80070653
  Microsoft Intune Win32 application deployment failed with error code 0x80070653 Error Code : 0x80070653 Error Description: This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.
• Intune Application Deployment – Line of Business – LOB vs Win32 Apps
  Line of Business Application (LOB) is legacy application deployment method in Microsoft Intune. The LOB applications support single file format such as .msi, .msix, .appx etc. They only support simple installation. An MSI with a transform file (MST) cannot be deployed using this method. The LOB objects have limited capabilities and they don’t support few rich capabilities of Configuration Manager Application Model such as Detection methods & Dependencies.
• How to Join Windows 10 Device to Azure Active Directory
  Microsoft Entra ID (Formerly Azure Active Directory) is a cloud version of on premises Active Directory. You have to join the machine to Azure Active Directory to manage them through Microsoft Intune. Here are the steps to join Windows 10 devices to Microsoft Entra ID. Go to Windows 10 Settings | Accounts | Access Work… Read more: How to Join Windows 10 Device to Azure Active Directory
• Manage Desktop Wallpaper with Microsoft Intune
  On your Windows OS Desktop, a wallpaper is an image displayed behind the graphical user interface when the user’s desktop is visible. We can use Microsoft Intune to manage desktop wallpaper on Windows 10 and later devices. Microsoft Intune device restriction policies help administrator control Windows, Android, Mac and iOS devices. These restrictions let you control a wide range of settings and features to protect your organization resource.
• How to Block USB Device Access with Exceptions using Microsoft Intune
  Microsoft Intune includes Endpoint security policies which you can use to secure your device and mitigate the risks. The Endpoint security blade list all the tools available through Endpoint Manager that you will use to keep devices secure. In this blog post, we will discuss how to block USB device access using Microsoft Intune Device Control settings. We will also discuss how to manage exceptions so user’s with genuine business need can still access USB media’s.
• Manage Edge Chromium Favorites with Intune
  Favorites are a great way to save and organize websites so you can revisit them quickly. In this blog post, we will discuss how to manage Microsoft Edge Chromium favorites with Microsoft Endpoint Manager | Intune. From Microsoft Endpoint Manager admin center, select Devices / Configuration Profiles and click on Create Profile Select the following… Read more: Manage Edge Chromium Favorites with Intune
• Check OS Version Compliance with Device Compliance Policy & Notify User | Microsoft Intune
  Microsoft Intune Device compliance policies define the rules and settings that users and managed devices must meet to comply. The following platforms are supported for device compliance policy. In this blog post, we will discuss how we can set up a device compliance policy to check the minimum required OS version. We will also understand… Read more: Check OS Version Compliance with Device Compliance Policy & Notify User | Microsoft Intune
• How to Configure Edge Chromium Homepage & Startup Page Using Intune
  Microsoft Endpoint Manager (Intune) Device Configuration profiles allow you to add and configure settings, and then push these settings to devices in your organization. In this post, we will create a Device configuration profile in Microsoft Intune to set Home page and Startup page in Microsoft Edge. Before we go ahead, let’s understand the difference between Home page and Startup page.
• Invalid_Client error when joining Windows 10 device to Azure AD tenant
  When trying to join a Windows 10 or Windows 11 device to the Azure AD tenant using Settings > Access Work or School > Connect > Join this Device to Azure AD , you may get invalid_client error. Looks like we can’t connect to the URL for your organization’s MDM terms of use. Try again, or contact your system administrator with the problem information from this page.
• How to Upgrade / Replace App with Win32 App Supersedence relationship | Intune
  In Microsoft Intune, Supersedence enables you to update and replace existing Win32 apps with newer versions of the same app or an entirely different Win32app. Supersedence relationships can be created when adding or modifying a Win32app within Endpoint Manager. The Supersedence steps allow you to specify any supersedence relationships related to the Win32 app. The supersedence relationship can help you in managing the lifecycle of an application. The older applications can be automatically uninstalled from environment by creating Supersedence relation when deploying a newer version.
• Unpacking endpoint management: the series
  If you’re looking for tips and tricks to help you optimize and simplify the way you manage your endpoints, Microsoft got a great new series for you. Available Episodes: Future Episodes: You can find the updated details on Microsoft Endpoint Manager blog. Related Posts
• Troubleshooting Intune Issues on Windows 10 / Windows 11
  This post will brief you about the options available to validate policy deployment from Intune and collect the logs for diagnostics. How to Validate Intune Policies Status The “Access to work or school” page in Windows 10 settings contains useful information about Intune policies. This can be the first place to quickly check if required… Read more: Troubleshooting Intune Issues on Windows 10 / Windows 11
• Intune Filters – Assign Microsoft Store App policy using Filters
  Microsoft recently introduced Filters in Microsoft Endpoint Manager / Intune which allow more granular targeting of applications and policies to specific devices. In this blog post, we will see how we can deploy a Microsoft Store app to a group of devices using Azure AD group and MEM Filters. We will deploy Microsoft Whiteboard to… Read more: Intune Filters – Assign Microsoft Store App policy using Filters
• How to Enroll Android Mobile Device to Microsoft Intune
  This blog post provide step by step guides to enroll an Android mobile device to Microsoft Intune. 3. Type your company Azure Active Directory email ID and click on Next. 4. Your company identity will be validated and you will be presented with your organization logo in next page. Enter your Azure AD password and… Read more: How to Enroll Android Mobile Device to Microsoft Intune
• Managing Android devices with Microsoft Endpoint Manager
  Many of your end-users are accessing their email and other confidential data using the personal or BYOD devices. Learn how to use Microsoft Endpoint Manager to deploy, secure, and manage the devices running Android–and explore the latest features and functionality.
• Managing Windows devices with Microsoft Endpoint Manager
  Microsoft Endpoint Manager allows a cloud-based, on-premises, or hybrid approach to managing all of your devices. In this session learn how to use the power of Microsoft Endpoint Manager on your Windows devices. Check complete video here.
• Windows Autopilot for pre-provisioned deployment
  Notes: The Windows Autopilot white glove feature has been renamed to Windows Autopilot for pre-provisioned deployment Windows Autopilot helps organizations easily provision new devices by using the preinstalled OEM image and drivers. This lets end users get their devices business-ready by using a simple process. Please read the complete article here on Microsoft documentation portal.