Introduction: Organizations enabling remote work with BYOD devices often rely on Azure Virtual Desktop (AVD) or Windows 365 Cloud PC. A common onboarding security practice is to create users in on‑premises Active Directory (AD) with the option “User must change password at next logon.” However, in hybrid identity setups, this setting can prevent new users from signing in remotely—causing confusion, helpdesk calls, and poor first‑day experience. This article explains why the issue occurs, the temporary workaround, and the correct Microsoft‑supported solution, including step‑by‑step configuration guidance. The Problem: Users created in on‑premises AD with “User must change password at next logon”…
Author: Eswar Koneti
One of our customers recently migrated from a third‑party MDM to Microsoft Intune (BYOD) using MAM-only app protection policies. Shortly after go‑live, user reported on iOS began seeing the following message in Microsoft Teams and other Intune-managed apps: Alert: Your organization will remove its data for this account (614).To access data for this account, you should restart this app and sign in to your work or school account. Troubleshooting Steps performed by the user: The user attempted the standard iOS device-side fixes: None of these steps stopped the 614 loop. Deeper Investigation — Reviewing Entra Sign‑In Logs To pinpoint the issue,…
Recently, I was setting up a new Configuration Manager (SCCM) environment as part of a side-by-side migration. One of the key configuration tasks was to replicate the Software Update Point (SUP) settings — particularly the Products selected for synchronization — to match the existing production environment. Before configuring the new SUP, I needed a list of all the products currently enabled on the old SCCM server for review and comparison. Available Options to Export the SUP Products List There are several ways to export the list of Software Update Point products from SCCM: Manual Method — Browse the console under…
Introduction: I was recently working on the rollout of a passwordless authentication solution in Microsoft Entra ID, which included Windows Hello for Business and Passkeys (FIDO2 security keys). As part of that rollout, one of the requirements was to identify all users and their registered authentication methods — things like MFA, Self-Service Password Reset (SSPR), and passwordless capability. While the Entra admin portal provides a view of this information under Authentication methods, however if you are looking for a way to export the data directly to a CSV file using PowerShell makes it much easier to process in Excel, Power…
Recently, I worked on an SCCM report that compares the list of applications installed on two different computers—typically an older device and a new PC. This is particularly useful in scenarios such as hardware migrations or system upgrades or Virtual to physical migration, where you need to ensure that users have the necessary applications on their new devices. Why This Report is Useful: Though customer is using SCCM for application deployments, but there is no standard practice of automated deployments of applications such as user/device based requests etc. During the process of migrating users to new hardware, the management of…
Recently, I came across an insightful blog post on X (formerly Twitter) by Peter, discussing dynamic group creation for Intune deployments. Inspired by that, I wanted to share my own method—using regular expressions (regex) in Entra ID dynamic groups to build deployment rings based on percentage logic for Intune. 🧩 The Use Case Imagine managing 3,000 Windows devices across different locations, regions, or countries. You want to stage your Intune deployments in phases—starting with a pilot, then gradually rolling out to production in multiple rings. Here’s a rollout schedule I prefer (though you can adjust the % as needed): Ring…
Have you ever needed to extract a complete list of all Win32 applications in Microsoft Intune along with their properties, detection rules, and requirement rules? Few years ago, I wrote a blog post about extracting SCCM application properties from XML files stored in SQL. Now, with Intune becoming the primary endpoint management solution, I had a similar requirement—exporting all Win32 apps with their full details, including: ✅ Install/Uninstall command lines ✅ Detection rules (Registry, File, MSI, Script) ✅ Requirement rules (Architecture, Scripts, Dependencies) ✅ Creation & last modified dates ✅ Dependencies (if any) Since Intune doesn’t provide a built-in export…
Right Click Tools earned its reputation by streamlining endpoint management within Microsoft Configuration Manager. Now, Recast Software has extended those capabilities to Microsoft Intune with a free browser extension—Right Click Tools for Intune Community Edition. This browser extension is designed to bring familiar, efficient device management actions directly into your Intune console. Unifying Co-Managed Device Actions in a Single Interface For IT teams juggling on-premises, co-managed, and Intune environments, managing devices requires switching between multiple consoles. The new extension, available for both Chrome and Edge, changes that by integrating essential right-click actions directly within Intune. Here’s how it works: ·…