Mobile Application Management (MAM)
819 TopicsDeploying Script as Win32 App
Hi all, I created a script that is supposed to check if a certain app was installed from a managed installer, then create a file in the C:\Temp folder if it was installed from a managed installer. I would deploy this as a Win32 app so that I could use the detection rules in the Win32 App deployment to check which device was installed via a managed installer. However, it doesn't seem to work. I created a transcript log as well to check if I would get an output from the variables, but it seems to only run the else block in the If Statement. We use a Business Premium license, so I don't access to Enterprise license capabilities like proactive remediation scripts. It is run using the System credentials, I've tested the script locally which works. Thank you, I've included some images of the script and transcript log. Script: Transcript Log Output:32Views1like1CommentConditional Access Policy Loop with Edge on BYOD Devices – Need Help!
Body: Hello Tech Community, I’m facing an issue with an Azure AD Conditional Access Policy that seems to be causing a loop when users access Office 365 resources using Microsoft Edge on Windows 11 24H2 BYOD devices. Here’s the scenario: Problem: The policy is titled "Require App Protection Policy for Edge on Windows for All Users when Browser and Non-Compliant-v1.0" and continuously prompts users to switch profiles in Edge. These devices are BYOD and intentionally excluded from full Intune management (non-compliant by design). However, Edge repeatedly requests authentication or profile switching, creating a frustrating experience. Policy Details: Applies to: Windows devices using browsers (primarily Edge). Excludes: Compliant devices or those with trustType = ServerAD. Includes: Office 365 applications. Excludes Groups: Certain groups that should bypass the policy. What I’ve Tried: Verified device compliance status in Azure AD and Intune. Checked Azure AD Sign-In Logs for errors or repetitive authentications. Cleared Edge browser cache and cookies. Ensured Edge is configured to use Windows sign-in information. Adjusted the App Protection Policy settings for Edge. Questions: Could this be an issue with how Edge handles profile authentication in Conditional Access scenarios? How can I ensure that BYOD devices remain excluded from full Intune management but still work seamlessly with this policy? Are there specific adjustments I can make to the Conditional Access or App Protection Policy to avoid these loops? Additional Context: My goal is to secure access using App Protection Policies (MAM) for BYOD scenarios without requiring full device enrollment in Intune. Any insights, suggestions, or similar experiences would be greatly appreciated! Thank you in advance for your help!313Views1like2CommentsMHS Permissions / Samsung OEMConfig
Hi All I hope you are well. Anyway, we are rolling out Android Enterprise ZTE tablets in Entra Shared Device Mode and all seems well. Only thing is the MHS app permissions deployed via the Device config profile just don't seem to have worked and also I can't see anywhere in the OEMConfig file to set Power / Sleep options. Does anyone have the correct working settings for these 2 things? Info appreciated. SK19Views0likes0CommentsInvalid profile
Hi all, I have tried to enrol a device to intune using configurator into apple school manager which works find then gets passed into intune however when I assign a profile (existing or new) it fails. When pressing the enrol button on the ipad it says "invaild profile" I cant go no further all I can do is release from org then try again but I have tried multpile times no luck any ideas?60Views0likes1CommentAuth flow between custom iOS app with Intune SDK and Microsoft edge
We have custom iOS app which is integrated with Intune MAM SDK. We are using Microsoft Edge and managing it by applying Intune protection policies. In our's custom app, the authentication flow launches Microsoft Edge and after authentication completion users are redirected back to the custom app using deep links. We can see the Microsoft Edge browser prompts the user to redirect to our's custom app. But after Allowing it, it fails to redirect with some error Something wrong happened. We have applied same Intune MAM protection policy to both custom app and Microsoft Edge where we setting policy as below: Send org data to other apps: Policy managed apps with Open-In/Share filtering and Receive data from other apps: Policy managed apps So, this flow is expected to work. Is it some bug with Microsoft Edge flow due to which it is not able to launch the custom app ? Note: Authentication flow works without protection policies with other browsers like chrome. It also works when we have Send org data to other apps and Receive data from other apps set to All Apps. But as this is not recommended security policy, we are trying to figure out what is going wrong.29Views0likes0CommentsIntune MAM - Restrict Application Access to Specific Biometric Profiles
We want our employees to be able to restrict access to company apps on private devices to only specific biometric profiles on the devices. If needed: Are you working together with Apple to make this possible? (e.g. via tiered device control levels / admin password in iOS)40Views1like0CommentsProblems with proxy intune
hello everybody I am having trouble understanding the releases that should be made on my firewall. I'm using https://docs.microsoft.com/en-us/intune/fundamentals/intune-endpoints what I don't understand is if I have to configure imbound and outbound ... because the firewall team is giving me questioning the inbound rules. for example from to door Wifi Network portal.manage.microsoft.com 443 But when it's came back I can't just leave my wifi network i need specify one hostname. I don´t know if i need configure the inbound? if it´s need how i configure? Thanks so much3.1KViews1like2CommentsMultiple accounts on one device managed by different companies
I have employees who work for multiple companies and have Microsoft 365 and Intune at each of their companies. They add their work accounts to their personal devices to access Outlook and Teams. When applying App Protection Policies, will the applications have policies relevant to the organization that owns the data have that organization's policies applied to the data? What happens if two work accounts have App Protection Policies applied? Will one take precedence over the other? Searching around seems to indicate this was impossible before Outlook allowed more than one work account. I cannot find an answer where multiple work accounts are now permissible in Outlook and in Teams. Thanks in advance.1.7KViews1like4CommentsIntune support of WearOS
We have an application we have developed for a customer which is WearOS native and does not required a paired phone/tablet to function on a Wi-Fi capable watch/wearable. This customer's corporate team requires that all network devices be managed by Intune. Is there a timeline for Intune natively supporting WearOS management? Thank you Scott97Views0likes2Comments