Integrate your Microsoft Intune device enrollment with Azure AD!

May this year Microsoft announced a new capability of automatically enroll devices in Microsoft Intune as part of joining devices in to Azure AD (Premium). By joining a Windows 10 device to Azure AD it is extremely easy for end users to get the benefits of single sign-on, OS state roaming, and management capabilities.

image

This will work with both Microsoft Intune and with 3rd party MDM solutions. In this blog post I’ll show you how ease and transparent this process is and how powerful the integration is of Microsoft Online Services and Windows 10!

Continue reading “Integrate your Microsoft Intune device enrollment with Azure AD!”

The Enterprise Mobility Suite Portal Survival Guide

survival-guide I’m more than happy being your tour guide for today and walkthrough the various portals that the Microsoft Enterprise Mobility Suite (EMS) houses. For those who are involved with EMS, this might be a handy overview of all current available portals. I often heard  that it is not always clear which portal you need and where you can find it. In this blog I’ll do my best to cover all the portals including their purpose.

Continue reading “The Enterprise Mobility Suite Portal Survival Guide”

Recap of a great community week!

Last week was a blast of community engagements. Hereby a recap…

Theme Night – Hybrid Identity & Business Continuity

Ahead of TechDays 2015 Netherlands the System Center User Group NL & Hyper-V.NU had the unique chance to welcome Simon May and Sergio Pattinama during Theme Night – Hybrid Identity & Business Continuity. This night Simon discussed how important hybrid identity is and how to adopt this into your organization with Azure AD Premium. He showed us how easily it is to add additional security layer to your username & password with Multi Factor Authentication (MFA) and keeping track on suspicious and irregular sign-ins from unknown resources or multiple geographies by using Security Reports, based on Azure Machine Learning.

WP_20150527_016 Continue reading “Recap of a great community week!”

What’s new in Microsoft Intune Service Update – May 2015

Latest-UpdatesToday the Microsoft Intune product team announced next set of Intune features that will be released between May 19 and May 26.  With this monthly release cadence, Microsoft continue to focus on providing customers with best-in-class experiences that help keep users productive while protecting company’s sensitive data. You can expect to see the following new Intune standalone (cloud only) features in this release:

  • Ability to extend application protection to your existing line-of-business apps using the Intune App Wrapping Tool for Android (Intune App Wrapping Tool for iOS made available in December 2014)
  • Ability to assign help desk permissions to Intune admins, filtering their view of the Intune admin console to only provide access to perform remote tasks (e.g. passcode reset and remote lock)
  • RSS feed notification option added for Intune admin to subscribe to be alerted when new Intune service notifications are available for their service instance
  • Improved end user experience in the Intune Company Portal app for iOS with step-by-step guidance added on how to access corporate email by enrolling for management and validating device compliance
  • Updated Intune Company Portal app for Windows Phone 8.1 to provide enhanced status notifications for app installations
  • New custom policy template for managing new Windows 10 features using OMA-URI
  • New per-platform mobile device security policy templates for Android, iOS, Windows, and Windows Phone, in addition to new Exchange ActiveSync policy template
  • Ability to deploy Google Play store apps that are required/mandatory to install on Android devices

Continue reading “What’s new in Microsoft Intune Service Update – May 2015”

Intune Extensions install process improved /w April Service Update

Last week Microsoft updated their Intune cloud services with the April service update. This April service update (5.0.5118.0) introduces a lot of new features which were recently announced by the Microsoft Intune team. More details on this can be found here.

image

Most of you are familiar with the fact it can take up to 24-hours until the Intune extensions finally comes down in your Configuration Manager 2012 R2 instance. Initially there is no method for forcing the extensions to come down. Especially working with customers engagements (proof of concepts) it is very annoying to have to wait a day before you can enable these extensions.

The Microsoft Intune Product Team did a great job to speed up this process, which comes with the April update. The time it takes when Intune extensions comes down into your Configuration Manager 2012 R2 instance is significantly improved. By shorten the interval at the backend new tenants should be able to see extensions within 10 mins after connector role has been setup successfully. For the extensions published after installation, it is up to 6 hours.

Continue reading “Intune Extensions install process improved /w April Service Update”

Deploy *.appx files to Windows Phone 8.1 with the upcoming Microsoft Intune March service update

The Microsoft Intune Team announced the next service update for Microsoft Intune will become available between March 4, 2015 and March 7, 2015.

