Known issues with Microsoft Intune - Intune (2024)

Table of Contents
In this article A limited number of macOS devices may be unexpectedly unenrolled from the Microsoft Intune service Android 12 clipboard data toast notification Android devices lose access to Intune-managed resources after upgrading to Android 12 Several Office settings in settings catalog do not automatically enable the parent setting Android Enterprise device filtering not supported in some reports Missing certificates after updating Samsung work profile devices to Android 12 Long sync times in Intune for Managed Google Play private apps and web apps Fully managed Samsung devices are noncompliant after managed update Common issues with Intune policy reports Users are signed out of managed iOS Office apps Known issues with filters in Microsoft Endpoint Manager App install lifecycle or app install history status might be inaccurate Launching protected apps on Samsung A10 with biometric authorization cause the device to crash Password reset issues for Intune-enrolled devices with iOS 13+ Profile error enrolling iOS devices with Apple Configurator iOS certificate-based authentication issue with Pulse Secure 7.0.0 and Check Point Capsule Connect versions 1.600 "Rename device" setting disabled for hybrid Azure AD joined Windows devices iOS/iPadOS or macOS device unenrollment through management profile deletion may not be reflected in Microsoft Endpoint Manager FAQs
  • Article
  • 11 minutes to read

This page lists recent known issues with Microsoft Intune. For a list of weekly feature announcements, see What's new in Microsoft Intune in the Intune product documentation. Visit the Intune Customer Success blog for posts about best practices, support tips, and other tutorials, and a backlog of past known issues.

  • Status: Active
  • Blog Post: Remediation message doesn't list all valid builds in Company Portal for Windows 10/11

We are aware of an issue with the noncompliance messaging details that appear in Company Portal for Windows 10/11 devices. When a device is identified as noncompliant due to having a Windows build outside the ranges an admin specifies in the Intune compliance policy, a remediation message is displayed in the Company Portal indicating the operating system (OS) needs updating along with a valid range of OS versions. However, when multiple OS ranges are specified in the policy by configuring the Valid operating system builds compliance setting, the message in the Company Portal will only display the first OS build range rather than all acceptable ranges.

The compliance policy is being enforced correctly despite the missing ranges in the remediation messaging. To make the device compliant, update the device OS build to a version within the specified acceptable range in the compliance policy.

For more information about this known issue, see our blog Remediation message doesn't list all valid builds in Company Portal for Windows 10/11.

A limited number of macOS devices may be unexpectedly unenrolled from the Microsoft Intune service

  • Status: Active

There is a known issue (originally posted on the Service Health Dashboard as IT393575) where occasionally a macOS device becomes unenrolled after performing an enrollment due to an issue with the headers being sent to the client MDM agent. This issue is specific to a very limited number of macOS devices with the Microsoft Intune management extension; the majority of macOS devices enroll as expected. To fix this issue, re-enroll the device. In a future service release, we plan to make an architectural change to fully resolve the issue.

Android 12 clipboard data toast notification

  • Status: Active

Android 12 introduced a toast notification when an application accesses the clipboard, regardless of whether the device is MDM enrolled or if apps are protected by app protection policies. Users running Android Company Portal version 5.0.5450.0 or later may notice an unexpected toast notification when using apps, such as Outlook. An example notification reads "Outlook pasted from your clipboard."

Note

The clipboard data is never stored locally or transmitted to Microsoft.

Android devices lose access to Intune-managed resources after upgrading to Android 12

  • Status: Resolved
  • Blog post: Known Issue: Android devices lose access to Intune-managed resources after upgrading to Android 12

The issue where customers lose access to Microsoft Intune-managed resources or are prevented from completing enrollment after upgrading certain devices from Android 11 to Android 12 has been resolved. The impacted brands included OPPO, OnePlus, and Realme devices enrolled as Android Enterprise personally-owned work profiles.

At this time, the fix should have been rolled out to all S-product devices across OPPO, OnePlus, and Realme brands, with no issues with devices accessing Intune-managed resources after upgrading to Android 12. We encourage customers to install any new OTA updates as soon as they become available and check with Google and Device OEM support resources as software release dates are subject to change.

Several Office settings in settings catalog do not automatically enable the parent setting

  • Status: Active
  • Blog post: Support tip: Several Office settings in settings catalog may need parent settings enabled

We recently identified several Office settings in the settings catalog that, when enabled, do not automatically enable the required parent setting. This can lead to the policy not applying as expected if you did not configure the parent setting.

To help identify which configuration settings have this behavior, we recently made a user interface (UI) change to mark them as (deprecated) in the Settings catalog (preview) page. For updates, recommended actions, and a full list of settings, see Support tip: Several Office settings in settings catalog may need parent settings enabledon the Intune Customer Success blog.

