KB3002291: MDM settings are not applied to cloud-managed users in Configuration Manager 2012 R2

hotfixJust drop you a quick line a new hotfix for Configuration Manager 2012 R2 is released which improves the process of getting policies applied to mobile devices. When a user becomes a cloud-managed user (CloudUserID), a settings policy may not target the assignment for the user this due to different user(s) with same clouduserID. This behavior was introduced by CU2 and CU3.

  • This problem affects only environments that use the Intune Connector together with Configuration Manager 2012 R2.
  • This problem occurs only when Cumulative Update 2 or Cumulative Update 3 for Configuration Manager is installed.

To apply this hotfix, you must have Cumulative Update 2 or Cumulative Update 3 for System Center 2012 R2 Configuration Manager installed.

For more details and download see http://support2.microsoft.com/kb/3002291

For a complete list of all available hotfixes and update please consult the List of Public Microsoft Support Knowledge Base Articles wiki page.

Advertisements

Update: Hotfix solves issue publishing Network Device Enrollement Service (NDES) through Web Application Proxy (WAP) KB30137609

UPDATE! Hereby a quick note that you no longer have to contact support, it’s available in the in the December Windows Update. Just install the latest Windows Update on your Windows Server 2012 R2 and you should be good to go. December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 http://support.microsoft.com/kb/3013769

UPDATE! A private hofix (for now) is available that fixes URL length issues with Windows Application Proxy (applicable for NDES deployments) KB523052. This hotfix can be requested through a PSS case. For more details click here.

For those who are using Web Application Proxy (WAP) and intent or already have been published Network Device Enrolment Service (NDES) might noticed this isn’t working, even when pass-through preauthentication is configured. This post will go into details how NDES is working including a brief explanation of the issue.

The Network Device Enrollment Service (NDES) allows mobile devices running without domain credentials to obtain certificates based on the Simple Certificate Enrollment Protocol (SCEP). The user certificates can be used for managing company resource access (E-mail, WiFi- and VPN profiles) instead of using user name + password. This existing technique is recently emphatically re-evaluated by the use and application for mobile device management in relation to BYOD scenarios.

Continue reading “Update: Hotfix solves issue publishing Network Device Enrollement Service (NDES) through Web Application Proxy (WAP) KB30137609”

Troubleshooting Microsoft (Windows) Intune Extensions

Most of you are problably aware of Microsoft (Windows) Intune extensions and using them briefly without any issue(s). New extensions becomes automatically available through the Microsoft Intune connector and new updates are merged or installed to introduce new features taking benefits of the Microsoft Intune cloud services platform.

So far so good…but if you’ve bad luck extensions comes partly down or becomes not available at all to your Configuration Manager instance! Unfortunately there is no way to force a trigger of the tenant discovery process and thus the installation of Microsoft Intune extensions. In normal circumstances it will take up to 24 hours after registering your Intune subscription untill the Intune extensions comes down to your Configuration Manager instance. This pitty if you would speed up the process of installing new deployments or you’re in a disaster recovery scenario. Hereby some guidelines for troubleshooting Microsoft Intune extensions, logs locations(s), Certificate Thumbprint ID, SQL query and validating the connectivity with Microsoft Intune.

Continue reading “Troubleshooting Microsoft (Windows) Intune Extensions”

Deploy Active Directory Federation Services (AD FS) 3.0 in a pre Windows Server 2012 R2 era

As you probably know a prerequisite for implementing Active Directory Federation Services (AD FS) based on Windows Server 2012 R2 is to have at least a Windows Server 2012 R2 domain controller available in your infrastructure.

image

This in order to take benefit of using Group Managed Service Accounts (GMSA – generated and maintained by the Key Distribution Service (KDS) on at least Windows Server 2012 domain controllers). The same applies to Device Registration service (DRS) aka Workplace Join, which is responsible for activation and enrolment of controlled devices and represented by a new schema class in Active Directory Domain Services (AD DS). Continue reading “Deploy Active Directory Federation Services (AD FS) 3.0 in a pre Windows Server 2012 R2 era”

A closer look at Windows Intune Extensions…what’s in it for me?

In a nut shell: Windows Intune Extensions are new features which will be delivered by your Windows Intune Cloud Services (Windows Intune Connector) into your Configuration Manager site.

image
proces of installing Windows Intune Extensions

What are Windows Intune Extentions?

With extensions you are able to introduce new capabilities through Windows Intune are available from within the Configuration Manager console. Configuration Manager administrators can enable individual extensions to gain access to these new capabilities without waiting for the next service pack or major product release to introduce that functionality. Continue reading “A closer look at Windows Intune Extensions…what’s in it for me?”

Windows Intune Client – Behind the Scenes #SysCtr

Windows_intune_logo

As Microsoft announced on September 23rd updating their Windows Intune cloud service which will be available October 18th I thought it might be interesting having a closer look what is going-on after installing the Windows Intune client agents software.

In this post I will cover the following points of Windows Intune. Enjoy Glimlach

  • Windows Intune Client Software
  • Windows Intune Software Components
  • Windows Intune Log Files
  • Windows Intune Registry
  • Windows Intune Services
  • Windows Intune Operation Manager
  • Windows Intune Endpoint Protection
  • Windows Intune Task Scheduler
  • Windows Intune Center
  • Windows Intune Service Endpoints

Continue reading “Windows Intune Client – Behind the Scenes #SysCtr”

Overview of Settings Management in R2 & “Wave E”

As you might know Microsoft has started upgrading the Windows Intune cloud service to the next version, Wave E  which will be (GA) available on October 18th together with System Center R2.

image

With the arrival of these new product versions Microsoft introduces a lot of new features and settings related to Unified Device Management #UDM (formerly known as Mobile Device Management #MDM). Some new features are:

  • Extended Windows Intune connector
  • Native Self-Service Portal App for Windows iOS & Andriod platform
  • Support for Work Folders
  • Resource Access
  • Selective Wipe

Ronni Pedersen provides in a blog post a complete overview of all new features comming with R2 and wave E.

Continue reading “Overview of Settings Management in R2 & “Wave E””