Microsoft Intune blog

Microsoft Intune is a Microsoft cloud-based management tool for mobile devices that aims to provide unified endpoint management of both corporate and BYOD equipment in a way that protects corporate data. It extends some of the “on-premises” functionality of Microsoft Configuration Manager (SCCM) to the Microsoft Azure cloud.

​No on-premises infrastructure is required for clients to use Intune, and management is accomplished using a web-based portal accessible through https://intune.microsoft.com . You can find best post about different Microsoft Intune topics here on Techuisitive Intune blog.

Recent posts:

  • Fix Something went wrong – 2002 error on iOS | Intune
    When you try to sign-in to any M365 apps on Microsoft Intune managed iOS / iPadOS devices ( iPads / iPhones ), the messages something went wrong – 2002 may appear. The issue happens to all Microsoft 365 / o365 apps which includes MS Excel , Word , PowerPoint , OneDrive , Power BI etc. … Read more
  • Dynamic Group Based on Enrollment Profile in Intune
    A dynamic group membership updates automatically based on defined rules. You can create attribute-based rules to update the group membership. You can create a dynamic group in Entra ID for users or devices. However, you can’t create a rule that contains both the user and the device. You an add multiple membership rules in a … Read more
  • How to Restrict Website Access Using Web Content Filter | Intune
    Apple Web Content Filter settings can be used to allow / restrict the website access on iOS / iPadOS ( iPhone & iPad ) devices. Microsoft Intune provide an option to configure web content filters on Intune managed iOS devices. These settings are available in device feature profile. These settings works for supervised device enrolled … Read more
  • Deny M365 Apps access from Untrusted Locations | Intune
    Conditional Access is a feature of Microsoft Entra ID that helps organizations improve security and compliance. Conditional access policy includes sets of conditions which user or device must satisfy to access company resources. A conditional access policy can be used to allow or block access to company resources. In this blog post, we will demonstrate how to … Read more
  • How to Export Endpoint Security Policies in Intune
    Microsoft Intune Endpoint security policies can be exported to JSON file using PowerShell Intune Samples script available on GitHub. These scripts are straightforward to use and come as a rescue when option to export the policy from Intune admin center is not available as of now. The option to Export Settings catalog policies are available in … Read more
  • How to Export Device Configuration Profiles in Intune
    You may have a requirement to export or import Microsoft Intune policies while working on Intune tenant to tenant migration as part of divestiture, merger or acquisition. It’s also required when you tested the policy in a test environment and later need to migrate the same to production environment. You can also have standard set … Read more
  • Export and Import Device Compliance Policies in Intune
    You may have a requirement to export or import Microsoft Intune policies while working on tenant migration or setting up a new environment. The export and import can save a lots of time when working on tenant migration or consolidation. You can also have standard set of policies in JSON to quickly import while working … Read more
  • How to Export Settings Catalog Policy in Intune
    Intune Settings catalog are new way of managing settings through Intune. Settings catalog lists all the settings you can configure, and all in one place. This feature simplifies how you create a policy, and how you see all the available settings. We can export Microsoft Intune policies using PowerShell scripts in JSON file. The exported … Read more
  • Export Device Configuration Profiles List in Intune
    While managing an Intune environment, the number of policies grow over the time. At some point of time you may need to review all existing policies to understand if they are still required, need to consolidated or retired. A review may also required if multiple tenants to be consolidated or policies to be migrated to … Read more
  • How to Create and Manage Microsoft Intune Device Categories
    Microsoft Intune device categories allow you to manage easily and group devices. Intune device category can be used to create Azure AD group and Assignment Filters to manage policy deployments. The devices can be automatically added into Azure AD (Entra ID) groups or Assignment Filters based on the device category assigned to a device. Device … Read more
  • Microsoft Intune – Step by Step Guides / Trainings
    Learn Microsoft Intune by following our step by step guides / training guides.
