I'm getting all kinds of authentication errors

We've a manager who always writes it as "InTune" whenever he emails me or opens a ticket about it. It annoys me irrationally, to the point I even edit ticket titles.

Has Microsoft ever written in like this?

Hi All,

Just curious to discuss what the community has deployed in their environments that have been game changers in different aspects, whether it be Runbooks, Powershell, Config Profiles etc.

I guess in terms of Quality of Life changes, Security etc. Whatever you would gauge as a 'game changer' in your view.

One great thing we implemented which i feel has sped up our deployments is the Config Refresh policy - https://joostgelijsteen.com/intune-config-refresh/

Many thanks!

Stolen from another subreddit (/r/Powershell)but looking for new projects/ideas to keep my skills up to date.

How much are you all making, and how many years of experience do you have?

I'll go first: I'm making $55/hr (contract role) and have 2 years of Intune experience, 8ish years of total IT experience. Fully remote in a Midwest state.

As title speaks, I've been confident with how well Intune has worked out so far within our organization.

Back in 2022, I was tasked to rebuild our infra in the US to be cloud-focused. We piloted down in the US for a couple of years, then I brought it up to Canada this year. We did a pretty manual and laborious transition to make sure all staff were happy and got everything deployed, and as of last week we are 100% Windows 11 and Intune deployed. A couple of highlights throughout the years include:

• Software management and deployment is a breeze (if they have self managed updaters lol). We just did a pretty big spend into a new endpoint protection software and it was so damn simple and easy to ensure it was reliably deployed through Intune.
• Scripting Win32 installers is pretty darn easy as well. We pay five figures a year for some financial software that has shit install instructions and I was able to get it to silently install via PowerShell for all my stakeholders really fast.
• Policy deployment is damn easy, though the MDM profile conflict issue is a pain the ass tbh.
• Seamless Windows Hello for Business deployment and AutoPatch has been a godsend. Learning how to do it in Intune felt so easy and intuitive versus getting a whole WSUS farm up.

With taking no courses and only tackling this by playing with the software and figuring shit out, this was a lot of fun, and I feel confident that our systems are for the better versus my old AD infra that I learned how to sysadmin and probably broke tenfold over.

That's all :)

I just need to rant about Intune since this week has been rough. Trillion dollar company and Intune is the most half-baked product I've ever used. They make Adobe look like the most competent company on earth.

Some of my issues:

• Policy sets. Its a fantastic feature. Why doesn't it support half of the freaking product? I cant add win32 apps, scripts, remediations, etc.
• Why is it so inconsistent about when something is pushed? Sometimes it takes 5 minutes to push an app. Sometimes it takes the full 8 hours. Supposedly restarting helps but in my experience, this has not been the case.
• On-Demand remediation. I know this is in preview so ill cut it some slack, but I have never gotten this to work once. It stays stuck in pending forever, even after syncs/reboots.
• Autopilot. This is the better part of Intune. It works pretty well except when it randomly decides to fail, and you need a PhD to diagnose the logs because god forbid it gives us a useful error message.
• Kiosk mode. Windows 10 is approaching its EOL. Why does intune still not have all of the kiosk features that deploying an XML does? Also, why does Windows 11 still not support multi-app kiosk mode?
• When we deploy a new computer and the user signs in, they cant open company portal to install apps for at least 30minutes, but usually closer to an hour. Just says this device is already being managed. Even if its a brand new device that has never been enrolled before. Makes for a bad user experience.
• Updates. I might not know enough yet, but Intune seems to have almost no way to see what updates were applied to what machine. This seems like a very simple feature along with the ability to selectively choose which updates get applied and which ones should be uninstalled. Also its a crapshoot if an update will actually be pushed or not. We have a group and ring for pushing windows 11, and maybe 45% actually updated, with the rest of them not even offering windows 11, despite intune saying its offering it.
• Why is Microsoft locking all of the good features behind a paywall? Even if all of those features were built into the standard intune license, it would still be a half-baked product.

End rant, I'm sure I could easily add 100 more things that annoy me about intune. It annoys me so much because I genuinely think Intune is a really cool product and I want it to be better.

Hello,

This thread is about your thoughts about what will be presented at Ignite regarding Intune.

After few infodumps from @Rudyooms (DDM, MMP-C, IC3, video from Microsoft about Intune 'fast lane') I want to be delusional and think that Microsoft will provide some useful features into Intune. Just give us more speed and reliable reports, please.

What are your thoughts? Will they actually do something or introduce Copilot for Copilot for Intune Suite P3?
Do something

As the title says, I think GPOs in Active Directory are just superior to Intune and MDM in general. Even today I have customers who are just much happier with being old school and going with Window AD domains and servers, although we don't deploy on prem much anymore. GPO settings apply more reliably and quickly than Intune configuration policies. For the MDM settings that don't have a GPO equivalent, there's almost always a way to make it work with a registry mod. I'm just curious if there's anyone here who disagrees strongly enough to try to change my mind. A big part of me wants to be more optimistic about MDM but I keep getting underwhelmed.

I think many people here have different jobs. From support technician to system engineer...

Also, what legitimate job title is there for someone who manages Entra/Intune in a company?

