Recent discussions
Issues Intune and okta enrollment
Hi all, I could use some help or guidance from someone who has experience with using Okta as IDP and Intune as MDM. The problem: When going trough enrollment (COPE), the Intune login page shows up. When entering the email, it forwards to Okta as it should. But after verifying with Okta, you should get back to a Microsoft confirmation but instead it shows a page not found error. It used to work, nothing has changed as far as we know and the issue is present on devices ranging from Android 13 to 15, different brands but mostly Samsung. Apple and Windows enrollment work as expected, no issues there. I can't find any related logging details in Intune and lack the knowledge of Okta (will add a support ticket there as well). So i'm kind of lost as to what is happening. Where do I need to look for the return URL for example? There are multiple Azure enterprise apps but i'm not sure which one to check and don't want to mess to much with this. Thanks!Default browser app not resettable
Hey! We are currently testing a few apps in Work Profile, for which we need 2FA. The second factor is a FIDO2 token that can be used via NFC or USB. If you have a FIDO2 token with USB-C, everything is fine. But we also have some with USB-A. If you don't have an adapter, you're more likely to resort to NFC. Chrome supports FIDO2/NFC directly, which makes logging in quite easy. However, most web views cannot do this, and a passcode must be entered manually. The pure FIDO2 NFC tag basically contains a URL with the passcode. You open the webpage via NFC, copy the passcode, and enter it when logging in. So far, so good. However, we encountered a problem that prevents us from using the FIDO2 token via NFC in the Work Profile properly. There are default apps for different categories such as browser, wallet, caller ID, etc. If you need to launch one of the app categories and there are several apps available, you will be asked which app you want to use and just for once or always. The app preferences can be reset via the settings so that the query will reappear the next time. This works without any problems with “Home app,” for example. But the Default Browser? No. The Browser app default remains after the reset. Even if a browser was set as the default and was deleted, it will just switch to another app and won't ask. The problem with a permanently set default browser is that links from NFC tags are immediately opened in the personal space. If there is a copy & paste lock on the work profile, you cannot use the code. (Unless you type >40 characters) If you are asked for an app to open the URL, you can also select the browser in Work Profile. Can anyone reproduce this behavior? Or does anyone know if something has changed for the Browser-Default in Android 15/16? On a device running Android 13, resetting the app defaults works reliably. It doesn't seem right that the browser default cannot be reset properly with Android 15/16.
DPC Extras issues
Hello, I hope you're doing well. I'm reaching out for assistance on an issue I'm experiencing with DPC extras on ZTE devices. Is there a method to implement DPC extras without using a QR code? It appears that even when configuring ZTE with DPC extras, some functionalities do not activate. Additionally, several design elements seem less than optimal. For instance, if you do not use a QR code before selecting the language—which, ideally, should be sourced from the DPC—there's an option presented to transfer data from another device. This option seems inappropriate for a company-owned device. Could this be improved? The next screen prompts a WiFi connection. Using a QR code skips this step, but users still need to manually confirm the WiFi connection. Could this be streamlined? Is it possible to enroll a device as an admin, reset it, and have the DPC extras from the QR code persist on the device until it connects to WiFi and verifies its management status? It seems everyone is adding devices to ZTE for security reasons, particularly for stolen devices, yet the reliance on QR codes adds unnecessary complexity. Could this process be made more user-friendly?Zero Touch Enrollment Network Specifications
Hello! I'm looking for information regarding the network specifications for the Zero Touch Enrollment as well as any phone-home network requests. Are there any logs we can pull from ZTE or the Android device during enrollment? The reason I'm asking: We have thousands of devices that have been enrolled in SOTI MobiControl over the last few years, and about 1000 of these were enrolled via ZTE. We've had no issues with this until early March. I can't find a rhyme or reason for this, but certain devices that were successfully enrolled, configured by an MDM, QC'd, boxed up, shipped to the end user, and then powered on will get the message below before the eSIM is activated. These are Honeywell CT47 devices with dual SIM cards (1 physical Nano SIM and 1 eSIM). The device above was added to ZTE using the IMEI number over a month ago and was successfully enrolled, but when powered on later and connected to Wi-Fi, it reset itself before the eSIM could be activated. This issue is only happening to devices that are factory reset while on-site and connected to the Wi-Fi only. My best guess is that the Wi-Fi network is blocking something during the enrollment process, as this reset issue is not happening on devices that have been enrolled and working for months. Thanks for your time!Intune - Cannot change screen lock timeout
Hello community, I'm writing this post 'cause I'm facing a strange issue with the lock screen setting on our AE devices managed from Intune. The configuration policy was created by my predecessor years ago, and was configured for lock teh screen after one minute. Everything working and all happy. Then I got the request for create an exception group for that, and everything I tried failed. I tried to change the global policy to 5 mins, but it did not worked, and the maximum lock screen time is still one minute. Also remove the setting at all and left it Not Configured didn't had any effect. Then I tried to disable One Lock. With this I was able to change the system lock screen settings but on Settings - Security and Privacy - More Security Settings - Work Profile Security - Use one lock I cannot set anything longer than one minute. Pretty sure this is coming from somewhere in Intune, but also involving Microsoft and sending them the verbose logs wasn't enough. Did any of you ever encountered a similar issue and found a solution? Many thanks in advance for everyone that will try to help.
GBoard - Suggestion Strip
Hi, We want to use GBoard on kiosk devices but we aren't able to remove the suggestion strip using managed configurations. All other settings can be configured fine though. The show suggestion strip configuration is set to disabled. But with versions 15.x and 16.x of GBoard it's still visible on the devices. And when checking the setting locally on the device it's still enabled (Disabling manually works fine) Back in version 14.x this configuration worked fine. Anyone else who has experienced the same thing? We've tested this on devices from Samsung, Bluebird, ELO, and Zebra. Android version doesn't seem to have any impact, just the GBoard version. // Magnus
Tenant has been unbound from Google Play console (Intune)
Hey @Community, we have a strange issue with out MDM (Intune) - It seems like, the link between Intune and Google has broken. Trying to enroll new devices are failing with "Invalid code". Trying to add new applications via "Managed Google Play" fails also with the message "Tenant has been unbound from Google Play console". Intune-Support says, that we need to contact Google, but there is no option for creating a case. So we decided to write you here (and hopefully you can help us ;) ). We still have the access to the used Google-Account.
