Peter van der Woude

I’m Peter van der Woude, born In 1983 and I’m living together with my wife and two sons in the Netherlands. Currently I work for KPN ICT Consulting. At this moment my main focus is Enterprise Client Management via Microsoft Intune and/ or System Center Configuration Manager (ConfigMgr 2007/ 2012/ CB) and I love it! Since July 2015 I’m awarded with the Microsoft MVP award for Enterprise Mobility. Really proud and honored to have this award.

Windows 10 device enrollment

by

Updated May 21, 2015: Yesterday Microsoft released a new technical preview build of Windows 10 (build 10122). Within this build the look-and-feel of the enrollment process changed. I’ve updated the enrollment process to reflect these changes. After the release of Windows 10 Technical Preview 2 (build 9926) I knew my next blog post would include Windows 10. So far I’m really liking the new start menu, the search, the notifications, the settings and I could go on like that for a while. Blogging about these subjects wouldn’t add something new as it’s already be done by many over the last week. Even the deployments of Windows 10 via MDT and/ or ConfigMgr are already done and covered in blogs. That’s why I looked further, to …

Read more

Custom terms and conditions for using the Company Portal of Microsoft Intune

by

Updated September 8, 2015: Since the August 2015 update of Microsoft Intune the creation and deployment of custom Terms and Conditions has changed. An update blog post can be found here: https://www.petervanderwoude.nl/post/multiple-custom-terms-and-conditions-for-device-enrollment-and-company-access/ And we’re back in the cloud, back in Microsoft Intune. One of the things customers like to do is customize, as the standards are often to generic. The nice thing with the Company Portal is that it’s already possible to customize things like the text, logo and colors via both Microsoft Intune standalone and Microsoft Intune hybrid (integrated with ConfigMgr). To add-on to that, it’s now also possible to create custom Terms and Conditions, via Microsoft Intune standalone, and in this blog post I’ll show how easy this can be done. The nice …

Read more

Verify the role-based administration model via PowerShell

by

Let’s switch back to pure ConfigMgr and PowerShell this week. It will be a relatively short blog post, but in this post I’ll go through WMI and show how to get the right information about the role-based administration model. I know that this information is also available through the console, but what if I want to verify the configured role-based administration model. In that case I don’t want to go through the console, in that case I want to automate it. That way I can schedule it every now and then. SMS_Admin To get the information that I’m looking for I have to look at the SMS_Admin class in WMI. This class represents all the different administrative users. The first step is quite easy and …

Read more

Windows Phone 8.1 Kiosk mode: Inside AssignedAccessXml

by

Let’s start my first blog post of this new year with a nice story about a XML that can be used to configure a Windows Phone 8.1 device in a kiosk mode. This XML can be applied on a Windows Phone 8.1 device via OMA-URI settings. As it’s now possible to configure OMA-URI via Microsoft Intune and via Microsoft Intune integrated with ConfigMgr 2012, the information in the post is applicable to both scenario’s. I have to admit that it’s not as simple to configure as kiosk mode for an iOS device, or an Andriod device (via Microsoft Intune), but it does provide a lot more options to configure. In this blog post I will go through the different required elements of the XML and …

Read more

What is DirectorySyncClientCmd.exe?

by

Let’s end this year, on my blog, with a short blog post about DirectorySyncClientCmd.exe. This executable is part of the Microsoft Azure Active Directory Sync Services (AAD Sync), which is the predecessor of the Microsoft Azure Active Directory Sync tool (DirSync). AAD Sync is the (new) way to connect Azure AD with the on-premises AD. In combination with Microsoft Intune (and ConfigMgr) the most common use case, for AAD Sync, is the synchronization of the on-premises users (and their properties) to the Azure AD. To trigger the synchronization there is the executable named DirectorySyncClientCmd.exe. That means that, unlike in DirSync, there is no need for PowerShell to trigger a synchronization. Usage This executable is actually only used in one way by AAD Sync. During the …

Read more

Manage company policies on Windows Phone 8.1 via OMA-URI settings in Microsoft Intune

by

A bit more than a month ago, I created THE Windows Phone 8.1 Configuration Baseline for usage with ConfigMgr 2012 (integrated with Microsoft Intune). That Configuration Baseline contains all the currently configurable company policies via OMA-URI settings. At that time the management of OMA-URI settings on Windows Phone 8.1 wasn’t possible via Microsoft Intune standalone, but this has changed with the latest update to Microsoft Intune. That’s why I thought it would be good to dedicate this blog post to creating OMA-URI settings in Microsoft Intune standalone. As it’s not possible, yet, to export a Configuration Policy in Microsoft Intune, like a Configuration Baseline in ConfigMgr, I will simply show how to create an OMA-URI setting in Microsoft Intune. Also good to know, OMA-URI settings …

Read more

Manage Microsoft Intune users via PowerShell

by

This week my blog post will contain some PowerShell again! After almost a month finally some PowerShell on my blog again. Even though Microsoft Intune has no PowerShell support, yet, there are parts that can be managed via PowerShell already. In my blog series about how to integrate Microsoft Intune and ConfigMgr with single sign-on I already showed some related PowerShell cmdlets for adding and verifying a domain name and for enabling Active Directory synchronization. In this post I will show how to manage the Microsoft Intune users. As in the most scenario’s the users and groups will be synchronized from the on-premises Active Directory, I won’t show how to create users and groups. Instead I will show how to get information about the users, …

Read more

How to configure multi-factor authentication in Microsoft Intune – Part 2: The single sign-on method

by

Last week I started this series with a blog post on How to configure multi-factor authentication in Microsoft Intune – Part 1: The easiest method, this week I’m going to take it up one level and also include single sign-on in the configuration. I will describe the multi-factor authentication configuration, for Microsoft Intune, when using single sign-on. The nice thing is that the multi-factor authentication page, in Microsoft Intune, already describes the configuration. In this post I will walk through that configuration and also show the results of that configuration, as that was a little bit surprising to me. Scenario Like last week it’s important to mention a couple of lines about the scenario before I’ll start with this configuration for multi-factor authentication. This specific …

Read more

How to configure multi-factor authentication in Microsoft Intune – Part 1: The easiest method

by

By now I think it’s save to assume that everybody knows about the new capabilities of Microsoft Intune that where added last week. Also, next to those adjustments there were the “long” hoped for improvements to the Windows Phone 8.1 enrollment process. These new capabilities and improvements triggered me to do a new small blog series and this time about multi-factor authentication. In this blog series I will describe a few different multi-factor authentication configurations for, initially, Microsoft Intune standalone. This first part will be the easiest configuration, without anything fancy like single sign-on. Scenario Before I’ll start with this configuration for multi-factor authentication it’s important to mention a couple of lines about the scenario. This specific multi-factor authentication configuration is only possible when the …

Read more

Extend the Hardware Inventory for PolicyManager settings on Windows Phone 8.1

by

This blog post will be a follow-up on last weeks blog post about THE Windows Phone 8.1 configuration baseline, as I will show this week how those settings can be added to the hardware inventory. Especially with using multiple configuration baselines and Company Resource Access policies, it’s easy to loose track of the current configuration of, in this case, Windows Phone 8.1. That’s why I  took the information about the PolicyManager configuration service provider (CSP),  again, as provided in the Windows Phone 8.1 MDM Protocol document, but this time to create a MOF file. Hardware Inventory settings By default ConfigMgr (and Microsoft Intune) will inventory a lot of great information, but not about the settings managed via the PolicyManager. That is why I created a …

Read more