Part 3 – Deploy certificates to mobile devices using Microsoft Intune NDES – Deployment

In the first two blog posts I covered the theory how deployment of certificates works to mobile devices using Microsoft Intune NDES connector followed by setup and configuring the connector.

In this third blog – part 3 – I’ll outline the depoyment of both Trusted CA Certificate Profile and SCEP Certificate profiles to mobile devices.

Continue reading “Part 3 – Deploy certificates to mobile devices using Microsoft Intune NDES – Deployment”

KB3002291: MDM settings are not applied to cloud-managed users in Configuration Manager 2012 R2

hotfixJust drop you a quick line a new hotfix for Configuration Manager 2012 R2 is released which improves the process of getting policies applied to mobile devices. When a user becomes a cloud-managed user (CloudUserID), a settings policy may not target the assignment for the user this due to different user(s) with same clouduserID. This behavior was introduced by CU2 and CU3.

  • This problem affects only environments that use the Intune Connector together with Configuration Manager 2012 R2.
  • This problem occurs only when Cumulative Update 2 or Cumulative Update 3 for Configuration Manager is installed.

To apply this hotfix, you must have Cumulative Update 2 or Cumulative Update 3 for System Center 2012 R2 Configuration Manager installed.

For more details and download see http://support2.microsoft.com/kb/3002291

For a complete list of all available hotfixes and update please consult the List of Public Microsoft Support Knowledge Base Articles wiki page.

Update: Hotfix solves issue publishing Network Device Enrollement Service (NDES) through Web Application Proxy (WAP) KB30137609

UPDATE! Hereby a quick note that you no longer have to contact support, it’s available in the in the December Windows Update. Just install the latest Windows Update on your Windows Server 2012 R2 and you should be good to go. December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 http://support.microsoft.com/kb/3013769

UPDATE! A private hofix (for now) is available that fixes URL length issues with Windows Application Proxy (applicable for NDES deployments) KB523052. This hotfix can be requested through a PSS case. For more details click here.

For those who are using Web Application Proxy (WAP) and intent or already have been published Network Device Enrolment Service (NDES) might noticed this isn’t working, even when pass-through preauthentication is configured. This post will go into details how NDES is working including a brief explanation of the issue.

The Network Device Enrollment Service (NDES) allows mobile devices running without domain credentials to obtain certificates based on the Simple Certificate Enrollment Protocol (SCEP). The user certificates can be used for managing company resource access (E-mail, WiFi- and VPN profiles) instead of using user name + password. This existing technique is recently emphatically re-evaluated by the use and application for mobile device management in relation to BYOD scenarios.

Continue reading “Update: Hotfix solves issue publishing Network Device Enrollement Service (NDES) through Web Application Proxy (WAP) KB30137609”

Windows Intune Product Comparison vs. Mobile Device Management Market Leaders #sysctr #windowsintune

 

With the announcement of Configuration Manager 2012 R2 and Windows Intune (wave E) Microsoft offers a mature Mobile Device Management (MDM) solution which it emphatically (re)positions itself in the market of enterprise device management software. Various publications including Gartner’s Magic Quadrant for Mobile Device Management Software (May 2013) shows that Microsoft plays no significant role in the market of enterprise mobile device management software.

image

Figure 1Gartners Magic Quadrant for MDM software.

Successors System Center Mobile Device Management 2008 wasn’t that success and was too early with the lack of suitable hardware. With the current version of Configuration Manager 2012 SP1 and Windows Intune (wave D) Microsoft is working on it closing the gap by providing base MDM functionality. But was it good enough to be a serious competitor in the market of enterprise MDM solutions? With the announcement of Configuration Manager 2012 R2 and 4th generation of Windows Intune (wave E) I am convinced this will change!

Goal of this article is to provide a high-level overall product comparison of Microsoft MDM solution based on Configuration Manager 2012 R2/Windows Intune (wave E) versus the current MDM market leaders Airwatch, MobileIron, Citrix and Good Technology. The product comparison is based on the following areas: platform support, infrastructure complexity, features and licensing & pricing.

