Home it support microsoft intune software updates troubleshooting

Microsoft Intune: Stay Ahead with the Latest Known Issues & Solutions

Updated: 0 min read
Table of Contents

This page provides details on recent known issues affecting Microsoft Intune users and administrators. It is designed to help you understand current challenges and find potential solutions or workarounds. For a comprehensive view of weekly feature updates and additions to Intune, refer to the “What’s new in Microsoft Intune” documentation. Additionally, the Intune Customer Success blog offers valuable insights, best practices, support tips, tutorials, and an archive of past known issues that may still be relevant. Staying informed through these resources is crucial for managing your Intune environment effectively and ensuring a smooth experience for your users.

Microsoft Intune known issues and solutions

Apps deployed with Configuration Manager take a long time to load on the Windows apps page in Company Portal

  • Status: Active

A notable issue exists within the Company Portal application for Windows devices where applications deployed via Configuration Manager experience significant loading delays. Users may observe that the list of Windows applications takes several seconds, potentially extending up to a few minutes, to fully populate on the dedicated Windows apps page within the portal interface. This delay can negatively impact the user experience, making it slower to find and install necessary applications.

Microsoft is actively aware of this performance issue and is currently engaged in investigations to pinpoint the root cause. The delay is specific to applications managed and deployed through a co-management or integrated scenario involving Configuration Manager and Intune, as seen within the Company Portal application. Further information and updates regarding the progress of the investigation and potential resolution will be shared as they become available.

Administrators managing environments utilizing Configuration Manager for Windows application deployments to Intune-managed devices should be aware of this potential delay. While the applications do eventually load and are deployable, the initial waiting period can be frustrating for end-users. There is currently no known workaround other than waiting for the list to populate.

Azure enterprise applications aren’t displayed in the Company Portal for Windows or the Intune Company Portal website

  • Status: Active

There is a recognized issue where Azure enterprise applications are not appearing as expected within the application lists. This affects both the native Company Portal application for Windows devices and the web-based version of the Intune Company Portal. Normally, these applications, often configured for single sign-on (SSO) access to SaaS applications, would be discoverable and launchable from the portal interface.

The absence of these applications impacts users’ ability to conveniently access their assigned enterprise cloud services directly from the Company Portal. This necessitates alternative methods for accessing these resources, potentially disrupting workflows and diminishing the value of the Company Portal as a central access point. Users may need to rely on direct browser access or other launch methods configured outside of Intune.

Microsoft is actively investigating the underlying cause for this display issue concerning Azure enterprise applications. Efforts are underway to identify why these configured applications are not being correctly synchronized or rendered within the Company Portal user interfaces. Updates will be provided in this article as soon as more concrete information regarding the issue’s cause, potential workarounds, or a timeline for resolution becomes available.

Remediation message doesn’t list all valid builds in Company Portal for Windows 10/11

  • Status: Active
  • Blog Post: Remediation message doesn’t list all valid builds in Company Portal for Windows 10/11

An issue has been identified concerning the compliance remediation messages displayed in the Company Portal for Windows 10 and Windows 11 devices. When an Intune compliance policy is configured with multiple valid operating system build ranges using the “Valid operating system builds” setting, the resulting noncompliance message shown to the user in the Company Portal is incomplete. The message correctly indicates that the OS needs updating but only lists the first defined valid OS build range, omitting any subsequent valid ranges specified in the policy.

This incomplete messaging can cause confusion for end-users, who might believe there is only one acceptable range of Windows versions when, in fact, the administrator has allowed several. While the messaging is flawed, it is important to note that the compliance policy itself is being enforced correctly in the background. Devices with OS builds outside any of the defined valid ranges are correctly marked as noncompliant by Intune.

To bring a noncompliant device into compliance, users must update their device’s operating system to a build version that falls within any of the acceptable ranges defined by the administrator in the Intune compliance policy. Despite the Company Portal’s misleading message, checking the policy configuration in the Intune admin center will reveal all valid build ranges. For more detailed information and context regarding this specific known issue, users and administrators are encouraged to consult the linked article on the Intune Customer Success blog.

