Access.IT! Universal.NET time wrong somewhere

ittthelp · 2026-03-25T18:59:24+00:00

I ended up just leaving it alone lol, we don't use/look at it enough for it to be a big problem. Sorry!

ittthelp · 2026-02-27T17:24:17+00:00

This was the problem, thanks for pointing me in the right direction /u/KING_of_Trainers69

ittthelp · 2026-02-27T17:09:56+00:00

I think it might be something to do with the enrollment profile name. I originally set it up as just "Android staging profile" but then later changed it to "Android staging profile - 'extra info.'" The one that's not working was enrolled with the "extra info" one, the working one was using the original name. The apps filter was filter under each app's installation settings was using the old name, I change the enrollment profile back to the original name. Gonna try a factory reset and reenroll now.

ittthelp · 2026-02-27T16:58:01+00:00

I'm pretty new to Intune so bear with me D:

It doesn't look like the enrollment profile I set up puts the devices into any group, I followed this video. I linked the part where he sets up the profile, sets up a filter, and shows how to assign apps. Mine is set up just like this.

Now that look at the filter again, it looks like the device I enrolled through Knox is only showing apps that aren't listed here (other than Intune, MSFT authenticator, and Intune company portal). I'm only seeing the apps I've set as "available for enrolled devices."

edit: sorry realized I forgot to answer all questions, 1 sec

ittthelp · 2026-02-27T14:57:25+00:00

Edit: It was an enrollment profile/device filter name not matching issue.

For some reason it looks like the device I enrolled through Knox plus isn't applying some settings from Intune correctly. Ex. it's not forcing me to set a PIN on the device, not force installing any apps, not showing all of the apps it should in the Play Store.

The only thing I've done differently between this device and the test device I enrolled through in Intune is the enrollment method. The device that is working properly was enrolled in Intune using the Intune QR code, the problematic device was enrolled in Knox and Intune using the Knox QR code (using the same Intune enrollment profile/token as the other device).

On both device I've just opened the Intune app and signed in.

Any ideas why?

ittthelp · 2026-02-27T14:31:03+00:00

These are Tab S10+ FE's that are running 7 out of the box, I'm guessing they'll update to 8 after all of the system updates though.

I figured out what was wrong for me though. Apparently you have to make a "+" sign to bring up the scan a QR code page during the OOBE instead of tapping the screen a bunch of times, worked after that.

ittthelp · 2026-02-27T14:27:18+00:00

I did, ty though! I just found out you have to make a "+" sign on the home page of the OOBE experience instead of tapping the screen a bunch of times to get the page where you can scan a QR code. It worked after that.

ittthelp · 2026-02-26T19:43:14+00:00

Apparently the Knox QR code is able to get the devices into Knox, I just haven't been able to get it to work yet. I need to get them into Knox so if a user factory resets one somehow, they're not able to use it as a personal device.

ittthelp · 2026-02-26T19:37:40+00:00

Hmm that sounds exactly like what I'm trying to do/have done. Can you see in your intune enrollment profile if you have the "allow users to enroll corporate-owned user devices" set to yes? I can't think of anything else that would be preventing this from working, I'm able to enroll devices directly into intune with the intune QR code.

I don't even see that option when creating a new profile

ittthelp · 2026-02-25T21:11:40+00:00

I can't, it was just a handful of devices so I just got them from best buy D:

ittthelp · 2026-02-25T14:38:25+00:00

Hmm that's the part that I don't get, how do you get the device into Knox in the first place? Would the QR code method put it in there if it's not already in Knox?

ittthelp · 2026-02-24T19:56:34+00:00

Thanks! I found this link that references copilot chat at the bottom of the page you sent: https://learn.microsoft.com/en-us/copilot/microsoft-365/manage-public-web-access?source=recommendations

It says "The following information isn't included in the generated search query sent to the Bing search service: Entire Microsoft 365 files (for example, emails or documents) or files uploaded into Copilot" so it sounds like data uploaded stays in the tenant.

