question

Johan-8824 avatar image
0 Votes"
Johan-8824 asked LuDaiMSFT-0289 commented

User Configuration profiles - Intune

Hi,

I have some User Configuration profiles in Intune. Example:

  • Profile type: SCEP certificate, with Certificate type: User

  • Profile type: VPN (for Always On VPN)

Non of them are being deployed unless I login in the Company Portal app on the machines.

Other machine Configuration profiles are being deployed without needing to login in the Company Portal app. Example:

  • Profile type: SCEP certificate, with Certificate type: Device

  • etc....

Do you really need to login in the Company Portal app on the machines to get User Configuration profiles deployed? What if you have not deployed the Company Portal app on the machines, it's not there by default.

Br



mem-intune-generalmem-intune-device-configurationsmem-intune-enrollment
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered

@Johan-8824 Thanks for posting in our Q&A.

For this issue, if the profile is deployed to user, for windows devices, it is not needed to login in the Company portal app, but it is needed to use the target user login in the device.

For android and iOS devices, it is needed to use the target user to login in the Company portal app. If there is no Company Portal app on the devices, I don't think that the profile will be deployed to the device successfully.

Hope it will help.

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Johan-8824 avatar image
0 Votes"
Johan-8824 answered LuDaiMSFT-0289 commented

Hi,

All Configuration Profiles are deployed to Device groups. When I logon to the device (Windows 10 devices), all Configuration profiles are deployed except the User Configuration profiles (listed above), unless I login in the Company Portal app.

I have also tested to deploy the User Configuration profiles to both User and Device groups, the same result. You need to login in the Company Portal app to get the profiles.

If I understand you right, I need to deploy the User Configuration profiles only to User groups to get it work without need to login in the Company Portal, or?

Br



· 4
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuDaiMSFT-0289 avatar image LuDaiMSFT-0289 ·

@Johan-8824 Yes. Generally, we deploy the User Configuration profiles only to User groups. For windows devices, we only need to use the user account to login in the devices and don't need to login in the company portal app.

0 Votes 0 ·
LuDaiMSFT-0289 avatar image LuDaiMSFT-0289 LuDaiMSFT-0289 ·

@Johan-8824 Haven't heard from you for some time, is there any other assistance that we can provide? If you have any questions or concerns, please don't hesitate to let me know.

0 Votes 0 ·
Johan-8824 avatar image Johan-8824 LuDaiMSFT-0289 ·

Hi,

I have found what was causing the issue, it was a Conditional Access policies that require MFA are applied to all cloud apps. The solution is to exclude the Microsoft Intune app from the policies that require MFA to allow device sync by using the user credentials.

A similar issue is described in this article, https://docs.microsoft.com/en-us/troubleshoot/mem/intune/troubleshoot-co-management-auto-enrolling#devices-fail-to-sync-after-auto-enrollment

Thanx for all assistance regarding the issue.

Br




0 Votes 0 ·
Show more comments