Many of our detect and remediate scripts have a "request policy is null" when we attempt to review settings under manage\properties. Our secondary accounts are elevated in PIM as "Intune Admin."
Request policy is null. Provided id: redacted guid (Code: UnknownError)
Any ideas?
I was hardening the tenant and now no one can share SharePoint files with our clients/customers. We have a specific site but none of the settings work. Instead of getting a one-time code, users must authenticate to our tenant. This appeared to work before I messed with things but I am also reading online that OTP is going away soon. I suspect I broke it as I reverted and complete lockout was reversed but not everything.
Below is what I put in for my support ticket. My last support ticket was closed after two months of no contact so I am looking for other help.
On 5/14/2026 at 3:51 PM UTC, setting AllowEmailVerifiedUsersToJoinOrganization to false via Graph PowerShell triggered a Set Company Information event that added RestrictEmailVerifiedUsers to our tenant DirectoryFeatures. External guests can no longer authenticate via Google federation or email OTP — only Microsoft 365 login is presented. Reversing the setting via PowerShell and UI did not remove the DirectoryFeature. Need RestrictEmailVerifiedUsers removed from tenant DirectoryFeatures.
Can any one recommend open source projects that scan tenants for configuration deficiencies?
We have CISA scuba today, and I used to use Azure Security Kit (AzSK) and Azure Tenant Scanner(AzTS) at another company. We also use Defender's secure score.
Searching here, I found https://maester.dev/
Can anyone recommend others or have you looked at maester.dev?
We have observed that if we want to connect to Windows 365 VM, acting as a PAW, using our secondary admin account, coming from our primary laptop, we need to disable token protection on the secondary admin account.
Additionally, we onboarded a vendor and gave her a windows 365 VM. We had to disable the token protection rule for her too. She does not have a company computer from us, just the Windows 365 VM.
The message says I need to register or enroll the device. Our primary laptops are enrolled and are compliant per other CA policies. The vendor's computer personal (work laptop but not 'our work laptop' is not compliant or enrolled with us."
Bypassing token protection allows us to proceed.
Is there another way? Are we doing something wrong?