Android – All about Microsoft Intune

Temporarily removing apps and configurations from mobile devices

July 22, 2024July 22, 2024 by Peter van der Woude

This week is all about a new feature that is specifically for mobile devices, and that feature is the ability to remove, reinstall, and re-apply specific configuration policies, configuration profiles, and apps. The best part is that it can be achieved without changing the assignments of those apps and configurations. That can be really useful to help with resolving specific challenges and to quickly restore the productivity of the user. The apps and configurations that were removed will automatically be restored within 8-24 hours. Alternatively, the IT administrator can also manually initiate an action to restore the removed apps and configurations earlier. So, in the end, the focus remains on ensuring that the devices remain consistent with the assigned apps and configurations. This post will …

Staging corporate Android devices

May 27, 2024 by Peter van der Woude

This week is all about the recently ability to stage Android Enterprise devices. That ability enables IT administrators to further prepare devices before actually giving them to the user. In a way, staging Android Enterprise devices is similar to pre-provisioning Windows devices. In other words, a method to prepare the device for the user and to simplify and fasten the user experience to get up-and-running. Before, the IT administrator would generate an enrollment token that could be used by the user to start the enrollment process. The user would then sign in and walk through the guided enrollment process. Now, with the staging ability, the IT administrator still generates an enrollment token, but instead of directly sharing that with the user, it’s used by the …

Remotely collecting diagnostic logs for managed Microsoft 365 apps

May 6, 2024 by Peter van der Woude

This week is sort of a follow-up on a post of more then 5 years ago, about checking diagnostic logs for managed apps on iOS and Android devices. That post was focussed on how to achieve that locally on the device. Since recently, a lot has changed. The local option is still available, but it’s now also possible to remotely collect those diagnostic logs for managed Microsoft 365 apps. That make the troubleshooting of app protection and app configuration policies a lot easier. Without really difficult, or challenging, activities from an user perspective. The main thing that is left for the user, is accepting the remote collections of the diagnostics logs. There are, however, some other details to keep in mind. This post will focus …

Using a BYOCA with Microsoft Cloud PKI

March 25, 2024March 25, 2024 by Peter van der Woude

This week is a follow-up on the post of last week about getting started with Microsoft Cloud PKI (Cloud PKI). This time it’s all about using a bring your own certificate authority (BYOCA) with Cloud PKI. BYOCA is focused on providing organizations with the ability to rely on an existing private CA. That can for example be an existing on-premises PKI infrastructure based on Active Directory Certificate Services (ADCS). BYOCA enables the IT administrator to create an issuing CA in Cloud PKI that is anchored to that existing private CA. By doing that, the issuing CA becomes an extension of the already existing (on-premises) PKI infrastructure. That might take some of the previously mentioned benefits away, as this won’t takeaway all the need to maintain …

Getting started with Microsoft Cloud PKI

March 18, 2024March 18, 2024 by Peter van der Woude

This week is sort of another follow-up on the earlier posts about new Microsoft Intune Suite add-on capabilities. This time it’s all about the latest addition, Microsoft Cloud PKI (Cloud PKI). Cloud PKI provides organizations with a cloud-based service that simplifies and automates the certificate lifecycle management for Intune managed devices. It literally provides a public key infrastructure (PKI) from the cloud. That PKI environment can be built within a few minutes, by simply going through a couple of wizards. Even when relying on at least a two-tier hierarchy, with a root certificate authority (CA) and an issuing CA. There is no longer a need to maintain on-premises servers, connectors, or hardware. Cloud PKI handles the certificate issuance, renewal, and revocation for Intune managed devices. …

Remotely locating corporate-owned Android Enterprise devices

February 26, 2024February 26, 2024 by Peter van der Woude

This week is all about remotely locating corporate-owned Android Enterprise devices. More specifically, about the configurations that are related to remotely locating those devices. With one of the latest service updates of Microsoft Intune (2401) a new configuration was introduced to specifically block the location on corporate-owned Android Enterprise devices. That configuration, however, has a direct impact on the ability to locate those devices. Besides that, the availability of remotely locating the device depends on the Android Enterprise deployment method. So, multiple reasons why the ability of remotely locating devices could be unavailable. This post will focus on the available settings related to the location of Android Enterprise devices, followed with the steps to configure those settings. This post will end with the user experience. …

Quick tip: App inventory for corporate-owned Android Enterprise devices

August 24, 2023 by Peter van der Woude

This week another short post. Not just because I missed blogging during my vacation, but mainly to create awareness for a very interesting and often requested feature. That feature is the app inventory for corporate-owned Android Enterprise devices. Until recently the app inventory was not available for corporate-owned Android Enterprise devices, but that has changed. With the recent Microsoft Intune service release (2307), Microsoft has now made some changes to app management and app inventory. Those changes are actually triggered by Google, as Google has started deprecating features and methods of the Google Play EMM API. And even though there are alternatives within that API available, the general advise is to move to the modern Android Management API. That’s exactly what Microsoft is doing and …

Quick tip: Adding custom support information to corporate-owned Android Enterprise devices

August 21, 2023 by Peter van der Woude

This first post after my vacation is a quick tip about adding custom support information to corporate-owned Android Enterprise devices. Custom support information enables IT administrators, to customize the short message that is shown when users try to change a setting that is managed by the organziation, to customize the long message that is shown when looking at more information about the short message, and to show information on the device lock screen. Especially the latter customization can be useful for showing some specific information to the user about the device. Think about easily providing the user access the (management) name of the device, or the serial number of the device. This post will walk through the configuration options, followed with the user experience. Configuring …

Getting started with Microsoft Tunnel for Mobile Application Management for Android

April 11, 2023March 20, 2023 by Peter van der Woude

This week is a follow-up on the post of last week. While last week the focus was on iOS/iPadOS devices, this week the focus is on Android devices. Some parts might overlap with that post of last week, but those parts are definitely needed for the completeness of the story and the configuration. So, in general, the focus is still on Microsoft Tunnel for Mobile Application Management (Tunnel for MAM). As mentioned last week, Tunnel for MAM is one of the features that was released at the beginning of March as part of the Intune Suite add-ons. Tunnel for MAM itself, is available as part of the new Microsoft Intune Plan 2 license. The great thing about Tunnel for MAM is that it makes it …

Informing users of newly enrolled devices

February 6, 2023February 6, 2023 by Peter van der Woude

This week is all about a nice small new feature that became general available with the latest service release of Microsoft Intune (2301). That feature is enrollment notification. Enrollment notifications provide organizations with an easy method to notify users when a new device is enrolled. That provides organizations with more grip on the devices that are enrolled within the environment, as users will be informed when a new device was enrolled using their credentials. Besides that, it also provides organizations with an alternative method to welcome employees. In other words, a great way to trigger users. Enrollment notifications can be used for Windows, Android, iOS/iPadOS, and MacOS devices that are enrolled by using the user-driven enrollment methods. The notifications can be email notifications and push …