Wednesday 3 September 2014

ConfigMgr 2012 & Intune: Known authentication issues

There are some really cool new authentication features in Azure and ADFS. Unfortunately they don't play very nicely with Windows Intune and they can be really difficult to troubleshoot if you don't know what the problem is. There are no log files that can point you in the right direction. It just doesn't work.

I've recently seen two of these issues on customer sites:

When you use Multi-Factor Authentication and enroll a device with Windows Intune, you receive the error “This request couldn’t complete”
 

Workaround: Turn off Windows Azure Multi-Factor Authentication for the Windows Azure subscription you use with Windows Intune.

(Edit 25th November 2014: Azure Multi-Factor Authentication is now supported by Intune)

Windows Phone 8.1 devices fail to enroll with Windows Intune when device authentication is enabled in ADFS

Workaround: Disable device authentication on the ADFS server by unchecking "Enable device authentication" in Edit Global Authentication Policy


The workarounds aren't too clever. The feature is not supported - turn it off.

Here is another one (although I haven't seen this one in action)

When you enroll a Windows 8.1 device that must authenticate to a proxy server, the enrollment process fails with no visible indication as to the cause of the failure

Workaround: For Windows 8.1 devices that must enroll on a network that requires use of an authenticated proxy server, configure and save the credentials for the proxy server prior to enrollment of the device.

These issues have been documented in the "Release Notes for Windows Intune" 

http://technet.microsoft.com/en-us/library/jj662694.aspx

No comments:

Post a Comment