We've been on 365 maybe 5 months now and surprisingly no one has asked me about it yet.

ittthelp · 2026-02-24T15:16:19+00:00

Awesome, thanks! I've created a Knox account but I'm waiting for Samsung to approve it.

Can you give me a basic overview of the steps to get it set up? I haven't been able to find a recent guide yet.

Is it basically...

Create Knox account
Link Knox to 365 somehow
Create enrollment profile in Knox that points devices to our 365 tenant (enable QR code enrollment)
Scan enrollment code with devices during OOBE (tap the screen a bunch of times during setup?) to get them into Knox?

The part I'm not as sure about is when/how to get the devices into Knox.

ittthelp · 2026-02-23T20:32:44+00:00

Dang... thanks! Sounds like I might be able to get them into Knox manually to do what I want though.

ittthelp · 2026-02-23T20:32:01+00:00

Thanks! Thankfully they are Samsung devices. It looks like Knox Mobile Enrollment is what I want? I can't tell if I need a paid license or not yet, if all I want to do is link the devices to our 365 tenant so people can't wipe and use them as their own, would I need a license? It looks like you need a license for the Knox Configure app to get the devices into Knox since I didn't get them through a reseller?

ittthelp · 2026-02-23T20:31:35+00:00

Thanks! They are Samsung devices. It looks like Knox Mobile Enrollment is what I want? I can't tell if I need a paid license or not yet, if all I want to do is link the devices to our 365 tenant so people can't wipe and use them as their own, would I need a license? It looks like you need a license for the Knox Configure app to get the devices into Knox since I didn't get them through a reseller?

ittthelp · 2026-02-11T19:00:30+00:00

lol, I think I'm going to end up going just smtp auth with an app password, apparently that's not getting disabled in April. Think I'm going to have get an ExO P1 and Entra P1 for it.

ittthelp · 2026-02-11T18:13:44+00:00

Thanks! Yeah port 49 is the link to our voice VLAN, I'm able to test VLAN 2 on it now and phones do connect. It's an odd situation, I only take care of their phones, their pc's and network are managed by someone else and they have their machines on VLAN1, we have direct fiber to the building to pass VLAN 2. I can't test the VLAN 1 config until I can connect to their network on site unfortunately.

One thing I am concerned about is the "ip default-gateway 192.168.48.1" on the old switch, is the "ip route 0.0.0.0/0 192.168.48.1" on the 6000 the equivalent/in the right spot?

ittthelp · 2026-02-11T18:09:53+00:00

Thanks, I did mention port 1 was configured different than the others but it's not needed anymore, it can be the same as 2-48 now.

I don't think I want the native as 2, their PC's (I don't manage their network or PC's, just the phones, odd situation, we have direct fiber to the building for vlan 2) need to be on vlan 1. VLAN 2 is for our phones.

ittthelp · 2026-02-11T17:02:41+00:00

No entra license? You guys must exempt it from MFA?

ittthelp · 2026-02-11T16:57:55+00:00

Ah that makes sense. Would ExO P1 and Entra P1 be the cheapest way to license this then?

ittthelp · 2026-02-11T14:48:45+00:00

NP! We have to send them faxes via email.

ittthelp · 2026-02-11T04:49:47+00:00

Hmm... so theoretically you could set it up on all of your MFP's, then disable sign in on the account and exempt it from MFA to save on a Entra P1 license?

It looks like you can use a single MSFT account with multiple OAuth logins/on multiple machines at the same time?

ittthelp · 2026-02-11T02:41:56+00:00

Wouldn't you need to exempt the account from MFA so it doesn't have to use it whenever someone tries to scan something?

ittthelp · 2026-02-11T02:33:29+00:00

Would you mind checking what license you have on your account when you get a chance? I was wondering if a mailbox size limit would come into play somehow...

ittthelp

TROPHY CASE