A limited number of macOS devices may be unexpectedly unenrolled from the Microsoft Intune service

  • Status: Active

A known issue, previously tracked under Service Health Dashboard incident IT393575, is affecting a small number of macOS devices managed by Microsoft Intune. Occasionally, during the enrollment process or at seemingly random times, a macOS device might fail to maintain its enrollment status or become unexpectedly unenrolled from the Intune service. This issue is attributed to the MDM agent on the macOS device incorrectly handling failures specifically related to MDM certificate installations.

When the MDM agent encounters this specific error condition and does not receive the expected server responses or headers, it is designed to automatically remove its MDM enrollment profile from the device. This self-removal action severs the device’s connection to Intune, effectively unenrolling it without administrative intervention. The consequence of this is that the device is no longer receiving policies, applications, or configuration profiles from Intune, potentially leading to non-compliance or loss of access to corporate resources.

Unfortunately, when a macOS device becomes unenrolled due to this issue, it does not automatically attempt to re-enroll or rectify the situation. The current required action to restore management is for the end-user or an administrator to manually re-enroll the macOS device into Microsoft Intune. Monitoring device compliance reports can help identify devices affected by this unexpected unenrollment event.

Android 12 clipboard data toast notification

  • Status: Active

With the introduction of Android 12, the operating system implemented a new privacy feature that displays a “toast” notification whenever an application accesses data stored on the device’s clipboard. This feature is an OS-level behavior intended to enhance user transparency regarding how applications are utilizing clipboard content. The notification appears regardless of whether the device is managed by an MDM solution like Intune or if the applications are protected by Intune’s app protection policies.

Users utilizing Android devices running version 12 or later, particularly those using the Android Company Portal app version 5.0.5450.0 or newer, may frequently observe these notifications. For example, when copying text from one application and pasting it into a managed application such as Microsoft Outlook, a notification like “Outlook pasted from your clipboard” might briefly appear on the screen. This notification is simply informing the user that the paste action occurred and which application accessed the clipboard.

It is important to understand that this toast notification is a function of the Android 12 operating system itself and does not indicate any malicious or unauthorized access by Microsoft applications or Intune management. Microsoft has confirmed that the clipboard data accessed in these scenarios is never stored locally by Microsoft apps for purposes beyond the immediate paste action, nor is it transmitted to Microsoft services. The notification is purely an OS-level privacy indicator for the user’s awareness.

Android devices lose access to Intune-managed resources after upgrading to Android 12

  • Status: Resolved
  • Blog post: Known Issue: Android devices lose access to Intune-managed resources after upgrading to Android 12

Previously, a known issue affected certain Android devices that were upgraded from Android 11 to Android 12. Following the OS upgrade, users on these devices experienced significant problems accessing Microsoft Intune-managed corporate resources. In some cases, users were even prevented from successfully completing device enrollment into Intune after the upgrade, leaving their devices unmanaged and unable to comply with corporate access policies.

This issue was specifically observed on devices from particular manufacturers, including OPPO, OnePlus, and Realme, when they were enrolled using the Android Enterprise personally-owned work profile management mode. The OS upgrade process on these specific devices and configurations inadvertently disrupted the Intune management or identity state required for resource access and proper enrollment completion.

Microsoft, in collaboration with Google and the affected device manufacturers, worked to address this compatibility issue arising from the Android 12 upgrade on these specific device brands and management types. A fix has since been developed and rolled out. As of the latest updates, devices from OPPO, OnePlus, and Realme utilizing Android Enterprise personally-owned work profiles should no longer encounter issues accessing Intune-managed resources or completing enrollment after upgrading to Android 12. Users are encouraged to install all available Over-The-Air (OTA) operating system updates provided by their device manufacturer to ensure they have the necessary fixes. Checking with Google and device OEM support resources is also recommended as software release schedules can vary.

Several Office settings in settings catalog do not automatically enable the parent setting

  • Status: Active
  • Blog post: Support tip: Several Office settings in settings catalog may need parent settings enabled

A specific behavioral issue has been identified within the Settings Catalog feature in Microsoft Intune, impacting certain Microsoft Office configuration settings. When administrators configure and enable several specific child settings related to Microsoft Office applications within the Settings Catalog, these child settings do not automatically activate or enable their corresponding required parent settings. This behavior deviates from the typical hierarchical structure where enabling a child setting implicitly requires and enables its parent.

