Modern Device Management

  While working on a customer's Azure tenant, I came across an issue that I hadn't seen before. I was configuring the Intune tenant to provision Windows 11 devices using Autopilot. As part of the configuration, OneDrive for Business was also included to manage and secure user data. However, after provisioning a device, I soon started seeing issues with OneDrive failing to sync. I will only see a pop-up window displaying the message ' Sorry, OneDrive can't add your folder right now. Please contact support .'. Not really helpful. There was nothing in the Entra sign-in logs, so ruled out conditional access policies as the root cause. I also had the relevant licenses assigned so I ruled that out as well. Then I recalled that there was something similar in relation to Outlook mailbox device management setting which could interfere with Intune device management policies. Something that I also blogged about which you can check out over here . Not really like for like, but ...

For the last couple of days, I have been working on securing my own tenant and as a result of this, I wanted to enable passkeys for all my test accounts. Passkeys (FIDO2) not only improves productivity and provide better security, but also make the authentication process seamless by eliminating the need for entering a username or password. This can be achieved through both FIDO2 security key and Microsoft Authenticator. Due to this fact, Microsoft and its partners are investing in both synced and device bound passkeys for work accounts. However, and during my own testing, enabling passkey on the user's side can go into a loop when trying to add a passkey in Microsoft Authenticator application. This may not be a case for every tenant, but if you have conditional access policies created that specifically leverage phishing-resistant authentication strength, then you will most likely run into this issue. Luckily there are some work arounds available and require further actions. In this...