Intuneの構成プロファイルの適用範囲について
構成プロファイルの適用対象はWindowsPC(Win10)で、このWindows PCにはAzure ADユーザー(Azure AD参加済)とローカル管理者(Administrator)の二種類が存在します。 このうち、Azure AD参加済ユーザーにのみ構成プロファイルを適用する方法を教えていただけますでしょうか。 →構成プロファイルの割り当て対象に、上記のAzure…
Intuneの機能更新プログラムによるWindowsのOSのバージョンアップに関して
"Windows 10 以降向け機能更新プログラム"と"Windows 10…
Intune Deep link enrollment getting error Don't have right permissions
Hi Team, I am enrolling the device using Intune deep link (ms-device-enrollment:?mode=MDM). Getting the error that "You don't have the right privileges to perform this operation. please talk to your admin" could you please let me know what…
![](https://techprofile.blob.core.windows.net/images/wz4IyfazrUipeFkkEnpdcg.png?8D89B4)
Skilling requirements for Solutions Partner Security designation?
In my company, we want to obtain the "Security" Solutions Partner designation. However, we are unsure, which certifications to ask our engineers to fulfil. The CURRENT skilling requirements appear to be very clear - as outlined here. M365…
Syntax to add OneDrive Known Folder Move folders to Controlled Folder Access policy
Hi We are using Intune to set OneDrive to move Known Folders to OneDrive. We also have enabled Controlled Folder Access. What I have understood, when Desktop, Documents and Pictures folders are moved to OneDrive, the default controlled folders do not…
How to disable O365 MFA for the initial login at a new device?
I recently migrated my client to O365 and we are discovering device enrollment via Intune. When onboarding a new device and the user logs in for the first time, the user needs to configure an MFA device or leave their mobile number. We do not want to…
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)
Enable Controlled Folder Access blocks Onedrive.exe
Hi I have Enabled Controlled Folder Access (Endpoint Manager -> Endpoint security -> Attack surface reduction -> Attack Surface Reduction Rules (policy) -> Enable Controlled Folder Access). In Windows 11 device, this resulted onedrive.exe to…
office application creating child process exclusion ASR
hi we activated in block mode after audit the ASR rule "Block all office application from creating child process" But exclusions does not seems to work (for testing) In deed we work with Factset software that add a plugin in Excel that…
Disabling "App locker application control" setting
Hi We have enabled following setting in Endpoint Manager: Endpoint Manager -> Endpoint Security -> Attack Surface reduction -> Application control (policy) -> "App locker application control" = Enforce Components, Store Apps, and…
Blocked all ports on Linux Azure VM
Good afternoon, I accidentally blocked all ports through the ufw firewall. There is no access to the control panel, is it possible to somehow bypass the firewall, or reboot the VM. Tech support doesn't help.
Intune - Prevent unlocking of USB & External Storage
Hi, I was thinking about something - If you use Intune to lock External Storage and USB and either completely cut off some devices, or use whitelist, that setting ventures to Registry, which means that everyone in the environment who has Administrator…
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)
The organization will move from Azure-AD Free to Azure AD P2
The organization will move from Azure-AD Free to Azure AD P2. Hello good evening, how are you all ? The organization is moving from Azure-AD to Azure-AD P2 licenses. What is or are the key features to be leveraged, thinking of "Information Security,…
Defender ASR policy block win32api disabled Edge and Chrome
Today all users in one of our customer's tenants started reporting their Edge and Chrome being removed from their desktop (shortcuts), Outlook issues were reported as well. When we set the asr policy Block Win32 API calls from Office macro to audit,…
![](https://techprofile.blob.core.windows.net/images/7EQ5-HY98kGi4i9V9wyPSg.png?8DAAFF)
How to confirm if updating password policy in Microsoft Endpoint Manager will block Biometric + PIN access?
We are updating our MDM (Intune) Compliance mobile and desktop compliance policies atm. We are confused as the documentation listed here (https://video2.skills-academy.com/en-us/mem/intune/user-help/password-does-not-meet-it-administrator-requirements) states…
![](https://techprofile.blob.core.windows.net/images/BgVt5FLdR0WSRLH9L6ShYg.png?8D9BF0)
![](https://techprofile.blob.core.windows.net/images/wz4IyfazrUipeFkkEnpdcg.png?8D89B4)
Microsoft Defender for Endpoint and Secure Score not synchronising
Hello, I've been dealing with issue for a while. It all began when I turned on the endpoint agent on Microsoft Security and all of the devices of my users were successfully onboarded via Intune, prior to this the report card on Secure Score displayed…
Defender for Endpoint blocking USB & Bluetooth
Hello, I am trying to create scenario where I set a Hyper-v VM and a DC, to test if I can block USB & Bluetooth in a reasonable way. I know enhanced session can pass your devices to guest machine...but I am not sure if it is a valid way to test it so…
What is the benefit of using SCEP with Intune.
Hello Intune Guru. I have a question about secure intune. I have seen some organizations using SCEP in combination with Intune MDM. What is the benefit of using SCEP withe Intune? Also, my organization thinking about creating Intune Autopilot to enroll…
organising laptops and desktops in AD - best practice
From a systems administrators perspective, are there any risks in storing both laptop and desktop computers in the same OU, or is it common best practice to store them in their own dedicated OU in your AD domain? I was trying to understand any logic…
Mismatch in Password length for different Android versions when deployed in company portal
Hello Experts! I have created the device restriction policy for Android in Intune. and have configured the following setting from Intune for Password length that which should require minimum of 6 digit, below is the screenshot for the settings applied…
Security Baseline status does not change after error or conflict fixing
I wonder if this is a bug around baseline status and monitoring, because I have witnessed that after fixing errors and conflicts, new machines green up but old one, are still with error status. Let me clarify; Pilot machineA recevies default Windows…
![](https://techprofile.blob.core.windows.net/images/iyN8gQFAAwAAAAAAAAAAAA.png?8DC6DB)
![](https://techprofile.blob.core.windows.net/images/iyN8gQFAAwAAAAAAAAAAAA.png?8DC6DB)