Confirmed that it is currently by design that conditional access allows only one identity per device at this time. We hear that you need this and we’re looking into it. I’ve changed the title and category to indicate that this is related to conditional access.
Again, this is just for multiple identities from the same company. If you’re looking for having one device with identities from two different companies, that idea is here:
@Rolf - I looked at the text for the one I merged in, shared mailbox access, and it says
"Many intune users have a shared mailbox they need to access in addition to their own personal mailbox. Additionally, administrative assistants often have rights to manage other users’ email and/or calendars but are unable to access these additional mailboxes/calendars via Intune."
So I agree that the scenario of having multiple "management authorities" is a different thing, but the text on both this one and shared mailbox access are the same thing.
Here are a few that are closer to the "multiple management authorities" https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/34254874-support-multiple-partner-device-management-entires
I'm going to rename this one to make it more clear.
Thanks, @Frank, I think you're right, they are similar enough to merge. I'll do that.
You can get the policy using the Graph API, which is even better because then you can script it to set the policy in another tenant. Would that get you what you want? Or is it an actual button you want?
It's not so much a question of "preference", more a question of expediency. Graph will work now. We build our entire UI on Graph, so if you can do it in in the UI, you can do it in Graph.
At some point we'll have a native PowerShell implementation (it's our #1 request right now) and that will be even easier to export and import, even with minimal PowerShell skills.
We can still keep a request around for a button, but it would have to be something that got lots and lots of votes to get attention when there are already other ways to do it.
1 voteAdminCathy Moya (UserVoice admin for Intune, Microsoft Intune) supported this idea ·
Access is already controlled, because users have to authenticate to access the web portal, so only authenticated users can execute actions. And the portal is how users can tell if a device is compliant and if not, what remediation to do. So I'm not sure what threat you're trying to mitigate with this.
Can you tell me more about the error message you're talking about? Maybe link a screen shot to this request? Otherwise it's hard for me to know which team to route this to.
I’m not really sure what you’re asking for here.
For the company portal changes, have you seen this topic, UI updates for Intune end user apps?
We update that regularly whenever we make changes that end users will see, because we heard from customers that it helps them keep their internal docs up to date.
We don’t provide pictures for the Intune admin console because there’s too much UI to cover too frequently, but we do document what’s changing here https://docs.microsoft.com/en-us/intune/whats-new and we update that frequently. Also, when we do our major monthly service release, we post a notification in the Office Message Center at portal.office.com and remind you to look at the What’s New topic for the fresh updates for that service release.
Is there something different you’re asking for?
OK, let me dig a bit more. :-) When you say "the best place for notifications to be placed are in the Dashboard itself", what kinds of notifications would you want to see - the notice that currently shows up in office.portal.com saying "your service has been updated", or the actual list of the changes that is currently in the docs? Or something else? Or all of the above? Walk me through your ideal experience.
We already have some of these suggestions that people are voting for. I know people want to say in a blanket way "make it like that", but blanket requests aren't really actionable. I'll leave this here, but the better way to get traction is to focus on the things you want most so we can prioritize that with all the other internal and external requests.
Hi, Carlos, could you give us more detail about what you mean with this?
@Aaron, the malware is a dupe, but not the hardware and updates.
@Will, when you say "Intune client", do you mean the full PC client or the MDM agent? I don't understand if you're asking for managing malware on devices not enrolled for Intune MDM, or if you're asking for devices enrolled for MDM to have the same malware capabilities as the PC client. Can you clarify?
I'm moving this to the Graph forum as well, because even though you are asking for REST, we're providing automation via Graph, and that category is where the Graph people are more likely to see it.
Hi, Mike, the thing is, to do things like pushing apps, we need a certain amount of trust on the device, which comes from installing the management profile, which comes during enrollment. If an app is "enlightened" for MAM-WE, then the app can follow rules about how to handle the data. But to get the app on the device, either the user has to pick it or we need that bootstrap trust to be able to push things to the device.. . .
@TheScreamingRichard – If you can do it in the UI, you can do it with Graph – we build the UI entirely on top of Graph. :-)
This page has the remote actions
There’s one member called
and there’s a different member called
there’s also one called
I’m assuming it’s one of those you’d be able to call for a Graph-based solution, though our Graph people are all at Build this week so if that’s not what you need I can ask them when they get back.
@David, you might be able to automate this with the Graph API - thoughts?
Hi, Amit, I think what you're asking for is that apps installed from the app store is updated in the app store - is that right?
@Urooj, if something is broken, I encourage you to open a support ticket. If there's a configuration issue, they can help you fix it. If it's a problem with the service, the support engineers can work with the product team to fix the service.
To open a support request, go to portal.office.com, click Support in the left navigation, and then click Overview. Click Mobile Device Management and follow the steps. Support for Intune, and for Intune when used with Configuration Manager, is free of charge. Premier Support customers incur charges for procedure questions (for example, how to go about configuring an Intune feature).
You can exempt user groups - are you asking to be able to exempt device groups in addition to user groups? It seems for VIPs like a user group would be a better way to go, so all their devices would be exempt.
@Sonia, it sounds like you might need more help than I can give in a forum like this. I'd encourage you to call our support line and have them walk you through it and see if there are problems that need troubleshooting.
Support is included with the service. To open a support request, go to portal.office.com, click Support in the left navigation, and then click Overview. Click Mobile Device Management and follow the steps.
@Sean - again, I'd need to know which device platform you're talking about to be able to comment for sure.
Yah, the thing with that is, some things can't get removed because of platform restrictions. We'd like selective wipe to clean up as much as we can, but if the OS won't let us, we're sort of stuck. If you can give a specific example of a profile and platform you're not seeing removed, I can verify with that feature team that it's due to an OS limitation.
Hi, I'm not really sure what you're asking for. Are you looking for a telecom solution provider to show you Intune and help you deploy it? Or are you a telecom services provider and want to see more about the features we're offering in the Intune on Azure portal preview?
Hi Andrew, check out this new feature we released for April
Does that get you want you wanted?
hi, we just released an Intune update where we provide in-console reporting for MAM without enrollment. I don't know if this gets us any closer to what you want, but thought you might be interested.
@Michael, thanks, yes, I agree, I"ll merge it.
OK, I'll leave this here. As we've already said, we're moving to the new Azure portal, so expect that reporting will also change a lot in the new console.
I asked Karthika, the author of the topic referenced below. She said:
"I don’t think there is a way to get a list of users who do not have a policy, which may be what this customer is looking for.
But you can search for a user and get their status as explained in the detailed view section of the topic. I just tested this specifically, and if you the user you search for does not have a policy the status will say “ This user is not targeted for any app policies”. So I can call this out where we talk about the status, that should help at least if a customer wants to know if an end-user has policy or not."
@Jack: Do you think that would help?
BTW, the link below changed when we moved all the docs off of TechNet to our new doc library.
Hi, we recently announced the new offering, Intune for Education.
I've created a new category and moved this from the MDM category.