The consequence of this issue is that policies containing these specific Office child settings may not be applied correctly or have the intended effect on target devices. The policy processing relies on the parent setting being enabled for the child setting to take effect. If the administrator only configures the child setting, unaware that the parent is not automatically enabled, the configuration will fail to apply as expected, leading to discrepancies in device configuration.

To assist administrators in identifying which settings are affected by this behavior, Microsoft has implemented a user interface change in the Settings Catalog (preview) page. The specific Office settings that do not automatically enable their parents are now marked with “(deprecated)” in their name. While this label might seem confusing, it serves as a visual indicator of this known dependency issue. Administrators configuring these settings must manually locate and enable the corresponding parent setting in addition to the child setting to ensure the policy applies correctly. For a comprehensive list of the affected settings and recommended actions, refer to the detailed blog post on the Intune Customer Success blog.

Android Enterprise device filtering not supported in some reports

  • Status: Active

There is a known limitation affecting granular operating system filtering for corporate-owned Android Enterprise devices within certain Intune reporting capabilities. This issue manifests when attempting to filter devices by specific Android Enterprise management modes during data export or API calls, but not when viewing reports directly within the Microsoft Intune admin center user interface. The filtering works correctly when viewing device lists and reports within the admin center portal.

Specifically, this issue impacts:
1. Exporting the All devices report from the Microsoft Intune admin center.
2. Exporting the DevicesWithInventory and Devices reports using the Microsoft Graph Export API.
3. Making direct native calls to the /deviceManagement/managedDevices API endpoint.

When applying an OS filter for a specific Android Enterprise management mode (such as Android Enterprise (corporate-owned work profile), Android Enterprise dedicated devices, or Android Enterprise fully managed devices) in these affected export/API scenarios, the result incorrectly includes devices from all three corporate-owned Android Enterprise management types. For instance, filtering for “Android Enterprise (corporate-owned work profile)” will still return devices enrolled as dedicated or fully managed, in addition to the intended type. Other filter parameters applied during the export or API call (like ownership, compliance state, etc.) will apply accurately to the resulting dataset.

Until Microsoft releases a fix to correct the filtering behavior in these export and API scenarios, administrators requiring granular reporting on corporate-owned Android Enterprise devices by specific management mode must apply the OS filtering manually after exporting the report data. This can be done by opening the exported file (e.g., CSV) in a spreadsheet program and filtering the data based on the OS or management type column. This manual step is a temporary workaround to achieve the desired filtered results for reporting and automation purposes.

Missing certificates after updating Samsung work profile devices to Android 12

  • Status: Resolved
  • Blog post: Known Issue: Missing certificates after updating Samsung work profile devices to Android 12

Previously, an issue was identified that specifically impacted Samsung devices enrolled into Microsoft Intune using the Android Enterprise work profile management method. Following the upgrade of these devices to the Android 12 operating system, users experienced a problem where certificates required for accessing corporate resources appeared to be missing. This most notably affected access to applications like Gmail and certain VPN clients, such as AnyConnect VPN, which rely on certificate-based authentication for secure connectivity.

The absence or inaccessibility of these certificates after the OS upgrade prevented users from successfully authenticating to corporate services that mandated certificate usage. This could lead to a disruption in productivity and access to essential business tools for users with affected Samsung work profile devices running Android 12. While the devices remained managed, the critical function of certificate-based access was broken.

Microsoft, in collaboration with Samsung, worked to resolve this issue where certificates were not properly maintained or accessible after the Android 12 update on work profile devices. The issue has been addressed, and certificates should now persist correctly across the OS upgrade for Samsung devices enrolled with an Android Enterprise work profile. The associated blog post provides further details about the issue and temporary workarounds that were available before the fix was fully deployed. Ensuring devices have the latest OS and Company Portal updates is recommended.

