Getting started with web-based device enrollment for iOS devices

This week is all about a new enrollment feature for iOS/iPadOS devices. That feature is web-based device enrollment. Web-based device enrollment is now one of the two device enrollment methods that is available for personal iOS/iPadOS devices. The other method is the already existing device enrollment with the Company Portal app. The main differentiator for web-based device enrollment is that it provides a faster and more user-friendly enrollment experience. It’s no longer required to first download the Company Portal app. Instead the user can just go to the Company Portal website, or start the new enrollment experience via an app that requires a compliant device. More user-friendly and accessible via the favorite browser of the user. Besides that, web-based device enrollment can be used in …

Read more

Getting started with Microsoft Tunnel for Mobile Application Management for iOS/iPadOS

This week is all about one of the new Intune Suite add-on capabilities. The capability of focus is Microsoft Tunnel for Mobile Application Management (Tunnel for MAM) for iOS/iPadOS devices. The Intune Suite add-ons were released at the beginning of March, including a new licensing model, and including Tunnel for MAM. That capability on itself, is available as part of the new Microsoft Intune Plan 2 license. Tunnel for MAM makes it possible to provide access to on-premises resources, on unmanaged devices. Often unmanaged devices are equal to personal-owned devices. So, that provides IT with the flexibility to make that app, with on-premises interaction, available on personal-owned devices. Without requiring the user to enroll that specific device, but still enforcing secure access and guaranteeing full …

Read more

Using Microsoft Tunnel for per-app VPN

This week is another mobile focused blog post. This week is al around Microsoft Tunnel. More specifically, this week is all about using Microsoft Tunnel for providing per-app VPN on iOS/iPadOS devices and Android devices. Per-app VPN enables organizations to only allow specifically configured apps to use the configured VPN tunnel. So, not simply pushing all traffice through the VPN tunnel, but only the traffic of specific apps. That provides a solid method for providing access to on-premises resources for only the apps that really need it. This post will start with a quick summary of what should be in place, followed by going through the important per-app VPN specific configurations. Those configurations slightly differ per platform. This post will end by showing the user …

Read more

Simplifying targetting groups of apps with app protection policies

This week is all about the simplification in targetting groups of apps with app protection policies and a followup on my tweet of last week. That tweet provided a quick peak at the new targetting options of app protection policies for Android and iOS/iPadOS devices. The great thing about that simplification is that app protection policies can now be targeted at different categories (or groups) of apps. Those categories of apps are All apps, All Microsoft apps and Core Microsoft apps, and are dynamically updated to include the appropriate apps. That dynamic update will make sure that the already created app protection policies are automatically updated with the latest apps that are available for the different categories and will also make sure that newly created …

Read more

Getting new users quickly up-and-running with Temporary Access Pass

This week is a little follow-up on a post of a couple of months ago and about connecting pieces of the puzzle. That post was around Temporary Access Pass (TAP). Even though that post was focused on Windows devices, it did provide some hints for using TAP on mobile devices (Android, iOS) also. An often seen and heard challenge is related to getting new user up-and-running. Especially when requiring Multi-Factor Authentication (MFA) for device enrollment, or when trying to work completely passwordless. Those scenarios introduce chicken-and-egg situations as a device must be registered for usage with MFA and the registration requires MFA, or when trying to work passwordless and an authentication method must be registered to be able to work passwordless. So, to get a …

Read more

App protection policies and managed iOS devices

This week is all about app protection policies for managed iOS devices. More specifically, about some default behavior that might be a little bit confusing when not known. When creating app protection policies, those policies can be configured for managed devices or managed apps. That sounds simple. By default, however, when creating and assigning separate policies for managed devices and managed apps, every iOS device will apply app protection policies that are assigned to managed apps. That behavior is caused by the fact that the device will only be identified as a managed device when a specific configuration is in place. That configuration is the user UPN setting. Even better, the user UPN setting opens even more use cases for managed devices. This post will …

Read more

Getting started with Shared Device Mode for iOS devices

This week is all about Shared Device Mode for iOS (and iPadOS) devices. Shared Device Mode is based on Azure AD and is the Microsoft solution for shared iOS devices. Those shared iOS devices are company-owned multi-user devices. Shared Device Mode is provided for iOS (and iPadOS) 13 and later devices and enables multiple users to use the same Apple device and to sign in and out of apps by using an Azure AD account. When those apps support Shared Device Mode, those apps provide the global sign in and global sign out functionality. That enables a user to sign in to an app, at the start of a shift, and automatically be globally signed in to all apps that support Shared Device Mode. That’s …

Read more

Using filters for assigning apps, policies and profiles to specific devices

This week is all about filters. Filters are basically a super-set of the functionalities of applicability rules – already available for a while for Windows 10 – and are a great new addition to assigning apps policies and profiles to specific devices. Those specific devices are only the devices that meet the specific properties that are configured in the filters. A great method for specifically targeting apps, policies and profiles. This post starts with a short introduction about filters, followed with information about creating and using filters (including the steps for using and creating filters). This post ends with the administrator experience with filters. Introducing filters For device configuration profiles for Windows 10 devices it was already possible to use applicability rules. Applicability rules would …

Read more

Using Setup Assistant with modern authentication

This week is all about the support for a new authentication method when using Automated Device Enrollment (ADE). That new authentication method is Setup Assistant with modern authentication and is available for iOS/iPadOS devices running version 13.0 and later and for macOS devices running version 10.15 and later. Setup Assistant with modern authentication enables organizations to require authentication with Azure AD, including the ability to require MFA, and enables users to immediately use their device. This post provides an introduction to this new authentication method, followed with the steps to configure an enrollment profile with this new authentication method. This post ends with a quick look at the enrollment experience when using Setup Assistant with modern authentication. Note: At the moment of writing Setup Assistant …

Read more

Getting started with Shared iPad devices

This week is all around Shared iPad devices with Microsoft Intune. Shared iPad is an iPadOS configuration that easily lets multiple user share the same iPad. That configuration enables a personal experience for a user, on a device that is shared between multiple users. That personal experience enables users to be more productive, as users can simply pick-up where they left off previously. This post will start with a short introduction to Shared iPad devices, followed with the configuration steps for those devices. This post will end by describing and showing the user experience with Shared iPad devices. Introduction to Shared iPad devices With shared devices, this post is referring to company-owned multi-user devices that can be used – depending on the use case – …

Read more