Conditional access is getting better and better and better

by

Yeah, I know, I’ve been using similar blog post titles recently. And yes, it might sound cheesy. However, looking specifically at conditional access, it’s easy to say that the current evolution, in the Azure portal, is better than it is in the Azure classic portal, which is better than it is in the Intune Silverlight portal. Based on that, maybe  “The evolution of conditional access” would have been a nice title also. In this post I will go through a little bit of history of conditional access, followed by going through the enhanced capabilities of conditional access in the Azure portal. Little bit of history Let’s start by looking at a little bit of history of conditional access. No, I won’t put all the evolutions …

Read more

Managing Windows 10 IoT Core devices via MDM

by

This week a new challenge for a new blog post, managing Windows 10 IoT Core devices. The nice thing about Windows 10, even Windows 10 IoT Core, is the availability of MDM. The availability of MDM is what will help me with managing Windows 10 IoT Core devices. In this post I’ll go through the steps to create an enrollment profile to enroll Windows 10 IoT Core devices in Microsoft Intune hybrid. I’ll end this post with an overview of the end result in Configuration Manager Configuration Let’s start by looking at the configuration in Configuration Manager. To create an enrollment profile, for Windows 10 IoT Core devices, it’s required to provide a certificate profile and it’s optionally to provide a Wi-Fi profile. Create certificate …

Read more

The Software Center experience is getting better and better

by

Throughout my blog posts I always think its important to mention the end-user experience. This blog post will be mainly focused on the end-user experience in Software Center. Software Center went, from an end-user experience, through a complete revamp. The best thing is, it’s only getting better and better. Except for a few items, related to the devices of the end-user, Software Center is becoming the one place for the end-user to be. In this post I want to go through the latest changes to Software Center and show the related end-user experience. Changes Now let’s start with the latest changes to Software Center. It all started with a new modern look for Software Center and it quickly evolved to a easy customizable app. Especially …

Read more

Block and allow apps on Samsung KNOX devices

by

This week a blog post about the capabilities to block apps from starting and to allow apps to install on Samsung KNOX devices. I thought it would be good to mention these capabilities, as many are only familiar with the capability to work with compliant or noncompliant apps on Android. That capability can only be used for reporting functionalities. These capabilities are specifically for Samsung KNOX devices and can truly, and literally, block apps from starting. During this post I’ll go through the high-level steps to configure a blocked app and the end-user experience for both capabilities. Information Let’s start with some information about what can be achieved by using the block apps from starting and the allow apps to install capabilities. When using the …

Read more

Managing Windows Defender via Windows 10 MDM is getting easier and easier

by

This post is an updated version of a blog post that I did one-and-a-half year ago about managing Windows Defender, of Windows 10, via OMA-DM. As I still get questions about that post and the OMA-URI settings that are used in that post, I thought it would be good to mention that easier methods are available nowadays. Starting with Configuration Manager 1610 and the Microsoft Intune standalone update around March/ April 2016, it’s simply configurable through the console. No need anymore to configure all those OMA-URI settings manually. Within this post I’ll provide a quick overview of the configuration options, followed by an overview of the end result. That end result will show how the configured settings simply translate to the known OMA-URI settings. Configuration …

Read more

Automatic edition upgrade for Windows devices

by

My first blog post in this new year will be about the feature to automatically upgrade the edition of Windows devices. This is already possible, for a while, for Windows 10 devices managed via the MDM channel. However, starting with Configuration Manager 1610 this is now also possible for Windows 10 devices managed via the Configuration Manager client. In this post I’ll provide the general information and configuration settings that are applicable for Microsoft Intune hybrid and Microsoft Intune standalone. I’ll end this post by showing the details of the end result on a Windows 10 device managed via the Configuration Manager client. Think about details like how this is achieved and the relation to the MDM channel. Information The edition upgrade feature can be …

Read more

Updated tool: Remote Mobile Device Manager

by

My early Christmas present, for the community, is an updated version of my Remote Mobile Device Manager tool! This version includes a couple of bug fixes, a couple of added functionalities and a couple of look-and-feel adjustments. In this blog post I’ll provide an overview of those changes, I’ll provide an overview of the new look-and-feel and I’ll show the usage. For an overview of all the previously available features, please refer to my blog post about the previous version of my Remote Mobile Device Manager tool. >> The updated version is now available for download << Changes Now let’s start with a quick overview of the changes to this new release of my Remote Mobile Device Manager tool. This version includes the following changes …

Read more

Send sync request to devices

by

In preparation for an upcoming new release of my Remote Mobile Device Manager tool, this week a short blog post about the Send Sync Request feature. This feature enables the administrator, in a Microsoft Intune hybrid environment, to remotely trigger a synchronization of a device and is available starting with Configuration Manager 1610. In this post I’ll provide some basic information, go through the methods to trigger this action, the Configuration Manager console and PowerShell, and I’ll provide some information about the administrator experience. Information Before showing the methods to use the Send Sync Request feature, it’s good to provide some information about when a device typically checks in. The first thing to keep in mind is that when an app, or policy, is deployed, …

Read more

Conditional access for managed apps

by

After a great MVP Summit and a session at a great Experts Live, it’s finally time for a new blog post. This blog post will be about conditional access for managed apps (MAM CA). About a month ago, I did a first post about this feature when it was still in preview. The good news is that the first part of this feature is now production ready for all tenants. In this post I’ll go through an introduction of MAM CA, the flow of MAM CA, the prerequisites of MAM CA, the configuration of MAM CA and the end-user experience of MAM CA. Introduction By now, I think, everybody should be familiar with the mobile app management without enrollment (MAM-WE, previously also referred to as …

Read more

Managing browser settings via Windows 10 MDM

by

This week a short blog post about managing browser settings via Windows 10 MDM. Most of these settings are not very special and are very well documented in the Policy CSP. However, the configuration of the home page is a small exception. Not just because the documentation is slightly off, but also because of an important change with the anniversary update of Windows 10. As most of the settings are very well documented, this post will be focused on managing the home page. I’ll provide basic information, the configuration information and show the end-user experience. Information Before starting about the configuration of home pages, via Windows 10 MDM, it’s good to mention a few important notes: Browser settings for Microsoft Edge can be managed; Browser …

Read more