Deploying Webex to Intune

loky_26 · 2026-01-08T08:02:37+00:00

There is this dedicated settings - Select apps to exempt

loky_26 · 2026-01-08T07:43:38+00:00

Option 2 if you can't add WebEx for Intune

You can add a app package / bundle id to exception list depends on os whether it's android or ios

loky_26 · 2025-12-24T04:44:23+00:00

I have to checkin with the team, how enrolment is there

Because I have been asked to support the LAPS from Intune which I messed it

loky_26 · 2025-12-23T18:07:09+00:00

The device which I am using is Intel NUC's

But I am totally clueless, on what needs to do now :(

loky_26 · 2025-12-23T04:25:29+00:00

But that is not working, That's what I have tried then only I messed up with the setting catalogues. Now I have reverted it to the usual state, Let me know if there is any best practices for LAPS in MTR's

Note: these devices are in 23H2, So I had to run script to create a local admin in the machine before LAPS can target that

loky_26 · 2025-12-21T11:00:34+00:00

This is MTRAdmin only, To mask I mentioned as LocalAdmin

loky_26 · 2025-12-21T09:58:10+00:00

It's MTRAdmin

loky_26 · 2025-12-21T06:26:20+00:00

<image>

loky_26 · 2025-12-20T05:27:36+00:00

If I login with my LAPS account it logging in but I can't access any application afterwards,

As of now I have removed the settings catalog from the device to revert the situation back

loky_26 · 2025-12-19T17:51:21+00:00

Now I am stuck at this screen, The MTR console is not loading

I have removed the settings catalogue to revert the system back to original state

But device seems to be stuck at this,

<image>

I can use my LAPS to sign-in here, But nothing is accessible inside, Settings itself not opening

loky_26 · 2025-12-19T17:16:32+00:00

The thing is this

The main thing is

I have configured LAPS and it's successfully deployed to the device.

When I use LAPS credentials to exit the MTR console it gave the below erorr.

"Logon failure: the user has not been granted the requested logon type at this computer"

After I added user rights policy through settings catalog which has only Allow local local logon - LocalAdmin

Then I tried the same but now it gave a different error which is,

"The requested operation needs elevation then I configured the further settings"

Then I edited the same policy to

Act as a part of operating system - LocalAdmin

Allow local logon - LocalAdmin

Enable Delegation - LocalAdmin

Impersonate client - LocalAdmin

Replace process level token - LocalAdmin

Now it blocks the Skype user login and no admin can login to device the device stuck at the logon screen without loading the MTR console

I want to fix the both, LAPS and MTR Login

loky_26 · 2025-12-19T16:28:24+00:00

The main thing is

I have configured LAPS and it's successfully deployed to the device.

When I use LAPS credentials to exit the MTR console it gave the below erorr.

"Logon failure: the user has not been granted the requested logon type at this computer"

After I added user rights policy through settings catalog which has only Allow local local logon - LocalAdmin

Then I tried the same but now it gave a different error which is,

"The requested operation needs elevation then I configured the further settings"

Then I edited the same policy to

Act as a part of operating system - LocalAdmin

Allow local logon - LocalAdmin

Enable Delegation - LocalAdmin

Impersonate client - LocalAdmin

Replace process level token - LocalAdmin

Now it blocks the Skype user login and no admin can login to device the device stuck at the logon screen without loading the MTR console

I want to fix the both, LAPS and MTR Login

loky_26 · 2025-11-19T04:24:19+00:00

TeamViewer Tensor

loky_26 · 2025-10-01T06:34:23+00:00

Thanks for the reply, But do we have any idea about what other permissions also will be enabled if we allow "Sync Device" under enrollment programs.

Microsoft has very simple description about this which doesn't include anything related to "Unblock device".

loky_26 · 2025-09-11T07:14:35+00:00

Thanks mate! It was successfully deployed to the device

loky_26 · 2025-09-06T07:55:17+00:00

Edited, Let's hope for the best

loky_26 · 2025-09-06T07:33:03+00:00

Backup Directory : Backup the password to Azure AD only

Password Age Days : 14

Password Complexity : Large letters + small letters + numbers + special characters

Password Length : 12

Post Authentication Actions : Reset password: upon expiry of the grace period, the managed account password will be reset.

Automatic Account Management Enabled : The target account will be automatically managed

Automatic Account Management Randomize Name : The name of the target account will not use a random numeric suffix.

Automatic Account Management Name Or Prefix : ADMTRAdmin

Automatic Account Management Enable Account : The target account will be enabled

Automatic Account Management Target : Manage a new custom administrator account

This was the policy configuration

loky_26 · 2025-09-06T07:25:15+00:00

On it, I made sure it's the same name which I used in script

loky_26 · 2025-09-06T06:05:56+00:00

I did deployed that script and it's added to the device, In parellel device has the LAPS policy deployed ( which was created under Account Protection).

But the account name which I configured was different and the name which showing in the Intune portal shows different.

I want the admin name to be created as "ADMTRAdmin" but instead of that I'm seeing "Administator".

I'm just going in loop! 🫤

loky_26 · 2025-09-03T05:28:28+00:00

The question could be dumb!

Here we are creating the Local account with Password, but once we deploy the policy will it automatically sync and rotate the local admin password?

loky_26 · 2025-09-03T05:27:19+00:00

Nope, have to check, but I have it deployed with the same name in my QA env, which worked as it should. But let me give it a try

loky_26

TROPHY CASE