Android – Page 2 – All about Microsoft Intune

Addressing the need for multiple Microsoft Tunnel Gateway servers

June 13, 2022 by Peter van der Woude

This week will focus on addressing the need for multiple Microsoft Tunnel Gateway servers. A single server is easy to setup, and easy to discuss and to describe, but that just a starting point. Often there is a need for multiple Microsoft Tunnel Gateway servers. That could be for providing high availabilty, for supporting the right amount of users and even for providing access to resources on different remote locations. So, it can be multiple servers on the same location and multiple servers on different locations. This post will go through the main scenarios for multiple servers and will focus on the main configurations that should be in place to support and configure those scenarios. No detailed configurations this time. Only descriptions of the main …

Using Microsoft Tunnel for per-app VPN

May 30, 2022 by Peter van der Woude

This week is another mobile focused blog post. This week is al around Microsoft Tunnel. More specifically, this week is all about using Microsoft Tunnel for providing per-app VPN on iOS/iPadOS devices and Android devices. Per-app VPN enables organizations to only allow specifically configured apps to use the configured VPN tunnel. So, not simply pushing all traffice through the VPN tunnel, but only the traffic of specific apps. That provides a solid method for providing access to on-premises resources for only the apps that really need it. This post will start with a quick summary of what should be in place, followed by going through the important per-app VPN specific configurations. Those configurations slightly differ per platform. This post will end by showing the user …

Backup and restore Android Enterprise fully managed devices

May 23, 2022 by Peter van der Woude

This week is something completely different compared to the last couple of weeks. This week is back to the Android platform. More specifically, backing up and restoring data on Android Enterprise fully managed devices. An often heard challenge with Android Enterprise managed devices, is the lack of available functionalities for restoring data from an old device to a new device. So, the ability to backup the data on the old device and to restore the data on the new device. That’s challenging as there is simply a lack of available backup functionality when relying on Android Enterprise. The Samsung Smart Switch app could be a solution for that challenge. It enables users to seamlessly transfers contacts, photos, music, videos, messages, notes, calendars and more to …

Freezing the install of system updates on Android Enterprise corporate-owned devices

April 11, 2022 by Peter van der Woude

This week is all about a very recent new introduced feature for Android Enterprise corporate-owned devices. That feature is the ability to freeze the install of system updates for a period of time. Freezing system updates on Android Enterprise corporate-owned devices enables organizations to stick to a specific version of Android for the specified period of time. That can be usefull to get the right support of the vendor of an app, or to make sure that a specific app works with the latest verison of Android. That level of control makes Android more and more enterprise ready, without the need of additional management tooling (OEMConfig). This post will start with a quick introduction to the freeze period for system updates, followed with the steps …

Using the Microsoft Defender for Endpoint app for connecting to Microsoft Tunnel Gateway

March 7, 2022February 28, 2022 by Peter van der Woude

This week is something completely different, compared to the last couple of weeks. This week is back to Microsoft Tunnel. Microsoft Tunnel is the VPN gateway solution for Microsoft Intune that fully integrates with Azure AD (and Conditional Access) for providing access to on-premises resources on iOS and Android devices. In the early stages of Microsoft Tunnel, there used to be a separate Microsoft Tunnel app for iOS and Android devices. One of the challenges with those devices is that there can only be one active VPN at the same time. That’s especially challenging when using it in combination with Microsoft Defender for Endpoint. That makes the combination of both products into a single app, a logic move. That’s been the case for Android already …

Retiring non-compliant devices with Azure Logic Apps and Adaptive Cards for Teams

January 31, 2022January 31, 2022 by Peter van der Woude

This week is another follow-up on the first few weeks of this year. Those weeks the focus was on monitoring the status of the different connectors, certificates, tokens and deployments, while this week the focus is on more than just monitoring. This week will be about non-compliant devices marked to retire. That means querying information and actually performing an action. When looking at device compliance policies, the IT administrator can configure the actions for non-compliance. One of those actions is to configure Retire the noncompliant device. That action, however, won’t actually retire the device and will only add the device to the Retire Noncompliant Devices view. Once added to that view, there is still a manual action required by the IT administrator to actually retire …

Microsoft Tunnel Gateway: A quick overview

November 10, 2021November 10, 2021 by Peter van der Woude

This week my post is a few days later, as my post is an extension of my session at the Nordic Virtual Summit Second Edition. At the virtual summit I did a session about Getting access to on-premises resources with Microsoft Tunnel. During that session I shared the information around the architecture of Microsoft Tunnel and I zoomed in on getting up-and-running with Microsoft Tunnel and getting insight in Microsoft Tunnel. This post will provide a quick summary of that session about the different important components of Microsoft Tunnel and how to get connected to Microsoft Tunnel. Most of that information will be summarized in tables and slides. The slides (PDF) of that session are available for download here. Main components of Microsoft Tunnel The Microsoft Tunnel …

Simplifying targetting groups of apps with app protection policies

October 11, 2021 by Peter van der Woude

This week is all about the simplification in targetting groups of apps with app protection policies and a followup on my tweet of last week. That tweet provided a quick peak at the new targetting options of app protection policies for Android and iOS/iPadOS devices. The great thing about that simplification is that app protection policies can now be targeted at different categories (or groups) of apps. Those categories of apps are All apps, All Microsoft apps and Core Microsoft apps, and are dynamically updated to include the appropriate apps. That dynamic update will make sure that the already created app protection policies are automatically updated with the latest apps that are available for the different categories and will also make sure that newly created …

Getting new users quickly up-and-running with Temporary Access Pass

September 27, 2021 by Peter van der Woude

This week is a little follow-up on a post of a couple of months ago and about connecting pieces of the puzzle. That post was around Temporary Access Pass (TAP). Even though that post was focused on Windows devices, it did provide some hints for using TAP on mobile devices (Android, iOS) also. An often seen and heard challenge is related to getting new user up-and-running. Especially when requiring Multi-Factor Authentication (MFA) for device enrollment, or when trying to work completely passwordless. Those scenarios introduce chicken-and-egg situations as a device must be registered for usage with MFA and the registration requires MFA, or when trying to work passwordless and an authentication method must be registered to be able to work passwordless. So, to get a …

Using filters for assigning apps, policies and profiles to specific devices

May 26, 2021May 24, 2021 by Peter van der Woude

This week is all about filters. Filters are basically a super-set of the functionalities of applicability rules – already available for a while for Windows 10 – and are a great new addition to assigning apps policies and profiles to specific devices. Those specific devices are only the devices that meet the specific properties that are configured in the filters. A great method for specifically targeting apps, policies and profiles. This post starts with a short introduction about filters, followed with information about creating and using filters (including the steps for using and creating filters). This post ends with the administrator experience with filters. Introducing filters For device configuration profiles for Windows 10 devices it was already possible to use applicability rules. Applicability rules would …