Long sync times in Intune for Managed Google Play private apps and web apps

  • Status: Resolved
  • Blog post: Known Issue: Long sync times in Intune for Managed Google Play private apps and web apps

Administrators managing Android Enterprise devices via Intune and utilizing Managed Google Play for deploying applications previously encountered a specific delay. When a new private application (also known as a line-of-business or LOB app) or a web application was published to Managed Google Play, there was a significant delay before these newly published apps appeared in the application list within the Microsoft Intune admin center. Even after initiating a manual sync from either the Intune console or the Google Play console, it could take six hours or even longer for the new applications to become visible and deployable in Intune.

This extended synchronization time impacted administrators’ ability to quickly make newly developed or updated internal applications available to their end-users. The delay primarily affected newly published applications. Existing web applications and private apps that were already synced to Intune were not affected by this issue; updates or edits to these pre-existing apps would typically sync much faster. The problem was confined to the initial ingestion of a completely new application entry.

Microsoft identified and addressed the underlying cause of these prolonged synchronization times between Managed Google Play and the Intune service for new private and web applications. The issue has now been resolved. Administrators should experience significantly faster synchronization times, allowing newly published apps to appear in the Intune app list in a much more timely manner, restoring the expected operational efficiency for deploying internal Android applications.

Samsung devices are noncompliant after restart or update

  • Status: Active
  • Blog post: Known Issue: Samsung devices are noncompliant after restart or update

An issue has been observed where Samsung devices provisioned as Android Enterprise fully managed devices, specifically those running Android 11 and later, may report a noncompliant status shortly after a managed update is applied or the device is restarted. Although the device is properly enrolled and configured, its compliance status temporarily changes from compliant to noncompliant. This state can persist for a period after the restart or update completes.

This transient noncompliance status can have significant implications depending on the organization’s security posture and conditional access policies. If conditional access policies are configured to block access to corporate resources based on device compliance, users with these affected Samsung devices might temporarily lose access to essential applications and data immediately following a restart or update until the device reports compliant again. This can lead to user frustration and support calls.

It is important to distinguish this issue from similar problems that previously affected other Android management types. A fix for Android device administrator (DA) managed devices and Android Enterprise personally-owned work profiles on Samsung devices was released in December 2021 (Company Portal Version 5.0.5358.0). However, as of the latest information (noting the blog post date of January 7, 2022), this specific issue of showing noncompliant after restart/update continues to affect Android Enterprise fully managed Samsung devices running Android 11+. Microsoft is aware and working on a resolution for this specific scenario. Workarounds or monitoring strategies are detailed in the linked blog post.

Common issues with Intune policy reports

  • Status: Active
  • Blog post: Support Tip: Known Issues with Intune policy reports

Microsoft is aware of several common issues impacting the accuracy and usability of policy reports within the Microsoft Intune admin center. These issues affect various reports designed to provide visibility into policy assignment status, compliance, and configuration profiles across managed devices. While reports are a critical tool for monitoring and troubleshooting, these known issues can sometimes lead to misinterpretations or require additional effort to verify information.

Specific examples of known reporting inconsistencies include:
1. Multiple records for a single device: A single device might appear multiple times in a report list, cluttering the view and making it difficult to get an accurate count or status summary.
2. Inaccurate “pending” status: Devices may incorrectly display a “pending” status for policy application even when the policy has successfully applied or is in a different state.
3. Inconsistencies between list data and summary charts: The aggregated data presented in summary charts or graphs within a report might not perfectly match the detailed status listed for individual devices in the accompanying table, creating confusion.

Microsoft is actively working on making significant improvements to the Intune reporting infrastructure. These efforts are focused on enhancing performance, improving data accuracy, and introducing new capabilities such as robust search, sorting, filtering, and export functionalities directly within the reporting interface. Until these improvements are fully implemented, administrators should be aware of these potential inconsistencies and may need to cross-reference information or rely on troubleshooting logs for definitive device states. The linked support tip provides detailed information about these reporting issues and outlines the ongoing work.

Users are signed out of managed iOS Office apps

  • Status: Active
  • Blog post: Support Tip: Known Issue occasionally occurring with iOS MAM and Office apps

An issue has been identified that can impact organizations utilizing Microsoft Intune’s app protection policies (APP), also commonly referred to as Mobile Application Management (MAM), to secure and manage their Microsoft Office mobile applications on iOS devices. In affected scenarios, when a user signs out of a single Office application (such as Outlook, Word, or Excel) or is automatically signed out due to inactivity or policy enforcement, they are unexpectedly signed out of all other managed Office mobile applications on that device simultaneously.

