Important note about KB3081699

Good news! Microsoft has just released KB3081699 to fix the issue that Windows Phone Apps cannot be deployed or added to Allowed Apps or Blocked Apps lists via ConfigMgr. This hotfix applies to ConfigMgr 2012 R2 SP1 and ConfigMgr SP2. However, it’s important to note that, even though this hotfix was released after CU1, the current version of this hotfix should be installed before CU1. Update August 7, 2015: As expected this update is now available in two flavors. In the hotfix request form it’s now possible to select the one of the following: pre-CU1: ConfigMgr_2012_SP2_R2SP1_CU0_QFE_KB3081699_ENU post-CU1: ConfigMgr_2012_SP2_R2SP1_CU1_QFE_KB3081699_ENU

Whitelist the Microsoft Intune Company Portal app for Windows Phone

This time a short blog post about the Microsoft Intune Company Portal app for Windows Phone. More specifically, about whitelisting the Microsoft Intune Company Portal app for Windows Phone. When whitelists, also known as Allowed Apps lists, are used, for allowing access to applications on a Windows Phone, even the Microsoft Intune Company Portal app has to be added to that list. In that case the Windows Phone Store variant can simply be added, based on the link in the Windows Phone Store, but the Download Center variant is a bit more challenging. In this post I’ll provide the required information to find the app product ID for the Microsoft Intune Company Portal app for Windows Phone. As the app might be updated in the …

Read more

Email profile behavior after retiring a mobile device

This blog post will be a follow-up on my blog post of last week about the three layers of protection with conditional access for Exchange email. During that post I tried to stress the importance of protecting, and being in control of, company email. In this blog post I will go through different scenarios to show the behavior of company email after retiring a mobile device from Microsoft Intune. I will show the results of these scenarios for both the native email app and the Outlook app. Scenarios Before I start with the different scenarios it’s important to mention that, after a mobile device is successfully retired from Microsoft Intune, the user will be able to configure company email on its mobile device. This is …

Read more

The three layers of protection with conditional access for Exchange email

In this blog post I would like to write a little about, what I like to call, the three layers of protection with conditional access for Exchange email. No, I don’t mean that a device has to be 1) enrolled in Microsoft Intune, 2) workplace joined and 3) compliant with any Microsoft Intune compliance policies. What I do mean is related to company data, in this case company email, and the protection of it on mobile devices. That means three different layers of protection for Exchange email on mobile devices. From basic protection to almost complete protection. The first layer of protection The first, basic, layer of protection is simply using an Exchange Online Policy, or an Exchange On-premises Policy. These policies make it possible …

Read more

New tool: Remote Mobile Device Manager

This blog post will be about a new tool, written in PowerShell, to remotely manage mobile devices. This tool is based on the ConfigMgr SDK and contains all the available options for remotely managing mobile devices. That means it can retire, wipe, lock and pin reset mobile devices. Basically, it’s a version 2.0 of the tool I made a couple of months ago. That tool is limited to the ConfigMgr 2012 R2 functionality, of wipe and retire, and this new tool also contains the ConfigMgr 2012 R2 SP1 functionality, of lock and pin reset. The use case for this tool is still the same. In most cases the service desk is responsible for helping end-users with their mobile devices. What if the company rather not …

Read more

Invoke remote device actions via PowerShell

This will be a short blog post about a the newly introduced WMI class, in the latest service pack, called SMS_DeviceAction. As I’m currently working on a new tool to remotely manage mobile devices, which will be released soon, I noticed that the SMS_DeviceAction class is used to invoke and query the Lock and PinReset actions. What’s even more important is the fact that the SMS_DeviceAction class isn’t documented, yet. In this blog post I’ll post the required information to successfully query the SMS_DeviceAction class and to successfully invoke the methods of the SMS_DeviceAction class. Methods The SMS_DeviceAction class contains the method InvokeAction. The InvokeAction method requires the following input parameters. Parameter Data Type Description Action String This parameter is required and should contain the …

Read more

Pick your Company Portal app

This weekend I posted a small tweet showing the tabs, in my browser, to the different Company Portal apps. In that same tweet I promised the overview that follows in this blog post. By now there are 8 different versions of the Company Portal app and specific to Microsoft Intune that number is 7. These Company Portal apps differ in things like product, platform and availability. This blog post will describe the different Company Portal apps, their platforms, their usage, their main requirements, their availability and, if needed, their important notes. All that information should help you with picking the right version of the Company Portal app and all that information can be found in the following table. Company Portal app More information Configuration Manager …

Read more

Windows Phone 8.1 and the Windows Phone Store

This blog post will be about the other magical store world of Windows Phone 8.1 and that’s the world of the Windows Phone Store. By now, I think many are already aware of the different possibilities for the Windows Phone Store, but I thought it would be time for a complete overview like I did for Windows Phone 8.1 and the Microsoft Intune Company Portal app. This post will contain the different scenarios for providing (limited) access to the Windows Phone Store. These scenarios will be explained for Microsoft Intune standalone and Microsoft Intune hybrid. Scenarios Now lets start with summarizing the different scenarios that are possible for providing (limiting) access to the Windows Phone Store. I found the following three scenarios and I’ll go …

Read more

Manage Windows Defender, of Windows 10, via OMA-DM

A couple of weeks ago I did a blog post about the different management options for Windows 8.1. In that specific post I already mentioned OMA-DM as a very valid method to manage Windows 8.1 and Windows 10 devices. To refresh the memories, OMA Device Management (OMA-DM) is an open management standard designed for mobile devices. The nice thing is that OMA-DM is also fully utilized in Windows 10, even the desktop version. That means that OMA-DM can be used to fully manage specific parts of a Windows 10 device. In this post I’ll show how OMA-DM can be used to fully manage Windows Defender in Windows 10. For Windows 10 it’s possible to manage all the settings available for Windows Defender. This includes everything, …

Read more

How to use the Microsoft Intune Company Portal app for Windows Phone 8.1 from the Download Center

A bit more than a month ago Microsoft released the Microsoft Intune Company Portal app specifically for Windows Phone 8.1 in the Download Center. This version of the Microsoft Intune Company Portal app is created specifically for Windows Phone 8.1 and later, as it’s created in the APPX format, which is not supported by Windows Phone 8. It can be used by administrators to deploy to end-users who do not have access to the Windows Phone Store. The main feature of this version of the Microsoft Intune Company Portal app is the ability to show the configured Terms and Conditions in Microsoft Intune standalone. In this blog post I’ll describe how this version of the Microsoft Intune Company Portal app can be signed and how …

Read more