Quick tip: Troubleshooting device management failures on Windows 10

This is a short and quick blog post to point out where to start with troubleshooting Windows 10 device enrollment issues and Windows 10 device management issues. To start with troubleshooting, it’s important to know where to find the information about the device enrollment issues and the device management issues. This short and quick post will show the location of that information, starting with Windows 10 build 1511. Event Viewer To find the information about the device enrollment issues and device management issues, starting with Windows 10 build 1511, simply perform the following steps: Open the Event Viewer and navigate to Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider; Select the Admin node to show the available events; (Optional) Select View > Show …

Read more

Managing the Configuration Manager console language

Let’s start this new year with a blog post about the Configuration Manager console language. I have to admit that it doesn’t really sound like an exiting subject, but it can be very useful with troubleshooting. Most issues can easily be found, on the Internet, when using the English language, while many other languages can be a lot more challenging. In this blog post I’ll go through an overview of the Configuration Manager console language behavior, the installation of the English-only Configuration Manager console and the possibility of disabling any additional Configuration Manager console languages. Note: This activities and theories in this blog post are successfully tested on ConfigMgr 2012 and ConfigMgr 1511. Configuration Manager console language behavior Now let’s start with an overview of …

Read more

Reset passcode via the Company Portal website

This week a blog post about the new ability in the Company Portal website to reset the passcode of a mobile device. Before only the administrator could reset the end-users’ passcode, but this has changed. Starting with the November update, of Microsoft Intune, a new option Reset Passcode is added to the Company Portal website. This option is available when the end-user is looking at the information of a specific mobile device. In this blog post I will go through the complete end-user experience. Starting with the end-user experience in the Company Portal website, followed by the end-user experience on the mobile device. I will end this post with a summarization per platform that will show the behavior of the (new) passcode. Also, a bit …

Read more

Enable modern authentication for Exchange Online

This blog post is about enabling modern authentication on Exchange Online. Modern authentication is a requirement for conditional access for PCs. For SharePoint Online that’s enabled by default and for Exchange Online that’s disabled by default. However, that configuration is now available via PowerShell. This post is meant to show how easy this can be achieved now. Before this had to be done by enrolling in to the preview program. Now it’s publically available. Why I’m posting about Exchange Online? Well, actually that’s quite simple, I can’t get around it. If I want to configure conditional access in Microsoft Intune standalone or hybrid, I often need to use Exchange Online. In this post I’ll go through five simple steps to connect, verify and configure modern …

Read more

The new ability on iOS devices to send diagnostic information

This week a short blog post about the new ability in the updated Microsoft Intune Company Portal app, for iOS, to send diagnostic information. Before it was always fun to explain somebody the method to get the Company Portal Diagnostic Information, as it would require the end-user to open the Microsoft Intune Company Portal app and simply start shaking the device. Actually, this is still a possibility to get the Company Portal Diagnostic Information. New in the latest update of the Microsoft Intune Company Portal app, for iOS, is the ability to send the Company Portal Diagnostic Information via the menu of the Microsoft Intune Company Portal app. This is a new Microsoft Intune Company Portal app ability and is not related to the iOS …

Read more

My Experts Live session and content

November has been a crazy month for me so far. The frequent visitors of my blog might have noticed a complete silence the last couple of weeks. Well, it’s time to break that silence again! This month started with my first MVP Summit and I have to say that it would be awesome to be there again next year! After that I had the great opportunity to present on Experts Live 2015. I had a session about conditional access and mobile application management. This post will contain the slide deck of that session and the movies of the demos. The sessions were not recorded, but as I always create movies of my demos, as a backup scenario, I thought lets post those movies instead. Slide …

Read more

Role-based administration: The advanced case of no read resource rights in any collection

This week a pure ConfigMgr post and I have to admit that it’s been a long time since the last. This blog post will be about the role-based administration model and a really specific issue that I ran in to. This post will contain the scenario, the problem and a PowerShell script to get the complete solution. Scenario Lets start with a short description of the scenario that I’m dealing with. The environment has a lot of different administrators, all with different collections of devices that they’re managing. As an example of the structure see the screenshot on the right that shows different collection structures that are limited to the All Systems collections. In this example every administrator would be limited to their own top-level …

Read more

The conditional access flow of the other Office apps

This week something similar to last week, this week I’ll be looking at the conditional access flow of the other Office apps. By that I basically mean every Microsoft app, connecting to Office 365, using modern authentication, except for the Outlook app for iOS and Android. Like last week I’ll be looking at a high-level from a component perspective. It will be like a what-happens-when-and-where flow. The biggest difference with the Outlook app for iOS and Android is that the other Office apps don’t use the Outlook Cloud Service and instead go directly, with their access token, to Office 365. Before I’ll start with the what-happens-when-and-where flow, I think it’s important to again first provide a bit of information about Active Directory Authentication Library (ADAL)-based …

Read more

The conditional access flow of the Outlook app for iOS and Android

This week something completely different, this week I’ll be looking at the conditional access flow of the Outlook app for iOS and Android. By that I don’t mean that I’ll be looking at the high-level decision flow, which is available on TechNet, but more from a component perspective. It will be more of a what-happens-when-and-where flow. Before I’ll start with the what-happens-when-and-where flow, I think it’s important to first provide a bit of information about Active Directory Authentication Library (ADAL)-based authentication, the Open Authentication (OAuth) protocol and the Outlook Cloud Service in combination with Office 365. These components make the what-happens-when-and-where flow. ADAL-based authentication The Outlook app for iOS and Android uses ADAL-based authentication to access Office 365. ADAL-based authentication enables the Outlook app for iOS …

Read more

The new managed app installation experience on iOS 9 devices

This week a short blog post about the new managed apps installation experience for end-users on iOS 9 devices, as it was a huge pain. One of the most heard complaints with managed apps, on iOS, was about the fact that the end-user would have to manually uninstall their personally-installed apps. After that the managed app could be installed and it would really work and act like a managed app. New in iOS 9 is the ability to convert a personally-installed app to a managed app. This allows Microsoft Intune (standalone and hybrid) to take the management of a personally-installed app and turn it into a managed app. Of course, only after the users’ permission. This is really an iOS 9 ability and does not …

Read more