Integrate your Microsoft Intune device enrollment with Azure AD!

May this year Microsoft announced a new capability of automatically enroll devices in Microsoft Intune as part of joining devices in to Azure AD (Premium). By joining a Windows 10 device to Azure AD it is extremely easy for end users to get the benefits of single sign-on, OS state roaming, and management capabilities.

image

This will work with both Microsoft Intune and with 3rd party MDM solutions. In this blog post I’ll show you how ease and transparent this process is and how powerful the integration is of Microsoft Online Services and Windows 10!

Continue reading “Integrate your Microsoft Intune device enrollment with Azure AD!”

The Enterprise Mobility Suite Portal Survival Guide

survival-guide I’m more than happy being your tour guide for today and walkthrough the various portals that the Microsoft Enterprise Mobility Suite (EMS) houses. For those who are involved with EMS, this might be a handy overview of all current available portals. I often heard  that it is not always clear which portal you need and where you can find it. In this blog I’ll do my best to cover all the portals including their purpose.

Continue reading “The Enterprise Mobility Suite Portal Survival Guide”

What’s new in Microsoft Intune Service Update – May 2015

Latest-UpdatesToday the Microsoft Intune product team announced next set of Intune features that will be released between May 19 and May 26.  With this monthly release cadence, Microsoft continue to focus on providing customers with best-in-class experiences that help keep users productive while protecting company’s sensitive data. You can expect to see the following new Intune standalone (cloud only) features in this release:

  • Ability to extend application protection to your existing line-of-business apps using the Intune App Wrapping Tool for Android (Intune App Wrapping Tool for iOS made available in December 2014)
  • Ability to assign help desk permissions to Intune admins, filtering their view of the Intune admin console to only provide access to perform remote tasks (e.g. passcode reset and remote lock)
  • RSS feed notification option added for Intune admin to subscribe to be alerted when new Intune service notifications are available for their service instance
  • Improved end user experience in the Intune Company Portal app for iOS with step-by-step guidance added on how to access corporate email by enrolling for management and validating device compliance
  • Updated Intune Company Portal app for Windows Phone 8.1 to provide enhanced status notifications for app installations
  • New custom policy template for managing new Windows 10 features using OMA-URI
  • New per-platform mobile device security policy templates for Android, iOS, Windows, and Windows Phone, in addition to new Exchange ActiveSync policy template
  • Ability to deploy Google Play store apps that are required/mandatory to install on Android devices

Continue reading “What’s new in Microsoft Intune Service Update – May 2015”

Mobile Device Management not available in your Office 365 subscription!?

Office 365 MDM

In case you want to play around and do some hands-on with Mobile Device Management in Office 365 but you couldn’t find it!

Thank you for contacting Microsoft Intune Technical Support. For questions or update on this Service Request, you may reply to this email thread or call the Microsoft Support number .

PLEASE NOTE:

While Mobile Device Management (MDM) for Office 365 has been officially announced we are still in the process of rolling it out to Office 365 customers over the next 4 to 6 weeks (Starting from 3/30/2015). We don’t currently have exact dates for when it will be available for your subscription. Continue reading “Mobile Device Management not available in your Office 365 subscription!?”

ICYMI: 50 Enterprise Mobility tips you should consider!

iot

Last weekend Rob Tiffany announced a fun but just as usefully 50 enterprise mobility tips twitter live stream. If you’re doubting how to address Enterprise Mobility in your company, these 50 pointers should give you a good start to feel comfortable and start embrace Enterprise Mobility.

I’ve tried hard to create my favorite top 5 Enterprise Mobility tips – but I didn’t make it…

Continue reading “ICYMI: 50 Enterprise Mobility tips you should consider!”

Blacklist Apps on Windows Phone 8.1 by native Microsoft Intune

First of all happy new year! May it a healthy, be happy and succesfull year to you and yours. Looking forward to new technical developments, challenges and meetig interesting people.

With the December update of Microsoft Intune new policy templates became available which enables you to have more control of your managed mobile devices. One of the new policies is the Windows Phone Configuration Policy template. With the Windows Phone Configuration Policy template you’re able to allow or block apps on Windows Phone 8.1 devices. Policies created from this template can be deployed to both user and device groups and will only applied to devices which are managed by Microsoft Intune.

In this blog I’ll show you how to prevent apps being installed from the Windows Phone Store or disallow the use of already installed apps.

