Part 2 – Deploying Microsoft Intune Connector in an Enterprise world: troubleshooting

In a diptych I’m sharing my experiences, common practices and challenges of implementing Microsoft Intune PFX connector as certificate deployment mechanism in the enterprise.

IntunePFX

In my first blog post I covered the basics of implementing a certificate deployment infrastructure based on Microsoft Intune PFX connector. Explained the differences and considerations whether to choose SCEP or PFX as your certificate deployment solution. And explained the certificate issuing workflow. In this second post I’ll go in more detail of the anatomy of the Intune Certificate Connector, setup. Explaining the renewal and revocation process(flow) works. And lastly I give you some pointers where to start your journey, in case of troubleshooting certificate deployment issues.

Part 1 – Deploying Microsoft Intune Connector in an Enterprise world: common practices

Part 2 – Deploying Microsoft Intune Connector in an Enterprise world: troubleshooting

Continue reading “Part 2 – Deploying Microsoft Intune Connector in an Enterprise world: troubleshooting”

One license solution rule them all: Azure AD Group Based Licensing!

A long awaited feature became this week available in the new Azure portal: Azure AD Group Based licensing. With this we have an one-stop-shop to assign licenses on a per user- or group based. azure-ad-group-based-licensing-1

Azure AD Group Based licensing was already available in the classic Azure portal,  however it was limited to  Azure AD Premium, Azure Rights Management, Microsoft Intune and Enterprise Mobility + Security licenses.  For other licenses like Office 365 we were designated to the Office 365 Admin portal or custom (automated) solutions such as PowerShell or Graph API. Continue reading “One license solution rule them all: Azure AD Group Based Licensing!”

Part 1 – Deploying Microsoft Intune PFX connector in an Enterprise world…common practices

Last year I had the change to implement PFX certificate infrastructure for a large enterprise customer. Occasion of the project was a migration of Citrix XenMobile (XDM) to Microsoft Intune as strategic mobile device- and application management solution.

microsoft-intune-pfx-connector-architecture-overview
Microsoft Intune PFX connector certificate deployment architecture.

In a series of blogposts I’m sharing my experiences, design decisions, common practices and challenges of implementing Microsoft Intune PFX connector as certificate deployment mechanism in an enterprise environment.

Windows Information Protection…notes from the field! #MSIgnite

Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps organizations to protect corporate data against potential data leakage.

information-protection-needsThe concept is fairly simple and is actually based on defining two lists:

  • A corporate boundary list, which represents both on-premise & cloud network locations where managed apps can access corporate data;
  • A list of managed (trusted) apps, which are allowed to open, modify & store corporate data within the corporate boundary list.

In this blog we will look at some practical examples which you have to consider for a successful implementation of Windows Information Protection including a top 4 of recommended practices.

Continue reading “Windows Information Protection…notes from the field! #MSIgnite”

Secure your SaaS & On-premises applications with Azure AD Conditional Access

Last week Microsoft announced the public preview of Azure AD Conditional Access to protect Azure AD SaaS applications based on device-based policy rules. Conditional Access (CA) is already available for a quite long time for those who are using Microsoft Intune, but was scoped to Microsoft cloud services such as Dynamics CRM Online, Exchange Online, Exchange on-premises, SharePoint Online and Skype for Business Online.

With the introduction of CA for Azure AD SaaS applications it’s a great step forwards raising the security bar in a mobile first cloud first world securing your SaaS applications and how they being accessed.


In this blog I will not elaborate the detailed operation of CA but will show you how easily it is to configure and apply Azure AD Conditional Access for an on-premise web application which we have published by Azure AD Proxy. Continue reading “Secure your SaaS & On-premises applications with Azure AD Conditional Access”

Important! Updated Microsoft Intune Company Portal app for iOS supports only iOS 8.0 or higher.

image

In case you missed it, Microsoft recently announced the Microsoft Intune Company Portal app for iOS will be updated. Why this might be important to you?

Why updating?

As Apple releases new versions of iOS, they release new functionality, so there is a lack of functionality available on older iOS versions. Ending support for these older versions and encouraging end users to upgrade leads to a better end-user experience and allows us to prioritize the release new functionality for customers. This adjustment to support iOS 8.0 and later brings the iOS Company Portal app into alignment with the version support of the Office apps and many other Microsoft (and non-Microsoft) apps

Continue reading “Important! Updated Microsoft Intune Company Portal app for iOS supports only iOS 8.0 or higher.”

Customize Windows 10 Start menu with Configuration Manager (MDM) or Microsoft Intune #OMA-URI

Undoubtedly you ever been asked the question to customize the Windows 10 start menu? Your response might be like “Sure, I’ll fix this by group policy, imaging (task sequence) or last resort by manually importing a .xml file.” All – almost all – valid options in a fully managed environment where your clients are domain joined (Active Directory) and/or fully managed by Configuration Manager or MDT. But hey what about your non-domain joined Windows 10 devices which are outside the company and managed by Microsoft Intune (MDM)? Well OMA-URI is your best friend! Smile

Configuration Service Provider (CSP)

In Windows 10 Enterprise and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start layout to users. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead. With Microsoft Intune (MDM), you define the Start layout using an OMA-URI setting, which is based on the Policy configuration service provider (CSP).

Continue reading “Customize Windows 10 Start menu with Configuration Manager (MDM) or Microsoft Intune #OMA-URI”