Troubleshooting InTune, SCCM, and Windows 8.1 Phones

Similar Messages

• Intune, SCCM, and the Intune client installer

  Hello,
  Was wondering if there is a way to prevent users from Installing the Windows Intune Client agent?
  Scenario:
  SCCM 2012 R2 with integrated Windows Intune subscription.  I have successfully enrolled an iPad and a Windows 8.1 computer.  I was then able to download and install the Windows Intune Client agent on my Windows 8.1 device which redirected my device
  to being managed by Intune exclusively, and no longer via SCCM.  It also changed my System Center Endpoint Protection to Intune Endpoint protection.  The only way to get it back was to go to the Intune Management Console and retire the device, which
  triggers an uninstall of the Intune client.  The good news is that it restored the previous information for the SCCM/Intune enrollment. However...
  A significant and unfortunate side effect of this is that Endpoint protection was also removed as part of the Intune client uninstall leaving the computer without Anti-malware protection.
  I would like to prevent this from happening for obvious reasons.  In a BYOD scenario the user will have the permissions locally to do this and given its the same subscription for Intune there doesn't appear to be a way to ensure they cannot.  
  Am I missing something simple here?  
  Thanks!

  I guess a couple of data points:
  - Enrolling a Win 8.1 system using OMA-DM for management by ConfigMgr via Intune does not provide additional anti-virus above or beyond the built-in Windows Defender
  - Removing the Intune agent reverts the system back to using Windows Defender the same as it was before Intune was installed
  So, I would say that first, this statement is inaccurate: "leaving the computer without Anti-malware protection". And, also, there's no difference between the two states of pre-Intune agent installation and post-Intune agent uninstallation from an AV perspective.
  As for explicitly preventing the Intune agent installation, obscurity is probably the the only way to go at this point to my knowledge -- simply don't tell folks about it or how to find it.
  Jason | http://blog.configmgrftw.com

• SCCM and Windows Update Client Configuration

  Hello,
  I am in the process of migrating SCCM 2007 client over to a new SCCM 2012 R2 site.
  I deleted the AD site from 2007 and added it to 2012 and the client is pushed via Client Push. The client upgrades fine and things go well but
  I run into a little problem after the client is installed.
  Basically it seems to be an issue with how SCCM interacts with and controls Windows Update settings on the SCCM client.  I ran into a somewhat of a major issue that caused
  all (or many) of the newly upgraded clients to go the internet to download updates from Microsoft shortly after the move from the 2007 site and client upgrade to 2012. This was because the client (or at least the ones I checked) had their WU settings to “Always
  download and install” (or something similar). Obviously, expected  behavior with this setting, but the question is how did it get this way?
  Does SCCM control any of these settings?  I know it take over the WSUS settings, etc, but I didn’t think it does anything with the WU client itself.
  From my understanding the WU client settings are done via GPO (local or domain) or WU setting and SCCM does not control these settings.
  I’m not looking for you to solve the problem, because it’s quite tedious, I’m just hoping that someone can lead me in the right direction to find out what if any WU settings
  are controlled or changed by SCCM 2007 or 2012.
  Thanks
  Angelo
  Angelo

