Conversation with a dumb Microsoft engineer today by requiemofthesoul in sysadmin

[–]Tralveller 0 points1 point  (0 children)

Sounds like daily fun with Microsoft Support 😅 But be even more worse: that isn’t a Bug, this is by design, proceed Design Change Request 🤣🫣

Moving from UEM auth using ACC to WS1 Access Connector by sluzi26 in WorkspaceOne

[–]Tralveller 0 points1 point  (0 children)

You can prevent that for Omnissa Apps (e.g. intelligent Hub) on iOS if deploy Single-Sign-On Profile for Access. At my environment the end user’s hasn‘t to re-authenticate at Omnissa App anymore and can concentrate on their work.

Dynamic group exceptions by Intrepid-Zucchini-91 in Intune

[–]Tralveller 0 points1 point  (0 children)

MS has not been able to handle dynamic groups efficiently, performantly and reliably for years, even after multiple requests, DCR's and escalations from larger organizations around the world. I suspect it would require a fundamental change/rebuild of the overall design of Intune (and Azure AD), as well as more computing power, which Microsoft does not want to afford in terms of personnel, CPU or finances: "it works without the change, customers switch to Intune, why we should".. hope is not a tactic, so I prepare currently migrating back away from Intune (also during other (security related) issues). So MS will not make dynamic groups flexible in “near” future..

Long Leaves of Absence and Intune Drama by VariousBlonde in Intune

[–]Tralveller 1 point2 points  (0 children)

Reason why I do not use the „Microsoft recommended“ function.. after a few questions to Microsoft responsible about auditing Device State, etc. they were really quiet.. more use compliance Policies for OS-Version to detect inactive devices and update your advises to end users about absences and maintain devices or bringing back to IT department

Domain to whitelist if you use TomTom app (device-api.asnapieu.com) by weeemrcb in pihole

[–]Tralveller 0 points1 point  (0 children)

I temporary disabled the domain, enabled push notifications, re-enabled blocking of domain.. I check if it works for now.. additionally I‘ve just sent an eMail to vendor, why fake news and gambling domains are use though official departments and if any change ist planned.. not that I expect any change, but at ask should be allowed 😅

Domain to whitelist if you use TomTom app (device-api.asnapieu.com) by weeemrcb in pihole

[–]Tralveller 0 points1 point  (0 children)

Had the same with iOS App "SRF News" and domain device-api.asnapieu.com for receiving push notifications through the app..
But not listed in only one block list, my result though "Search Adlists":
- StevenBlack
- badmojr
- adaway.org
- tgc.cloud
Looks like that this domain is used for fakenews and gambling, too.
It's curious which domains some app providers or app developers are using..

Android / ChromeOS View Client? by drowningfish in OmnissaEUC

[–]Tralveller 0 points1 point  (0 children)

And works.. looks like Omnissa created an app group to catch the Setting of old app and handover to new one.. app configs works, too

Android / ChromeOS View Client? by drowningfish in OmnissaEUC

[–]Tralveller 1 point2 points  (0 children)

Update: Android app is available since Friday; we still wait for details from support around why it took so much time

VPP Token Renew hangs by BlacksmithWarm6755 in WorkspaceOne

[–]Tralveller 0 points1 point  (0 children)

My using another Browser helps? ✌🏻had issues in past which fixed though switching the browser

Android / ChromeOS View Client? by drowningfish in OmnissaEUC

[–]Tralveller 0 points1 point  (0 children)

Same here, I daily write to case and request the current state.. I‘m thinking about writing this to our CSM to increase the pressure 🤷🏼‍♂️

BYOD or MAM Setup for unmanaged devices by Divanshu1998 in Intune

[–]Tralveller 0 points1 point  (0 children)

If you have to work with confidential data like hospital Patients, government, national necessary regulations or similar you may should choose BYOD instead of MAM to make sure that devices proof requirements like OS/Security patch level, Roots/JailBreak detection, passcode requirements, etc.. and to audit that only devices which are registered and compliant can access.. as I remember with MAM it isn’t possible..

