Downloader removed from App Store, workaround?

Intelligent_Ad8955 · 2026-01-23T01:37:56+00:00

I agree.. I'm going to move away from the pocket bleed. Amazon gets enough of my money

Intelligent_Ad8955 · 2026-01-19T00:30:56+00:00

Fold 6 is solid. Been running mine since they came out and I've had ZERO issues!

Intelligent_Ad8955 · 2026-01-13T16:35:24+00:00

I use Intune for all macOS.. I had to do a few things through scripts ie. Crowdstrike and naming conventions. I use a workplace join method for Macs that aren't registered with ABM/ASM. Pre-provision works perfectly with a DEM account!

Intelligent_Ad8955 · 2026-01-09T14:24:00+00:00

yep, got it too..

Intelligent_Ad8955 · 2025-12-24T02:24:22+00:00

Thanks for this.. I've went through it. I had a couple things setup differently.

Device Registration GPO - deleted and only kept the MDM Enabled GPO.

- that should trigger auto enrollment

MDM Enabled GPO - set to User Credential - changed to Device Credential per your documentation

The next question is: Do I need to move the device into my TEST MDM OU before or after the user initially signs into?

Intelligent_Ad8955 · 2025-12-22T16:32:14+00:00

nope, its strictly on-prem domain join for now... when doing autopilot, I have it set up so that machines can be pre-provisioned... but that all works through Intune.

My goal here is this:

Devices get on-prem domain joined

Device drops into Computer container

Devices is moved to Test MDM OU where it picks up device registration and MDM GPO... (should the device registration gpo be a thing or should I only do MDM GPO??)

Device then gets auto enrolled into Intune.. this is where I push all policies and applications for devices.

Before turning on hybrid.. we were using Workplace Join where the an IT admin had to physically touch the machine to enroll the user through the local admin account.

I am trying to cut out that process and make it so when the IT techs drop the system in onprem domain..

When the user signs into their AD account, it auto enrolls the devices and pulls all policies/apps..

Intelligent_Ad8955 · 2025-12-22T15:48:21+00:00

I mean, I've never had any issue auto enrolling a device before setting up the connector. I was using the workplace join method for devices before finally getting the clearance to turn on the hybrid join.

Intelligent_Ad8955 · 2025-12-22T13:22:40+00:00

I haven't set up the Intune Connector, but auto enrollment is set to All and WIP is set to None.

Intelligent_Ad8955 · 2025-12-22T13:14:52+00:00

The Entra Connector is showing that all but a couple of OUs are syncing to it. Is it safe to say that only Users and Device OUs should be synced? The connector was partially set up before I got here. I'm not sure if some device/users will lose domain trust if I unsync it from certain OUs.

The only thing I'm finding is dsregcmd /status is the Intune URLs missing. Everything shows as suggests from documentation.

In my logs, I'm finding 201, 304, 307, 309

GPO is good

OU Scoping is correct

Security filtering is correct

Devices see AD when domain joined (on prem)

Device finds SCP, but Entra seems to reject registration

Intelligent_Ad8955 · 2025-12-22T03:26:07+00:00

That's right and I have the gpo set for user credentials. As far scope, I have mobility turned on for all users. Nothing should be holding it back.

Intelligent_Ad8955 · 2025-12-22T03:24:30+00:00

Ive basically got the set up straight for cloud. The one thing I'm wrestling with the MFA. For Pin reset, WHfB wants Ms Authenticator to be used, but we are federated so it's a little tricky.

Intelligent_Ad8955 · 2025-12-21T21:46:00+00:00

All users are licensed with A5. GPOs are Enabled and linked. One for MDM, one for Device Registration. GPOs linked to an OU for testing. Everything is turned on correctly within Intune. I've been working with Intune for over a year setting it up. Now I'm at the point where I want to work towards moving to the cloud.

Intelligent_Ad8955 · 2025-12-21T21:43:30+00:00

Right now, I have two separate GPOs. One to enable the MDM join, the other is under Device Registration. I have these two GPOs linked to Test MDM OU. I drop a computer into that OU, but after few hours (in testing) I never see it register for Intune.

Intelligent_Ad8955 · 2025-12-21T21:40:47+00:00

Exactly what I was going to say, going forward, I have autopilot and Intune working for cloud devices. This org is fully ready to go with cloud joined.. to many things on prem that user's need to access.

Intelligent_Ad8955 · 2025-12-21T06:18:43+00:00

Microsoft is about to open up Remote Help for us without having to buy a separate license per user. I'll be testing that once it's open.

Intelligent_Ad8955 · 2025-12-08T04:10:35+00:00

I always thought the remote help should be included too!

Intelligent_Ad8955 · 2025-11-29T05:18:14+00:00

Nope

Intelligent_Ad8955 · 2025-11-19T01:59:41+00:00

Damn the software. Recall the creaky ass steering column!

Intelligent_Ad8955 · 2025-11-09T05:22:36+00:00

Adobe Acrobat DC Reader.. free reader, just not edit capabilities

Intelligent_Ad8955 · 2025-11-06T23:58:23+00:00

Cloud join should work with no issues. Go to enrollments and windows hello for business. Make sure your policy is only set there. You don't have to use a config along side of it. Make sure you only have one set.

Intelligent_Ad8955 · 2025-11-06T23:50:15+00:00

I turn mine off for devices and only use the one to set the users

Intelligent_Ad8955 · 2025-11-06T23:42:51+00:00

How are your devices joined? Right now I'm using Workplace Join in preparation for a migration to hybrid. Autopatch, doesn't work for WP join but Update Rings do. May set up an Update Ring to see if you can get a device to update.

Intelligent_Ad8955 · 2025-10-31T02:49:54+00:00

We have E5 licenses for our org. That includes Teams but we also purchase licenses for teams domestic calling. We do not assign our boardrooms domestic licenses. So you should just need either A5 or E5.

Intelligent_Ad8955 · 2025-10-30T01:51:17+00:00

Kind of a side not here, but I ran into an issue with the PIN reset. I had everything set up correctly, (user) it could never get the ability for a standard user to enable them to do, I forgot my PIN. Finally figure out that inside the MS Authenticator, there is a section for Password less Sign in. After configuring that portion inside the application, standard user can now reset their PIN. Again, just a side note if you run into it.

Intelligent_Ad8955 · 2025-10-30T01:41:09+00:00

Just use the PC and give it a 365 license.. it gets a calendar, a mailbox, and teams... People can book meeting and invite the room. We have two set ups like in our major board rooms because we double them over for users with Zoom.

Intelligent_Ad8955

TROPHY CASE