Microsoft Intune – Page 36 – All about Microsoft Intune

Conditional access for managed apps

December 5, 2016 by Peter van der Woude

After a great MVP Summit and a session at a great Experts Live, it’s finally time for a new blog post. This blog post will be about conditional access for managed apps (MAM CA). About a month ago, I did a first post about this feature when it was still in preview. The good news is that the first part of this feature is now production ready for all tenants. In this post I’ll go through an introduction of MAM CA, the flow of MAM CA, the prerequisites of MAM CA, the configuration of MAM CA and the end-user experience of MAM CA. Introduction By now, I think, everybody should be familiar with the mobile app management without enrollment (MAM-WE, previously also referred to as …

Managing browser settings via Windows 10 MDM

October 31, 2016 by Peter van der Woude

This week a short blog post about managing browser settings via Windows 10 MDM. Most of these settings are not very special and are very well documented in the Policy CSP. However, the configuration of the home page is a small exception. Not just because the documentation is slightly off, but also because of an important change with the anniversary update of Windows 10. As most of the settings are very well documented, this post will be focused on managing the home page. I’ll provide basic information, the configuration information and show the end-user experience. Information Before starting about the configuration of home pages, via Windows 10 MDM, it’s good to mention a few important notes: Browser settings for Microsoft Edge can be managed; Browser …

Use PowerShell and Microsoft Graph to access data in Microsoft Intune

October 24, 2016 by Peter van der Woude

This week a short blog about using PowerShell to access data in Microsoft Intune. This can be achieved by using Microsoft Graph. A couple of weeks ago there was a blog post on the Microsoft Intune Support Team Blog about Using the Microsoft Graph API to access data in Microsoft Intune. That post triggered me to look at the PowerShell possibilities, as the Microsoft Graph has an API and an API can be used with PowerShell. In this blog post I’ll provide the high-level prerequisites for connecting to the Microsoft Graph API and I’ll provide a few examples for querying Microsoft Intune data. Prerequisites This blog post is really focused on the queries to the Microsoft Intune data. However, to successfully connect with the Microsoft …

Blocking non-modern authentication is getting easier and easier

October 17, 2016 by Peter van der Woude

This week a short post about blocking non-modern authentication protocols. I’ve already provided many examples throughout the blog post I’ve posted regarding conditional access, but the release of Windows Server 2016 triggered me again. The main reason for that are the the additions to Active Directory Federation Services (ADFS) in Windows Server 2016. The main addition to ADFS, for this cause, is the addition of Access Control Policies. During this blog post I want to slightly touch that subject, as it’s getting a pretty easy and common addition to the default conditional access policies of Microsoft Intune and Azure AD. The funny thing is that I’m not even speaking about the ability to block legacy authentication protocols directly on SharePoint Online, which is of course …

Conditional access for managed apps (preview)

October 10, 2016 by Peter van der Woude

This blog post is about an Azure preview feature. A preview may include preview, beta, or other pre-release features, services, software, or regions. Previews are subject to reduced or different service terms. In other words, previews are for early testing and should not be considered as fully production ready. During the session Secure access to Office 365, SaaS, and on-premises apps and files with Azure AD and Intune, at Microsoft Ignite, a nice new feature for mobile app management without enrollment (MDM-less MAM) was shown. That new feature is conditional access for managed apps. During that session they showed the URL to that new feature. What makes it even better, that specific URL already works with existing tenants. It simply brings the administrator to a …

Predeclaring corporate-owned devices

October 3, 2016 by Peter van der Woude

This week something related to last week. This week will be about predeclaring corporate-owned devices. In other words, making sure that the Device Owner of the specified devices is set to Company after enrollment. It’s also a much easier solution, for a scripted solution that I created more than year ago, for automagically setting the mobile Device Owner to Company. In this blog post I’ll provide some information about this feature, I’ll show the configuration of this feature and I’ll show the administrator experience of this feature. Please note that this functionality is only available for Microsoft Intune hybrid. Information Predeclaring corporate-owned devices allows organizations to identify corporate-owned devices by importing the International Mobile Equipment Identity (IMEI) numbers, or, for iOS devices, by importing the …

Categorizing devices

September 26, 2016 by Peter van der Woude

This week something completely different as the last couple of weeks. This week no conditional access and nothing specifically related to Windows 10 devices. This week it’s all about categorizing devices. Within Microsoft Intune hybrid this functionality is named Device Categories and within Microsoft Intune standalone this functionality is named Device Group Mapping. Both of these functionalities can be used to achieve the same goal. In this post I’ll provide some more information, I’ll describe the configuration in Microsoft Intune hybrid and Microsoft Intune standalone and I’ll show the end-user experience. Information Categorizing devices can be useful to differentiate between device categories. For example, to differentiate between devices used by users of the sales department and the users of the human resources department. When categorizing …

Conditional access for published ConfigMgr reports

September 19, 2016 by Peter van der Woude

This week another post about the world of conditional access in Azure AD. Last week I started with looking at conditional access for Yammer. This week I’ll add-on to that idea by publishing a custom application, in this case my ConfigMgr reports, and apply conditional access to that configuration. To make it even better, it even allows a single sign-on configuration. In other words, I can use pre-authentication on Azure AD and use that token for the single sign-on experience of the end-user in the published application. Really nice! Prerequisites Before starting with the configuration, it’s important to know that his post does require two important prerequisites to be in place, which are not part of this post. Azure AD Application Proxy: This component is …

Conditional access for Yammer

September 12, 2016 by Peter van der Woude

This week I’ll open a new world of conditional access. The world of conditional access in Azure AD. I’ll open that world of conditional access by looking at conditional access for Yammer. Conditional access for Yammer cannot be configured through the Microsoft Intune administration console. However, that doesn’t mean that conditional access for Yammer doesn’t exist. The configuration of conditional access for Yammer is available through the Azure Management portal. In this post I’ll go into more detail about conditional access via Azure AD, the required configurations and the end-users experience. Introduction About a month ago Microsoft released conditional access policies as a preview feature in Azure AD for iOS, Android and Windows (Windows 7, Windows 8.1 and Windows 10, build 1607). These policies can …

Simplify enrollment for Windows 10 devices

September 5, 2016 by Peter van der Woude

This week a small blog post about simplifying the enrollment experience for Windows 10 devices. When enrolling a Windows 10 device, for mobile device management (MDM), the end-user has to perform a specific enrollment procedure. That enrollment procedure can be simplified by providing the end-user with a deep link. This blog post will provide the configuration for that deep link and the end-user experience. Configuration The configuration is fairly simple, but, to many people, unknown. Providing the configuration, as part of this blog post, is mainly for creating awareness about the available configuration option. Windows 10 devices can be connected to MDM by using a deep link. In that case end-users will be able to click, or open, a link, from anywhere in Windows 10, …

S	M	T	W	T	F	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31