Android Enterprise device filtering not supported in some reports

  • Status: Active

We're aware of an issue where granular OS filtering isn't working as expected for corporate-owned Android Enterprise devices when exporting the All devices report from the Microsoft Endpoint Manager admin center, when exporting the DevicesWithInventory and Devices reports using the Export API, or when making native calls to the /deviceManagement/managedDevices API.

Note

This issue doesn't affect device filtering in the Endpoint Manager admin center UI.

The Export API doesn't distinguish between Android Enterprise management modes and will instead group them together. This issue affects exported report data and managedDevices API calls for the following device types:

  • Android Enterprise dedicated devices
  • Android Enterprise fully managed devices
  • Android Enterprise corporate-owned devices with a work profile

If you want to include any Android Enterprise dedicated devices, fully managed devices, or corporate-owned devices with a work profile, all three types will be included regardless of the OS you filter to. For example, if a customer exports a report with the OS filter set to Android Enterprise (corporate-owned work profile), the report will also include all dedicated devices and fully managed devices. The other filter parameters will apply accurately to the exported file.

Until we release a fix, you can search/filter by OS on the exported report file for more granular results.

Missing certificates after updating Samsung work profile devices to Android 12

  • Status: Resolved
  • Blog post: Known Issue: Missing certificates after updating Samsung work profile devices to Android 12

We're aware of an issue that affects Samsung devices enrolled with a work profile. After updating to Android 12, these devices are missing certificates when a user tries to access Gmail or AnyConnect VPN. For more information and temporary workarounds, see Known Issue: Missing certificates after updating Samsung work profile devices to Android 12 on the Intune Customer Success blog.

Long sync times in Intune for Managed Google Play private apps and web apps

  • Status: Resolved
  • Blog post: Known Issue: Long sync times in Intune for Managed Google Play private apps and web apps

Admins who recently published a new Managed Google Play web or line-of-business (LOB) app will notice delays for those apps to sync to Intune. After selecting Sync from either the Microsoft Endpoint Manager admin center or the Google Play console, it can take six hours or longer for the new apps to appear in the app list in Intune. For more information and workarounds, see Known Issue: Long sync times in Intune for Managed Google Play private apps and web apps.

Note

Existing web and private apps aren't affected, including updates or edits to those apps.

Fully managed Samsung devices are noncompliant after managed update

  • Status: Active
  • Blog post: Known Issue: Samsung devices are noncompliant after restart or update

Samsung devices provisioned as Android Enterprise fully managed devices running Android 11 and later show as noncompliant after a managed update is applied. This could potentially affect access to corporate resources, depending on the Conditional Access policies set by the IT administrator. For more information and workarounds, see Known Issue: Samsung devices are noncompliant after restart or update on the Intune Customer Success blog.

Note

As of January 7, 2022, this issue only applies to Android Enterprise fully managed Samsung devices. In December, we released a fix in December 2021 (CP Version 5.0.5358.0) for Android device administrator (DA) management and Android Enterprise personally-owned work profiles.

Common issues with Intune policy reports

  • Status: Active
  • Blog post: Support Tip: Known Issues with Intune policy reports

We are aware of some common issue with Intune policy reports, including multiple records for a single device, inaccurate "pending" status, and inconsistencies between data in report lists and in summary charts. We are working on reporting improvements for better performance and new capabilities for search, sort, filtering, and other functionality. For detailed information and updates, see Support Tip: Known Issues with Intune policy reports.

Users are signed out of managed iOS Office apps

  • Status: Active
  • Blog post: Support Tip: Known Issue occasionally occurring with iOS MAM and Office apps

We are aware of an issue that can affect organization using app protection policies (APP, also known as MAM) to manage their mobile Office apps. In this scenario, users are signed out of all Office mobile apps once they sign out of a single Office app (or if they are automatically signed out of an app). Once a user is signed out, they are forced to reauthenticate so that policies can be applied before they access the managed apps. This can sometimes lead to an authentication loop.

For more information and a workaround, see Support Tip: Known Issue occasionally occurring with iOS MAM and Office apps.

Known issues with filters in Microsoft Endpoint Manager

  • Status: Active
  • Blog post: Filters Public Preview - Overview and Known Issues

There are some known issues with filters in Microsoft Endpoint Manager. This feature became generally available in February 2021. We are tracking remaining known issues with this feature in Filters Public Preview - Overview and Known Issues, which also includes common questions and documentation links.

App install lifecycle or app install history status might be inaccurate

  • Status: Engineering actively working on fix
  • Blog post: Known Issue: Status reporting for App install lifecycle and App install history

We are aware of an issue within the Troubleshooting + support blade where the Devices table > column App install lifecycle might show a status of "Failure" even if there are no issues with the apps on the device. Additionally, if you load the Managed Apps view for the impacted device and select a targeted app, the app install history might show "Failed to install"—even though the app has installed correctly on the device.

