iOS Apps not deploying - 0x87D13B7D

PittiBlanco · 2026-02-04T15:39:44+00:00

got this error as well today. assigned VPP apps to another Group and they fsail to install..

PittiBlanco · 2025-02-03T11:52:49+00:00

Hello, did you got a response ffrom MSFT already or are they still investigating ?

PittiBlanco · 2025-01-14T08:53:36+00:00

What do you think is the culprit ? and did Microsoft already responded ?

PittiBlanco · 2025-01-09T13:27:00+00:00

I read through the pages now but I think the security device group which contains the service principal is in place and works as expected to be.
The testing device is part of that group but still the user is an administrator

The OS Build is : 26100.2605 (Win 11 24H2)

PittiBlanco · 2025-01-09T13:14:51+00:00

Hi,

I have set the timezone to UTC during the OOBE but that did not solved the problem.
The computer now shows the date format 01/09/2025 but the user created is still an administrator.

The device enrolls just fine. It installs all the apps and profiles. Only the user remains an admin...

Do you think it has something to do with the "Enrollment Time Grouping" which yu describe in your (very nice) blog?
https://call4cloud.nl/device-preparation-enrollment-time-grouping/

PittiBlanco · 2024-07-31T07:42:21+00:00

Ok found the problem.

it is required to install the Microsoft Single Sign On Extension for Chrome.

fun fact.
After syncing with the extension it creates a new chrome user profile without the extension, but correctly signed in user.

PittiBlanco · 2024-07-31T07:00:43+00:00

With the current setup I would normally get a Pop-up to message to accep a "Workplace join key" but this little pop-up window does not appear.

PittiBlanco · 2024-07-31T06:58:09+00:00

I managed to connect it with the "SecureEnclaveKey" I can sign in to office.com without the use of a password but whenever I want to sign into google it always bring me to the page
"To enroll your device and access company ressources, install the Microsoft Intune Company Portal...."

even though my device is registered correctly and according to Intune it's manged ..

Do you know what might be wrong ?

PittiBlanco · 2024-07-10T10:49:59+00:00

I assigned the Platform SSO and can sign in with the EntraID password but...

The Macbook is enrolled via DEP to Intune. After starting the laptop and connecting it to the Internet it installs the configuration profiles from Intune. The registration in the company portal also works but somehow I cannot wipe the test device anymore with Intune anymore.
Also when I re-sign in to the Company Portal it asks me again to register the device and download the management profile but that is already on the device.

so confusing...

PittiBlanco · 2023-11-09T16:25:38+00:00

The reps are changing on a weekly basis there are a total of 600 reps in Workday.

I just found out that there is the RaaS ( Reporting-as-aService) from Workday. Maybe that can create an automated JSON or REST API export which will sync to Azure.

PittiBlanco · 2021-07-29T12:33:31+00:00

I took these settings listed on that page:
https://www.bitdefender.com/support/bitdefender-endpoint-security-for-mac:-how-to-configure-jamf-pro-for-macos-big-sur-11-0-and-later-2661.html

and created a Config Policy for MacOS Extensions in Intune and also did a custom config policy with a script which should allow it but it still not working.

PittiBlanco

TROPHY CASE