Looking closer at enabling Endpoint analytics

This week is all about Endpoint analytics and indirectly Advanced Analytics. More specifically, about enabling Endpoint Analytics and what happens after enabling Endpoint analytics. The process of enabling Endpoint analytics is not that special and can only be performed once per tenant. It is, however, good to be familiar with what happens after enabling Endpoint analytics. To understand the settings that become available and the impact of adjusting those settings. Especially the impact for the Windows devices within the environment. Besides that, it’s also important to be familiar with configurations that are not directly part of Endpoint analytics, but that do influence the results provided by Endpoint analytics. This post will focus on exactly those subjects! This post will provide an overview of what enabling …

Read more

Using a BYOCA with Microsoft Cloud PKI

This week is a follow-up on the post of last week about getting started with Microsoft Cloud PKI (Cloud PKI). This time it’s all about using a bring your own certificate authority (BYOCA) with Cloud PKI. BYOCA is focused on providing organizations with the ability to rely on an existing private CA. That can for example be an existing on-premises PKI infrastructure based on Active Directory Certificate Services (ADCS). BYOCA enables the IT administrator to create an issuing CA in Cloud PKI that is anchored to that existing private CA. By doing that, the issuing CA becomes an extension of the already existing (on-premises) PKI infrastructure. That might take some of the previously mentioned benefits away, as this won’t takeaway all the need to maintain …

Read more

Getting started with Microsoft Cloud PKI

This week is sort of another follow-up on the earlier posts about new Microsoft Intune Suite add-on capabilities. This time it’s all about the latest addition, Microsoft Cloud PKI (Cloud PKI). Cloud PKI provides organizations with a cloud-based service that simplifies and automates the certificate lifecycle management for Intune managed devices. It literally provides a public key infrastructure (PKI) from the cloud. That PKI environment can be built within a few minutes, by simply going through a couple of wizards. Even when relying on at least a two-tier hierarchy, with a root certificate authority (CA) and an issuing CA. There is no longer a need to maintain on-premises servers, connectors, or hardware. Cloud PKI handles the certificate issuance, renewal, and revocation for Intune managed devices. …

Read more

Getting started with Device query

This week is basically a follow-up on an earlier post about Advanced Analytics. At that time, it was all still in preview and still listening to the name of Advanced Endpoint Analytics. Advanced Analytics is also one of the latest additions to the Microsoft Intune Suite and it builds on top of those earlier previewed functionalities. On top of those features from the preview, Microsoft now also added Battery Health and Device query to the mix of features of Advanced Analytics. Even more insights and more options to actual query devices for information. Battery Health is a report that provides insights into the health of the batteries of the devices within the environment and how it influences the user experience. An interesting report, for even …

Read more

Getting started with Enterprise App Management

This week is sort of a follow-up on the earlier post about new Microsoft Intune Suite add-on capabilities. That time it was around the early capabilities, like Endpoint Privilege Management, the first glimpses of Advanced Analytics, and Microsoft Tunnel for MAM. This time it’s about Enterprise App Management. Enterprise App Management provides organizations with an applications catalog that contains apps that are prepared by Microsoft. Those apps are all Win32 apps that are wrapped and hosted by Microsoft. That can further simplify management and makes sure that the lifecycle of apps is getting better under control. That means more structural updates of apps, which makes sure that the environment gets more secure. This post will start with a further introduction about Enterprise App Management, followed …

Read more

Using Conditional Access for Remote Help

This week is a short post about a small nice addition to Remote Help. That small nice addition, however, can be an important piece towards the solid zero trust implementation within the organization. That addition is the ability to use Conditional Access specifically for Remote Help. That doesn’t mean, however, that Conditional Access was not applicable towards Remote Help before. When assigning a Conditional Access to all cloud apps that would (and will always) also include Remote Help. The main change is that it’s now possible to create a service principal for the Remote Assistance Service that can be used as a cloud app in the assignment of a Conditional Access policy. That enables organizations to create a custom Conditional Access policy specifically for Remote …

Read more

Getting started with Advanced Endpoint Analytics

This week is another post about one of the new Intune Suite add-on capabilities. This time it’s all about Advanced Endpoint Analytics. Advanced Endpoint Analytics adds-on to Endpoint Analytics by providing organizations access to more intelligence to gain even deeper insights into the user experience. It provides IT administrators with the tools to proactively detect and remediate issues that impact user productivity. All of that can be achieved with the new capabilities that are part of Advanced Endpoint Analytics. Those capabilities are anomaly detection, enhanced device timeline, and device scopes. Three powerful capabilities that enable IT administrators to use machine learning to identity anomalies, to have a detailed device timeline, and to have the ability to look at a specific set of devices. When an organization has …

Read more

Getting started with Endpoint Privilege Management

This week is another post about one of the new Intune Suite add-on capabilities. This time it’s all about Endpoint Privilege Management (EPM). At this moment EPM is still in preview, but once it becomes general available it will be licensed as part of the Microsoft Intune Suite. EPM enables organizations to provide standard user permissions to their users and still enable those users to complete tasks that require elevated permissions. Those tasks can include the installation of applications, updating device drivers, running diagnostics, and more. With that, EPM fits perfectly in the Zero Trust architecture of any organization. It enables the principle of using the least privilege, while still allowing users to run specifically approved tasks with elevated permissions. So, users remain productive and elevations are …

Read more

Getting started with Microsoft Tunnel for Mobile Application Management for Android

This week is a follow-up on the post of last week. While last week the focus was on iOS/iPadOS devices, this week the focus is on Android devices. Some parts might overlap with that post of last week, but those parts are definitely needed for the completeness of the story and the configuration. So, in general, the focus is still on Microsoft Tunnel for Mobile Application Management (Tunnel for MAM). As mentioned last week, Tunnel for MAM is one of the features that was released at the beginning of March as part of the Intune Suite add-ons. Tunnel for MAM itself, is available as part of the new Microsoft Intune Plan 2 license. The great thing about Tunnel for MAM is that it makes it …

Read more

Getting started with Microsoft Tunnel for Mobile Application Management for iOS/iPadOS

This week is all about one of the new Intune Suite add-on capabilities. The capability of focus is Microsoft Tunnel for Mobile Application Management (Tunnel for MAM) for iOS/iPadOS devices. The Intune Suite add-ons were released at the beginning of March, including a new licensing model, and including Tunnel for MAM. That capability on itself, is available as part of the new Microsoft Intune Plan 2 license. Tunnel for MAM makes it possible to provide access to on-premises resources, on unmanaged devices. Often unmanaged devices are equal to personal-owned devices. So, that provides IT with the flexibility to make that app, with on-premises interaction, available on personal-owned devices. Without requiring the user to enroll that specific device, but still enforcing secure access and guaranteeing full …

Read more