  • Deploy Win32 App using Microsoft Store app (new) | Intune
    Win32 apps can be now deployed through Microsoft store app (new). Win32 apps that are in the Microsoft Store are in preview at the time of publishing this article. The new Microsoft Store app is tightly integrated with Windows Package Manager (Winget.exe). This has expanded the catalog of applications which includes both UWP apps and Win32 apps. Third party vendors or publishers add Win32 / Universal Windows Platform (UWP) apps to the Microsoft Store and host the content in their respective infrastructure. You need to reach out to vendor or application owner to understand network firewall requirements if your devices are behind a firewall.
  • How to manage local administrators group membership on Azure AD joined devices | Intune
    Starting with Windows 10 version 20H2, you can use Azure AD groups to manage local administrators group privileges on Azure AD joined devices with the Local Users and Group MDM policy. Organizations can use Microsoft Intune to manage these policies using Custom OMA-URI Settings or Account protection policy.
  • How to Create Custom RBAC Role in Intune for LAPS Password Administrator
    Windows Local Administrator Password Solution (LAPS) from Microsoft allows you to manage and rotate local administrator passwords on Windows devices. A custom RBAC role in Intune is required if you want to delegate password administration to help desk members. The password administration for Windows LAPS includes retrieving the password for a Windows device from the … Read more
  • How to deploy Android .APK Apps in Microsoft Intune
    Use Manage Google Play App option in Intune to deploy custom Android apk files. This allows you to add LOB apps by submitting just the app APK and a title, directly within Intune. This method does not require you to have a Google developer account and does not require you to pay the fee to … Read more
  • Intune Bulk Enrollment with Provisional Package failed with Error 0xCAA2000C
    Using provisioning package device failed to complete AAD Join with error 0xCAA2000C. The issue can also be tracked under Audit Logs in Azure. You will get entry of the device that you are trying to onboard , looking at the Azure audit logs it shows that the device gets added and then gets removed immediately.
  • How to Manage Windows LAPS with Intune
    Windows Local Administrator Password Solution – Windows LAPS is a free tool from Microsoft that allows you to manage and rotate local admin passwords on Windows devices. Microsoft Intune can be used to manage and rotate local admin password using Windows LAPS. By default, local administrator passwords on Windows devices are the same across all … Read more
  • Deploying Microsoft 365 Apps Stuck in Downloading in Company Portal
    Microsoft 365 Apps can be deployed using Intune and deploying the app as Microsoft 365 Apps Type. Making it available for self-service install in Intune company portal, you may experience that Microsoft 365 Apps stuck in downloading status. We recommend you to use Microsoft Documentation on troubleshooting install or download failure however if it gets … Read more
  • Deploy Microsoft SQL Server Management Studio 19.02 through Intune
    Microsoft SQL Management Studio (SSMS) 19.0.2 is the latest general availability (GA) version. If you have a preview version of SSMS 19 installed, you should uninstall it before installing SSMS 19.0.2. If you have SSMS 19.x installed, installing SSMS 19.0.2 upgrades it to 19.0.2. You can download Microsoft SQL Server Management Studio from https://aka.ms/ssmsfullsetup. In this blog … Read more
  • Organizing Laptop and Desktop in Intune Using Filters
    Organizing laptop and desktop in device management has always been a challenge. In SCCM we had to use Chassis type and in Intune we can’t use that anymore. Problem Organization may require deploying apps or policies only to desktop or laptop. We have often found in various forum Dynamic Group should be used to create … Read more
  • Get Hardware Hash for Windows Autopilot
    To identify a device with Windows Autopilot, the device’s unique hardware identify (hardware hash) must be captured and uploaded to the service. This is usually first step when you want to provision a machine using Windows Autopilot. The hardware hash can be uploaded by manufacturer / raeseller for new devices. However, hardware hash need to be collected manually for the devices which are already in corporate environment and not already enrolled into Microsoft Intune.
  • How to Configure Windows Kiosk Using Microsoft Intune | Windows 10 / 11
    Windows kiosk is a lockdown mechanism to restrict device access to pre-defined applications. The applications appears on the desktop and user can only use those applications. Kiosk are mostly placed in public area to allow access to specific applications to authorized users or guests. For example, a self check-in kiosk at airport. We can use Microsoft Intune to deploy a Device configuration profile to configure Windows Kiosk on Windows 10 / 11 device as single app or multi-app kiosk.