This issue appears to occur at random. For more information, see Known Issue: Status reporting for App install lifecycle and App install history on the Intune Customer Success blog.

Launching protected apps on Samsung A10 with biometric authorization cause the device to crash

  • Status: Active
  • Blog post: Known Issue: Android 10 Samsung A10 Biometric Authentication

There is a known issue with the Android 10 Samsung A10 biometric authorization (face recognition/thumbprint). Launching any apps with app protection policies (APP, also known as MAM) on an Android 10 Samsung A10 with biometric authorization enabled will cause the device to crash. We have disabled biometric authentication for affected devices. For more information, see Known Issue: Android 10 Samsung A10 Biometric Authentication.

Password reset issues for Intune-enrolled devices with iOS 13+

  • status: Active
  • Blog post: Support Tip: PowerShell Script now available for iOS Passcode Reset Token Known Issue

Intune shared a known issue in MC203629, whereby approximately 1% of devices Intune enrolled with iOS 13+ do not return the token needed to allow a password reset. Apple addressed the bug in 13.3.1 and higher, however, simply updating to 13.3.1 cannot fix already-enrolled devices. Devices without a password reset token will need to update to 13.3.1, then remove and then re-enroll in Intune. For more information and instructions to help you identify and fix affected devices, see Support Tip: PowerShell Script now available for iOS Passcode Reset Token Known Issue on the Intune Customer Success blog.

Profile error enrolling iOS devices with Apple Configurator

  • Status: Active
  • Blog post: Known Issue: Profile error enrolling iOS devices with Apple Configurator

We are aware of an issue when enrolling and iOS devices with Apple Configurator for Setup Assistant enrollment. After accepting Apply configuration on the device, you might see the error: "Invalid Profile: The configuration for your iPad/iPhone could not be downloaded from [Your Organization Name]." This is due to an invalid enrollment URL. For more information and a workaround, see Known Issue: Profile error enrolling iOS devices with Apple Configurator on the Intune Customer Success blog.

iOS certificate-based authentication issue with Pulse Secure 7.0.0 and Check Point Capsule Connect versions 1.600

  • Status: Active
  • Blog post: Known issue: Certificate-based authentication issue with Pulse Secure 7.0.0 for iOS and Check Point Capsule Connect versions 1.600 for iOS

There are issues with certificate-based authentication when using the Pulse Secure VPN client for iOS, version 7.0 and Check Point Capsule Connect version 1.600 for iOS. Specifically, both VPN clients may report that the certificate is missing from the device, even when the certificate has been properly delivered. These issues impact Intune in addition to other Enterprise Mobility Management providers. For more information and workarounds, see Known issue: Certificate-based authentication issue with Pulse Secure 7.0.0 for iOS and Check Point Capsule Connect versions 1.600 for iOS on the Intune Customer Success blog.

"Rename device" setting disabled for hybrid Azure AD joined Windows devices

  • Status: Feature disabled
  • Blog post: Known issue with "Rename device" setting for Windows 10 devices in the Intune console

In the Endpoint Manager admin center, we've disabled the "Rename device setting" for Windows devices that are hybrid Azure AD joined. This is to prevent device single sign-on errors that might occur after a user changes their password. Device renaming is available for co-managed devices that are Azure AD joined. For details, see Known issue with "Rename device" setting for Windows 10 devices in the Intune console on the Intune Customer Success blog.

iOS/iPadOS or macOS device unenrollment through management profile deletion may not be reflected in Microsoft Endpoint Manager

  • Status: Active

There is a known issue where the enrollment status of an iOS/iPadOS or macOS device may not update correctly in Microsoft Endpoint Manager if a user manually deletes the management profile. The device will be unenrolled from Intune, but it may not be reflected in Microsoft Endpoint Manager admin center for 30 days.

Known issues with Microsoft Intune - Intune (2024)

FAQs

What happened to Intune? ›

Microsoft Intune still exists -- both in name and product -- and is now part of MEM. Even as part of Microsoft Endpoint Manager, IT administrators can still use Intune as a separate management platform for mobile device management (MDM) and unified endpoint management (UEM).

Get More Info
Why is Intune Company Portal not working? ›

Company Portal Temporarily Unavailable

Cause: The Company Portal app on the device is out of date or corrupted. Solution: Remove the Intune Company Portal app from the device. On the device, open the browser, browse to https://portal.manage.microsoft.com, and try a user login.

Continue Reading
Why would a company choose to use Microsoft Intune? ›

Intune simplifies app management with a built-in app experience, including app deployment, updates, and removal. You can connect to and distribute apps from your private app stores, enable Microsoft 365 apps, deploy Win32 apps, create app protection policies, and manage access to apps and their data.