This widespread sign-out requires the user to reauthenticate by signing back into one of the Office applications to regain access. Upon signing back in, Intune’s APP policies are reapplied to the session. While this reauthentication step is necessary to ensure policies are enforced before access is granted, in some instances, users might encounter an authentication loop where they are repeatedly prompted to sign in without successfully gaining access to the applications. This loop prevents them from using the managed Office suite on their iOS device.

The issue is intermittent and does not affect all users or all sign-out events. However, when it occurs, it can significantly disrupt user productivity. Microsoft is aware of this behavior and is investigating the root cause of the cascading sign-out and potential authentication loop when using APP with iOS Office apps. The linked support tip blog post provides more detailed information about the issue, its potential triggers, and outlines available workarounds that administrators can implement to mitigate the impact on end-users while a permanent fix is developed.

Known issues with filters in Microsoft Intune

  • Status: Active
  • Blog post: Filters Public Preview - Overview and Known Issues

The filtering feature in Microsoft Intune, which allows administrators to more precisely target policies, applications, and configuration profiles to specific device groups or attributes, has some known issues that administrators should be aware of. While the filters feature transitioned from public preview to general availability (GA) in February 2021, ongoing refinements and edge cases are still being addressed. Understanding these known limitations is crucial for effectively utilizing filters in production deployments.

Filters enable dynamic assignment based on properties like OS version, device manufacturer, or custom attributes, providing more flexibility than static device groups alone. However, like any complex feature, specific scenarios or combinations of filter rules might not behave exactly as expected. These issues are tracked and documented to keep administrators informed.

Microsoft maintains a dedicated resource detailing these known issues, frequently asked questions, and provides links to relevant documentation for the filters feature. Administrators planning to implement or who are currently using filters extensively in their Intune environment should regularly consult the “Filters Public Preview - Overview and Known Issues” blog post. This resource is updated as new issues are discovered, investigated, and resolved, helping administrators navigate potential challenges and apply recommended best practices for filter creation and deployment.

App install lifecycle or app install history status might be inaccurate

  • Status: Engineering actively working on fix
  • Blog post: Known Issue: Status reporting for App install lifecycle and App install history

An issue exists within the troubleshooting and support area of the Microsoft Intune admin center related to application installation status reporting. Specifically, administrators may observe inaccuracies when reviewing application deployment details for individual devices. In the Devices table within the Troubleshooting + support blade, the App install lifecycle column for a device might incorrectly display a status of “Failure,” even if there are no actual problems with the applications installed or targeted on that particular device.

Further investigation into the issue by drilling down into the Managed Apps view for the affected device might show similar discrepancies. When selecting a specific targeted application to view its installation history, the history log could erroneously indicate “Failed to install,” despite the application having successfully installed and functioning correctly on the device. These reporting inconsistencies can make troubleshooting application deployment issues challenging, as the console’s reported status does not reflect the actual state on the device.

This inaccurate reporting appears to occur randomly and does not necessarily indicate a problem with the application deployment mechanism itself, but rather with the status reporting pipeline or display logic within the admin center. Microsoft’s engineering teams are aware of this issue and are actively working on developing a fix to ensure that the reported application installation status and history accurately reflect the true state of applications on the managed devices. Administrators should be cautious when relying solely on these specific status indicators for troubleshooting and may need to verify application installation directly on the device or through other reporting methods until the fix is deployed. The linked blog post provides additional context and details.

Launching protected apps on Samsung A10 with biometric authorization cause the device to crash

  • Status: Active
  • Blog post: Known Issue: Android 10 Samsung A10 Biometric Authentication

A specific compatibility issue has been identified affecting Samsung Galaxy A10 devices running the Android 10 operating system when used in conjunction with Microsoft Intune app protection policies (APP, or MAM). The issue manifests when a user attempts to launch an application that is targeted by Intune APP policies, and the device has biometric authorization (such as face recognition or fingerprint scanning) enabled as a method for accessing protected data or unlocking the application.

