Quick tip: Available token types for app configuration policies

This is a quick and short blog post to create awareness about the existence of token types. Token types are basically just variables that can be used within a property list of an app configuration policy in Microsoft Intune hybrid and Microsoft Intune standalone. This blog post will provide a quick overview about the available token types with example values. Overview The following table contains the currently available token types for Microsoft Intune hybrid and Microsoft Intune standalone. Before going through this table, it’s good to know that the {{ and }} characters are used by token types only and should not be used for other purposes. Token type Example value {{userprincipalname}} pvanderwoude@petervanderwoude.nl {{mail}} pvanderwoude@petervanderwoude.nl {{partialupn}} pvanderwoude {{accountid}} fcc00012-123e-f479-aabe-abe2a1123b45 {{deviceid}} c7d01dd3-136f-40c5-b843-711e958c4eef {{userid}} 2dda638e-28b7-4bdc-a4fd-70faaa811010 {{username}} Peter …

Read more

Prevent specific devices from accessing Microsoft Intune

This week again something completely different. This week I’m going into the world of AD FS. More specifically, I’m going to use AD FS to prevent specific devices from accessing Microsoft Intune (and Office 365). I’ve received that question a few times lately, of which a couple of times on the Microsoft Intune forums, and I thought it would be worth a small blog post. Using AD FS to deny specific claims is not the prettiest method to prevent users and/or devices from accessing Microsoft Intune (or Office 365). However, it can be very efficient for specific use cases. This blog post will provide an easy method to find the required information to construct the claim rules and a step-by-step direction for configuring the relying …

Read more

Use Group Policy to enable Office 365 clients to receive updates via ConfigMgr

This week something completely different, compared to the last couple of weeks. This week I want to take a quick look at enabling Office 365 clients to receive updates via ConfigMgr. More specifically, use Group Policy for configuring Office 365 clients to receive updates via ConfigMgr. There is a lot of information available about configuring the Office 365 clients via the initial installation and configuration (configuration.xml), but what about the existing Office 365 clients? In this post I will provide the required information about using Group Policy to enable the existing Office 365 clients to receive update via ConfigMgr. I will show the Group Policy settings, related to updating the Office 365 clients, and I’ll show how those settings relate to the initial installation and …

Read more

Microsoft Intune and the AppConfig Community

This week I would like to write about Microsoft Intune and the AppConfig Community. I want to create some awareness about what the AppConfig Community is and I want to show how even Microsoft Intune can, and will, benefit of that great alliance. What is the AppConfig Community? Let’s start with what the AppConfig Community actually is. I could do that by providing my own explanation about the AppConfig Community, but to prevent any possible misinterpretation from my side, I will provide the good and clear explanation as provided on the AppConfig Community website. The AppConfig Community is a collection of industry leading Enterprise Mobility Management (EMM) solution providers and app developers that have come together to make it easier for developers and customers to …

Read more

App Configuration Policies for iOS apps

This week another blog post that is triggered by a feature that is introduced in ConfigMgr 1602. And again, it’s about a feature that already did exist in Microsoft Intune standalone. This post will be about the App Configuration Policies for iOS apps. These policies can make the life of an end-user a lot easier and are a very welcome addition to Microsoft Intune standalone and Microsoft Intune hybrid. For now the biggest challenge might be finding the apps that support App Configuration Policies and, maybe even more important, apps that have the settings documented. During the deployment of an app via ConfigMgr, or Microsoft Intune, it’s already visible if  an app could support App Configuration Policies. However, a lot of apps have the potential, …

Read more

Conditional access, Windows 10 and Microsoft Intune: What are the compliance options?

Recently Microsoft released a couple of blog posts about The Path to Modernizing Windows Management and about Clear & Simple Guidance: When ConfigMgr and Intune should be used with Windows 10, which should be really helpful with deciding how to managing the Windows 10 devices within an organization. I would really recommend everybody to read those posts. This blog post will not be directly related, but will continue on a more detailed level about the options for conditional access and Windows 10 devices. In this blog post I will provide nice tables of the different compliance rules, for Windows 10 devices, that are currently available for Microsoft Intune standalone and Microsoft Intune hybrid. In those tables I’ll show the different management scenarios and the currently …

Read more

Conditional access and health attestation

This week another blog post about conditional access. And another blog post that is triggered by a feature that is introduced in ConfigMgr 1602. However, this time it’s about a feature that already did exist in Microsoft Intune standalone. I’m talking about the new conditional access rule that uses the Health Attestation Service. This new rule creates the ability to ensure that Windows 10 devices have trustworthy BIOS, TPM, and boot software configurations enabled. In this blog post I’ll show the detailed configuration steps for Microsoft Intune hybrid and I’ll briefly note the most important configurations for Microsoft Intune standalone. Introduction Device health attestation is an additional level of restricting access to Exchange Online and SharePoint Online for Windows 10 devices. Currently only available for …

Read more

Conditional access for PCs managed by ConfigMgr

This blog post is about a pre-release feature, which means that it’s included in the product for early testing in a production environment, but should not be considered production ready. This week a blog post about the Conditional access for managed PCs feature that is introduced in ConfigMgr 1602. This feature is introduced as a pre-release feature. The requirements for using Conditional access for managed PCs are similar to the requirements of the blog series that I did a few months ago about Conditional access for PCs. Make sure that those requirements are in-place before starting with the configurations described in this post. Introduction Conditional access for managed PCs is basically an additional level of restricting access to Exchange Online and SharePoint Online. Before the …

Read more