Microsoft Intune

Conditional access for managed apps (preview)

by

This blog post is about an Azure preview feature. A preview may include preview, beta, or other pre-release features, services, software, or regions. Previews are subject to reduced or different service terms. In other words, previews are for early testing and should not be considered as fully production ready. During the session Secure access to Office 365, SaaS, and on-premises apps and files with Azure AD and Intune, at Microsoft Ignite, a nice new feature for mobile app management without enrollment (MDM-less MAM) was shown. That new feature is conditional access for managed apps. During that session they showed the URL to that new feature. What makes it even better, that specific URL already works with existing tenants. It simply brings the administrator to a …

Read more

Predeclaring corporate-owned devices

by

This week something related to last week. This week will be about predeclaring corporate-owned devices. In other words, making sure that the Device Owner of the specified devices is set to Company after enrollment. It’s also a much easier solution, for a scripted solution that I created more than year ago, for automagically setting the mobile Device Owner to Company. In this blog post I’ll provide some information about this feature, I’ll show the configuration of this feature and I’ll show the administrator experience of this feature. Please note that this functionality is only available for Microsoft Intune hybrid. Information Predeclaring corporate-owned devices allows organizations to identify corporate-owned devices by importing the International Mobile Equipment Identity (IMEI) numbers, or, for iOS devices, by importing the …

Read more

Categorizing devices

by

This week something completely different as the last couple of weeks. This week no conditional access and nothing specifically related to Windows 10 devices. This week it’s all about categorizing devices. Within Microsoft Intune hybrid this functionality is named Device Categories and within Microsoft Intune standalone this functionality is named Device Group Mapping. Both of these functionalities can be used to achieve the same goal. In this post I’ll provide some more information, I’ll describe the configuration in Microsoft Intune hybrid and Microsoft Intune standalone and I’ll show the end-user experience. Information Categorizing devices can be useful to differentiate between device categories. For example, to differentiate between devices used by users of the sales department and the users of the human resources department. When categorizing …

Read more

Conditional access for published ConfigMgr reports

by

This week another post about the world of conditional access in Azure AD. Last week I started with looking at conditional access for Yammer. This week I’ll add-on to that idea by publishing a custom application, in this case my ConfigMgr reports, and apply conditional access to that configuration. To make it even better, it even allows a single sign-on configuration. In other words, I can use pre-authentication on Azure AD and use that token for the single sign-on experience of the end-user in the published application. Really nice! Prerequisites Before starting with the configuration, it’s important to know that his post does require two important prerequisites to be in place, which are not part of this post. Azure AD Application Proxy: This component is …

Read more

Conditional access for Yammer

by

This week I’ll open a new world of conditional access. The world of conditional access in Azure AD. I’ll open that world of conditional access by looking at conditional access for Yammer. Conditional access for Yammer cannot be configured through the Microsoft Intune administration console. However, that doesn’t mean that conditional access for Yammer doesn’t exist. The configuration of conditional access for Yammer is available through the Azure Management portal. In this post I’ll go into more detail about conditional access via Azure AD, the required configurations and the end-users experience. Introduction About a month ago Microsoft released conditional access policies as a preview feature in Azure AD for iOS, Android and Windows (Windows 7, Windows 8.1 and Windows 10, build 1607). These policies can …

Read more

Simplify enrollment for Windows 10 devices

by

This week a small blog post about simplifying the enrollment experience for Windows 10 devices. When enrolling a Windows 10 device, for mobile device management (MDM), the end-user has to perform a specific enrollment procedure. That enrollment procedure can be simplified by providing the end-user with a deep link. This blog post will provide the configuration for that deep link and the end-user experience. Configuration The configuration is fairly simple, but, to many people, unknown. Providing the configuration, as part of this blog post, is mainly for creating awareness about the available configuration option. Windows 10 devices can be connected to MDM by using a deep link. In that case end-users will be able to click, or open, a link, from anywhere in Windows 10, …

Read more

Bulk enrollment for Windows 10 devices

by

My first post after my vacation will be about bulk enrollment for Windows 10 devices. Not bulk enrollment for on-premises enrollment, but bulk enrollment for cloud enrollment. In other words, Microsoft Intune is required. This blog post will contain a short introduction about bulk enrollment, the configuration of bulk enrollment and the end-user and administrator experience with bulk enrollment. Introduction Bulk enrollment is a more automated method for enrolling devices, as compared to normal end-user enrollment, which requires end-users to enter their credentials to enroll the device. Bulk enrollment uses an enrollment package to authenticate the device during enrollment. That enrollment package also contains a certificate profile and optionally a Wi-Fi profile. At this moment bulk enrollment for Windows 10 devices is not supported, or …

Read more

Conditional access for Exchange Online to the max

by

This week I want to show another look at conditional for Exchange Online. I want to do that by providing a scenario. That scenario will cover more than just conditional access. Mainly because conditional access simply blocks access to non-compliant devices, but what if I want to take it one step further? What if I also want to prevent potential data leakage? In that case I can’t just look at conditional access. In that case I also need to add mobile app management to the playing field. This post will address those subjects for Exchange Online. Scenario Now lets start with the scenario that I want to cover. Even though I know that I will use Microsoft Intune and related technologies to do the configuration, …

Read more

Conditional access for browsers

by

This week I’ll provide an overview about the latest addition to conditional access, which is conditional access for browsers. It’s a feature that many have been waiting for and a feature that is indeed a pretty welcome addition to conditional access. This post will provide the basics about conditional for browses, the configuration of conditional access for browsers and the end-user experience with conditional access for browsers. It will also be the introduction for something much better next week. Introduction Conditional access allows IT organizations to manage access to corporate email, files and other resources based on customizable conditions that ensure security and compliance. The addition of conditional access for browsers addresses the backdoor that still existed for end-users connecting to the Outlook Web App …

Read more

Windows 10 MDM and the MDM Bridge WMI Provider

by

This week another blog post about Windows 10 and OMA-DM, but this week will be short and different. Starting this week I won’t be referring to OMA-DM anymore, instead I’ll be referring to Windows 10 MDM. The main reason for that is change is to align with Microsoft. Also, it simply makes more sense. OMA-DM is the standards based protocol on which the Windows 10 MDM protocol is based. In other words, Windows 10 MDM is not exactly the same as the OMA-DM standards. Technically speaking it’s not wrong to refer to OMA-DM, but it simply makes more sense to refer to Windows 10 MDM. That being said, this blog post will be different for another reason. This week I’ll try to bring Windows 10 …

Read more