Introduction: In Intune world of device management, the concept of the primary user plays a crucial role, especially when it comes to application deployments. In this blog post, we will explore the significance of the primary user and how it affects the installation of applications using the company portal in Intune. We will also discuss a practical scenario and share scripts that can help you manage and correct primary user assignments efficiently. The Definition of Primary User: According to Microsoft's article , https://learn.microsoft.com/en-us/mem/intune/remote-actions/find-primary-user#what-is-the-primary-user The primary user property is used to map a licensed Intune user to their devices in:…
Author: Eswar Koneti
Introduction: During my testing of Intune's delivery optimization feature using win32 apps, I encountered an issue where the installation option for an application was grayed out on one device while working fine on another. In this blog post, I will share my troubleshooting journey and explain the concept of primary users in Intune and how it affects app installations. Testing Environment: For the purpose of my testing, I selected two devices: PC1 and PC2. Both the devices are enrolled in Intune and made several apps, including Adobe Reader and other large apps above 500MB, available to the user group…
As many of you are likely already aware, Intune filters is a feature of Microsoft Intune that enables administrators to filter and target specific groups of devices or users based on certain criteria.This helps to manage devices and users in a more efficient and effective way by applying policies and configurations only to the devices or users that need them, rather than applying them to the entire organization.Some common use cases of using Intune filters include:Targeting policies and configurations to specific groups of devices or users based on location, department, device type, or any other attribute that is relevant to…
Azure Active Directory (Azure AD) Conditional Access is a powerful feature that allows administrators to control access to cloud applications based on specific conditions. These conditions can include factors such as location, device type, and network status. By using Conditional Access, administrators can ensure that only authorized users are able to access sensitive resources, and that these users are doing so from a secure location or device. This helps to protect the organization from potential security threats, such as cyber attacks or data breaches. Conditional Access can be configured for specific users, groups, or entire organizations, and can be applied…
Co-management is a feature that allows organizations to manage their devices using both Microsoft Intune and System Center Configuration Manager (ConfigMgr). This enables organizations to take advantage of the latest security features and cloud capabilities, such as conditional access and device compliance policies, while also being able to manage certain client actions without the need for access to the ConfigMgr console. Some of the key benefits of co-management are: Seamless transition: Co-management allows organizations to gradually transition from traditional management methods to modern management methods without disrupting their current workflow. Increased security: Co-management enables organizations to take advantage of the…
Recently, while working on an office 365 hardening project, I came across an issue that was causing problems for many users in verifying the 2nd factor authentication (Azure MFA). During the 2nd factor authentication process, users were presented with the following screen. As you can see, the user has the option to verify their identity using SMS, but no call-based option is available. By design, if a user has configured Azure MFA using their mobile number, they should have the option to choose between SMS and call-based verification (TwoWayVoiceMobile).However, in this case, the call-based option was missing. So, how do…
The following SQL query can be used to query the list of collections that doesn't have any deployments. you can review the number of collections with no deployments and you can further extend the query to exclude certain folders where you use these exception collections for troubleshooting or other purpose. select Col.Name, col.CollectionID, case when col.CollectionType='2' then 'Device Based' when col.CollectionType='1' then 'Used Based' Else 'Others' end as 'Collection Type', col.MemberCount, coll.ObjectPath from dbo.v_Collection Col inner join v_Collections coll on coll.SiteID=col.CollectionID Where Col.CollectionID not in (select CollectionID from dbo.v_Advertisement) order by Col.Name
This is a quick blog post on an issue that I recently looked at regarding the client issue with content download from the distribution point. Clients in one specific boundary could not able to download the content from its assigned distribution point. Though the client was healthy, the inventory cycle is up to date but content download from DP having issues. Looking at the client logs, especially the DataTransferService.log which is responsible for tracking the information about the content download from the distribution point. Following the error code from the DataTransferService.log [CCMHTTP] ERROR INFO: StatusCode=503 StatusText= GetDirectoryList_HTTP Error sending DAV…