With notable attention with the new service update you’re able to deploy *.appx files to Windows Phone 8.1 devices. The *.appx extension – aka as Metro App – is normally only available for the Windows 8.1 platform. By enabling *.appx support for Windows Phone 8.1 Microsoft is taking the next step into the universal app erea.

New Intune standalone (cloud only) features that will be released as part of this service update include:

  • Ability to streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP). The Device Enrollment Program (DEP) provides a fast, streamlined way to deploy your corporate-owned Mac or iOS devices, whether purchased directly from Apple or through participating Apple Authorized Resellers
  • Ability to restrict access to SharePoint Online and OneDrive for Business based upon device enrollment and compliance policies
  • Management of OneDrive apps for iOS and Android devices
  • Ability to deploy .appx files to Windows Phone 8.1 devices
  • Ability to restrict the number of devices a user can enroll in Intune

Further, as part of this service update, we Microsoft will be providing hybrid customers with the ability to create custom WiFi profiles with pre-shared keys (PSK) for Android devices. This will be expected to be alvailable in the next service update for Intune standalone (cloud only).

For more detailed information see the Microsoft Intune Team Blog

Assign EMS licenses based on Local Active Directory Group Membership

 

 

As all roads lead to Rome there are many ways to assign Enterprise Mobility Suite (EMS) licenses to end-users. This can be a manual process or automated by using PowerShell. Both options have in common that you must be a global administrator of your Azure subscription to assign these licenses.

The majority of the available public resources and publications describes the (manual) process bassed on per user- or group assignment through the Azure Management Portal. Downside of assigning EMS licenses through the Azure Management Portal or by PowerShell is that you must be a member of the global administrator user role. A right you want to keep to a limited number of accounts, further these accounts are often not responsible for such tasks as assigning licenses.

Continue reading “Assign EMS licenses based on Local Active Directory Group Membership”

Making hybrid identity simple with Azure AD Connect

As mentioned in my previous post I’m in Redmond (WA) to join the Enterprise Mobility deep dive airlift. During my three-day stay I’ll listen, learn and getting inspired of all cool stuff Enterprise Mobility has to offer. On the first day we covered the hybrid identity part of EMS which means – Azure AD Connect, Azure AD Premium – which provided a lot of new insights and key takeaways.

image

Continue reading “Making hybrid identity simple with Azure AD Connect”

Get in touch with the Microsoft Enterprise Mobility Suite ‘blackbelt’s’ and drop your feedback!

we-started-our-day-at-building-33-which-is-next-to-building-34-which-is-where-ceo-steve-ballmer-works

I’m very excited having the opportunity to meet the product teams on Enterprise Mobility Suite (EMS) during a 4-day stay in Redmond (WA) next week! As my employer Inovativ is participating in the Red Carpet Program we’re invited to join the Enterprise Mobility airlift. An airlift is an event which outlines new features being released in a new wave/product release. This airlift includes deep dive sessions on Azure AD Premium, Microsoft Intune and Azure RMS. As Microsoft Partner we’ll be lined up with the latest technology and have the chance to discuss and provide feedback on the components involved with the Enterprise Mobility Suite.

Further I’m looking foward to meet some community friends in person like Mr. ‘IoT’ and ‘Enterprise Mobility’ Rob Tiffany. I let me assure that the coffee is ready at Satya’s office ;-)

So I challenge you to collect your best feedback and questions on Azure AD Premium, Microsoft Intune, Azure Rights Management and bring it on, I’ll forward them to the PG’s! You can drop me a line by Twitter, Facebook or by e-mail

Continue reading “Get in touch with the Microsoft Enterprise Mobility Suite ‘blackbelt’s’ and drop your feedback!”

Block un-enrollment Windows Phone devices by Microsoft Intune

With the December update of Microsoft Intune a cool feature OMA-URI support has been added. This seemingly small feature introduces ‘endless’ management capabilities and scenario’s which allows you to take full advantage of managing Windows Phone devices with Microsoft Intune. This is useful when the setting you need is not configurable in a mobile device security policy.

image

A good example is to block the removal of Workplace of your managed Windows Phones. By default users are able to un-enroll their devices and thus become unmanaged.  In this blog I’ll show you how to prevent un-enrollement and the ability to factory reset Windows Phone device by an OMA-URI policy template. Continue reading “Block un-enrollment Windows Phone devices by Microsoft Intune”