  • SCCM Dynamic Collection for Windows 10 / 11 Devices | ConfigMgr
    In ConfigMgr , a dynamic collection membership is based on query rules. A dynamic or query based collection can have multiple query rules and collection membership updates at each collection evaluation cycle. In this blog post, we will discuss about collection queries for Windows 10 and later devices. What are Collection Queries The collection queries … Read more
  • Windows 11 enrollment failed with error 0x800700b7
    You may encounter below error when trying to enroll Windows 11 device to Intune with provisioning package. Provisioning failure , Installation of a provisioning package failed. Please work with the package author to diagnose the problem. Reported error code: 0x800700b7
  • Bulk enrollment of Windows 10 / 11 Devices to Intune Using Provisioning Package
    Provisioning package method can be used for bulk enrollment of Windows devices to Microsoft Intune. A provisioning package add devices in bulk to Azure Active Directory (AAD) and automatically enroll those devices into Microsoft Intune. This method can be used for corporate owned devices. This enrollment method requires a provisioning package which can be created using Windows Configuration Designer.
  • That account info didn’t work – error when disconnecting Windows 10 / 11 Work or School account
    Issue: You may encounter below error when try to disconnect Work or School account on Windows 10 / 11. The issue keep happening with different local administrator accounts as well. Error: That account info didn’t work. Make sure you’re entering info for a local administrator account and try again. Cause: This issue may happen if … Read more
  • How to Enroll Windows 11 Device to Intune through Azure AD Join method
    There are different methods available to enroll Windows 11 device to Intune. One of such method is Azure AD join method which enables the user to enroll a corporate-owned device into Microsoft Intune by using settings panel and adding a Work or School account. Once device joined to Azure AD, you need to login to the device using your corporate Azure Active Directory account.
  • How to Deploy Google Chrome for Enterprise with Intune Win32 App
    Google Chrome is the most popular and widely-used desktop web browser. As of May 2022, Google’s Chrome is the leading internet browser in the world with a global market share of 64.91%. Hence Google Chrome deployment and management is a must for almost all organizations. The Chrome browser for the enterprise, sometimes referred to as Chrome Enterprise, is the same Chrome browser used by consumers. The difference is in how the browser is deployed and managed. Chrome Enterprise offers extra deployment and management features that cater to the sector’s increased needs for control and security.
  • How to Prepare Win32 App Installation source for Intune Using Intune WinAppUtil
    Win32 apps provide us greater control over the deployment of application. We can deploy 32 bit and 64 bit application through Microsoft Intune Win32 apps. The Win32 apps support deployment of multiple files via IntuneWin wrapper / Intune WinAppUtil (intuneWinAppUtil.exe). The IntuneWin Wrapper can be used to deploy multiple files such as MSI with transform (MST). The Win32 app also support the deployment of .EXE file by converting them to .intunewin format. IntuneWinAppUtil help you to prepare win32 app installation source for Microsoft Intune deployment.
  • How to Configure Google Chrome settings using Administrative templates | Intune
    Microsoft introduced Intune administrative templates for Google chrome settings with Microsoft Intune Service release 2203. We can now avoid complicated process of using custom OMA-URI settings and use Intune administrative templates for quick configuration. In this blog post, we will configure the following settings for Google chrome using using Administrative templates. Create Google Chrome Device … Read more
  • How To Export Serial number of Multiple Devices using PowerShell SDK for Intune Graph API
    The PowerShell SDK for Intune Graph API help IT professional’s automate and manage their Microsoft Intune environment through PowerShell without going to Endpoint Manager Admin Center. In this article, we will see how to export the serial number for multiple devices using PowerShell module for Intune Graph API. If you don’t have PowerShell SDK installed, … Read more
  • Configure Microsoft Edge Sleeping Tabs using Microsoft Intune
    Microsoft introduced sleeping tabs in Microsoft Edge Chromium. Sleeping tabs in Microsoft Edge are designed to improve the memory and CPU usage of the browser. To save system resources for better speed and responsiveness, Microsoft Edge will put tabs to sleep when you haven’t used them for a while, and then wake them as soon … Read more
  • How to Export Managed Device Details from Intune
    Managed devices are devices that are under some sort of organization control. You administrator can setup or restrict some feature or control how device can be used. The devices managed by Microsoft Intune are called Intune Managed Devices. We can export managed device details from Microsoft Intune Admin Center. We can also use PowerShell SDK for Microsoft Intune Graph API to export the device details in CSV file.
