Microsoft Intune

Using a custom connector for device management actions in Microsoft Intune

by

This week is again all about the powerful combination of Microsoft Power Apps and Microsoft Power Automate with Microsoft Intune (and Microsoft Graph). In my previous post about introducing a mobile device manager app for Microsoft Intune, I relied on the standard available functionalities within the different products to show how easy it is to get started and to create your own app in Power Apps. Because of that starting point, I relied on providing application API permissions when accessing the Graph API. In that post, I also mentioned that there is another method available by using delegated API permissions when accessing the Graph API. Also, to be really honest, when an app in Power Apps is working with a signed-in user, it also makes …

Read more

Introducing a simple remote device manager app for Microsoft Intune

by

This new year starts with something completely new. That means, some technology that hasn’t been part of any of the posts on my blog before. Inspired by some posts of Courtenay Bernier, I took some time to dive into the world of Microsoft Power Apps and Microsoft Power Automate, in combination with Microsoft Intune (and Microsoft Graph). This post will cover how I’ve used those technologies – with almost no custom code – to create a simple remote device manager app for Microsoft Intune. I’ll also hope that this post will show the power of this combination and inspire more readers to dive into that world. Basic knowledge of the mentioned technologies is required, as this post won’t be completely step-by-step and won’t provide a …

Read more

Easier managing local administrators via Windows 10 MDM on Windows 10 20H2 and later

by

This week back to the Windows platform. This week is again about managing local administrators on Windows 10 devices. Even in a modern world, there can still be a need for managing the local administrators on a Windows 10 devices and often that still requires more flexibility than provided with the default Azure AD functionality. I’ve also discussed managing local administrators already multiple times – either by using a Windows 10 MDM policy setting or by using proactive remediations – and this time it’s about a new method that became available in Windows 10, version 20H2 and later. That method is a new Windows 10 MDM policy setting. In this post, I’ll provide an introduction to that new policy setting and I’ll show how to …

Read more

Getting started with Microsoft Defender for Endpoint for iOS

by

Microsoft recently declared Microsoft Defender for Endpoint (MDE) for iOS – previously known as Microsoft Defender ATP for iOS – general available. That’s really good news and also a really good trigger for a new blog post. This post will be similar to my post earlier about MDE for Android. MDE for iOS provides protection against phishing and unsafe network connections. All events and alerts around those subjects will be available in the Microsoft Defender Security Center and will be used to determine the risk level of the device. To add-on to that, through the connection with Microsoft Intune that risk information can be used to determine the compliance of the device with the company policies and to determine the eventual access of the device …

Read more

Android Enterprise and Microsoft Intune: And Android Device Policy

by

I’ve mentioned Android Device Policy before, earlier this year, in my post about Android Enterprise and Microsoft Intune. In that post, however, I’ve only briefly mentioned that app, while that app is an important piece of the Microsoft management solution for corporate-owned devices. That’s why I thought it would be good to devote a blog post to that app. To simply show it’s importance. Android Device Policy is really important for configuring managed devices and also provides some nice capabilities. The importance should be familiar with any IT administrator, responsible for managing Android devices, and those capabilities are sometimes slightly hidden, but provide a good starting point for troubleshooting. Especially when verifying whether settings are already applied or not. In this post I’ll start with …

Read more

Android Enterprise and Microsoft Intune: And the additional configuration layer

by

This week is all around another Android Enterprise related subject. This week is about the additional configuration layer that is also known as OEMConfig. OEMConfig provides OEMs with the capabilities of building an additional configuration layer on top of the configuration layer that is provided out-of-the-box via the Android Management API. That provides Microsoft Intune with the possibility to implement support for OEMConfig and that provides the OEM with the possibility to implement additional configuration options via OEMConfig. That enables the OEM to quickly introduce new features, without having to wait on Microsoft Intune to introduce those new features. In this post I’ll start with a further introduction to OEMConfig, followed with an example of using OEMConfig. In that example I’ll use the Samsung Knox …

Read more

Getting started with Microsoft Defender for Endpoint for Android

by

Microsoft recently declared Microsoft Defender for Endpoint (MDE) for Android – previously known as Microsoft Defender ATP for Android – general available. That’s really good news and also a really good trigger for a new blog post. MDE for Android provides protection against phishing, unsafe network connections, and malicious apps. All events and alerts around those subjects will be available in the Microsoft Defender Security Center and will be used to determine the risk level of the device. To add-on to that, through the connection with Microsoft Intune that risk information can be used to determine the compliance of the device with the company policies and to determine the eventual access of the device to company data. In this post I want to start with …

Read more

Getting started with Android Enterprise Corporate-Owned devices with Work Profile

by

Microsoft has recently declared the Android Enterprise Corporate-Owned devices with Work Profile deployment scenario (sometimes also referred to as management scenario) feature complete. That’s really good news and also a really good trigger for a new blog post. This time I’ll skip the different deployment scenarios and use cases, as I’ve written about those here and here. Just to create a good starting point, I’ll start with a quick summary about the main characteristics of this specific deployment scenario in the table below. These characteristics will help with determining if this deployment scenario will fit on the use case. For a complete overview with the different deployment scenarios, please refer to my previous post around this subject. Note: Keep in mind that the user experience …

Read more

Android Enterprise corporate-owned dedicated devices and Azure AD shared device mode

by

This week is all around the Android Enterprise corporate-owned dedicated devices deployment scenario. That deployment scenario is designed to address the typical kiosk-type devices, which are often referred to as the corporate-owned, single-use (COSU) use case. This week is specifically focused on enrolling those devices in to Azure AD shared device mode. That mode will provide users with a single sign-on and single sign-out experience across all of the participating apps on the device. In other words, users will be able to sign in to the device and will automatically be signed in to any participating apps. That enables an organization to provide a little personalized experience across dedicated devices that are shared between multiple users. In this post I’ll have a look at the …

Read more

Opting out of safeguard holds

by

This week is all about safeguard holds. More specifically, the ability of opting out of safeguard holds. Safeguard holds prevents devices with a known compatibility issue from being offered a new Windows 10 feature update by using Windows Update. That protects the device and user from a failed or poor experience with the Windows 10 feature update. Starting with the October 2020 security update, devices running Windows 10, version 1809 and above, receive a new setting that can be used for opting out of safeguard holds. In this post I’ll start with an introduction to safeguard holds, followed with the steps of creating a device configuration profile for opting out of safeguard holds. Important: Opting out of a safeguard hold can put devices at risk …

Read more