Part 2 – Deploying Microsoft Intune Connector in an Enterprise world: troubleshooting

In a diptych I’m sharing my experiences, common practices and challenges of implementing Microsoft Intune PFX connector as certificate deployment mechanism in the enterprise.

IntunePFX

In my first blog post I covered the basics of implementing a certificate deployment infrastructure based on Microsoft Intune PFX connector. Explained the differences and considerations whether to choose SCEP or PFX as your certificate deployment solution. And explained the certificate issuing workflow. In this second post I’ll go in more detail of the anatomy of the Intune Certificate Connector, setup. Explaining the renewal and revocation process(flow) works. And lastly I give you some pointers where to start your journey, in case of troubleshooting certificate deployment issues.

Part 1 – Deploying Microsoft Intune Connector in an Enterprise world: common practices

Part 2 – Deploying Microsoft Intune Connector in an Enterprise world: troubleshooting

Continue reading “Part 2 – Deploying Microsoft Intune Connector in an Enterprise world: troubleshooting”

Part 1 – Deploying Microsoft Intune PFX connector in an Enterprise world…common practices

Last year I had the change to implement PFX certificate infrastructure for a large enterprise customer. Occasion of the project was a migration of Citrix XenMobile (XDM) to Microsoft Intune as strategic mobile device- and application management solution.

microsoft-intune-pfx-connector-architecture-overview
Microsoft Intune PFX connector certificate deployment architecture.

In a series of blogposts I’m sharing my experiences, design decisions, common practices and challenges of implementing Microsoft Intune PFX connector as certificate deployment mechanism in an enterprise environment.

Top 3 feature enhancements of Windows 10 Creators Update

Yesterday I received an update of the Windows Insiders Program which contains some great improvements which I’d to share with you. Hereby some highlights.

Mobile application management

With the Creators Update we’re introducing mobile application management, a new feature that will protect data on personal devices without requiring the device to be enrolled in a Mobile Device Management solution. As employees use their own devices at work more and more, we are providing IT with oversight to apply policies to the applications employees use to be productive. This helps keep corporate data more secure without taking on the added responsibility of managing employees’ personal devices.

 

Continue reading “Top 3 feature enhancements of Windows 10 Creators Update”

Microsoft Teams: How to overcome challenges with Windows Information Protection & Conditional Access

Recently Microsoft announced Microsoft Teams, a new chat-based platform in Office 365. For all mobile platforms (Android, iOS and Windows 10 Mobile) Microsoft released an native app, including a desktop app for Windows 10 and Mac OS X. The Microsoft Teams apps can be downloaded here. After I installed the Microsoft Teams desktop app on Windows 10 I bumped into the following funny message ‘Yikes! Looks like someone pulled the plug on the internet’.

clip_image001

Continue reading “Microsoft Teams: How to overcome challenges with Windows Information Protection & Conditional Access”

Windows Information Protection…notes from the field! #MSIgnite

Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps organizations to protect corporate data against potential data leakage.

information-protection-needsThe concept is fairly simple and is actually based on defining two lists:

  • A corporate boundary list, which represents both on-premise & cloud network locations where managed apps can access corporate data;
  • A list of managed (trusted) apps, which are allowed to open, modify & store corporate data within the corporate boundary list.

In this blog we will look at some practical examples which you have to consider for a successful implementation of Windows Information Protection including a top 4 of recommended practices.

Continue reading “Windows Information Protection…notes from the field! #MSIgnite”

Customize Windows 10 Start menu with Configuration Manager (MDM) or Microsoft Intune #OMA-URI

Undoubtedly you ever been asked the question to customize the Windows 10 start menu? Your response might be like “Sure, I’ll fix this by group policy, imaging (task sequence) or last resort by manually importing a .xml file.” All – almost all – valid options in a fully managed environment where your clients are domain joined (Active Directory) and/or fully managed by Configuration Manager or MDT. But hey what about your non-domain joined Windows 10 devices which are outside the company and managed by Microsoft Intune (MDM)? Well OMA-URI is your best friend! Smile

Configuration Service Provider (CSP)

In Windows 10 Enterprise and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start layout to users. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead. With Microsoft Intune (MDM), you define the Start layout using an OMA-URI setting, which is based on the Policy configuration service provider (CSP).

Continue reading “Customize Windows 10 Start menu with Configuration Manager (MDM) or Microsoft Intune #OMA-URI”

Unlock your Windows 10 PC with your Windows Mobile Phone Sign-in App

image

As Windows 10 expert you probably know there are many ways to log on to your Windows 10 device. Windows 10 already does a lot to spare you from typing in your password. Windows Hello and Microsoft Passport are technologies are part of the Windows 10 operating system and help mitigate threats from conventional credentials. With Phone Sign-in app (Beta) Microsoft releases a new way of logging on to your Windows 10 device.

Continue reading “Unlock your Windows 10 PC with your Windows Mobile Phone Sign-in App”