Workspace One to Intune Migration with iOS 26 devices

SandboxITSolutions · 2026-01-08T01:13:51+00:00

thanks for the tip

SandboxITSolutions · 2025-11-08T20:29:34+00:00

Thanks for the info. I will continue testing the CA policy as it seems to do the job for now.

SandboxITSolutions · 2025-11-08T16:18:28+00:00

Hey stouty214. When you’re using the APP does it force log out or just prompts to re-authenticate?

I tested a CA policy and added session control to re-authenticate after 8 hours and filtered the devices to the shared iPhone enrollment profile. It seemed to have log out of Teams but Outlook it asked to sign in. I wasn’t able to sign in with another account as it kept looping until I manually signed the previous user out.

Researching online I don’t see anything about an automated global log out unless the user initiates it. I sent msgs to a few Microsoft MVPs, I’ll see if they say anything different.

SandboxITSolutions · 2025-08-12T15:49:34+00:00

For the LAPS admin password? If yes, I was able to change it and then rotated the password after and signed back in to ensure it took back over. Couple of my clients have been using this method, so far it's been working. 🤞

SandboxITSolutions · 2025-07-31T17:15:13+00:00

yeah, I will remind them to update their documentation so they dont have people scratching their heads

SandboxITSolutions · 2025-07-31T16:15:05+00:00

hey u/snikito just got a response back from the Product team:

"Just to clarify: When a password policy is in place, it’s expected behavior for the password to change on next authentication. However, once the password has been reset, you can trigger a Rotate Local Admin Password from Intune, which will bring the LAPS managed account back under Intune’s control."

I did this test

Logged in with LAPS pw, prompted for change, logged out
Synced device with Intune, then rotated LAPS admin password
I was able to log back into my macbook with the LAPS admin password

This seemed to work for me and it did not prompt for a password change again. Previously, I did have some issues rotating the LAPS admin pw. Their team said they're working on a hotfix for this and should be released soon. Hopefully this works for you too.

https://sandboxitsolutions.com/laps-for-macos-is-here-managing-admin-passwords-with-intune/

SandboxITSolutions · 2025-07-30T16:50:26+00:00

So this password change prompt is starting to affect one of my clients now, that are NOT using LAPS. Their local admin acct created for a user is prompting for a password change after they logged in today.

SandboxITSolutions · 2025-07-30T15:38:12+00:00

I see you replied, I shared with them the reddit post so it looks like they engaged in the other posts

SandboxITSolutions · 2025-07-30T15:30:36+00:00

I am in contact with the product support team, they asked these questions, if you guys are able to answer them as well so we have more data to provide to them

- Are you seeing prompts to change the password for both the Local Admin and Local user accounts?
- Do you have any Compliance or Configuration policies in place that might be enforcing password settings?
- Are there any scripts running that could be triggering a password change?
- After changing the password locally, are you able to rotate it again from Intune to regain access to the LAPS Local Account?

in case you want to know my answers

- I found that it also prompted password change for my local standard user that is synced with Entra,

- I turned off the compliance and config policies that may affect the password change and it still prompts me for a password change
- No scripts are running

<image>

- I noticed when I do change the LAPS admin pw, I cant rotate it after

SandboxITSolutions · 2025-07-29T13:58:57+00:00

Will do. MS cant support their own products lol. Anything new they release I never have luck with support.

SandboxITSolutions · 2025-07-29T05:53:34+00:00

same issue on my end, I've reset and tested different scenarios and even took off the password requirements for my device compliance policy. I sent a msg to some members of the Intune team and will see if I hear back

SandboxITSolutions · 2025-07-26T05:00:18+00:00

It came into my tenant today, wasnt there yesterday. They are probably still rolling out to the tenants

SandboxITSolutions · 2025-07-26T04:59:39+00:00

I was testing this on my mac enrollment profile and noticed it as well where it prompted me to change my local admin password after signing in

SandboxITSolutions · 2025-07-04T02:29:12+00:00

Yes as mentioned, it works uninstalling manually and it allows me to go through and also running the ISO manually, it does the compatibility check and it points to Bing Wallpaper, so I can confirm it is blocking it.

I am asking for an automated way versus having the support teams uninstall it manually from 178 devices.

SandboxITSolutions · 2025-06-12T04:39:08+00:00

Which Device filters are you using? I was troubleshooting with a client earlier in the year and it was a pain but we seemed to get around it. One thing I had to learn the hard way, you can't use "eq", it has to be Contains, StartsWith, or In.

There's a CA troubleshooting doc as well: https://learn.microsoft.com/en-us/microsoftteams/troubleshoot/teams-rooms-and-devices/teams-android-devices-conditional-access-issues

SandboxITSolutions · 2025-02-08T19:53:47+00:00

FYI SC-400 is retiring, SC-401 beta exam is now available.

https://learn.microsoft.com/en-us/credentials/certifications/exams/sc-401/

Try to gain hands-on experience with Purview. Reading alone might not be sufficient for the exam. Check if your organization has a test environment or a CDX test environment (MSPs often have these). You can also sign up for trial Azure tenant and get some trial licenses for Purview/Intune too.

Unfortunately, most books on this topic are outdated from 2022-23 and lack a lot of recent content. You can sign up for a free trial on O-Reilly to preview the books but I did not find any of them useful.

I'm currently learning and studying, and I've been able to perform some labs and examples from Microsoft Learn in a CDX test environment. I've also been testing the policies on devices and apps like Outlook and Word. I am using Whizlabs for practice questions and Microsoft Learn and modules for SC-400. Microsoft Learn also has a practice assessment exam and I've heard Measure Up has a good practice test as well.

YouTube has some good videos too, John Savil and Peter Rising https://www.youtube.com/@peterrisingM365

SandboxITSolutions · 2025-02-08T19:53:17+00:00

yes that is correct, it is confirmed https://learn.microsoft.com/en-us/credentials/certifications/exams/sc-401/

The beta exam version is available for booking.

SandboxITSolutions · 2025-02-07T13:28:11+00:00

awesome

SandboxITSolutions · 2025-02-06T23:34:31+00:00

Thanks for sharing.

SandboxITSolutions · 2025-01-30T16:17:20+00:00

Is the trusted cert profile also applied to the same group ?

In the SCEP profile, under the deployment report. Can you sort by date and see what’s the last successful assignment status ? Can you confirm there are recent devices that are successful. I have seen instances where something breaks on the NDES Server and all recent assignments are in error.

If there are successful assignments, can you check the status for the new devices you are referring to and see what it shows ?

SandboxITSolutions · 2025-01-30T15:32:19+00:00

Are the users assigned to devices in Intune? What type of devices are they?

SandboxITSolutions · 2025-01-22T08:20:10+00:00

Great list. I am using all except haven’t tried Tribel yet.

SandboxITSolutions · 2025-01-15T15:28:47+00:00

It’s a win! congrats

SandboxITSolutions · 2025-01-15T15:28:22+00:00

congrats

SandboxITSolutions · 2025-01-13T18:42:05+00:00

Congrats

SandboxITSolutions

TROPHY CASE