Manage company policies on Windows Phone 8.1 via OMA-URI settings in Microsoft Intune

A bit more than a month ago, I created THE Windows Phone 8.1 Configuration Baseline for usage with ConfigMgr 2012 (integrated with Microsoft Intune). That Configuration Baseline contains all the currently configurable company policies via OMA-URI settings. At that time the management of OMA-URI settings on Windows Phone 8.1 wasn’t possible via Microsoft Intune standalone, but this has changed with the latest update to Microsoft Intune. That’s why I thought it would be good to dedicate this blog post to creating OMA-URI settings in Microsoft Intune standalone. As it’s not possible, yet, to export a Configuration Policy in Microsoft Intune, like a Configuration Baseline in ConfigMgr, I will simply show how to create an OMA-URI setting in Microsoft Intune. Also good to know, OMA-URI settings …

Read moreManage company policies on Windows Phone 8.1 via OMA-URI settings in Microsoft Intune

Manage Microsoft Intune users via PowerShell

This week my blog post will contain some PowerShell again! After almost a month finally some PowerShell on my blog again. Even though Microsoft Intune has no PowerShell support, yet, there are parts that can be managed via PowerShell already. In my blog series about how to integrate Microsoft Intune and ConfigMgr with single sign-on I already showed some related PowerShell cmdlets for adding and verifying a domain name and for enabling Active Directory synchronization. In this post I will show how to manage the Microsoft Intune users. As in the most scenario’s the users and groups will be synchronized from the on-premises Active Directory, I won’t show how to create users and groups. Instead I will show how to get information about the users, …

Read moreManage Microsoft Intune users via PowerShell

How to configure multi-factor authentication in Microsoft Intune – Part 2: The single sign-on method

Last week I started this series with a blog post on How to configure multi-factor authentication in Microsoft Intune – Part 1: The easiest method, this week I’m going to take it up one level and also include single sign-on in the configuration. I will describe the multi-factor authentication configuration, for Microsoft Intune, when using single sign-on. The nice thing is that the multi-factor authentication page, in Microsoft Intune, already describes the configuration. In this post I will walk through that configuration and also show the results of that configuration, as that was a little bit surprising to me. Scenario Like last week it’s important to mention a couple of lines about the scenario before I’ll start with this configuration for multi-factor authentication. This specific …

Read moreHow to configure multi-factor authentication in Microsoft Intune – Part 2: The single sign-on method

How to configure multi-factor authentication in Microsoft Intune – Part 1: The easiest method

By now I think it’s save to assume that everybody knows about the new capabilities of Microsoft Intune that where added last week. Also, next to those adjustments there were the “long” hoped for improvements to the Windows Phone 8.1 enrollment process. These new capabilities and improvements triggered me to do a new small blog series and this time about multi-factor authentication. In this blog series I will describe a few different multi-factor authentication configurations for, initially, Microsoft Intune standalone. This first part will be the easiest configuration, without anything fancy like single sign-on. Scenario Before I’ll start with this configuration for multi-factor authentication it’s important to mention a couple of lines about the scenario. This specific multi-factor authentication configuration is only possible when the …

Read moreHow to configure multi-factor authentication in Microsoft Intune – Part 1: The easiest method

Extend the Hardware Inventory for PolicyManager settings on Windows Phone 8.1

This blog post will be a follow-up on last weeks blog post about THE Windows Phone 8.1 configuration baseline, as I will show this week how those settings can be added to the hardware inventory. Especially with using multiple configuration baselines and Company Resource Access policies, it’s easy to loose track of the current configuration of, in this case, Windows Phone 8.1. That’s why I  took the information about the PolicyManager configuration service provider (CSP),  again, as provided in the Windows Phone 8.1 MDM Protocol document, but this time to create a MOF file. Hardware Inventory settings By default ConfigMgr (and Microsoft Intune) will inventory a lot of great information, but not about the settings managed via the PolicyManager. That is why I created a …

Read moreExtend the Hardware Inventory for PolicyManager settings on Windows Phone 8.1

THE Windows Phone 8.1 Configuration Baseline

This blog post will be about THE Windows Phone 8.1 configuration baseline, for usage with ConfigMgr 2012 (integrated with Microsoft Intune). This configuration baseline is created based on the information provided in the Windows Phone 8.1 MDM Protocol document. That document describes the PolicyManager configuration service provider (CSP), which is the centralized component to handle all Windows Phone supported enterprise policies. It describes in detail every currently configurable policy, by any mobile device management solution. Configuration Items I took all the settings, as described in the Windows Phone 8.1 MDM Protocol document, and created separate configuration items for each one of them. In these configuration items I included all the available information about the specific settings, including their descriptions. Based on the possible values of …

Read moreTHE Windows Phone 8.1 Configuration Baseline

Blog series about how to integrate Microsoft Intune and ConfigMgr with Single Sign-On

A few weeks ago I did a blog post about How to configure a relying party trust between on-premises AD FS and Microsoft Azure AD for single sign-on in Microsoft Intune. Based on that blog post I’ve got a lot of feedback of people mentioning that it was a great post, but that they would like to see the complete picture. That made me decide to create a step-by-step guide for a basic lab setup of Microsoft Intune and ConfigMgr with single sign-on. Starting today the complete series is online on windows-noob. I’ve sliced this guide in to the following four pieces: How to integrate Microsoft Intune and System Center 2012 R2 Configuration Manager with Single Sign-On – Part 1: Introduction and prerequisites; This first …

Read moreBlog series about how to integrate Microsoft Intune and ConfigMgr with Single Sign-On

How to troubleshoot Windows Phone 8.1 enrollment via Microsoft Intune

In this blog post I want to put a spotlight on the troubleshooting of Windows Phone 8.1 enrollment in Microsoft Intune (with or without ConfigMgr integration). The problem with Windows Phone enrollment was that there was little to no log information about the enrollment process, but that has changed with Windows Phone 8.1. Before Windows Phone 8.1 there were only some log files (like the dmpdownloader) when the integration with ConfigMgr was used, but in most occasions they wouldn’t show helpful information. Starting with Windows Phone 8.1 this has changed and there is the ability to get some logging of the mobile device. It’s not an easy process, and probably not an option in every situation,  but it will help to verify the health of …

Read moreHow to troubleshoot Windows Phone 8.1 enrollment via Microsoft Intune

How to configure a relying party trust between on-premises AD FS and Microsoft Azure AD for single sign-on in Microsoft Intune

One of the things that is often requested by customers is to configure single sign-on for Microsoft Intune (with or without ConfigMgr integration). The main reasons for that request are simple, it’s to make the user experience better and to prevent the user from having different accounts and passwords. In this blog post I will show how relatively easy it is to federate on-premises Active Directory Federation Services (AD FS) with the Microsoft Azure Active Directory (Micorosoft Azure AD). The best thing about this is that after this configuration is done, all Microsoft Intune authentication requests will redirect to the on-premises AD FS. Also, in this post I will skip a few important steps (see prerequisites). I assume that those steps are more common knowledge. …

Read moreHow to configure a relying party trust between on-premises AD FS and Microsoft Azure AD for single sign-on in Microsoft Intune