Intune Extensions install process improved /w April Service Update

Last week Microsoft updated their Intune cloud services with the April service update. This April service update (5.0.5118.0) introduces a lot of new features which were recently announced by the Microsoft Intune team. More details on this can be found here.

image

Most of you are familiar with the fact it can take up to 24-hours until the Intune extensions finally comes down in your Configuration Manager 2012 R2 instance. Initially there is no method for forcing the extensions to come down. Especially working with customers engagements (proof of concepts) it is very annoying to have to wait a day before you can enable these extensions.

The Microsoft Intune Product Team did a great job to speed up this process, which comes with the April update. The time it takes when Intune extensions comes down into your Configuration Manager 2012 R2 instance is significantly improved. By shorten the interval at the backend new tenants should be able to see extensions within 10 mins after connector role has been setup successfully. For the extensions published after installation, it is up to 6 hours.

Continue reading “Intune Extensions install process improved /w April Service Update”

Deploy *.appx files to Windows Phone 8.1 with the upcoming Microsoft Intune March service update

The Microsoft Intune Team announced the next service update for Microsoft Intune will become available between March 4, 2015 and March 7, 2015.

With notable attention with the new service update you’re able to deploy *.appx files to Windows Phone 8.1 devices. The *.appx extension – aka as Metro App – is normally only available for the Windows 8.1 platform. By enabling *.appx support for Windows Phone 8.1 Microsoft is taking the next step into the universal app erea.

New Intune standalone (cloud only) features that will be released as part of this service update include:

  • Ability to streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP). The Device Enrollment Program (DEP) provides a fast, streamlined way to deploy your corporate-owned Mac or iOS devices, whether purchased directly from Apple or through participating Apple Authorized Resellers
  • Ability to restrict access to SharePoint Online and OneDrive for Business based upon device enrollment and compliance policies
  • Management of OneDrive apps for iOS and Android devices
  • Ability to deploy .appx files to Windows Phone 8.1 devices
  • Ability to restrict the number of devices a user can enroll in Intune

Further, as part of this service update, we Microsoft will be providing hybrid customers with the ability to create custom WiFi profiles with pre-shared keys (PSK) for Android devices. This will be expected to be alvailable in the next service update for Intune standalone (cloud only).

For more detailed information see the Microsoft Intune Team Blog

Block un-enrollment Windows Phone devices by Microsoft Intune

With the December update of Microsoft Intune a cool feature OMA-URI support has been added. This seemingly small feature introduces ‘endless’ management capabilities and scenario’s which allows you to take full advantage of managing Windows Phone devices with Microsoft Intune. This is useful when the setting you need is not configurable in a mobile device security policy.

image

A good example is to block the removal of Workplace of your managed Windows Phones. By default users are able to un-enroll their devices and thus become unmanaged.  In this blog I’ll show you how to prevent un-enrollement and the ability to factory reset Windows Phone device by an OMA-URI policy template. Continue reading “Block un-enrollment Windows Phone devices by Microsoft Intune”

Blacklist Apps on Windows Phone 8.1 by native Microsoft Intune

First of all happy new year! May it a healthy, be happy and succesfull year to you and yours. Looking forward to new technical developments, challenges and meetig interesting people.

With the December update of Microsoft Intune new policy templates became available which enables you to have more control of your managed mobile devices. One of the new policies is the Windows Phone Configuration Policy template. With the Windows Phone Configuration Policy template you’re able to allow or block apps on Windows Phone 8.1 devices. Policies created from this template can be deployed to both user and device groups and will only applied to devices which are managed by Microsoft Intune.

In this blog I’ll show you how to prevent apps being installed from the Windows Phone Store or disallow the use of already installed apps.

Windows Phone Configuration Policy

  • In the Intune administration console, click Policy > Add Policy
  • Select Windows Phone Configuration Policy (Windows Phone 8.1 and later) and click Create Policy

image

 

Continue reading “Blacklist Apps on Windows Phone 8.1 by native Microsoft Intune”

Updated Windows Phone 8.1 Enterprise Device Management Protocol

As per latest update release (currently enrolled) of Microsoft Intune, it provides now full support of OMA-URI. This seemingly small feature introduces ‘endless’ capabilities which opens a new era of Enterprise Mobility! Endless possibilities and scenario’s allows you to take full benefit of all existing and new features which offers Microsoft Intune and Windows Phone 8.1.

According to the Microsoft Intune update of December the Windows Phone 8.1 Enterprise Device Management Protocol guide has been updated including improved current feature set and introduces new capabilities such as managing Wi-Fi profiles configuration for Windows Phone 8.1.

image

Hereby an overview of updated and new Windows Phone 8.1 capabilities:

New in Windows Phone 8.1

  • Enterprise application restrictions
  • EnterpriseAssignedAccess configuration service provider
  • Logging support for Enterprise server creation
  • PolicyManager configuration service provider
  • RemoteLock configuration service provider
  • RemoteRing configuration service provider
  • VPN configuration service provider
  • Web Authentication Broker Support in enrollment process
  • Wi-Fi configuration service provider

Updated in Windows Phone 8.1

  • Certificate configuration
  • CertificateStore configuration service provider
  • Discovery web service
  • DMClient configuration service provider
  • Enterprise application install, update, uninstall

The updated Windows Phone 8.1 Enterprise Device Management Protocol document can be downloaded here.

Troubleshooting Microsoft (Windows) Intune Extensions

Most of you are problably aware of Microsoft (Windows) Intune extensions and using them briefly without any issue(s). New extensions becomes automatically available through the Microsoft Intune connector and new updates are merged or installed to introduce new features taking benefits of the Microsoft Intune cloud services platform.

So far so good…but if you’ve bad luck extensions comes partly down or becomes not available at all to your Configuration Manager instance! Unfortunately there is no way to force a trigger of the tenant discovery process and thus the installation of Microsoft Intune extensions. In normal circumstances it will take up to 24 hours after registering your Intune subscription untill the Intune extensions comes down to your Configuration Manager instance. This pitty if you would speed up the process of installing new deployments or you’re in a disaster recovery scenario. Hereby some guidelines for troubleshooting Microsoft Intune extensions, logs locations(s), Certificate Thumbprint ID, SQL query and validating the connectivity with Microsoft Intune.

Continue reading “Troubleshooting Microsoft (Windows) Intune Extensions”