  Thanks for the extra info, Idan.  I should probably admit that I am an AD admin and SCCM is handled by someone else in my department.  My main issue with the LocalGPO is the Event 1096 corruption that causes all admin template settings to revert
  to defaults - currently happening on over 100 workstations in our environment.  100% of these problems are caused by LocalGPO corruption and nothing else.  And we will pursue resolution of this issue with Microsoft because we agree that resolving
  this problem is the primary goal.
  But for the sake of understanding:  We don't have any non-domain members that need to be managed by SCCM.  If we had a policy stating "no SCCM client configurations resulting in a LocalGPO file are to be implemented in production - all are
  to be done via Domain Group Policy," is it possible to eliminate the LocalGPO entirely?  Or will there always be a LocalGPO file regardless of whether or not there are settings visible from it in a gpresult report?  We would not need to match
  SCCM configurations in Domain Group Policy because we would not make any changes to the SCCM client resulting in a LocalGPO file at all.  The slow link detection is not of concern to us because none of these settings that would not apply in this case
  are SCCM-managed via LocalGPO (as far as I know): 
  http://blogs.technet.com/b/musings_of_a_technical_tam/archive/2012/02/27/gpos-and-slow-link-detection.aspx
  Another reason why I would prefer to do these settings in Domain Group Policy is that we have Advanced Group Policy Management installed in our environment, which is subject to our Change/Release process.  We can track the changes being made to clients
  much more easily when they are done via AGPM.  Any changes that we want to make via SCCM client could be tested first to see how LocalGPO is effected, and then those changes could be made via Domain Group Policy instead in production.
  Given this info, I'm still struggling to understand why it is recommended to implement anything via SCCM client configurations resulting in a LocalGPO file.  So far, the only compelling reason is that management of non-domain members is not possible
  via Domain Group Policy, but that doesn't apply to our environment.  Is it recommended mostly for ease of administration, so that an SCCM admin doesn't need to work with another tool (Domain Group Policy)?  Any extra reasoning for this recommendation
  that anyone can provide is much appreciated!

• Windows 8.1 mobile device management using integrated environment of SCCM 2012 R2 and Windows intune

  Can we avoid the dependency on the Symantec certificate  for enabling windows phone enrollment under Administration->Cloud services -> Windows InTune subscriptions - Windows Phones. My environment will have only windows 8.1 phones.
  Regards
  Leela

  See http://status.manage.microsoft.com/StatusPage/ServiceDashboard. 
  Engineers are investigating a service issue impacting access to portal via mobile devices.
  (Started on 12/30/2014 8:00:00 AM UTC)
  1/8/2015 11:42:49 PM (UTC)
  Current Status: Engineers are continuing to troubleshoot potential issues related to Active Directory Federation Services (ADFS). Engineers have gathered additional traces and logging data for deeper analysis. User Experience: Affected users with Windows Phone,
  iOS, or Android devices are unable to access their company portal and receive repeated prompts to enter credentials. If incorrect credentials are entered, users will receive an error stating that they have entered a bad password. Customer Impact: Engineers
  have received reports that some customers are experiencing this issue. A subset of users are affected by this event. Other users remain unaffected. Incident Start Time: Tuesday, December 30, 2014, at 8:00 AM UTC Next Update by: Tuesday, January 13, 2015, at
  12:00 AM UTC
  Torsten Meringer | http://www.mssccmfaq.de

• SCCM 2012, Intune and Windows OS Support

  I am just trying to confirm what I believe I am reading about Microsoft OS Support for Windows Intune when integrated with SCCM 2012 R2...
  What I believe to be the case:
  Windows RT, Windows RT 8.1, Windows 8.1 all have the ability to enroll via OMA-DM, thus can be managed by SCCM.
  Down-level OS's such as XP SP3, Vista, and Windows 7 require the Intune Client to be installed, thus can only be managed by a standalone Intune subscription?
  Can anyone confirm this?
  Thanks!

  More or less correct.
  Generally, even for Win 8.1 and WinRT, IBCM or DirectAccess are a better choice than OMA-DM as it can only enable management of a limited subset of features. Two important ones cannot be: software updates and endpoint protection.
  As you've seen (based on your other thread), you can still use the Intune subscription that is connected to your ConfigMgr site to manage devices with the Intune client installed. Effectively, there are two halves of the Intune subscription, the full client
  management half and MDM half which can be controlled by Intune or ConfigMgr. Just because the MDM half is controlled by ConfigMgr does not technically preclude you from still utilizing the full client management half. That's not at all saying you should do
  this though, but you certainly could.
  Jason | http://blog.configmgrftw.com

• Windows 8.1 MDM through Intune/SCCM

  We've been testing Intune with SCCM for a while now and it does pretty much all we currently need. Our focus has lately been on securing our devices, require PIN, complexity, device encryption. These all work great on iOS, Windows Phone and Android, but
  do not on Windows 8.1.
  Windows 8.1 gets certificates through NDES, VPN profiles, but the settings for UAC, encryption, requiring password, account lockout are not applied. Are these settings even supported on Windows 8.1? I'm having a hard time finding documentation on what exactly
  is supported and how to apply these.

