Setting up kiosk mode on Windows 10 via OMA-DM

A while ago I did a blog post about managing AppLocker on Windows 10 via OMA-DM. During that post I showed how to use OMA-DM, via Microsoft Intune hybrid and standalone, to configure AppLocker. In this post I’ll do something similar for setting up kiosk mode on Windows 10. Windows 10 Enterprise and Windows 10 Education provide a configuration service provider (CSP) for setting up kiosk mode. That’s the AssignedAccess CSP. During this blog post I’ll go through the AssignedAccess CSP, and its required input, I’ll go through the configuration steps in Microsoft Intune hybrid and standalone and I’ll show the end-user experience with the Twitter app as an example. AssignedAccess CSP Before using the AssignedAccess CSP it’s good to get a better understanding  of …

Read more

Conditional access for Skype for Business Online

This week another post about conditional access. This time about conditional access for Skype for Business Online. With this post I want to create more awareness for the availability of this feature and I want to show the currently available configuration options. During this post I’ll go into more detail about the prerequisites, the configuration and the end-users experience. The configurations that I’ll provide, are provided for Microsoft Intune standalone and Microsoft Intune hybrid. Prerequisites Before starting with the configuration steps for conditional access for Skype for Business Online, there are a few technical prerequisites that should be in place, or should be known. Modern authentication must be enabled for Skype for Business Online. At this moment modern authentication must be enabled by enrolling into …

Read more

More in control of mobile app management without enrollment

Earlier this year I did my first post about the ability to use mobile app management without enrollment. This week I want to continue on that specific subject. The main trigger for that is  the app reporting ability that was added during the April update of Microsoft Intune. In this post I want to show how this new feature can help with being more in control of the usage of mobile app management policies for mobile app management without enrollment (also known as MDM-less MAM). Wipe requests Before showing the app reporting ability, to monitor the managed apps that are used by a user, I’ll start with a little information about wipe requests. Not only will that show the added value for managed apps, it’s …

Read more

Quick tip: Available token types for app configuration policies

This is a quick and short blog post to create awareness about the existence of token types. Token types are basically just variables that can be used within a property list of an app configuration policy in Microsoft Intune hybrid and Microsoft Intune standalone. This blog post will provide a quick overview about the available token types with example values. Overview The following table contains the currently available token types for Microsoft Intune hybrid and Microsoft Intune standalone. Before going through this table, it’s good to know that the {{ and }} characters are used by token types only and should not be used for other purposes. Token type Example value {{userprincipalname}} pvanderwoude@petervanderwoude.nl {{mail}} pvanderwoude@petervanderwoude.nl {{partialupn}} pvanderwoude {{accountid}} fcc00012-123e-f479-aabe-abe2a1123b45 {{deviceid}} c7d01dd3-136f-40c5-b843-711e958c4eef {{userid}} 2dda638e-28b7-4bdc-a4fd-70faaa811010 {{username}} Peter …

Read more

Prevent specific devices from accessing Microsoft Intune

This week again something completely different. This week I’m going into the world of AD FS. More specifically, I’m going to use AD FS to prevent specific devices from accessing Microsoft Intune (and Office 365). I’ve received that question a few times lately, of which a couple of times on the Microsoft Intune forums, and I thought it would be worth a small blog post. Using AD FS to deny specific claims is not the prettiest method to prevent users and/or devices from accessing Microsoft Intune (or Office 365). However, it can be very efficient for specific use cases. This blog post will provide an easy method to find the required information to construct the claim rules and a step-by-step direction for configuring the relying …

Read more