  • How to Get AAD Group Members Details Using PowerShell SDK for Microsoft Intune Graph API
    We will use PowerShell module for Microsoft Intune Graph API to get Azure AD group members details. If you have not already installed PowerShell SDK for Microsoft Intune Graph API then follow the steps provided in this article to install PowerShell module and connect with MSGraph API with admin consent for first time. Connect with … Read more
  • SCCM Device Collection Equivalents in Microsoft Intune for App Deployment
    We use collection in SCCM to target a deployment. let’s assume we have to apply a patch on all Dell computers to address an issue. The quick way to deploy a fix through SCCM was to create a collection with all Dell computers and target the deployment on that collection. Same concept was being used … Read more
  • How to Install PowerShell SDK for Microsoft Intune Graph API
    Microsoft is deprecating the Azure AD PowerShell Module and MS Online module in 2022. So, admin need to migrate to either PowerShell SDK for Microsoft Intune Graph API or Microsoft Graph API. Let’s see how we can install PowerShell SDK for Microsoft Intune Graph API from PowerShell Gallery.
  • Deny Write Access to USB Devices Using Intune Catalog Settings
    The USB devices are a quick way to move the data across different devices. However it’s also pose a huge risk to corporate data security. Hence organization either block the usage of USB devices or deny write access. In this blog post, we will discuss how to deny write access to USB devices using Microsoft … Read more
  • Understanding Win32 App Requirements Rule in Microsoft Intune
    In Microsoft Intune , Win32 Apps Requirements are rules which must met for the application to get installed. You can specify the requirements when creating Win32 app. The application will install only if requirements are met. For example, you want to install an application only if hard disk have at least 5 GB free space. … Read more
  • How to Provision Windows 10 / 11 Device using Intune and Windows Autopilot
    As per Microsoft, Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose, and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that’s easy and simple. In this post, we will discuss about device provision using Windows 10 Autopilot for Azure Active Directory (AAD) joined devices.
  • How to Configure Enrollment Status Page (ESP) in Microsoft Intune
    The Enrollment Status Page (ESP) shows the progress of device provisioning when a new device enrolled to Intune or a new user sign in to the device. You can show ESP during the default out-of-box experience (OOBE) for Azure AD join, Windows Autopilot scenarios or when new user sign into the device for the first time. In this article, we will create a new Enrollment Status Page profile for Windows Autopilot devices.
  • SCCM Client Installation Failed with error 0x87d0027e
    ConfigMgtr | SCCM client installation may fail with below error when management point is configured for HTTPS. [CCMHTTP] ERROR: URL=http://CMSRV01.techuisitive.local/ccm_system/request, Port=80, Options=1248, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE Failed (0x87d0027e) to send location request to ‘CMSRV01.techuisitive.local’. StatusCode 403, StatusText ‘Forbidden’ GetDPLocations failed with error 0x87d0027e Failed to get DP locations as the expected version from MP ‘CMSRV01.techuisitive.local’. Error 0x87d0027e
  • Microsoft Endpoint Manager: Error Code Reference
    This post is a collection of Microsoft Endpoint Manager / Intune error codes and reference articles. Intune : Win32 App Deployment Intune : Win32 app deployment failed with error code 0x87D300C9 Error code : 0x87D300C9 Error Description: The unmonitored process is in progress, however it may timeout. Intune : Win32 app deployment failed with error … Read more
  • MDM Enroll: Device Credential, Failed (Unknown Win32 Error code : 0xcaa9001f
    On a hybrid setup , you may experience workstation failed to Enroll after being Hybrid Join. Navigating to Event Viewer-Applications and Services-Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational, you will get Unknown Win32 Error code : 0xcaa9001f. Microsoft Docs has a solution which might work if the setup and the problem is identical to what Microsoft explains in the docs or … Read more
  • Understanding Win32 App Detection Rules in Microsoft Intune
    In Microsoft Intune Win32 App Detection Rules are used to determine the presence of a Win32 App. The detection rules ensure that app installation only start if it’s not installed yet. A Win32 App can have multiple detection rules and all detection rule must be met to detect the application. However in the case of an Uninstall, only one detection rule should match in order to trigger uninstall.