Windows Phone Configuration Policy

  • In the Intune administration console, click Policy > Add Policy
  • Select Windows Phone Configuration Policy (Windows Phone 8.1 and later) and click Create Policy

image

 

Continue reading “Blacklist Apps on Windows Phone 8.1 by native Microsoft Intune”

Part 3 – Deploy certificates to mobile devices using Microsoft Intune NDES – Deployment

In the first two blog posts I covered the theory how deployment of certificates works to mobile devices using Microsoft Intune NDES connector followed by setup and configuring the connector.

In this third blog – part 3 – I’ll outline the depoyment of both Trusted CA Certificate Profile and SCEP Certificate profiles to mobile devices.

Continue reading “Part 3 – Deploy certificates to mobile devices using Microsoft Intune NDES – Deployment”

Updated Windows Phone 8.1 Enterprise Device Management Protocol

As per latest update release (currently enrolled) of Microsoft Intune, it provides now full support of OMA-URI. This seemingly small feature introduces ‘endless’ capabilities which opens a new era of Enterprise Mobility! Endless possibilities and scenario’s allows you to take full benefit of all existing and new features which offers Microsoft Intune and Windows Phone 8.1.

According to the Microsoft Intune update of December the Windows Phone 8.1 Enterprise Device Management Protocol guide has been updated including improved current feature set and introduces new capabilities such as managing Wi-Fi profiles configuration for Windows Phone 8.1.

image

Hereby an overview of updated and new Windows Phone 8.1 capabilities:

New in Windows Phone 8.1

  • Enterprise application restrictions
  • EnterpriseAssignedAccess configuration service provider
  • Logging support for Enterprise server creation
  • PolicyManager configuration service provider
  • RemoteLock configuration service provider
  • RemoteRing configuration service provider
  • VPN configuration service provider
  • Web Authentication Broker Support in enrollment process
  • Wi-Fi configuration service provider

Updated in Windows Phone 8.1

  • Certificate configuration
  • CertificateStore configuration service provider
  • Discovery web service
  • DMClient configuration service provider
  • Enterprise application install, update, uninstall

The updated Windows Phone 8.1 Enterprise Device Management Protocol document can be downloaded here.

KB3002291: MDM settings are not applied to cloud-managed users in Configuration Manager 2012 R2

hotfixJust drop you a quick line a new hotfix for Configuration Manager 2012 R2 is released which improves the process of getting policies applied to mobile devices. When a user becomes a cloud-managed user (CloudUserID), a settings policy may not target the assignment for the user this due to different user(s) with same clouduserID. This behavior was introduced by CU2 and CU3.

  • This problem affects only environments that use the Intune Connector together with Configuration Manager 2012 R2.
  • This problem occurs only when Cumulative Update 2 or Cumulative Update 3 for Configuration Manager is installed.

To apply this hotfix, you must have Cumulative Update 2 or Cumulative Update 3 for System Center 2012 R2 Configuration Manager installed.

For more details and download see http://support2.microsoft.com/kb/3002291

For a complete list of all available hotfixes and update please consult the List of Public Microsoft Support Knowledge Base Articles wiki page.

Update: Hotfix solves issue publishing Network Device Enrollement Service (NDES) through Web Application Proxy (WAP) KB30137609

UPDATE! Hereby a quick note that you no longer have to contact support, it’s available in the in the December Windows Update. Just install the latest Windows Update on your Windows Server 2012 R2 and you should be good to go. December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 http://support.microsoft.com/kb/3013769

UPDATE! A private hofix (for now) is available that fixes URL length issues with Windows Application Proxy (applicable for NDES deployments) KB523052. This hotfix can be requested through a PSS case. For more details click here.

For those who are using Web Application Proxy (WAP) and intent or already have been published Network Device Enrolment Service (NDES) might noticed this isn’t working, even when pass-through preauthentication is configured. This post will go into details how NDES is working including a brief explanation of the issue.

The Network Device Enrollment Service (NDES) allows mobile devices running without domain credentials to obtain certificates based on the Simple Certificate Enrollment Protocol (SCEP). The user certificates can be used for managing company resource access (E-mail, WiFi- and VPN profiles) instead of using user name + password. This existing technique is recently emphatically re-evaluated by the use and application for mobile device management in relation to BYOD scenarios.

Continue reading “Update: Hotfix solves issue publishing Network Device Enrollement Service (NDES) through Web Application Proxy (WAP) KB30137609”