In this particular scenario, launching a protected app on an Android 10 Samsung A10 device with biometric authentication enabled leads to an immediate and unexpected crash of the device. The operating system becomes unstable and requires a restart to recover functionality. This makes it impossible for users of these specific devices and configurations to access corporate applications protected by Intune policies using their preferred biometric method.

To prevent this device-crashing issue, Microsoft has proactively implemented a mitigation measure. Biometric authentication has been disabled specifically for affected Android 10 Samsung A10 devices when accessing apps protected by Intune APP policies. Users on these devices will be prompted to use an alternative authentication method, such as a PIN or password, to access their protected applications. This measure ensures application access is possible without triggering the device instability. The linked blog post provides further details on this specific issue and the implemented workaround.

Password reset issues for Intune-enrolled devices with iOS 13+

  • status: Active
  • Blog post: Support Tip: PowerShell Script now available for iOS Passcode Reset Token Known Issue

Microsoft Intune identified a known issue affecting a small percentage (approximately 1%) of devices enrolled in Intune that were running iOS 13 or later versions. The issue stemmed from a bug that prevented these specific devices from correctly returning the necessary token to Intune that is required to perform a remote password reset action. This meant that if a user forgot their device passcode, administrators were unable to remotely clear the passcode using the standard Intune remote action.

Apple addressed the underlying bug in iOS version 13.3.1 and subsequent releases. However, simply updating an already-affected device to 13.3.1 or higher did not retroactively fix the missing token issue for devices enrolled prior to the update. Devices that were already enrolled with iOS 13+ and failed to provide the token would continue to lack this capability even after updating their OS to a version containing the fix.

To restore the password reset functionality for these specific, already-enrolled devices, a more involved remediation step is required. Devices identified as missing the passcode reset token must first be updated to iOS 13.3.1 or a newer version to ensure the OS bug is fixed. Subsequently, the device must be removed from Intune management and then re-enrolled. This re-enrollment process on a patched OS version allows the device to correctly provide the necessary token to Intune. Microsoft provided a PowerShell script to help administrators identify which devices were affected by this issue, facilitating targeted remediation efforts as detailed in the linked support tip blog post.

Profile error enrolling iOS devices with Apple Configurator

  • Status: Active
  • Blog post: Known Issue: Profile error enrolling iOS devices with Apple Configurator

An issue has been identified that affects administrators attempting to enroll iOS devices into Microsoft Intune using Apple Configurator, specifically for the Setup Assistant enrollment method. After preparing the device in Apple Configurator and proceeding through the Setup Assistant on the iOS device, the user is prompted to accept the configuration profile. Upon tapping “Apply configuration” on the device, an error message may appear stating, “Invalid Profile: The configuration for your iPad/iPhone could not be downloaded from [Your Organization Name].”

This specific error message indicates a problem with the enrollment profile itself or the ability of the device to retrieve it correctly from the Intune service during the Setup Assistant process. The root cause identified for this issue is often related to an invalid or incorrectly formatted enrollment URL configured within Apple Configurator or the associated Intune enrollment profile settings. Even a small typo or an outdated URL can prevent the device from downloading the necessary configuration profile to complete the enrollment via Setup Assistant.

To resolve this “Invalid Profile” error when enrolling iOS devices using Apple Configurator with Setup Assistant, administrators must carefully verify the enrollment URL configured in both Apple Configurator and within the corresponding enrollment profile settings in the Microsoft Intune admin center. Ensuring the URL is correct, accessible from the device’s network during setup, and matches the expected format for Intune enrollment is critical. The linked blog post provides more detailed guidance on troubleshooting this issue, including the correct URL format and steps to verify your configuration.

iOS certificate-based authentication issue with Pulse Secure 7.0.0 and Check Point Capsule Connect versions 1.600

  • Status: Active
  • Blog post: Known issue: Certificate-based authentication issue with Pulse Secure 7.0.0 for iOS and Check Point Capsule Connect versions 1.600 for iOS

A known issue exists that impacts certificate-based authentication when using specific versions of two popular VPN client applications on iOS devices: Pulse Secure VPN client version 7.0.0 and Check Point Capsule Connect version 1.600. These versions of the VPN clients may incorrectly report that the required authentication certificate is missing from the iOS device, even in scenarios where Microsoft Intune (or another Enterprise Mobility Management provider) has successfully delivered and installed the certificate onto the device.

