What is a modern workplace these days without having your personal- or group data synced to OneDrive and taking the full advantage Microsoft’s cloud storage has to offer!? One of the most asked feature is silently configuring your OneDrive client to automatically synchronize your (personal) data. Continue reading “Revise your OneDrive (Sync) restrictions when shifting to a Modern Workplace!”
Since December 2017 Microsoft Intune introduced support for multiple active SCEP/PFX connectors per tenant in order to provide high availability for certificate handling.
Initially the Microsoft Intune SCEP/PFX connector didn’t provide support for high availability. The SCEP/PFX connector could be installed as an single instance with no option for multiple active connectors.
In a diptych I’m sharing my experiences, common practices and challenges of implementing Microsoft Intune PFX connector as certificate deployment mechanism in the enterprise.
In my first blog post I covered the basics of implementing a certificate deployment infrastructure based on Microsoft Intune PFX connector. Explained the differences and considerations whether to choose SCEP or PFX as your certificate deployment solution. And explained the certificate issuing workflow. In this second post I’ll go in more detail of the anatomy of the Intune Certificate Connector, setup. Explaining the renewal and revocation process(flow) works. And lastly I give you some pointers where to start your journey, in case of troubleshooting certificate deployment issues.
Part 2 – Deploying Microsoft Intune Connector in an Enterprise world: troubleshooting
Last year I had the change to implement PFX certificate infrastructure for a large enterprise customer. Occasion of the project was a migration of Citrix XenMobile (XDM) to Microsoft Intune as strategic mobile device- and application management solution.
In a series of blogposts I’m sharing my experiences, design decisions, common practices and challenges of implementing Microsoft Intune PFX connector as certificate deployment mechanism in an enterprise environment.
- Part 1 – Deploying Microsoft Intune PFX connector in an Enterprise world: common practices
- Part 2 – Deploying Microsoft Intune PFX connector in an Enterprise world: troubleshooting Continue reading “Part 1 – Deploying Microsoft Intune PFX connector in an Enterprise world…common practices”
Today the Microsoft Intune product team announced next set of Intune features that will be released between May 19 and May 26. With this monthly release cadence, Microsoft continue to focus on providing customers with best-in-class experiences that help keep users productive while protecting company’s sensitive data. You can expect to see the following new Intune standalone (cloud only) features in this release:
- Ability to extend application protection to your existing line-of-business apps using the Intune App Wrapping Tool for Android (Intune App Wrapping Tool for iOS made available in December 2014)
- Ability to assign help desk permissions to Intune admins, filtering their view of the Intune admin console to only provide access to perform remote tasks (e.g. passcode reset and remote lock)
- RSS feed notification option added for Intune admin to subscribe to be alerted when new Intune service notifications are available for their service instance
- Improved end user experience in the Intune Company Portal app for iOS with step-by-step guidance added on how to access corporate email by enrolling for management and validating device compliance
- Updated Intune Company Portal app for Windows Phone 8.1 to provide enhanced status notifications for app installations
- New custom policy template for managing new Windows 10 features using OMA-URI
- New per-platform mobile device security policy templates for Android, iOS, Windows, and Windows Phone, in addition to new Exchange ActiveSync policy template
- Ability to deploy Google Play store apps that are required/mandatory to install on Android devices
In case you want to play around and do some hands-on with Mobile Device Management in Office 365 but you couldn’t find it!
Thank you for contacting Microsoft Intune Technical Support. For questions or update on this Service Request, you may reply to this email thread or call the Microsoft Support number .
While Mobile Device Management (MDM) for Office 365 has been officially announced we are still in the process of rolling it out to Office 365 customers over the next 4 to 6 weeks (Starting from 3/30/2015). We don’t currently have exact dates for when it will be available for your subscription. Continue reading “Mobile Device Management not available in your Office 365 subscription!?”
This week the Azure AD Product Team did a great job by updating the Azure Application Proxy service to allow you to publish NDES using Azure Application Proxy, which is great news! Pieter Wigleven, Microsoft Technology Solution Professional on Enterprise Mobility has posted a great serie of posts on setting up certificate distribution to mobile devices. A must read!
