MGP Keep apps on certain version
Hi All I hope you are well. Anyway, a wee urgent one here. Is there any way to keep apps from the Managed Google Play to a certain version number? Apparently, the latest version of one of our apps is flawed. This is an app that is available publicly and not an LOB / APK etc. Info appreciated. Stuart
Immediate Restart from Intune
Hi everyone, I'm looking for a way to remotely restart a Windows device enrolled in Intune—but with one key requirement: it needs to happen immediately, or as close to real-time as possible. Here’s the situation: All devices are Windows 10/11 and fully enrolled in Intune. I have admin access and can use PowerShell, Graph API, or Power Automate. I want to be able to trigger a restart from a script or flow, without requiring user interaction. The goal is to restart a specific user’s computer on demand, ideally within seconds or a minute—not hours later when the device checks in. I’ve tried: Using the Intune Admin Center > Devices > Restart option — but it’s not immediate. Triggering a sync first still not fast enough unless the user has company portal open on their machine Exploring Power Automate and Graph API to call /restartNow or /wipe — but again, it depends on the device check-in. Is there any way to: Force a device to check in immediately, or Push a restart command that executes instantly, assuming the device is online? Bonus points if this can be done via a script or automated flow (e.g., triggered by a manager request or security event). Any help, scripts, or creative workarounds would be hugely appreciated! Thanks in advance!Initiate Windows Updates devices not logged in by users
Hi All, We have a scenario deploy windows updates for devices enrolled to Microsoft Intune and no user logged in. Our IT administrators keep the newly imaged laptops for about 3-4 weeks on their shelf before hand over to a new user. Because of that during that time those devices report to Intune as non-compliant due to Windows OS version. Therefore we are looking for a way to deploy windows updates for them without depending on logged in users. Appreciate any ideas. thanks in advance! DilanBizarre reinstall loop for M365 365 Apps
Hi All, We have deployed M365 Apps x32 bit version to all devices (app type is Microsoft 365 Apps (Windows 10 and later)). We have experienced random reinstallation for some users for last 1 to 2 months even the M365 apps has already been installed successfully on the devices. I have tried to find a any Intune logs related to this reinstallation but unfortunately I am not able to find any logs either by application ID or application name. However, I Checked that MSIInstaller logs in event viewer, I could find the successful installation about every 5-6 days (Image01, Image02). even in control panel keep updating the installation date accordantly. Again, When I checked the deployment status for the specific app in Intune, it says as install pending (Image03, Image04, Image05). I would appreciate it any hep to find what happening in the background and anywhere that I can find logs for M365 apps installation from Intune. Thanks, Dilan
Microsoft Intune Connector for Active Directory security update
Hi i read this article to update our Intune Connector Microsoft Intune Connector for Active Directory security update | Microsoft Community Hub (version 6.2505.2001.2 downloaded from Intune portal) After installing when i click on Sign In we have an issue with Webview on 2016 (with new Edge/webview install) or 2019 server (with webview already installed)... any ideas ? i tryed to resintall, launch as Admin, reboot ... same issue thanks for your help :)Excluding Windows Hello for Business (WHfB) for Windows 10 using Intune assignment filter
Good morning, I'm experiencing a persistent issue with applying an exclusion policy for Windows Hello for Business (WHfB) on Windows 10 devices (actually a testing VM) managed through Microsoft Intune. Despite configuring the assignment filter and verifying its correct evaluation in Intune, Windows 10 devices continue to allow WHfB PIN creation, and the option to remove the PIN is disabled. Scenario and objective: My goal is to enable Windows Hello for Business for all users except when they log in from a Windows 10 device (already enrolled in Intune). Therefore, the intention is to disable WHfB specifically for Windows 10 devices. Current configuration: WHfB policy: I have a device configuration profile named “WHfB” (Platform: Windows) which enables Windows Hello for Business. Policy assignment: This policy is assigned to a “WHfB Dynamic Group” that contains users with the “manager” attribute. Assignment filter (exclusion): I created and applied an assignment filter named “Windows 10 Device Filter” to the policy mentioned above. Filter mode: Exclude. Filter definition: (device.osVersion -contains "10.0.1") Observed behavior: Filter evaluation in Intune (as shown in the previously provided screenshot): For the problematic Windows 10 device, in the “Filter Evaluation” section of the “WHfB” policy, the “Windows 10 Device Filter” shows “Evaluation Result: Match” and “Mode: Exclude.” The message states “Policy not delivered.” This confirms that the filter is working correctly in Intune and that the WHfB policy is not applied to the Windows 10 device. Behavior on the Windows 10 device: Despite the exclusion, the user (AdeleV) can still modify and use the WHfB PIN. The “Remove” PIN option is disabled (greyed out) in sign-in options. Windows Event Logs (HelloForBusiness/Operational): The log displays several errors (Event IDs 7054, 8203, 7204) and informational events (8210, 8200, 8202, 5060 “PIN required”). Event 7054 specifically indicates error 0x1 (or 0x80000000000000001), which is a generic error. Troubleshooting steps performed: Forced sync and restarts: executed multiple times on the Windows 10 device. Sync status in Intune for the “WHfB” policy sometimes shows “Unavailable,” but filter evaluation is always “Match/Exclude.” OS version verification: The OS version on the device (10.0.19045.3803) confirms that the string “10.0.1” is contained, so the filter syntax is correct. Policy conflict search: I reviewed the device’s configuration profiles and compliance policies applied via Intune, but didn’t identify any obvious conflicts or other policies that explicitly enable WHfB. Question: Given that my WHfB exclusion filter works correctly, but WHfB is still enabled on the Windows 10 device (and the PIN can’t be removed, with a generic error in the log), what could be the root cause?
Subsequent device registration in Intune
Hello Tech Community, We use Entra ID and our devices are fully Entra-joined. Windows 11 devices appear in Entra ID as normal. We now want to manage our devices with Intune. However, the devices do not appear in Intune because the MDM user area was initially configured as 'None'. How can we subsequently move the devices to Intune? Ideally, we would like an automated process to avoid having to move each individual device. Details: Windows 11 Devices - Fully Entra-joined Appear in Entra No other device management in use Problem: Register the devices in intune without manually touch each individual device. Also i don't want to use things like PSRemote. Thanks for your answers. BR
How can I get the Operating System Build Number for an Android device in Intune
Hello all, I am trying to pull information about an Android devices Operating System Build Number from Intune using PowerShell, however - the closest information I can find is the Operating System Version. I've been successful in connecting to Microsoft Graph via PowerShell, and I'm certain I have permissions to access all the device information. However, I cannot find information about how to pull the data I'm looking for. Google suggested that I need to include 'hardwareInformation' as an ExtendProperty of Get-MgManagedDeviceManagedDevices but I receive an error stating: "Parsing OData Select and Expand failed: Could not find a property named 'hardwareInformation' on type 'microsoft.graph.managedDevice'" Can someone please help me find how to select the Operating System Build Number from Intune or MgGraph? I've included an image of the exact data I'm looking for as it shows up in Intune