The discrepancy between the VPN client’s reported status and the actual presence of the certificate on the device prevents users from successfully establishing a VPN connection using certificate-based authentication. This issue is not unique to Microsoft Intune; other EMM providers leveraging the standard iOS certificate deployment mechanisms would encounter the same problem with these specific VPN client versions. The issue lies within how versions 7.0.0 of Pulse Secure and 1.600 of Check Point Capsule Connect interact with or detect certificates on the iOS keychain after they have been pushed.

This problem significantly impacts organizations relying on certificate-based authentication for secure VPN access from iOS devices using these particular client versions. Users are unable to connect to the corporate network via VPN, hindering their ability to access internal resources. Microsoft’s blog post on this known issue provides more information, including potential workarounds. These workarounds may involve using different authentication methods if available, upgrading the VPN client application to a version where the issue is resolved, or potentially working with the VPN vendor’s support.

“Rename device” setting disabled for Microsoft Entra hybrid joined Windows devices

  • Status: Feature disabled
  • Blog post: Known issue with “Rename device” setting for Windows 10 devices in the Intune console

In the Microsoft Intune admin center, the remote action specifically designated as “Rename device” has been intentionally disabled for Windows devices that are joined to both on-premises Active Directory and Microsoft Entra ID (referred to as Microsoft Entra hybrid joined devices). This proactive measure was taken to prevent a specific class of issues that could arise after the device name was remotely changed via Intune.

Renaming a Microsoft Entra hybrid joined device can sometimes lead to device single sign-on (SSO) errors. This typically occurs when the user changes their password after the device name has been altered, creating a mismatch or delay in the synchronization or recognition of the new device name across Active Directory and Microsoft Entra ID. These SSO errors can disrupt the user’s ability to seamlessly access cloud resources and applications.

To avoid causing these potential SSO issues and provide a more stable experience for users of Microsoft Entra hybrid joined Windows devices, the “Rename device” remote action is no longer available for this specific device state within the Intune console. It is important to note that the ability to rename Windows devices is still available for devices that are solely Microsoft Entra joined, including those that are co-managed by Configuration Manager and Intune. For more detailed technical information regarding this decision and the behavior, administrators can refer to the comprehensive blog post on the Intune Customer Success blog.

iOS/iPadOS or macOS device unenrollment through management profile deletion may not be reflected in Microsoft Intune

  • Status: Active

A known discrepancy exists in the reporting status within the Microsoft Intune admin center when an iOS/iPadOS or macOS device is unenrolled by the end-user manually deleting the management profile directly from the device settings. While the act of removing the management profile successfully severs the device’s connection to Intune and removes it from management, the status update reflecting this unenrollment event may not immediately propagate or be correctly reflected in the Intune console.

Typically, when a device is unenrolled through administrative action or standard procedures, its status in the Microsoft Intune admin center is updated relatively quickly to indicate that it is no longer managed. However, when the unenrollment occurs via manual profile deletion by the user, the Intune service might not register this change promptly. This can lead to a situation where the device appears as still enrolled and managed in the admin center reports and device lists for an extended period.

Administrators should be aware that a device manually unenrolled by a user deleting the profile will cease to receive policies, apps, and configurations immediately upon profile removal. However, the visual representation of this unenrollment in the Microsoft Intune admin center could be delayed. It may take up to 30 days for the device’s status to be automatically updated to reflect the unenrollment through standard device cleanup processes. This delay means administrators cannot rely solely on the console’s status for immediate confirmation of user-initiated unenrollments via profile deletion.

We hope this overview of known issues and their current status is helpful for managing your Microsoft Intune environment. Staying informed about these potential challenges is key to proactive troubleshooting and ensuring a positive experience for your users.

Have you encountered any of these issues? Do you have workarounds or experiences to share? Join the conversation below or visit the Microsoft Tech Community Intune blog for ongoing discussions and updates!

Post a Comment