  I'm still struggling with this. One of the questions I have is do I need to install the Company Portal for these settings to take affect?
  You have confused me in this post. I am going to have to guess Windows 8.1 is on a tablet in this case, as you are referring to mobile devices.
  If it is not a mobile device then you dont need to install this on a Windows machine. It is a web page.
  The article linked above talks about compatibility with Windows mobile devices with Windows Intune.
  http://technet.microsoft.com/en-us/library/dn376523.aspx
  It states:
  Windows 8.1 and Windows RT 8.1 (enrolled by Microsoft Intune)
  So I would take the last bit as the device needs to be enrolled through Intune in order to achieve this.
  Have a look at Gerrys blog here:
  http://gerryhampsoncm.blogspot.co.uk/2014/01/mdm-in-sccm-0212-r2-windows-rt.html

• I have a 4s with the latest 6.0.1 update and windows 7 with iTunes 11. When I connect the phone, windows can see but iTunes doesn't. Have tried re-installs and re-starts. Anybody else have this problem

  I have a 4s with the latest 6.0.1 update and windows 7 with iTunes 11. When I connect the phone, windows can see but iTunes doesn't. Have tried re-installs and re-starts. Anybody else have this problem?

  Did you go through all the options?
  Also this:
  Also, third-party security software may conflict with iOS devices connecting to iTunes. Follow this article to troubleshoot issues that may be caused by your security software. After resolving any issues you may have with your security software, you may need to try the steps in this article again.

• Itunes and windows 8 compatability Hi just bought a new toshiba laptop installed itunes it worked at first now wont play music or movies.  ran troubleshooter said its a compatabilty problem suggested turning off itunes compatability or selecting windows 7

  itunes and windows 8 compatability
  Hi
  just bought a new toshiba laptop installed itunes it worked at first now wont play music or movies.
  ran troubleshooter said its a compatabilty problem suggested turning off itunes compatability or selecting windows service pack 3 tried both no help
  please assist
  adam

  itunes and windows 8 compatability
  Hi
  just bought a new toshiba laptop installed itunes it worked at first now wont play music or movies.
  ran troubleshooter said its a compatabilty problem suggested turning off itunes compatability or selecting windows service pack 3 tried both no help
  please assist
  adam

• Hi all, i can't sync over wifi between my iPhone 4 and Windows 7 64 bit, wifi sync works with the same phone and my Windows 8 machine, tried solutions from other threads with no luck, just thought i'd see if anyone else had any ideas, thanks.

  Hi all, i can't sync over wifi between my iPhone 4 and Windows 7 64 bit, wifi sync works with the same phone and my Windows 8 machine so the problem seems confined to Windows 7. I've tried solutions from other threads -
  Making sure everything is allowed through firewall
  Rebooting phone/laptop/router
  Disabling ipv6
  Disabling all networks except the one curently on
  Re-installing iTunes
  Restoring iPhone
  No luck with any of those unfortunately so i just thought i'd see if anyone else is still without wifi sync after trying those as well and if you ever found a fix, thanks.

  I just wanted to leave a note that it's working now. I'm not sure if it was the latest iTunes update that got it working or that i decided to start a new library instead of using the one i had backed up on Windows 8 (it didn't occur to me to check using the old library when i re-installed iTunes). But if anyone is having this problem, it might be worth trying again with a new installation of iTunes to see if the latest update works for you, and if not, try using a fresh library instead of a backup (by fresh library i mean discard your old library completely and start a new library, not just restore as new iPhone, a whole new library).