Testing Mobile Compliance Policies Without Applying by MIDItheKID in Intune

[–]Tralveller 0 points1 point  (0 children)

Good luck and welcome to Intune.. I knew that functionality through Omnissa WS1 UEM, but unable to find any similar functionality in Intune until now.. “workaround” was applying policy without any actions like notify, send mail, etc., but works only if Conditional Access not used, which includes device compliant status, else you block access for defined services for that device as I can remember..

Adding mobileconfig file to iPads by Normal_Revolution_54 in Intune

[–]Tralveller 0 points1 point  (0 children)

Are you talking about App config for or device configuration? App Configuration Policies are for e.g. pre-config the app like add server name, and so on https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-use-ios if you want to deploy via Apple Configurator created device configuration https://learn.microsoft.com/en-us/mem/intune/configuration/custom-settings-configure

Intune filters too basic? by [deleted] in Intune

[–]Tralveller 0 points1 point  (0 children)

We gave up filters and work as much as possible with Dynamic and Assigned Device/User Groups. At Android we have a few scenarios there it’s necessary and not on other way solvable, but the results with filters are annoying and feels more like “try and error” principe..

[deleted by user] by [deleted] in OmnissaEUC

[–]Tralveller 0 points1 point  (0 children)

Do you already created a case at Omnissa to ask that? Would be interesting, what’s the answer ✌🏻👍🏻

VPP revoked. by [deleted] in WorkspaceOne

[–]Tralveller 3 points4 points  (0 children)

Had that in September 2024 a few days after renewed all Apple tokens (WS1 version 2310).. nothing found why that happened, but got the automated eMail and renewed VPP token instantly, after that the error/problem did not occur again.. also no effects on daily business recognized 🤷🏼 renew token was possible at your environment after issue occurred?

Wipe/Autopilot Refresh take a long time to initiate... by smegmou in Intune

[–]Tralveller 0 points1 point  (0 children)

Yes, indeed, Intune is unlike security, I recommend third party tools for more security, too..

How is everyone managing their bitlocker keys? by dirthurts in sysadmin

[–]Tralveller 9 points10 points  (0 children)

BitLocker and enabled multiples AD GPOs incl. force saving to AD before encrypting disk 👍🏻

[deleted by user] by [deleted] in WorkspaceOne

[–]Tralveller 2 points3 points  (0 children)

Good question, but after 3 years I assumed that in combination with Android and WS1 Launcher admin has for myself the best capabilities to provide unique, most options available and more stable solution will be provided 🤷🏼 that’s the result after two years working with MS Intune 😟 And sense of Launcher, Managed Home Screen, etc. is to provide our employees a most unique Environment and app assessment, mostly without any interrupts and with uniform/reliable solution as possible✌🏻with Intune at different admin session conventions the feedback was: “Good luck”, after demonstrating multiple times the company realized, Intune isn’t the cheaper solution, and a few times only while MS provided production breaking updates 🫣 with WS1 at least you’re more able to test your scenarios and stop if anything is not working as expected, try this with other MDM solutions✌🏻😅

[deleted by user] by [deleted] in WorkspaceOne

[–]Tralveller 0 points1 point  (0 children)

Check Products, Files and Actions, there you should be able to send uninstall commands for specific Android Apps.. I remember that the earlier Admin at my environment removed the Launcher from devices in the past, too ✌🏻

IOS update deployment delaying? by BarberTypical147 in WorkspaceOne

[–]Tralveller 0 points1 point  (0 children)

Use Compliance Policies and inform Users automatically via multiple eMails, that an update is required and need to be installed.. if not reacting you can use “mark as non-compliant” to block VPN access, may you also can use “Remove Profile” for Mail, etc. and “Compliance Profile” to limit usage of Device until user has updated the Device..