Part 1 – First tips and tricks on how to troubleshoot and check existing ConfigMgr/SCEP/NDES infrastructures.
Part 2 – After many asks for clarity, a full guide on how to install and troubleshoot ConfigMgr/SCEP/NDES.
Part 3 – Using an additional reverse proxy in a DMZ in front of NDES. The reverse proxy of choice was Windows Server 2012 R2 with the Web Application Proxy role installed.
Part 4 – Protecting NDES with Azure AD Application Proxy
In part 4 Pieter will outlines the set up of publishing NDES by Azure Application Proxy service, a cool solution that just have been made possible!
Azure AD Application Proxy (Web Application Proxy from the Cloud) lets you publish applications, such as SharePoint sites, Outlook Web Access and other web application, inside your private network and provides secure access to users outside your network via Azure.
Azure AD Application Proxy is built on Azure and gives you a massive amount of network bandwidth and server infrastructure to have better protection against DDOS attacks and superb availability. Furthermore there is no need to open external firewall ports to your on premise network and no DMS server is required. All traffic is originated inbound. For a complete list of outbound ports take a look at this MSDN page.
Azure AD Application Proxy is a feature that is available only if you are using the Premium or Basic editions of Azure Active Directory. For more information, see Azure Active Directory Editions.
If you have Enterprise Mobility Suite (EMS) licenses you are eligible of using this solution. The Azure AD Application Proxy connector only installs on a Windows Server 2012 R2 Operating system, this is also a requirement of the NDES server anyway.
Most of you are problably aware of Microsoft (Windows) Intune extensions and using them briefly without any issue(s). New extensions becomes automatically available through the Microsoft Intune connector and new updates are merged or installed to introduce new features taking benefits of the Microsoft Intune cloud services platform.
So far so good…but if you’ve bad luck extensions comes partly down or becomes not available at all to your Configuration Manager instance! Unfortunately there is no way to force a trigger of the tenant discovery process and thus the installation of Microsoft Intune extensions. In normal circumstances it will take up to 24 hours after registering your Intune subscription untill the Intune extensions comes down to your Configuration Manager instance. This pitty if you would speed up the process of installing new deployments or you’re in a disaster recovery scenario. Hereby some guidelines for troubleshooting Microsoft Intune extensions, logs locations(s), Certificate Thumbprint ID, SQL query and validating the connectivity with Microsoft Intune.
Today Microsoft announced they are renaming their mobile device cloud service Windows Intune to Microsoft Intune. Reason in mine opinion Microsoft is sorting to great new features and capabilities like enterprise bulk enrollement, conditional access and extended data leak protection (DLP) which will be expected later this year (Q4).
This change reflects Microsoft’s ongoing strategy for Intune as a cloud-based mobile device management (MDM) and mobile application management (MAM) solution. The “Microsoft Intune” name more accurately represents Intune’s capabilities, supporting both iOS and Android platforms, in addition to Windows. It is also in alignment with our commitment to embrace the new dynamics of the workplace, and increase employee productivity by enabling them to work wherever and whenever they want on any device, while helping IT keep corporate information secure.
Intune is included in the Enterprise Mobility Suite (EMS) which is Microsoft’s comprehensive and cost-effective solution for addressing consumerization of IT, BYOD, and SaaS challenges. The suite also includes Azure Active Directory Premium and Azure Rights Management (RMS).
Read the the full story here.
July 11th Microsoft announced the beta of the next there next release of Windows Intune.
Some key new features include:
- Simplify the task of distributing software and updates – In addition to Microsoft patches and updates, you can now use Windows Intune to deploy third-party applications and updates to your managed PCs.
- Manage all your software licenses. If you need a better way to manage all your software licenses, look no further. Now you can upload and track Microsoft Retail and OEM licenses and third-party license agreements in addition to Microsoft Volume License agreements.
- Get better hardware reporting. We’ve made it simple for you to view or create reports on hardware data—including manufacturer, chassis type, available disk space, installed memory, and CPU speed.
In this post I will elaborate on the operation of software distribution, something that many have looked forward to it. I assume a scenario that all your workstations are currently already managed by Windows Intune. Continue reading “Software Deployment with Windows #Intune Beta July #sysctr”