Introduction

This TechNet Wiki article lists frequently asked questions about Microsoft Intune. There is also an every-growing list of Intune resources in the Microsoft Intune Survival Guide

 

General

Q. How can I know when the Microsoft Intune service has been updated?

A. Log on to your account at manage.microsoft.com. In Administration Overview select View Service Status. The location of your tenant and the maintenance schedule are listed there. For details of the service updates see Windows Intune Service Updates on TechNet.

 

Q. If a user renames a device within the Company Portal app will that name change in Intune or Configuration Manager? 

A. No, that name change is only for the user’s convenience. 

 

Q. Is there a remote assistance functionality in Intune for mobile devices?

A. No there isn’t. Third party apps such as Lumia Beamer, Bomgar, and TeamViewer could be helpful.


Accounts

Q. If I start evaluating Intune and create a new tenant for the trial, can I add O365 to the evaluation using the same tenant? 

A. Yes. Just sign in using a global admin from your existing Intune tenant/subscription – i.e., globaladmin@<company>.onmicrosoft.com


Q. If I assign MDM authority to Intune during a trial subscription, does that make it difficult to switch to another company’s service if I change my mind about Intune?

A. Though it’s difficult to imagine you not sticking with Intune, the MDM authority choice does not affect your ability to move to another service. It’s specifically about choosing Intune or Intune + Configuration Manager for MDM. 

 

Q. Can I use my existing Office 365 domain name for my subsequent  Windows Intune account?

A. Yes, if you sign in with the organizational ID which is associated with your existing O365 tenant and verified domain when your either create their Intune trial or activate your licenses. Intune will then use the same domain/users/etc. as in your O365 account. Note that each O365 user would have to be enabled as an Intune user, using an Intune license. This would have to be done by the global administrator who manages the tenant. 


Enrollment

Q. Where can my end users learn how to enroll their devices?

A. You can provide that information to your end users using information from the Microsoft Intune Enrollment Instructions.

 

Mobile Device Management (MDM)

Q. Can Intune detect whether a device is jailbroken?

A. Yes, for some operating systems. For information on how to manage jailbroken devices, see Manage device compliance policies on TechNet. 


Q. Can I selectively wipe corporate data from a device?

A. Yes. For information about selective wipe see Help protect your data with remote wipe, remote lock, or passcode reset using Microsoft Intune.

 

Q. Is there a way to block certain websites on the mobile device browser through Windows Intune? 

A. Not on the native browser of any platform. However, you can control the URL whitelist and blacklist policies on the managed web browser on iOS and Android devices. For more information see Manage Internet access using managed browser policies with Microsoft Intune.

 

 Q.Can we restrict a user from uninstalling an app?

A. Generally, no. However, on a supervised iOS device you can prevent a user from uninstalling an app that was distributed using the Apple Configurator. For information about using supervised mode in Microsoft Intune, see Manage devices using configuration policies with Microsoft Intune.

 

Q. Is there a way to manage mobile data usage?

A. Not directly, but you can ensure that Wifi is the preferred method for connecting by pushing Wifi profiles to the devices, as described in this TechNet article. Also, some platforms (for example,  iOS and Android KNOX) enable the ability to control settings such as voice and data roaming.

 

Q. Is there a way to prevent a user from unenrolling a device? What if it’s a company-owned device?

A. In general, no. However, using custom Windows Phone settings, you can enforce this on Windows Phone 8.1. Also, for iOS devices that are supervised and enrolled in Apple’s Device Enrollment Program (DEP), it is possible to prevent a user from unenrolling a device.

 

Q. Can I switch my chosen MDM authority?

A. You can switch from Intune to Configuration Manager, from Intune to O365, and from O365 to Intune. To do so, make a request to Microsoft Support. You cannot change the MDM authority from Configuration Manager to Intune. 


Windows Phone

More Windows Phone Q&As can be found on Technet.

Q. Can I sideload a Windows Store app?

A. Publically available apps cannot be sideloaded. Even though you are able to download the XAP, you cannot upload it to Intune because it is a public XAP, encrypted and signed with the developer's code-signing certificate. Only apps you develop and sign with your own code-signing certificate can be sideloaded. 

 

Q. Do Windows Phone Store apps distributed through the Company Portal require that the end user have a Microsoft Account?

A. Yes, the end user will not be able to obtain the apps without a Microsoft Account. The exception is sideloaded, private LOB apps, which can be deployed to a device without a Microsoft Account.

 

Q. Is a Microsoft Account needed on a Windows Phone 8.1 in order for it to be managed by Intune?

A. No. However, it will be needed to install most apps from the public store.


Android

Q. How long does it take to encrypt an Android device?

A. This depends primarily on the speed of the device’s processor and the amount of total and used memory, and is not a function of Intune.


iOS

Q. When deploying iOS apps via Windows Intune, if the application’s IPA and Manifest file have been uploaded; does the device need an AppleID specified to continue installing?

A. No. When Intune is providing the bits (IPA uploaded to Intune), the applications are sideloaded and don’t require an Apple ID. 

 

Q. Is there a way to enable the installation of applications on iOS without allowing access to the Apple Store?

A. No, but you can enable the App Store and use blacklisting/whitelisting of apps on iOS to keep an eye on what users are doing. Sideloaded LOB apps don’t require access to the Apple App Store.

 

Q. Do Apple Store apps distributed through the Company Portal require that the end user have an iTunes account?

A. Yes, the end user will not be able to obtain the apps without an Itunes account. 

 

App Deployment

Q. How can I add a recommended app?

A. In Microsoft Intune, these are called "featured apps" and are documented in Deploy software to mobile devices in Microsoft Intune.

 

Q. Can I get additional cloud storage for apps I want to deploy?

A. Yes. You can read about this in Get started with app deployment in Microsoft Intune on TechNet, in the section Cloud storage requirements.


Security

Q. Can BitLocker be enforced by Intune?

A. The OMA-DM agent in Windows 8.1/RT allows you to read (get) the encryption status. You cannot set it. This is true for Microsoft Intune and for other mobile device management services.

 

Q. If I encrypt a Windows 8 tablet using BitLocker, may I enforce full device wipe if a user consecutively fails logon several times? 

A. There is no option for full wipe on Windows 8.1/RT devices for any mobile device management service, including Intune. Intune provides selective wipe for those devices. For more information on wipe/selective wipe in Intune, see http://technet.microsoft.com/en-us/library/jj676679.aspx.


Company Portal

Q. Can I customize my Company Portal?

A. Yes. In the Intune admin console, go to Admin>Company Portal for those settings

 

Troubleshooting

Q. How can I troubleshoot mobile device enrollment?

A. Information for admins to provide to their end users about troubleshooting enrollment is available here.

 

Microsoft Intune with Configuration Manager 2012

Q. Can I do a selective wipe on devices?

A. If you are using Configuration Manager 2012 R2 or later with Intune, you can do a selective wipe that removes company data. For more information see How to remote wipe mobile devices using Configuration Manager with Microsoft Intune.

 

Q. If I’m using Configuration Manager together with Intune, can I still use the Intune Admin Portal?

A. You can, but only PCs with the Intune agent installed will be manageable from that portal. There is also some other useful information in the portal regarding alerts about the service, service status, etc. but any device management settings there won’t apply to enrolled devices.

 

Q. Is it possible to change the MDM authority from Configuration Manager to Intune and from Intune to Configuration Manager? How?

A. You can change it from Intune to SCCM by making a request to Microsoft Support. You cannot change it from Configuration Manager to Intune.