  • Intune – Win32 App Deployment failed with error code 0x80070643
    The Win32 app deployment may fail with error code 0x80070643 in Microsoft Intune. The error 0x80070643 translates to Fatal Error During Installation and there can be many reasons behind this error. Let’s understand why this issue happens and how to fix 0x80070643 error. Issue – Error 0x80070643 The Win32 App deployment may fail with following … Read more
  • Win32 App Deployment Failed with Error 0x87D1041C
    The Win32 application deployment in Microsoft Intune may fail with error 0x87D1041C – The application was not detected after installation completed successfully.- The issue may happen due to incorrect detection rule.
  • Win32 App Deployment with Dependencies | Microsoft Intune
    Windows Apps (Win32) in Microsoft Intune / Endpoint Manager provide us greater control over the deployment of applications. The Win32 apps allow us to configure additional parameters similar to Configuration Manager application model features such as Detection methods, Dependencies & Supersedence. In this blog post, we will undersatnd what are application dependencies and how we … Read more
  • Intune – Win32 App Deployment failed with error 0x87D300C9
    Microsoft Intune Win32 App deployment may fail with error 0x87D300C9. The error code translates to The unmonitored process is in progress, however it may timeout. This error usually occur when process get stuck during execution. See the full article for more details.
  • Intune Win32 App Deployment failed with error code 0x80070653
    Microsoft Intune Win32 application deployment failed with error code 0x80070653 Error Code : 0x80070653 Error Description: This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.
  • Intune Application Deployment – Line of Business – LOB vs Win32 Apps
    Line of Business Application (LOB) is legacy application deployment method in Microsoft Intune. The LOB applications support single file format such as .msi, .msix, .appx etc. They only support simple installation. An MSI with a transform file (MST) cannot be deployed using this method. The LOB objects have limited capabilities and they don’t support few rich capabilities of Configuration Manager Application Model such as Detection methods & Dependencies.
  • How to Join Windows 10 Device to Azure Active Directory
    Azure Active Directory is cloud version of on premises Active Directory. You have to join the machine to Azure Active Directory to manage them through Microsoft Intune. Here are the steps to join Windows 10 devices to Azure AD. Go to Windows 10 Settings | Accounts | Access Work or School and click on Connect … Read more
  • Manage Desktop Wallpaper with Microsoft Intune
    On your Windows OS Desktop, a wallpaper is an image displayed behind the graphical user interface when the user’s desktop is visible. We can use Microsoft Intune to manage desktop wallpaper on Windows 10 and later devices. Microsoft Intune device restriction policies help administrator control Windows, Android, Mac and iOS devices. These restrictions let you control a wide range of settings and features to protect your organization resource.
  • How to Block USB Device Access with Exceptions using Microsoft Intune
    Microsoft Intune includes Endpoint security policies which you can use to secure your device and mitigate the risks. The Endpoint security blade list all the tools available through Endpoint Manager that you will use to keep devices secure. In this blog post, we will discuss how to block USB device access using Microsoft Intune Device Control settings. We will also discuss how to manage exceptions so user’s with genuine business need can still access USB media’s.
