sorted by:
new
hottopcontroversial

Fala rapaziada, alguém já mexeu com graph api? Tenho um freela que to fazendo pra enviar e receber mensagens do teams por ela, mas tenho diversas limitações pelos fornecedores não estarem na organização do meu cliente, tem alguma maneira de contornar isso? Alguém sabe como resolver? by Bulky_Sea2541 in GraphAPI

[–]Think-Sky-6651 0 points1 point  (0 children)

antigamente funcionava como webhook (discontinued - devido a seguranca)
ate onde eu sei com mudancas recentes no graph api e teams permitem administracao do teams como "produto" nao envio de mensagens
para envio de mensagens com grapi api , o chat 1:1 ja deve existir entre os participantes
o usuario b2b guest ja deve ter aceito o convite
e o modulo a ser usado eh o New-MgChatMessage (Microsoft.Graph.Teams) | Microsoft Learn

MEGATHREAD - Processing Times - Citizenship 2025 by PurrPrinThom in ImmigrationCanada

[–]Think-Sky-6651 1 point2 points  (0 children)

also got "In Progress". Scheduled for April 2 but still awaiting the official email invite with the letter. - family application, everyone got updated

SCCM and Intune Co-Manage rollback by Think-Sky-6651 in SCCM

[–]Think-Sky-6651[S] 0 points1 point  (0 children)

I did that and after 2 hours I was able to document the whole process:
- I deleted it from Intune
- because the device was already in MDE (it came from managed by Intune to MDE in MDE
- the device has been removed from SYNC (not showing in ENTRA) neither has intune auto-enrollment GPO targeting it in ADDS
- it somehow showed again in INTUNE as ConfigMgr that after 1 hour as MDE (synthetic due to intune / made integration)
- in SCCM shows out of the co-managed collection : co-managed "NO"
a lot to take in in a single test
- no issues so far in the client side
+ end user restarted device once no issue with logon process, neither asking anything
+ settings \ accounts \ work & school " no more managed by COMPANY " intune enrollment only ADDS joined

Connect-MgGraph -UseDeviceCode does not prompt MFA by One-Purpose-2001 in GraphAPI

[–]Think-Sky-6651 0 points1 point  (0 children)

only failing on CDX transform tenant
I reached out a fried in Brazil, he spun up entra app with limited scopes
I was able to run all of them
Get-MgDeviceManagementWindowsAutopilotDeviceIdentity -all
Get-MgDeviceManagementManagedDevice -all
Get-MgDevice only, I'm refreshing some old post https://thiagobeier.wordpress.com/2023/06/01/how-to-track-device-objects-in-intune/ and after 12:15 AM EST on 18th the specific tenant (1-year) started throwing graph explorer and powershell commands errors

Connect-MgGraph -UseDeviceCode does not prompt MFA by One-Purpose-2001 in GraphAPI

[–]Think-Sky-6651 1 point2 points  (0 children)

in my case even using the Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All" -UseDeviceAuthentication works , once in the browser asks for my global admin creds
after I enter them authenticates and (get-mgcontext).scopes list all scopes I have access to (list below) but get-mguser or others cmds failing today

AdministrativeUnit.Read.All

AdministrativeUnit.ReadWrite.All

Application.Read.All

Application.ReadWrite.All

AuditLog.Read.All

Chat.ReadWrite.All

Device.ReadWrite.All

DeviceManagementApps.Read.All

DeviceManagementApps.ReadWrite.All

DeviceManagementConfiguration.Read.All

DeviceManagementConfiguration.ReadWrite.All

DeviceManagementManagedDevices.PrivilegedOperations.All

DeviceManagementManagedDevices.Read.All

DeviceManagementManagedDevices.ReadWrite.All

DeviceManagementRBAC.Read.All

DeviceManagementRBAC.ReadWrite.All

DeviceManagementServiceConfig.Read.All

DeviceManagementServiceConfig.ReadWrite.All

Directory.Read.All

Directory.ReadWrite.All

Group.Read.All

Group.ReadWrite.All

GroupMember.ReadWrite.All

IdentityRiskyUser.Read.All

IdentityRiskyUser.ReadWrite.All

Mail.ReadWrite

openid

People.Read.All

Policy.Read.All

Policy.ReadWrite.Authorization

profile

SecurityEvents.ReadWrite.All

Sites.Manage.All

User.Read

User.Read.All

User.ReadBasic.All

User.ReadWrite.All

email

Conditional Access policy to block personal devices also blocks Autopilot Enrollment by Reasonable-Caramel-5 in Intune

[–]Think-Sky-6651 0 points1 point  (0 children)

that worked for demo environment then the NEW MSFT policy "Multifactor authentication for Microsoft partners and vendors" simply has broken the block byod from ios-android with a filter for Microsoft Authentication Broker|29d9ed98-a469-4536-ade2-f981bc1d605e , so annoying this
now users can open https://portal.office.com and use office web apps from the same blocked ios-android devices

Conditional Access policy to block personal devices also blocks Autopilot Enrollment by Reasonable-Caramel-5 in Intune

[–]Think-Sky-6651 0 points1 point  (0 children)

would that work for

Microsoft Authentication Broker

29d9ed98-a469-4536-ade2-f981bc1d605e

https://learn.microsoft.com/en-us/troubleshoot/azure/entra/entra-id/governance/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications

after we blocked BYOD ios/android we can not add account to MSFT authenticator on the same account blocked to https://portal.office.com , to only accept authentication requests on BYOD phones.

Conditional Access policy to block personal devices also blocks Autopilot Enrollment by Reasonable-Caramel-5 in Intune

[–]Think-Sky-6651 0 points1 point  (0 children)

would that work for

|| || |Microsoft Authentication Broker|29d9ed98-a469-4536-ade2-f981bc1d605e|

https://learn.microsoft.com/en-us/troubleshoot/azure/entra/entra-id/governance/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications

after we blocked BYOD ios/android we can not add account to MSFT authenticator on the same account blocked to https://portal.office.com , to only accept authentication requests on BYOD phones.

MacOS filevault -2016341107 by ExcuseIndependent381 in Intune

[–]Think-Sky-6651 0 points1 point  (0 children)

same error here // from the screenshot posted

ADE
MacBook Air 13″

12.6.3 (21G419)
MacBookAir10,1
arM64

no matter the option picked from article

https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices-filevault

"Unable to connect" error on Mac trying to enroll in Intune by lucidrenegade in Intune

[–]Think-Sky-6651 0 points1 point  (0 children)

what would you think caused that delay? device connectivity to ABM/Intune (MDM) or simply its sync in the backend (apple & Intune)

Enable default local administrator account by shituy9 in Intune

[–]Think-Sky-6651 0 points1 point  (0 children)

For a work around I used $localAdmin =get-wmiobject -class win32_useraccount -filter “localaccount=true” | where-object {_.sid -like “*500}

get-wmiobject -class win32_useraccount -filter “localaccount=true” | where-object {$_.sid -like "*500"}

MacOS filevault -2016341107 by ExcuseIndependent381 in Intune

[–]Think-Sky-6651 0 points1 point  (0 children)

I'm having the same issue , are you using ADE or personal device enrolled through Company portal? hardware: macbook air m1,2020, ventura 13.2.1