• ActiveSync autodiscover not working for iPhone but for Android and Windows Phone

  Hi
  We have setup an Exchange 2013 hosted environment, where different mail domains are running on it.
  The main domain is mydomain.com. One of the client domains is customer.com.
  Autodiscover for customer.com has a cname which points to autodiscover.mydomain.com, on our firewall this url is redirected to autodiscover-s.mydomain.com, where our public certificate for mydomain.com is applied. Autodiscover for all
  our customers finally ends at autodiscover-s.mydomain.com.
  Outlook WebApp, Outlook Anywhere and ActiveSync for all customers is reachable through mail.mydomain.com.
  Everything works fine, except of autodiscover for iPhones. I always have to enter the server name mail.mydomain.com manually. After that ActiveSync works on iPhones as well.
  The Problem doesn’t exist on Androids and Windows Phones.
  Any suggestion?
  Regards
  Peter

  Yes, Interestingly same configuration is working in my home lab, but not working at customer. The version is 10.5
  Cannot say wireless issue as jabber for windows is working from wireless

• TS1717 My Itunes will not launch after downloading and I have tried all the troubleshooting for itunes for Windows 7 64-bit. Do I need to system reboot my computer than try to download it again?

  My Itunes will not launch after downloading and I have tried all the troubleshooting for itunes for Windows 7 64-bit. Do I need to system reboot my computer than try to download it again?

  I'm having a very similar issue, paired with iTunes not being able to get online.
  iTunes shows up in processes and then hangs at 17,000 K or so -- sometimes it will start up, but that (if it occurs) is a delay of literal hours.
  Pretty meticulously went through all the 'cannot connect' trouble shooting, and have uninstalled, restarted, and then reinstalled every piece of apple software; issue is just as firm. Starting in safe mode or admin mode don't fix it; signing in as a different user doesn't fix it.    

• How to uninstall Windows Intune Center and its related programs permanently from the Windows 7 64 bit OS?

  Hi,
  I am Srikar,
  I installed Windows Intune End Point protection in my PC (Windows 7 64bit).
  I am not able to uninstall it.It is eating all the resources and my pc is getting slower down day by day.
  I tried uninstalling via Control Panel->Programs and Feature->Windows Intune End point Protection.
  Its uninstalled,and after some time,it is installed automatically in my PC.
  Don't know whats happening.Please Please any one guide me.My PC is not even responding some times.
  Regards,
  Srikar Ananthula,
  Srikar

  Yes, removing a device will uninstall Windows Intune Center and its association with Windows Intune. Check this:
  http://onlinehelp.microsoft.com/en-us/windowsintune.latest/hh949661.aspx [Removing a Device by Using the Windows Intune Company Portal], and
  http://technet.microsoft.com/en-us/library/hh441723.aspx [Add Computers, Users, and Mobile Devices to Windows Intune].
  Hope this helps..
  Chaitanya( Twitter |
  Blogs )
  This posting is provided "AS IS" with no warranties, and confers no rights.

• How to distribute my windows phone 8 app and windows store app without publishing in the store

  How to distribute my windows phone 8 app and windows store app without publishing in the store
  any business license or enterprise license needed..
  I am a windows developer talking behalf of my company i.e  wipro
  I have a question about the enterprise license   and  we are building an app for the limited users i.e our company employees and users and we do not want to publish in the store
  How to release the app?
  what are licenses etc needed?

  Hi,
  for developers distributing apps without Publishing in the Store, the sideloding Enterprise key license through volume licensing is required.
  Starting May 1, 2014, customers who want to enable sideloading will be able to purchase an Enterprise Sideloading key for $100 through the Open License program. 
  An unlimited number of devices can be enabled for sideloading using this key.
  thanks
  diramoh

• Andriod and windows phones have an option in whatsapp to send songs then my question is why not from ios ?

  andriod and windows phones have an option in whatsapp to send songs then my question is why not from ios ?

  ok thanks
  but there should some app by which it can be send

• If apple app store has an app to sync windows phone with itunes called windows connector, and windows phone and apple are competitors, why doesnt apple make an app for android that syncs itunes without a third party software

  I want to simply sync my android and my mac itunes without downloading any software. Windows phone has an app to do that even though apple and windows phone are competitors. Why does android not make an app or why doesnt apple create an software or something

  Apple didn't create the Windows Phone app (Microsoft). Apple has nothing to do with this, and Google should do an app for this