Quick tip: Manually adding devices to Apple Business Manager

This week a quick extra post. I noticed that there was not a lot of information available regarding manually adding devices to Apple Business Manager (ABM) for usage with Automated Device Enrollment (ADE). That makes sense, because the idea is that devices are automatically added to ABM after purchase. However, sometimes it’s useful to be able to manually add devices. Manually adding devices, can be achieved the easiest by following the two steps described below. Before starting with those steps make sure that: an enrollment program token is available and that the synchronization between ABM and Microsoft Intune is active, Find My {AppleDevice} is disabled, and that a mobile configuration is available that contains the WiFi configuration to simplify the enrollment Step 1: Create an …

Read moreQuick tip: Manually adding devices to Apple Business Manager

Federated authentication for Managed Apple IDs

This week is all about federated authentication for Managed Apple IDs. When using Microsoft Intune for managing Apple devices, the use of Managed Apple IDs is adding more and more value to the solution. That value gets even more when those Managed Apple IDs are federated with Azure AD. That would provide the user with a single account to remember and to use. Together that brings a very nice experience to Apple devices that are using federated Managed Apple IDs and are managed with Microsoft Intune. In this post I’ll discuss and describe the following information regarding Managed Apple IDs: What are Managed Apple IDs and why using them? Federated authentication for Managed Apple IDs Automatically provisioned users from Azure AD Provisioned user with federated …

Read moreFederated authentication for Managed Apple IDs

Easily enforcing specific Windows Sandbox configurations

This week is all about Windows Sandbox. About two years ago I wrote a post about simply enabling Windows Sandbox, by using a simple PowerShell script and distributing that script by using Microsoft Intune. Windows Sandbox is a really nice feature for running applications in an isolated environment. That isolated environment supports simple configuration files, which provide a minimal set of customization parameters. With the latest version of Windows 10, the administrator receives some controls for enforcing specific customization parameters. That won’t prevent the user from creating a configuration file, but that does prevent specific customization parameters from applying to the Windows Sandbox. In this post I’ll briefly go through the currently available policies, followed with the steps of configuring those policies. I’ll end this …

Read moreEasily enforcing specific Windows Sandbox configurations

Quick tip: Enable browser access on Android Enterprise corporate-owned devices

This week a quick tip about enabling browser access on Android Enterprise Corporate-Owned Fully Managed devices and Android Enterprise Corporate-Owned devices with Work Profile, to work with device-based Conditional Access. That will enable the user to eventually use different apps for accessing company data. That includes for example using the Chrome browser app for accessing SharePoint Online or Exchange Online. On the Android Enterprise devices, this requires a configuration in the Microsoft Authenticator app. In this post I’ll simply provide the steps that are required within the Microsoft Authenticator app. Note: Before providing the mentioned steps, a big thank you to Pat Freeman for pointing me in the right direction. Enable browser access in the Microsoft Authenticator app When knowing the availability of the setting, …

Read moreQuick tip: Enable browser access on Android Enterprise corporate-owned devices

Windows Insider MVP 2021!

This time not at the beginning of the year, but that doesn’t make it any less special and that still makes an awesome start of the year! I just received that great email stating that I’m re-awarded as a Windows Insider MVP! Just awesome! I feel really honored and privileged to be awarded with my third Windows Insider MVP award and to already been holding the Microsoft MVP (Enterprise Mobility) award for six years! Just awesome! No other words. Ready for another community driven year! Of course none of this would be possible without the support of my great family! I love them and couldn’t do this without their support! With their support, I’m ready for another awesome year! 

Using a custom connector for device management actions in Microsoft Intune

This week is again all about the powerful combination of Microsoft Power Apps and Microsoft Power Automate with Microsoft Intune (and Microsoft Graph). In my previous post about introducing a mobile device manager app for Microsoft Intune, I relied on the standard available functionalities within the different products to show how easy it is to get started and to create your own app in Power Apps. Because of that starting point, I relied on providing application API permissions when accessing the Graph API. In that post, I also mentioned that there is another method available by using delegated API permissions when accessing the Graph API. Also, to be really honest, when an app in Power Apps is working with a signed-in user, it also makes …

Read moreUsing a custom connector for device management actions in Microsoft Intune

Introducing a simple remote device manager app for Microsoft Intune

This new year starts with something completely new. That means, some technology that hasn’t been part of any of the posts on my blog before. Inspired by some posts of Courtenay Bernier, I took some time to dive into the world of Microsoft Power Apps and Microsoft Power Automate, in combination with Microsoft Intune (and Microsoft Graph). This post will cover how I’ve used those technologies – with almost no custom code – to create a simple remote device manager app for Microsoft Intune. I’ll also hope that this post will show the power of this combination and inspire more readers to dive into that world. Basic knowledge of the mentioned technologies is required, as this post won’t be completely step-by-step and won’t provide a …

Read moreIntroducing a simple remote device manager app for Microsoft Intune

Easier managing local administrators via Windows 10 MDM on Windows 10 20H2 and later

This week back to the Windows platform. This week is again about managing local administrators on Windows 10 devices. Even in a modern world, there can still be a need for managing the local administrators on a Windows 10 devices and often that still requires more flexibility than provided with the default Azure AD functionality. I’ve also discussed managing local administrators already multiple times – either by using a Windows 10 MDM policy setting or by using proactive remediations – and this time it’s about a new method that became available in Windows 10, version 20H2 and later. That method is a new Windows 10 MDM policy setting. In this post, I’ll provide an introduction to that new policy setting and I’ll show how to …

Read moreEasier managing local administrators via Windows 10 MDM on Windows 10 20H2 and later

Getting started with Microsoft Defender for Endpoint for iOS

Microsoft recently declared Microsoft Defender for Endpoint (MDE) for iOS – previously known as Microsoft Defender ATP for iOS – general available. That’s really good news and also a really good trigger for a new blog post. This post will be similar to my post earlier about MDE for Android. MDE for iOS provides protection against phishing and unsafe network connections. All events and alerts around those subjects will be available in the Microsoft Defender Security Center and will be used to determine the risk level of the device. To add-on to that, through the connection with Microsoft Intune that risk information can be used to determine the compliance of the device with the company policies and to determine the eventual access of the device …

Read moreGetting started with Microsoft Defender for Endpoint for iOS

Android Enterprise and Microsoft Intune: And Android Device Policy

I’ve mentioned Android Device Policy before, earlier this year, in my post about Android Enterprise and Microsoft Intune. In that post, however, I’ve only briefly mentioned that app, while that app is an important piece of the Microsoft management solution for corporate-owned devices. That’s why I thought it would be good to devote a blog post to that app. To simply show it’s importance. Android Device Policy is really important for configuring managed devices and also provides some nice capabilities. The importance should be familiar with any IT administrator, responsible for managing Android devices, and those capabilities are sometimes slightly hidden, but provide a good starting point for troubleshooting. Especially when verifying whether settings are already applied or not. In this post I’ll start with …

Read moreAndroid Enterprise and Microsoft Intune: And Android Device Policy