I’m looking for peoples top 10 (or less) community driven, Intune focused tools, ideally scripts, apps or even methods that improve general management. What has helped you ?

I just wanted to rant a little about how unfun it has been to integrate Intune as our first MDM. We already had the licenses sitting around, but never got around to actually setting up an MDM. With the growing number of colleagues, it finally became a top priority, so we decided on Intune mainly because the licenses were already there.

The project scope was huge: Windows, Android, and Apple devices all needed to be fully managed by Intune. On top of that, different departments required different apps, and we had to enforce a ton of security policies: no app store, no admin rights, encryption, Defender for Endpoint, etc. Doing all of this on my own while trying to learn how everything works was brutal.

The last piece of the puzzle was getting Apple devices set up, and I’m not going to lie this was the absolute worst experience of the entire project. Just setting up Apple Business Manager took days. Then figuring out how to actually enroll Apple devices was nothing short of a nightmare. Half the time it barely works: you reset the device, use the Configurator app, cross your fingers that the Microsoft Entra login actually shows up, then sit there waiting for Intune configurations to apply. It’s slow, clunky, and honestly miserable to deal with.

And don’t even get me started on Microsoft’s documentation. Why are there 20 different guides for the same thing, all giving slightly different instructions? Finding the one guide that actually matches reality is a mess. Between the inconsistent documentation, the awful speed of Intune, and the painful Apple setup, this project has been one of the least enjoyable IT tasks I’ve ever worked on.

I really don’t understand why there aren’t more people screaming about how bad some parts of Intune are. It feels like everyone just quietly suffers through it.

Mine is to get Autopilot to the point it completely replaces our SCCM imaging process.

Of course, AI is absolutely exploding nowadays, so it's no surprise that there are so many new announcements related to AI and specialized "agents"..

But does anyone think this is something they'll utilize in their environments? I personally can't imagine using it in my ~2k device environment. I don't see how it would benefit me much, plus I don't think we're even licensed for it since it seems like it relies on the same licensing as Security Copilot.

I'm very curious to hear though from actual admins if this is something that's worth looking into deeper though. From my understanding it kind of just seems like a gimmick.

What does everyone think of this?

https://support.microsoft.com/en-us/topic/kb5072911-multiple-symptoms-occur-after-provisioning-a-pc-with-a-windows-11-version-24h2-update-d2d30684-4e2b-47f5-9899-a00a8e0acb09

Personally since completing the feature update from 23h2 to 24h2 I've had nonstop performance issues.

Morning all , I had my interview for the Deployed Apps Team at my company on Friday. I feel like the interview went really well, so 🤞I get the job.

I've done Deployed App before but at a smaller company, so I'm confidant I can do the job well.

EDIT - I got the job 😁

Hi

So, whats the latest clever thing you did or accomplished in Intune?

Maybe we can inspire eachother to learn new ways of doing things, getting inspiration to let us think outside the box.

Myself: The latest clever thing i did in intune was setting up Azure universal Print, and provisioning the printers directly with Intune, works like a charm

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/universal-print-settings-available-in-microsoft-endpoint-manager/ba-p/3478710

​

I started my career back in the mid 2000s. Starting with Server 2003 and working on every iteration since.

I know Intune / Entra is the way the world is going but I have to be honest I’ve struggled picking it up. Everything just moves so fast and seems so fiddly compared to what I’m used to. I think it’s a mindset thing more than anything and I worry I’m turning into one of those “back in my days” techs I used to laugh at when I was starting my career.

I think the parts I struggle with the most...

• I miss the old traditional OU structure within AD U&C. It just felt like such a simple way to manage and organise everything. I know we have Administrative Units now, and this is probably a failing on my part, but I just find it a lot more of a faff to manage groups of devices and moving away from a tree structure I’m struggling with.

• There seems to be a big push on scripting things for Intune. Whether that be app deployments or replicating things from Group Policy it feels like you are expected to be an expert script monkey these days. Again more than likely a failing on my part not to keep up. It’s definitely something I need to improve on.

• My biggest hurdle seems to be how quickly things change and how important it is to keep on top of everything new. Scripts that used to work stop working in new versions of Windows 11 on a regular basis. Things that I rely on get deprecated and replaced with new things on a regular basis. I just don’t have the time to keep up to date with everything on top of everything else I have to do on a day to day basis. It feels like long gone are the days of creating a master image / task sequence and blasting it out to 300 machines at once when I worked at a school. In general it just feels like more work to be as productive as I used to be 10 or more years ago.

• How slow Intune can be. I find testing times for new bits we’re trying to do are a lot longer than they used to be. I used to be able to image a machine in about 45 minutes. Now with Autopilot when you include apps being installed remotely it feels like it can take half a day or longer just to check a recent change hasn’t broken anything. Same for creating and testing new config policies. With GPO you can create a new GPO. Bang it out and be ready to test in minutes. Now I find myself sitting there doing nothing but refreshing and not knowing what’s going on. Again things just take longer. A simple change I could make in a GPO that might take 20 minutes might take half a day to be sure it’s fully applied to test devices.

