Using Samsung Knox Mobile Enrollment with Microsoft Intune

This week is all about using Samsung Knox Mobile Enrollment (KME) for automatically enrolling Samsung Knox devices into Microsoft Intune. The idea of Samsung KME is similar to Windows Autopilot and Apple ADE. It’s all about streamlining the enrollment experience for corporate-owned devices. By using Samsung KME in combination with Microsoft Intune, a smooth out-of-the-box experience enables users to be up-and-running in no time. That can be achieved by uploading Samsung Knox devices in Samsung KME and assigning MDM profiles to those devices. This post will start with the important prerequisites, followed with the steps for creating a MDM profile in Samsung KME. This post ends with assigning the MDM profile to devices in Samsung KME and a quick look at the user experience. Note: …

Read moreUsing Samsung Knox Mobile Enrollment with Microsoft Intune

Quick tip: Enable browser access on Android Enterprise corporate-owned devices

This week a quick tip about enabling browser access on Android Enterprise Corporate-Owned Fully Managed devices and Android Enterprise Corporate-Owned devices with Work Profile, to work with device-based Conditional Access. That will enable the user to eventually use different apps for accessing company data. That includes for example using the Chrome browser app for accessing SharePoint Online or Exchange Online. On the Android Enterprise devices, this requires a configuration in the Microsoft Authenticator app. In this post I’ll simply provide the steps that are required within the Microsoft Authenticator app. Note: Before providing the mentioned steps, a big thank you to Pat Freeman for pointing me in the right direction. Enable browser access in the Microsoft Authenticator app When knowing the availability of the setting, …

Read moreQuick tip: Enable browser access on Android Enterprise corporate-owned devices

Android Enterprise and Microsoft Intune: And Android Device Policy

I’ve mentioned Android Device Policy before, earlier this year, in my post about Android Enterprise and Microsoft Intune. In that post, however, I’ve only briefly mentioned that app, while that app is an important piece of the Microsoft management solution for corporate-owned devices. That’s why I thought it would be good to devote a blog post to that app. To simply show it’s importance. Android Device Policy is really important for configuring managed devices and also provides some nice capabilities. The importance should be familiar with any IT administrator, responsible for managing Android devices, and those capabilities are sometimes slightly hidden, but provide a good starting point for troubleshooting. Especially when verifying whether settings are already applied or not. In this post I’ll start with …

Read moreAndroid Enterprise and Microsoft Intune: And Android Device Policy

Android Enterprise and Microsoft Intune: And the additional configuration layer

This week is all around another Android Enterprise related subject. This week is about the additional configuration layer that is also known as OEMConfig. OEMConfig provides OEMs with the capabilities of building an additional configuration layer on top of the configuration layer that is provided out-of-the-box via the Android Management API. That provides Microsoft Intune with the possibility to implement support for OEMConfig and that provides the OEM with the possibility to implement additional configuration options via OEMConfig. That enables the OEM to quickly introduce new features, without having to wait on Microsoft Intune to introduce those new features. In this post I’ll start with a further introduction to OEMConfig, followed with an example of using OEMConfig. In that example I’ll use the Samsung Knox …

Read moreAndroid Enterprise and Microsoft Intune: And the additional configuration layer

Getting started with Microsoft Defender for Endpoint for Android

Microsoft recently declared Microsoft Defender for Endpoint (MDE) for Android – previously known as Microsoft Defender ATP for Android – general available. That’s really good news and also a really good trigger for a new blog post. MDE for Android provides protection against phishing, unsafe network connections, and malicious apps. All events and alerts around those subjects will be available in the Microsoft Defender Security Center and will be used to determine the risk level of the device. To add-on to that, through the connection with Microsoft Intune that risk information can be used to determine the compliance of the device with the company policies and to determine the eventual access of the device to company data. In this post I want to start with …

Read moreGetting started with Microsoft Defender for Endpoint for Android

Getting started with Android Enterprise Corporate-Owned devices with Work Profile

Microsoft has recently declared the Android Enterprise Corporate-Owned devices with Work Profile deployment scenario (sometimes also referred to as management scenario) feature complete. That’s really good news and also a really good trigger for a new blog post. This time I’ll skip the different deployment scenarios and use cases, as I’ve written about those here and here. Just to create a good starting point, I’ll start with a quick summary about the main characteristics of this specific deployment scenario in the table below. These characteristics will help with determining if this deployment scenario will fit on the use case. For a complete overview with the different deployment scenarios, please refer to my previous post around this subject. Note: Keep in mind that the user experience …

Read moreGetting started with Android Enterprise Corporate-Owned devices with Work Profile

Getting familiar with Microsoft Tunnel Gateway

This week is a follow-up on my post of a few weeks ago about getting started with Microsoft Tunnel Gateway. In that post I’ve showed how to get started with Microsoft Tunnel Gateway and in this post I want to show how to get more familiar with Microsoft Tunnel Gateway. Getting to know the installation location, getting to know the configuration files, getting to know the log files and getting to know a few important commands for more information. All of that will eventually help with getting more familiar with Microsoft Tunnel Gateway. In this post I’ll look a few directories, files, logs and commands. Also in that order. Directories Let’s start with a few directories. Actually, one directory and a few sub-directories. After the installation …

Read moreGetting familiar with Microsoft Tunnel Gateway

Getting started with Microsoft Tunnel Gateway

This week is all about the just, during Microsoft Ignite 2020, released Microsoft Tunnel Gateway (often referred to as Microsoft Tunnel or Tunnel). Microsoft Tunnel Gateway is a new solution that can provide iOS and Android devices with access to on-premises resources. In other words, Microsoft Tunnel Gateway is a VPN solution. The best part of Microsoft Tunnel Gateway is that it fully integrates with a Microsoft 365 solution and that it’s included in the existing Microsoft Intune license. That integration is also one of the strongest points of Microsoft Tunnel Gateway, as it also provides single sign-on capabilities and even conditional access. All of that with a relatively simple deployment. Also, to work with Microsoft Tunnel Gateway, Microsoft released the Microsoft Tunnel app for …

Read moreGetting started with Microsoft Tunnel Gateway

Android Enterprise and Microsoft Intune: And the previously missing use case

This week is all about an addition to my previous post about the device management jungle of Android Enterprise. In that post I already did a brief look at the future and what Android 11 would bring to the table. At that time Microsoft Intune did not yet support a deployment scenario to address the Corporate-Owned, Personally Enabled (COPE) use case. The good news is: that has changed! Microsoft Intune now contains the deployment scenario Corporate-Owned Work Profile, which is currently still in preview, and that deployment scenario can address the COPE use case. With this blog I want to provide a refreshed overview of the different deployment scenarios and the use cases that are addressed. However, the main focus of this post is the …

Read moreAndroid Enterprise and Microsoft Intune: And the previously missing use case

Customizing the Microsoft Intune Company Portal app and website

This week is all about customizing the Microsoft Intune Company Portal app and website. The main trigger for this subject are the recently introduced additional customization options. Besides configuring default branding and support information, the list of actual specific customization configurations is growing and providing more and more options for an organization specific look-and-feel. That includes the option for creating multiple different customization policies. In this post I’ll go through the different customization options and policies. I’ll end this post by having a quick look at the end-user experience. Company Portal app and website customization options Now let’s have a look at the Company Portal app and website customization options. To do that, I want to walk through the different customization options and explain the …

Read moreCustomizing the Microsoft Intune Company Portal app and website