Microsoft Intune

The conditional access flow of the Outlook app for iOS and Android

by

This week something completely different, this week I’ll be looking at the conditional access flow of the Outlook app for iOS and Android. By that I don’t mean that I’ll be looking at the high-level decision flow, which is available on TechNet, but more from a component perspective. It will be more of a what-happens-when-and-where flow. Before I’ll start with the what-happens-when-and-where flow, I think it’s important to first provide a bit of information about Active Directory Authentication Library (ADAL)-based authentication, the Open Authentication (OAuth) protocol and the Outlook Cloud Service in combination with Office 365. These components make the what-happens-when-and-where flow. ADAL-based authentication The Outlook app for iOS and Android uses ADAL-based authentication to access Office 365. ADAL-based authentication enables the Outlook app for iOS …

Read more

The new managed app installation experience on iOS 9 devices

by

This week a short blog post about the new managed apps installation experience for end-users on iOS 9 devices, as it was a huge pain. One of the most heard complaints with managed apps, on iOS, was about the fact that the end-user would have to manually uninstall their personally-installed apps. After that the managed app could be installed and it would really work and act like a managed app. New in iOS 9 is the ability to convert a personally-installed app to a managed app. This allows Microsoft Intune (standalone and hybrid) to take the management of a personally-installed app and turn it into a managed app. Of course, only after the users’ permission. This is really an iOS 9 ability and does not …

Read more

Conditional Access for PCs – Part III: Exchange Online

by

Keep in mind that by default modern authentication is disabled on Exchange Online. To enable this please following this guidance. Two weeks ago I started with this series of blog posts about conditional access for PCs and I started with the requirements for conditional access for PCs. Last week I built onto those requirements by adding the SharePoint Online Policy, and the Compliance Policy, and I finished with showing the end-user experience. This week, in the third part of this blog series, I’ll also build onto those requirements by adding the Exchange Online Policy and again the Compliance Policy. After those configurations are in place, I’ll also finish, this third part of this blog series, with the end-user experience. Note: This post shows a few …

Read more

Conditional Access for PCs – Part II: SharePoint Online

by

Last week I started with this series of blog posts about conditional access for PCs. I started with the requirements for conditional access for PCs. This week, in the second part of this blog series, I’ll build onto those requirements by adding the SharePoint Online Policy and the Compliance Policy. After those configurations are in place, I’ll finish, this second part of this blog series, with the end-user experience. Note: This post shows a few identical configurations as I also mention in the third part of this blog series. This allows one to configure the SharePoint Online Policy without going through the configuration of the Exchange Online Policy. Configuration The configuration of conditional access for PCs contains two actions. The first action is to configure …

Read more

Conditional Access for PCs – Part I: Requirements

by

Another new capability that’s added, during the August 2015 update, to Microsoft Intune, is conditional access for PCs that run Office desktop applications to access Exchange Online and SharePoint Online. This nice capability enables us to require that PCs must be either domain joined or compliant. In order to be compliant, the PCs must be enrolled in Microsoft Intune and the PCs must comply with the policies. This capability has more requirements and requires more configurations than the most other Microsoft Intune standalone or Microsoft Intune hybrid capabilities. That’s why I decided to make this another blog series. This blog series will contain three parts: Requirements – This part will list all the requirements and the required configurations to start with the different conditional access …

Read more

Multiple custom terms and conditions for device enrollment and company access

by

And we’re back in the Company Portal app. Not just because I think that the Company Portal app is awesome, but also because there’s a new Company Portal app related capability added, during the August 2015 update, to Microsoft Intune. That new capability is that it’s now possible to deploy multiple custom Terms and Conditions for enrollment and company access. A while ago I did a blog post about Custom terms and conditions for using the Company Portal of Microsoft Intune and this post will be an updated version of that post. However, this post will not go into as much detail about the use of different versions, of a single custom Terms and Conditions, as that part is still applicable in the same manner. …

Read more

Multi-identity in the managed Outlook app – Part 2

by

This blog post will show the behavior of the multi identities in the Microsoft Outlook app, as described in my posts about multi-identity in the managed Outlook app – part 1 and the Microsoft Intune Managed Browser. I’ve made four small movies that will show the behavior of the Microsoft Outlook app. A general note with these movies is that they’ll start to blink and act all funny at the moments that a managed app is opened, or a when a PIN is required. Part I – Install and configure the Microsoft Outlook app In this first part I’ll show how the Microsoft Outlook app behaves during the installation and initial configuration. During this movie I’ll go through the following actions: Open the Company Portal …

Read more

The Microsoft Intune Managed Browser

by

Before I’ll start with the second part of the my blog post about multi-identity in the managed Outlook app, I thought it would be wise to make a side-step to the Microsoft Intune Managed Browser first. The main reason for that is that the Microsoft Intune Managed Browser can also have a managed browser policy configured. That policy can have a direct impact on the end-user experience when opening links from the Outlook app. The good thing, for this blog post, is that the Microsoft Intune Managed Browser doesn’t use multiple identities. It’s either managed, or not. This blog post will describe the behavior of the Microsoft Intune Managed Browser. During the second part, of my post about multi-identity in the managed Outlook app, this …

Read more

Multi-identity in the managed Outlook app – Part 1

by

This blog post can be seen as a follow up about a previous post about the email profile behavior after retiring a mobile device. During that post I showed the behavior of email profiles in the native mail app and the Outlook app after retiring the mobile device. In this post I’ll dive deeper into the Outlook app. More specifically, the behavior of the managed Outlook app and multi-identities. To be complete, I’ll divide this blog post in two parts. This first part will describe the assumptions, the configuration and the behavior and the second part will show the behavior in a real example. Assumptions During this blog post I’ve done four important assumption, about the used environment, that might impact the test results. When …

Read more

Important note about KB3081699

by

Good news! Microsoft has just released KB3081699 to fix the issue that Windows Phone Apps cannot be deployed or added to Allowed Apps or Blocked Apps lists via ConfigMgr. This hotfix applies to ConfigMgr 2012 R2 SP1 and ConfigMgr SP2. However, it’s important to note that, even though this hotfix was released after CU1, the current version of this hotfix should be installed before CU1. Update August 7, 2015: As expected this update is now available in two flavors. In the hotfix request form it’s now possible to select the one of the following: pre-CU1: ConfigMgr_2012_SP2_R2SP1_CU0_QFE_KB3081699_ENU post-CU1: ConfigMgr_2012_SP2_R2SP1_CU1_QFE_KB3081699_ENU