Continue reading “Windows Intune Product Comparison vs. Mobile Device Management Market Leaders #sysctr #windowsintune”

SneakPreview: “Microsoft is closing the gap for enterprise Mobile Device Management”. Product comparison shortly available…

Soon you can expect a product comparison of Microsoft Enterprise Mobile Device Management (MDM) solution based on the recent announced System Center 2012 Configuration Manager R2 and the 5th generation of Windows Intune (wave E).

Recently Gartner published the Magic Quadrant for Mobile Device Management where Microsoft was missing as enterprise Mobile Device Management vendor. That makes me wondering why? Whether justified or not is subordinate! What matters is what Microsoft offers right now with Unified Mobile Device Management (UDM). That was the trigger…

Herewith a short impression …

With the announcement of Configuration Manager 2012 R2 and Windows Intune (wave E) Microsoft offers a mature Mobile Device Management (MDM) solution which it emphatically (re)positions itself in the market of enterprise device management software. Various publications including Gartner’s Magic Quadrant for Mobile Device Management Software (May 2013) shows that Microsoft plays no significant role in the market of enterprise mobile device management software.

image

Figure 1Gartners Magic Quadrant for MDM software.

Continue reading “SneakPreview: “Microsoft is closing the gap for enterprise Mobile Device Management”. Product comparison shortly available…”

Forefront Unified Access Gateway 2010 Service Pack 2 is available for download

Microsoft has recently released Microsoft Forefront UAG 2010 Service Pack 2 which is available for download from the Microsoft Download Center, as an upgrade from UAG Service Pack 1 Update 1. Besides improved support for Microsoft SharePoint 2010, Active Directory Federation Services 2.0 and mobile device supoort (Windows Phone 7.5, iOS 5.x, Andriod) with this service pack 25 issues are solved in Forefront UAG 2010.

Here are some details about what is included in Service Pack 2 for UAG 2010:

  • Improved SharePoint 2010 support

    Forefront UAG 2010 SP2 enables users to authenticate to a trunk by using Microsoft Office Forms-Based Authentication (MSOFBA) when the trunk uses Active Directory Federation Services (AD FS) 2.0 for authentication.

  • Improved Active Directory Federation Services (AD FS) 2.0 support

    You can provide remote and partner employees with access to published applications that have AD FS 2.0 enabled.

    • AD FS Multi-Namespace support: Multi-namespace support with AD FS 2.0 enables you to use a single AD FS 2.0 server that has multiple Forefront UAG trunks when the FQDNs (the public host names) of the trunks are in different domains. For example, the FQDN of the first trunk is portal.contoso.com and the FQDN of the second trunk is portal.fabrikam.com. Both trunks can be configured to perform AD FS authentication by using the same AD FS 2.0 server sts.contoso.com. In this kind of deployment, the AD FS 2.0 server is published through one of the Forefront UAG trunks, or by an AD FS proxy that is parallel to Forefront UAG.
    • Use the AD FS Proxy to publish the AD FS 2.0 Server: The AD FS proxy has many benefits compared to publishing the AD FS 2.0 server through Forefront UAG; including, support for Office365 authentication and mobile devices.
    • Enable complex topologies: For example, by using Forefront UAG to publish a SharePoint website located in one site when the AD FS server is located in another site
  • Added client devices

    Forefront UAG 2010 SP2 enables users to connect with the following mobile devices:

    • Windows Phone 7.5
    • iOS 5.x on iPad and iPhone
    • Android 4.x on tablets and phones
  • Updated support for UAG’s endpoint detection capabilities
  • Fixes included in UAG SP2

Download the Forefront Unified Access Gateway (UAG) 2010 Service Pack 2 package now, and learn more about UAG SP2 by visiting our TechNet Library.