Intune FAQ For Admins

1. What account should I use in Intune for administrative tasks?

Use the admin-kerberos@ad3.ucdavis.edu account for all Intune-related administrative tasks and permissions. The "!" account is only recognized as a standard account in Intune, so continue using it for Active Directory (AD) and Organizational Unit (OU) domain tasks only.

2. Can I reset an Intune device?

No, do not reset an Intune device from the device itself. This option is reserved only for transitions from OU to Intune.

3. How can I reimage an Intune device?

In the Intune Admin Center, locate the device and select Wipe, without checking any additional boxes—this will act as a reimage. Ensure the device is plugged in and connected to a network for the process to complete.

4. Can I use multiple accounts on an Intune device (e.g., Kerberos and student accounts on a shared device)?

Yes, you can. Refer to the "How to Set Up Your Shared Device for Student Use" document for setup instructions.

5. How do I elevate a user's permissions from Standard to Admin on their device?

Open Command Prompt as an administrator, log in with your admin account, and run the following command, replacing “UID” with the actual user ID:

6. How do I remote into an Intune device?

Use Bomgar to remote into the device:

1. Have the user visit http://support.ucdavis.edu and provide them with a code.

2. In the future, Bomgar will be installed directly on devices for easier access.

7. How do I elevate my rights in Bomgar on an Intune device?

Sign in with azuread\admin-kerberos@ad3.ucdavis.edu and advise the user to approve the elevation request.

8. What should I do if Intune enrollment fails?

Enrollment failures are often caused by low or unstable internet speeds, particularly if you see error code 0x81036502 during app installations. Follow these steps:

1. Restart the device via Intune.

2. After restarting, most users should be able to log in. If it returns to the enrollment page:

   • In Intune, select Wipe to redeploy and initiate the enrollment process again.

9. Can I remote into a computer using RDP in Intune?

Yes, you can. Locate the device's IP address in Intune:

1. Go to Intune → Devices → search for the device → Hardware. The IP address will be listed there.

2. Use the IP address to initiate an RDP session.

3. Log in with your admin-kerberos@ad3.ucdavis.edu account.

10. Do shared devices have limitations?
Yes. Shared devices are available for users with non-A3 licenses, so they don’t have an Intune plan. As a result:

• Devices cannot sync.

• The Company Portal will be unavailable.

To fix this, log in with an A3 license to initiate the sync. We are also exploring the possibility of getting an Intune add-on license in the future.

11. Does Intune deploy Windows 11?
Yes. Intune will automatically deploy Windows 11 and update it every patch week. This process is set up to run autonomously.

• If a restart is required, inform the user that the laptop will update. If they restart the device before patch week, they will see it update to Windows 11.

12. How many devices can I enroll in Intune?
The tenant is set to allow only five device enrollments. Please never enroll a device that is not yours in Intune.

13. What should I do if all troubleshooting steps fail?
Contact Salam Abdelgader via:

• Teams or email: SAbdelgader@ucdavis.edu

• Direct line: 530-219-3706 (for urgent issues).