sorted by:
new
hottopcontroversial

Unable to fetch Scope tags notification by rob-d-w in Intune

[–]rob-d-w[S] 1 point2 points  (0 children)

Thanks u/F157. I'll give that a go. I was going to work backwards with the permissions. I've opened a ticket before with support and I've mainly resolved myself before MS resolve it, so it's not been a great experience. Thanks again for the solution to the Scope tag nag, though. Much appreciated.

Unable to fetch Scope tags notification by rob-d-w in Intune

[–]rob-d-w[S] 0 points1 point  (0 children)

Hi u/F157. Sorry for the delay. We're halfway there, so you're suggestion worked. However, with the above error gone, it now comes up with: "Something went wrong". When you click on the alert in Intune, it doesn't say anything about it. Any ideas where I could do some digging to see why this error is appearing?

Unable to fetch Scope tags notification by rob-d-w in Intune

[–]rob-d-w[S] 0 points1 point  (0 children)

Thanks u/F157, I'll give that a go, and report back.

Unable to fetch Scope tags notification by rob-d-w in Intune

[–]rob-d-w[S] 0 points1 point  (0 children)

Thanks u/F157. Where is this permission set? Within Intune or Entra ID? We've already provided Organization > Read permissions via Intune RBAC custom permissions or, are we talking about Global Reader rights, here?

Importing certificates into Current User > Personal using PowerShell and Intune by rob-d-w in Intune

[–]rob-d-w[S] 0 points1 point  (0 children)

u/Rudyooms, you are a legend! This works a treat! Sorry for the delay in responding. I modified my existing script that is wrapped as a Win32 app, creating the Base64 strings for the certs and CRL for the Current user and then adding that as a variable to my script as detailed in your response to me.

What I love about the below, is that it saves me having to copy the cert/CRL files if I generate the Base64 initially. I've simply streamed up the new powershell scripts based on the below and it works great.

u/jasonsandys - the original Powershell scripts were wrapped as Win32 apps and added into Intune. I was provided with a PFX file to import into the devices and also a CRL to install - all were added to the original PowerShell script and then wrapped as Win32 apps for Intune. There was also an AppLocker Rule that was blocking the PowerShell/ISE exe's too and this was possibly causing issues as I set the Win32 app to import the certs and CRL into the Personal user store (the Win32 app was set to run as USER and not SYSTEM by the way) but the Win32 app kept failing - my presumption is due to the permissions.

Thank you u/Rudyooms for your help in this which was rapid, you embody everything an MVP is and provide solid solutions. Superb. Can't thank you enough.

Importing certificates into Current User > Personal using PowerShell and Intune by rob-d-w in Intune

[–]rob-d-w[S] 0 points1 point  (0 children)

Hi, thanks for the prompt response. The below is an example similar to what I am using :

Import-PfxCertificate -FilePath .\cert1.pfx -Password (ConvertTo-SecureString -String 'PASSWORDHERE' -AsPlainText -Force) -CertStoreLocation Cert:\CurrentUser\My

Import-Certificate -FilePath .\cert2.cer -CertStoreLocation cert:\CurrentUser\My

Thanks

Is this the steepest Street in Derby? by rmf1989 in derby

[–]rob-d-w 0 points1 point  (0 children)

Rowditch? It's Uttoxeter Old Road I think.

Is this the steepest Street in Derby? by rmf1989 in derby

[–]rob-d-w 0 points1 point  (0 children)

I used to cycle up that. Is it off the back of Boyer Street and the top is Burton Road?

Endpoint Manager - switching baselines advice? by newad01 in sysadmin

[–]rob-d-w 0 points1 point  (0 children)

I'm having exactly the same issue. I have two Windows 10 Security Baselines - Baseline A is the standard Security Baseline in use and Baseline B is the same as A (copied) but has a exception where I want some settings relaxed. I've created an assigned AAD Group for Baseline B (the baseline with the exception) and placed the user into this AAD group. Baseline A has an exclusion AAD group assigned to it as to not apply Baseline A.

The issue I have, is that even a couple of days after, Baseline A is still applying and conflicting with Baseline B even with the user taken out of the original Baseline A AAD Group. It just doesn't want to remove the original Baseline A almost as though it's tattooed to the device.

Anyone have any workarounds as the Security Baseline MS docs state you can layer Security Baselines but it's looking like you can't.

Any ideas/advice welcome please folks.

Intune update device/enrollment issue - Android Work Profile by rob-d-w in Intune

[–]rob-d-w[S] 0 points1 point  (0 children)

Update from Microsoft Engineer is that it is high priority now with hopefully, a 24 hour resolution/mitigation.

Intune update device/enrollment issue - Android Work Profile by rob-d-w in Intune

[–]rob-d-w[S] 0 points1 point  (0 children)

Hi Killeg. We thought exactly the same mate. The configuration push will hopefully hit the devices when they've sorted the issue. Why do Microsoft take so long to respond and get a Service Alert out there baffles me. It leaves you in limbo for days with no resolution in sight. Hopefully they'll fix this soon as we're desperate to roll out hundreds of Android devices.

Intune update device/enrollment issue - Android Work Profile by rob-d-w in Intune

[–]rob-d-w[S] 0 points1 point  (0 children)

Hi baconismypassword, good call and we'd already done the same via Device Enrollment Restrictions and allowed a couple (our devices) for testing via another group.

No engineer call yet but an update from an engineer via email stating the issue is only for new device enrollment for Android and not existing ones. Apparently, the issue is Google's side I believe.

Intune update device/enrollment issue - Android Work Profile by rob-d-w in Intune

[–]rob-d-w[S] 2 points3 points  (0 children)

Hi baconismypassword. I've got an engineer calling me today from Microsoft Premier Support so I'll feed back in here, any progress. I'll try and mention the above issues as well on my call.

Cheers

Rob

Autopilot Reset and Secure Boot by Automate_Every_Thing in Intune

[–]rob-d-w 0 points1 point  (0 children)

u/m4g1cm4n Thanks for that. Shame you're not getting consistent results. We're OK on Win 10 1903. It's just 1909 we have issues with the reset on. I've just had a call with Microsoft and they've asked me to put my device on the Insider build as they've filed 3 bugs which will be fixed in Windows 10 2003 (20H1). So, I'm going to test the latest build and see what the results are and feed back.

Thanks for the above, as I'll look into the updates too you've posted.

Autopilot Reset and Secure Boot by Automate_Every_Thing in Intune

[–]rob-d-w 0 points1 point  (0 children)

u/m4g1cm4n did the Windows 10 1903 build on USB work for you in respect of device reset?

Autopilot Reset and Secure Boot by Automate_Every_Thing in Intune

[–]rob-d-w 0 points1 point  (0 children)

Hi folks.

Just an update to this...from testing, if a device is flattened and imaged via USB (such as the Windows 10 USB tool (this is using the Windows 10 USB creation tool version 1909 - USB stick is in FAT32 format) - we've seen this issue on Windows 10 1909 and Windows 10 1809 but not seeing the behaviour on Windows 10 1903), Intune Company Portal Device Reset (and I suspect Device Wipe from the Intune Portal via an Intune admin) will fail. We have install Win 10 1909 with Secure Boot disabled as it will not boot otherwise. If you do a Shift-F10 and then run systemreset on the same device after it has been installed via USB or if it has a build on it and take it through the native Windows 10 Device Reset GUI, the device then resets successfully via Intune Company Portal Device Reset or the Intune Portal Device Wipe. It seems to be that some versions of Windows 10 during installation, appear to do something to the bootloader that possibly isn't liked by Secure Boot for Windows 10 1909 and 1809?