Defender ASR policy block win32api disabled Edge and Chrome
Today all users in one of our customer's tenants started reporting their Edge and Chrome being removed from their desktop (shortcuts), Outlook issues were reported as well. When we set the asr policy Block Win32 API calls from Office macro to audit,…
How to confirm if updating password policy in Microsoft Endpoint Manager will block Biometric + PIN access?
We are updating our MDM (Intune) Compliance mobile and desktop compliance policies atm. We are confused as the documentation listed here (https://learn.microsoft.com/en-us/mem/intune/user-help/password-does-not-meet-it-administrator-requirements) states…
Microsoft Defender for Endpoint and Secure Score not synchronising
Hello, I've been dealing with issue for a while. It all began when I turned on the endpoint agent on Microsoft Security and all of the devices of my users were successfully onboarded via Intune, prior to this the report card on Secure Score displayed…
Defender for Endpoint blocking USB & Bluetooth
Hello, I am trying to create scenario where I set a Hyper-v VM and a DC, to test if I can block USB & Bluetooth in a reasonable way. I know enhanced session can pass your devices to guest machine...but I am not sure if it is a valid way to test it so…
What is the benefit of using SCEP with Intune.
Hello Intune Guru. I have a question about secure intune. I have seen some organizations using SCEP in combination with Intune MDM. What is the benefit of using SCEP withe Intune? Also, my organization thinking about creating Intune Autopilot to enroll…
organising laptops and desktops in AD - best practice
From a systems administrators perspective, are there any risks in storing both laptop and desktop computers in the same OU, or is it common best practice to store them in their own dedicated OU in your AD domain? I was trying to understand any logic…
Mismatch in Password length for different Android versions when deployed in company portal
Hello Experts! I have created the device restriction policy for Android in Intune. and have configured the following setting from Intune for Password length that which should require minimum of 6 digit, below is the screenshot for the settings applied…
Security Baseline status does not change after error or conflict fixing
I wonder if this is a bug around baseline status and monitoring, because I have witnessed that after fixing errors and conflicts, new machines green up but old one, are still with error status. Let me clarify; Pilot machineA recevies default Windows…
How to assign permission to intune with security group
Hello, I have created 2 new groups in AD for intune 1 group for admin 1 group for wipe and delete devices How do I assign these security groups in intune for admin and helpdesk
Intune: iPad - Enroll without User Affinity Profile - Edge browser as Kiosk - Edge Browser Bookmark configuration not applying to device
My Requirement is to setup a shared iPad, to allow only to access Browser application (Safari or MS Edge) and add a URL to favourite/bookmark in the browser. One. I had setup a profile for iOS/iPadOS as "Enroll without User Affinity" and…
Endpoint manager - Custom Role. Helpdesk staff unable to add new Apps
Hi, I'm trying to get my helpdesk to start taking over some of the more basic admin tasks for our corporate managed Android devices so I have created some guidelines on adding a new app and provided them to a member of the helpdesk so they can do a quick…
BitLocker recovery key missed/Lost
Intune environment, BitLocker profile has been configured and works fine. there are few machine not having BitLocker recovery key from Intune portal. How to get recovery key , is there any script to get/generate How to get Intune report which…
Security Baselines Assessment - Profile Update Status Failed
Hi there, I have Security Profile in Security Baselines Assessment that I'm unable to update, disable or delete. Anyone has any idea?
Where can i find site's blocked by Web content filtering?
Where can i find site's blocked by Web content filtering? Now we have setup only adult content, but it blocks normal site lekarnet.sk. I know i can unblock this site but i want to know why this site is blocked and in which category is. Is…
MSGraph deviceManagement/Intents not showing in Endpoint Security when created via POST
Hopefully not too much of a complex question this. When using the API. Creating a new Device Management Intent using POST and the below JSON, the policy will create, and give me an Id via the Graph Explorer. To which it can be assigned to a group and…
MS Defender Security Baseline 22H2
Hi there, I don't see 22H2, has someone here implemented the 22H2 Baseline Security for Windows 10 and 11?
Does Microsoft Purview DLP comes with Microsoft 365 Business premium?
I'm confused whether I need to buy add on for Microsoft Purview DLP or that it is only available from the Enteprise lineup. But when I checked my apps under license, there's already Data leak prevention included. see attached picture here
Device Control Printer Protection - Prevent printing from non-corporate network printers: What is a corporate network printer and how is it defined for this policy?
Good evening everybody, I am just diving into Device Control of ASR. Just now I stumbled over the settings for printer protection. Prevent printing from non-corporate network printers. Well ok on my test machine that one works pretty finde as it…