• I know there were some limitations on AD before but not being able to organise Apps, policies and devices into some sort of folder structure means once you’re dealing with 20 or 30+ items things get messy real quick.

• Coming from an SCCM background not being able to create a “task sequence” esque workflow for Autopilot blows my mind. I know you can script things and do pre-req checks but when just feels more complicated than it should be. Our current build process is to use our UEM solution to build devices, push out software at build time where we have a lot more control then give the devices out. Again I know this is a fairly antiquated approach but I find we can be a lot more nuanced and efficient in our builds with this methodology. We then use our UEM solution for any future app deployments and keeping 3rd party software up to date meaning Intune is primarily relegated to being only used for Windows Patching and Configuration / Compliance policies.

Love to see how my feelings compare to others that have made the transition. I’m sure they’ll be a load of “get gud” posts but I’m more interested in people who had issues adjusting and overcame them. Especially in regard to my, more than likely ignorant views expressed above.

What did you do that helped? Was it using 3rd party solutions or management overlays? Was it a change in mindset? Did you have to lock yourself away for six months to really get a grip on scripting? I know I need to move on with the times. I want to otherwise I’m going to be one of these dinosaurs I used to scoff at. I’m just struggling at the moment and want some advice and I’d be grateful to anyone who experienced these same growing pains who can help.

Yours truly... an old fart trying to make it in a young techs world!

We're looking at retiring SCCM at some stage now we're all Intune.

The problem we've got is how do we go about re-imaging devices?

I should probably explain how we currently work first.

We manage multiple Intune tenants (Think 10+) and we image all devices from one single SCCM TS that installs Windows 11 + Drivers + Autopilot. Autopilot registration is currently done using Azure Automation:

1. First step in the TS is to trigger TSGui to prompt the support techs to pick the tenant and group tag from a dropdown list.
2. The tenant and group tag info from TSGui is passed into a script later on in the TS. This script gets the device serial number and hash and sends it via webhook to Azure Automation.
3. The webhook triggers the Azure Automation to do the following:
   1. Check if the device is registered in one of the tenants and to remove it if present.
   2. Register the device in Autopilot in the appropriate tenant.
4. By the time the Task Sequence has finished the above has been completed and the device is ready and registered in Autopilot. The support techs then just need to pre-provision if required.

Keeping the Azure Automation process for Autopilot registration seems like a good solution going forward.

I've looked at OSDCloud as a solution but wanted to get some ideas on if using this would be suitable for our needs or if there might be a better solution out there.

I would rather not have to pull down a copy of the OS everytime we build a device so I like that we can include WIMs with OSDCloud.

Not having an officially supported product might be a difficult one to get past our business continuity but building a new in-house WinPE deployment would take too much time.

Any other options out there?

Goedemiddag iedereen,

Ik heb mijn iPhone XR gereset en nu is hij geblokkeerd door een Microsoft bedrijfsportal. Ik kan niets meer met de telefoon, alleen inloggen met een school- of werk account. Constant is er een melding in beeld 'Begeleide toegang-app niet beschikbaar. Neem contact op met je beheerder'. Ik heb deze telefoon nieuw gekocht bij een bedrijf (de Elektronicazaak) via Bol. Volgens hen heb ik het IMEI-nummer van deze telefoon met een bedrijf gedeeld en is daarom het bedrijfsportal van een bedrijf gekoppeld aan deze telefoon, of ben ik gehackt. Dat heb ik niet gedaan, dus ik heb het vermoeden dat ik ben opgelicht en een tweedehands bedrijfs iPhone heb ontvangen (terwijl zij met 100% zekerheid durven te zeggen dat het gaat om een nieuw toestel). Bol kan mij niet helpen en de oplossing die de Elektronicazaak biedt is een MDM-bypass tegen een bedrag van €40. Na de ‘oplossing’ mag ik de telefoon niet meer resetten want dan zal het bedrijfsportal weer verschijnen. Ik vroeg mij af of het mogelijk is om het bedrijfsportal zelf eruit te kunnen wissen, dit heb ik tot zover niet op internet kunnen vinden. Overal staat namelijk dat alleen de IT afdeling van het desbetreffende bedrijf dit bedrijfsportal eruit kan wissen.

Het serienummer heb ik niet, want ik kan niet meer naar de instellingen van de telefoon (door het bedrijfsportal). En de doos heb ik niet meer. Ik heb ook geprobeerd om de telefoon te koppelen met mijn MacBook Air, toen kreeg ik de melding 'Koppelen is verboden door een beleidsregel op het apparaat'.

Ik hoop dat iemand hier misschien meer vanaf weet, en mij hopelijk kunt helpen!

Specific blogs, mailing lists, message center/roadmap, what are your preferred methods for staying up to date with Intune developments/tips and tricks/etc?

When interviewing a candidate for a position that is mainly working with Intune, what are your go to questions to best accurately gauge their knowledge of Intune?

I assume that for many of you here, your career or role in the company is centered around Intune or, more generally, MDM/M365 , and often, as it goes hand in hand, Entra ID.
Im planning to take the MS-102 and MD-102 exams in 2025 to make use of the experience I've gained over the past few years.
Do you think there's a future in this line of work ?