Informing users of newly enrolled devices

This week is all about a nice small new feature that became general available with the latest service release of Microsoft Intune (2301). That feature is enrollment notification. Enrollment notifications provide organizations with an easy method to notify users when a new device is enrolled. That provides organizations with more grip on the devices that are enrolled within the environment, as users will be informed when a new device was enrolled using their credentials. Besides that, it also provides organizations with an alternative method to welcome employees. In other words, a great way to trigger users. Enrollment notifications can be used for Windows, Android, iOS/iPadOS, and MacOS devices that are enrolled by using the user-driven enrollment methods. The notifications can be email notifications and push …

Read more

Managing privacy controls for Office products

This week is all about managing privacy controls for Office products. That includes Office on Android devices, Office on iOS devices, Office for Mac devices, Office for the web, and Microsoft 365 apps for enterprise on Windows devices. Most organizations often already have a good look at the required configurations options for the privacy controls on Windows devices. Office for other platforms, however, are often forgotten. Just like Office for the web. Good thing, though, is that there are nowadays multiple privacy controls available that can be configured for Office on all platforms. For some platforms there are even multiple configurations options. Best part of those configuration options is that there is also an option to configure the privacy controls cross platforms. This post will …

Read more

Organizing Managed Google Play apps with collections

This week is all about a smaller newly introduced feature regarding Android Enterprise. A feature that helps with organizing the Managed Google Play apps within the Managed Google Play store. When structure and details are important, this is that sweet little detail that makes it perfect. Starting with the latest service release of Microsoft Intune (service release 2211), there is now support for organizing apps within the Managed Google Play store by using collections. Collections are shown on the front page of the Managed Google Play store and provide users with easy access to the required apps. Collections can be used to organize apps in different categories. Custom categories. It’s completely up to the IT administrator to create collections, to name collections, to add apps …

Read more

Using Microsoft Defender for Endpoint on Android for protecting the personal profile

This week another post about Microsoft Defender functionality, but on a completely different platform. This week is all about using Microsoft Defender for Endpoint, on Android devices, for protecting the personal profile. And for now, specifically focused on personally owned devices. That protection functionality is focused on providing users with the same level of protection in their personal profile, as provided in their work profile. It provides users – within their personal profile – with malware scanning on user-installed apps, protection from malicious URLs, network protection, and privacy controls. That provides users with better protection and organizations with more control on which devices are allowed to have access to company data. This post will mainly focus on the configuration of that additional protection of the …

Read more

Common Criteria Mode for corporate-owned Android Enterprise devices

This week something completely different compared to the last few weeks. While the last last few weeks were all about the great simplicity of Windows 365 Enterprise, this week is all about Android Enterprise. Different platform, theoretically possibly the same device. With the introduction of Android 11 (API level 30), some nice new features were introduced for enterprises. That includes the addition of the Common Criteria (CC) Mode. CC Mode already exists for a few years for Samsung Knox devices and – in combination with Microsoft Intune – already could be configured by using OEMConfig (with the KSP app), but is now available by default within Android Enterprise. Even better, with one of the latest service releases (2207) of Microsoft Intune that can now be …

Read more

Welcome to the still growing Android device management jungle: A summary

The second short post of this week is another extension of one of my sessions at the¬†Workplace Ninja Summit 2022. At the summit I did my second session about Welcome to the still growing Android device management jungle. During that session I shared information around the still growing device management options for Android devices, pointers that can help with making the right decisions and information around the different configuration options. This post will provide a quick summary of that session by going through the different management options, providing important differences and summarizing the main configuration capabilities. The slides (PDF) of that session are available for download¬†here. Android (device) management options When looking at the Android (device) management options, there are many options. And the number …

Read more

Creating the path for mobile devices to on-premises resources: A summary

This week a few shorter posts, as my posts this week are extensions of my sessions at the Workplace Ninja Summit 2022. At the summit I did my first session about Creating the path for mobile devices to on-premises resources. During that session I shared information around the architecture and flow of Microsoft Tunnel, I zoomed in on getting up-and-running with Microsoft Tunnel and showed getting insight of Microsoft Tunnel. This post will provide a quick summary of that session by quickly showing the architecture and flow of Microsoft Tunnel and by showing the summary and reminders. The slides (PDF) of that session are available for download here. Architecting Microsoft Tunnel An important part of creating the Microsoft Tunnel infrastructure is a solid architecture. In most cases that …

Read more

Addressing the need for multiple Microsoft Tunnel Gateway servers

This week will focus on addressing the need for multiple Microsoft Tunnel Gateway servers. A single server is easy to setup, and easy to discuss and to describe, but that just a starting point. Often there is a need for multiple Microsoft Tunnel Gateway servers. That could be for providing high availabilty, for supporting the right amount of users and even for providing access to resources on different remote locations. So, it can be multiple servers on the same location and multiple servers on different locations. This post will go through the main scenarios for multiple servers and will focus on the main configurations that should be in place to support and configure those scenarios. No detailed configurations this time. Only descriptions of the main …

Read more

Using Microsoft Tunnel for per-app VPN

This week is another mobile focused blog post. This week is al around Microsoft Tunnel. More specifically, this week is all about using Microsoft Tunnel for providing per-app VPN on iOS/iPadOS devices and Android devices. Per-app VPN enables organizations to only allow specifically configured apps to use the configured VPN tunnel. So, not simply pushing all traffice through the VPN tunnel, but only the traffic of specific apps. That provides a solid method for providing access to on-premises resources for only the apps that really need it. This post will start with a quick summary of what should be in place, followed by going through the important per-app VPN specific configurations. Those configurations slightly differ per platform. This post will end by showing the user …

Read more

Backup and restore Android Enterprise fully managed devices

This week is something completely different compared to the last couple of weeks. This week is back to the Android platform. More specifically, backing up and restoring data on Android Enterprise fully managed devices. An often heard challenge with Android Enterprise managed devices, is the lack of available functionalities for restoring data from an old device to a new device. So, the ability to backup the data on the old device and to restore the data on the new device. That’s challenging as there is simply a lack of available backup functionality when relying on Android Enterprise. The Samsung Smart Switch app could be a solution for that challenge. It enables users to seamlessly transfers contacts, photos, music, videos, messages, notes, calendars and more to …

Read more