Read The Full Story
Which is better SCCM or Intune? ›

Furthermore, Intune supports limited monitoring and managing of non-Windows systems. SCCM is a potent tool that can manage a variety of endpoints and has rich functionality. However, it can be complicated to work with and expensive.

Learn More Now
How do I check my Intune enrollment failure? ›

Sign in to the Microsoft Endpoint Manager admin center and select Troubleshooting + support > Select user. Choose a user > Select. Under Enrollment failures, select a row to view more details about the failure and recommended remediation steps.

Continue Reading
Does Intune do patching? ›

Intune helps configure Windows Update for Business (WUfB) policies to patch. The latest update guide for Intune monthly patching is available in the following Cloud PC Monthly Patching Process Using Intune. You can also configure Windows 10 and 11 Feature Update using Intune policies.

View More
Can Intune manage patching? ›

You can configure, deploy, and pause update installation with Windows Update for Business settings using Microsoft Intune.

Get More Info
Can my company wipe my phone Intune? ›

IT admins can perform a remote wipe of an Android device through the organization's MDM provider. For most MDM providers, the process is relatively easy to carry out. Using Microsoft Intune as this example, admins can remotely wipe an Android device by following these steps: 1.

See Details
Can Intune work without Azure AD? ›

Enroll Device Only

In some cases, there is a need to only join the computer to Intune without joining the machine to Azure AD. When a computer is enrolled in Intune for device management, users can still use their Local ID on the machine with needing to change the username.

Explore More
What is Microsoft Intune called now? ›

The name Microsoft Endpoint Manager will no longer be used. Going forward, we'll refer to cloud management as Microsoft Intune and on-premises management as Microsoft Configuration Manager.

View More

How invasive is Intune? ›

The short answer is, not much. At least not directly. But there's a lot of control given to Intune administrators that could lead to more invasive snooping, or even more destructive actions.

Find Out More
What is the difference between Azure and Intune? ›

Azure Active Directory (Azure AD) is a universal identity management platform that incorporates user credentials and strong authentication policies to safeguard your company's data, while Microsoft Intune provides cloud-based mobile device management (MDM) and mobile application management (MAM).

Learn More Now
How good is Microsoft Intune? ›

Microsoft Intune is a great solution for businesses especially in a mobile workspace world. It provides a great solution in the form of mobile application management and mobile device management wherein IT team can easily manage licensing and deploying of applications on devices.

Read More
Can Intune monitor browsing history? ›

Intune doesn't collect nor allow an Admin to see the following data: An end users' calling or web browsing history. Personal email. Text messages.

Keep Reading
Can Intune wipe a personal device? ›

Wiping a device

Sign in to the Microsoft Endpoint Manager admin center. Select Devices > All devices. Select the name of the device that you want to wipe. In the pane that shows the device name, select Wipe.

Read On
What happens when you delete a computer from Intune? ›

Your device is removed from Company Portal and the app is uninstalled from your device. You can't install apps from Company Portal. You lose access to work apps and data on your device. Changes to device settings (for example, disabling the camera or requiring a certain password length) are no longer required.

Discover More Details
What can my employer see with Microsoft Intune? ›

Your organization can't see your personal information when you enroll a device in Microsoft Intune. Enrolling your device makes certain information, such as device model and serial number, visible to IT administrators and support people with administrator access.

Know More
Can my employer see my web activity? ›

The short answer to this question is — yes. Your employer can indeed see your browsing history through remote employee monitoring software. You should assume that your employer checks your browsing history regularly. Unfortunately, erasing your browsing history doesn't change anything.

Show Me More
Can Intune detect whether a device is jailbroken? ›

Intune can enforce compliance policies such as detection of jailbroken devices, weak passwords, unwanted applications, and operating systems that have not been updated.

Keep Reading
Top Articles
17 Vegetarian Recipes for a Crowd (Perfect for Big Batches)
25 Top Thanksgiving Recipes
What is the fund naming structure?
What are the pros and cons of real estate agent?
Latest Posts
17 Easy Japanese Onigiri Recipes Without Nori Seaweed - Chef JA Cooks
37 Healthy Kid Friendly Vegetarian Dinner Recipes
Article information

Author: Velia Krajcik

Last Updated:

Views: 5527

Rating: 4.3 / 5 (74 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Velia Krajcik

Birthday: 1996-07-27

Address: 520 Balistreri Mount, South Armand, OR 60528

Phone: +466880739437

Job: Future Retail Associate

Hobby: Polo, Scouting, Worldbuilding, Cosplaying, Photography, Rowing, Nordic skating

Introduction: My name is Velia Krajcik, I am a handsome, clean, lucky, gleaming, magnificent, proud, glorious person who loves writing and wants to share my knowledge and understanding with you.