Part 2 – Deploying Microsoft Intune Connector in an Enterprise world: troubleshooting

In a diptych I’m sharing my experiences, common practices and challenges of implementing Microsoft Intune PFX connector as certificate deployment mechanism in the enterprise.

IntunePFX

In my first blog post I covered the basics of implementing a certificate deployment infrastructure based on Microsoft Intune PFX connector. Explained the differences and considerations whether to choose SCEP or PFX as your certificate deployment solution. And explained the certificate issuing workflow. In this second post I’ll go in more detail of the anatomy of the Intune Certificate Connector, setup. Explaining the renewal and revocation process(flow) works. And lastly I give you some pointers where to start your journey, in case of troubleshooting certificate deployment issues.

Part 1 – Deploying Microsoft Intune Connector in an Enterprise world: common practices

Part 2 – Deploying Microsoft Intune Connector in an Enterprise world: troubleshooting

Continue reading “Part 2 – Deploying Microsoft Intune Connector in an Enterprise world: troubleshooting”

Part 1 – Deploying Microsoft Intune PFX connector in an Enterprise world…common practices

Last year I had the change to implement PFX certificate infrastructure for a large enterprise customer. Occasion of the project was a migration of Citrix XenMobile (XDM) to Microsoft Intune as strategic mobile device- and application management solution.

microsoft-intune-pfx-connector-architecture-overview
Microsoft Intune PFX connector certificate deployment architecture.

In a series of blogposts I’m sharing my experiences, design decisions, common practices and challenges of implementing Microsoft Intune PFX connector as certificate deployment mechanism in an enterprise environment.

Windows Information Protection…notes from the field! #MSIgnite

Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps organizations to protect corporate data against potential data leakage.

information-protection-needsThe concept is fairly simple and is actually based on defining two lists:

  • A corporate boundary list, which represents both on-premise & cloud network locations where managed apps can access corporate data;
  • A list of managed (trusted) apps, which are allowed to open, modify & store corporate data within the corporate boundary list.

In this blog we will look at some practical examples which you have to consider for a successful implementation of Windows Information Protection including a top 4 of recommended practices.

Continue reading “Windows Information Protection…notes from the field! #MSIgnite”

Important! Updated Microsoft Intune Company Portal app for iOS supports only iOS 8.0 or higher.

image

In case you missed it, Microsoft recently announced the Microsoft Intune Company Portal app for iOS will be updated. Why this might be important to you?

Why updating?

As Apple releases new versions of iOS, they release new functionality, so there is a lack of functionality available on older iOS versions. Ending support for these older versions and encouraging end users to upgrade leads to a better end-user experience and allows us to prioritize the release new functionality for customers. This adjustment to support iOS 8.0 and later brings the iOS Company Portal app into alignment with the version support of the Office apps and many other Microsoft (and non-Microsoft) apps

Continue reading “Important! Updated Microsoft Intune Company Portal app for iOS supports only iOS 8.0 or higher.”

Programma System Center Summer Night 2016 bekend!

SCUG.6001_summer_night_bbq_V01

Nog een kleine maand te gaan en dan is het zover –  de System Center Summer Night 2016! De afgelopen week hebben we hard gewerkt om het programma rond te krijgen. En met succes! Naast keynote spreker Andrew de la Haye hebben we een groot aantal Microsoft sprekers, Microsoft MVP’s en experts bereid gevonden om te komen spreken tijdens de System Center Summer Night. Een gevarieerd programma met maar liefst 9 sessies, uiteenlopend van Azure Stack tot The Modern Workplace, Incident response team tot Infrastructure as Code en van Configuration Manager Sneak Preview tot een blik op de toekomst van het internet!

Mede dankzij onze sponsoren hebben we de luxe om ook de toegang tot dit evenement GRATIS aan te kunnen bieden (hier over later meer). Inschrijven voor de System Center Summer Night 2016 – op donderdag 23 juni – doe je hier.

Continue reading “Programma System Center Summer Night 2016 bekend!”

Customize Windows 10 Start menu with Configuration Manager (MDM) or Microsoft Intune #OMA-URI

Undoubtedly you ever been asked the question to customize the Windows 10 start menu? Your response might be like “Sure, I’ll fix this by group policy, imaging (task sequence) or last resort by manually importing a .xml file.” All – almost all – valid options in a fully managed environment where your clients are domain joined (Active Directory) and/or fully managed by Configuration Manager or MDT. But hey what about your non-domain joined Windows 10 devices which are outside the company and managed by Microsoft Intune (MDM)? Well OMA-URI is your best friend! Smile

Configuration Service Provider (CSP)

In Windows 10 Enterprise and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start layout to users. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead. With Microsoft Intune (MDM), you define the Start layout using an OMA-URI setting, which is based on the Policy configuration service provider (CSP).

Continue reading “Customize Windows 10 Start menu with Configuration Manager (MDM) or Microsoft Intune #OMA-URI”

KB3002291: MDM settings are not applied to cloud-managed users in Configuration Manager 2012 R2

hotfixJust drop you a quick line a new hotfix for Configuration Manager 2012 R2 is released which improves the process of getting policies applied to mobile devices. When a user becomes a cloud-managed user (CloudUserID), a settings policy may not target the assignment for the user this due to different user(s) with same clouduserID. This behavior was introduced by CU2 and CU3.

  • This problem affects only environments that use the Intune Connector together with Configuration Manager 2012 R2.
  • This problem occurs only when Cumulative Update 2 or Cumulative Update 3 for Configuration Manager is installed.

To apply this hotfix, you must have Cumulative Update 2 or Cumulative Update 3 for System Center 2012 R2 Configuration Manager installed.

For more details and download see http://support2.microsoft.com/kb/3002291

For a complete list of all available hotfixes and update please consult the List of Public Microsoft Support Knowledge Base Articles wiki page.