  • Manage Edge Chromium Favorites with Intune
    Favorites are a great way to save and organize websites so you can revisit them quickly. In this blog post, we will discuss how to manage Microsoft Edge Chromium favorites with Microsoft Endpoint Manager | Intune. From Microsoft Endpoint Manager admin center, select Devices / Configuration Profiles and click on Create Profile Select the following … Read more
  • Check OS Version Compliance with Device Compliance Policy & Notify User | Microsoft Intune
    Microsoft Intune Device compliance policies define the rules and settings that users and managed devices must meet to comply. The following platforms are supported for device compliance policy. In this blog post, we will discuss how we can set up a device compliance policy to check the minimum required OS version. We will also understand … Read more
  • How to Configure Edge Chromium Homepage & Startup Page Using Intune
    Microsoft Endpoint Manager (Intune) Device Configuration profiles allow you to add and configure settings, and then push these settings to devices in your organization. In this post, we will create a Device configuration profile in Microsoft Intune to set Home page and Startup page in Microsoft Edge. Before we go ahead, let’s understand the difference between Home page and Startup page.
  • Invalid_Client error when joining Windows 10 device to Azure AD tenant
    When trying to join a Windows 10 or Windows 11 device to the Azure AD tenant using Settings > Access Work or School > Connect > Join this Device to Azure AD , you may get invalid_client error. Looks like we can’t connect to the URL for your organization’s MDM terms of use. Try again, or contact your system administrator with the problem information from this page.
  • How to Upgrade / Replace App with Win32 App Supersedence relationship | Intune
    In Microsoft Intune, Supersedence enables you to update and replace existing Win32 apps with newer versions of the same app or an entirely different Win32app. Supersedence relationships can be created when adding or modifying a Win32app within Endpoint Manager. The Supersedence steps allow you to specify any supersedence relationships related to the Win32 app. The supersedence relationship can help you in managing the lifecycle of an application. The older applications can be automatically uninstalled from environment by creating Supersedence relation when deploying a newer version.
  • Unpacking endpoint management: the series
    If you’re looking for tips and tricks to help you optimize and simplify the way you manage your endpoints, Microsoft got a great new series for you. Available Episodes: Future Episodes: You can find the updated details on Microsoft Endpoint Manager blog. Related Posts
  • Troubleshooting Intune Issues on Windows 10 / Windows 11
    This post will brief you about the options available to validate policy deployment from Intune and collect the logs for diagnostics. How to Validate Intune policies status The “Access to work or school” page in Windows 10 settings contain useful information about Intune policies. This can be the first place to quickly check if required … Read more
  • Intune Filters – Assign Microsoft Store App policy using Filters
    Microsoft recently introduced Filters in Microsoft Endpoint Manager / Intune which allow more granular targeting of application and policies to specific devices. In this blog post, we will see how we can deploy a Microsoft store app to group of devices using Azure AD group and MEM Filters. We will deploy Microsoft Whiteboard to all … Read more
  • How to Enroll Android Mobile Device to Microsoft Intune
    This blog post provide step by step guides to enroll an Android mobile device to Microsoft Intune. 3. Type your company Azure Active Directory email ID and click on Next. 4. Your company identity will be validated and you will be presented with your organization logo in next page. Enter your Azure AD password and … Read more
  • Managing Android devices with Microsoft Endpoint Manager
    Many of your end-users are accessing their email and other confidential data using the personal or BYOD devices. Learn how to use Microsoft Endpoint Manager to deploy, secure, and manage the devices running Android–and explore the latest features and functionality.
  • Managing Windows devices with Microsoft Endpoint Manager
    Microsoft Endpoint Manager allows a cloud-based, on-premises, or hybrid approach to managing all of your devices. In this session learn how to use the power of Microsoft Endpoint Manager on your Windows devices. Check complete video here.
  • Windows Autopilot for pre-provisioned deployment
    Notes: The Windows Autopilot white glove feature has been renamed to Windows Autopilot for pre-provisioned deployment Windows Autopilot helps organizations easily provision new devices by using the preinstalled OEM image and drivers. This lets end users get their devices business-ready by using a simple process. Please read the complete article here on Microsoft documentation portal.


Scroll to Top