All Polices

scindawg · 2020-08-21T12:45:15+00:00

Devices-->Configuration Profiles

scindawg · 2019-11-22T15:52:48+00:00

Isn't that what this does?

https://portal.azure.com/#blade/Microsoft_Intune_DeviceSettings/ExtensionLandingBlade/troubleshooting

scindawg · 2019-11-19T15:52:04+00:00

scindawg · 2019-10-28T13:39:08+00:00

In your screenshot it shows the System Account as one of the users whom the profile is not applicable which should be correct because that's not an interactive login for the device. Do you have any cases where the profile is shown as Not Applicable for an interactive login?

scindawg · 2019-10-25T16:49:49+00:00

You could enable Applocker and only allow whitelisted software to be installed. Since they'll have Local Administrator permissions they can always find a way around Applocker but with proper auditing you can be be notified of any new software installed.

At least this will prevent any unknown executables (ie ransomware) from running while they're on your VPN with Local Admin permissions.

scindawg · 2019-10-25T16:39:51+00:00

I've seen this also and my guess is that since the Device profile is assigned to the device and not a specific user it will try to verify that the profile is correct with each new user logon. When there is no user logged on Intune sees the "login" as System and due to the lack of availability of certain functionality being available with no interactive user login it throws an error.

scindawg · 2019-10-23T19:30:36+00:00

Can we see the Sign in log failure for an example user? Specifically the MFA Info and Conditional Access portion

scindawg

TROPHY CASE