Email profile behavior after retiring a mobile device

This blog post will be a follow-up on my blog post of last week about the three layers of protection with conditional access for Exchange email. During that post I tried to stress the importance of protecting, and being in control of, company email. In this blog post I will go through different scenarios to show the behavior of company email after retiring a mobile device from Microsoft Intune. I will show the results of these scenarios for both the native email app and the Outlook app. Scenarios Before I start with the different scenarios it’s important to mention that, after a mobile device is successfully retired from Microsoft Intune, the user will be able to configure company email on its mobile device. This is …

Read more

The three layers of protection with conditional access for Exchange email

In this blog post I would like to write a little about, what I like to call, the three layers of protection with conditional access for Exchange email. No, I don’t mean that a device has to be 1) enrolled in Microsoft Intune, 2) workplace joined and 3) compliant with any Microsoft Intune compliance policies. What I do mean is related to company data, in this case company email, and the protection of it on mobile devices. That means three different layers of protection for Exchange email on mobile devices. From basic protection to almost complete protection. The first layer of protection The first, basic, layer of protection is simply using an Exchange Online Policy, or an Exchange On-premises Policy. These policies make it possible …

Read more

New tool: Remote Mobile Device Manager

This blog post will be about a new tool, written in PowerShell, to remotely manage mobile devices. This tool is based on the ConfigMgr SDK and contains all the available options for remotely managing mobile devices. That means it can retire, wipe, lock and pin reset mobile devices. Basically, it’s a version 2.0 of the tool I made a couple of months ago. That tool is limited to the ConfigMgr 2012 R2 functionality, of wipe and retire, and this new tool also contains the ConfigMgr 2012 R2 SP1 functionality, of lock and pin reset. The use case for this tool is still the same. In most cases the service desk is responsible for helping end-users with their mobile devices. What if the company rather not …

Read more

Invoke remote device actions via PowerShell

This will be a short blog post about a the newly introduced WMI class, in the latest service pack, called SMS_DeviceAction. As I’m currently working on a new tool to remotely manage mobile devices, which will be released soon, I noticed that the SMS_DeviceAction class is used to invoke and query the Lock and PinReset actions. What’s even more important is the fact that the SMS_DeviceAction class isn’t documented, yet. In this blog post I’ll post the required information to successfully query the SMS_DeviceAction class and to successfully invoke the methods of the SMS_DeviceAction class. Methods The SMS_DeviceAction class contains the method InvokeAction. The InvokeAction method requires the following input parameters. Parameter Data Type Description Action String This parameter is required and should contain the …

Read more

Pick your Company Portal app

This weekend I posted a small tweet showing the tabs, in my browser, to the different Company Portal apps. In that same tweet I promised the overview that follows in this blog post. By now there are 8 different versions of the Company Portal app and specific to Microsoft Intune that number is 7. These Company Portal apps differ in things like product, platform and availability. This blog post will describe the different Company Portal apps, their platforms, their usage, their main requirements, their availability and, if needed, their important notes. All that information should help you with picking the right version of the Company Portal app and all that information can be found in the following table. Company Portal app More information Configuration Manager …

Read more

Windows Phone 8.1 and the Windows Phone Store

This blog post will be about the other magical store world of Windows Phone 8.1 and that’s the world of the Windows Phone Store. By now, I think many are already aware of the different possibilities for the Windows Phone Store, but I thought it would be time for a complete overview like I did for Windows Phone 8.1 and the Microsoft Intune Company Portal app. This post will contain the different scenarios for providing (limited) access to the Windows Phone Store. These scenarios will be explained for Microsoft Intune standalone and Microsoft Intune hybrid. Scenarios Now lets start with summarizing the different scenarios that are possible for providing (limiting) access to the Windows Phone Store. I found the following three scenarios and I’ll go …

Read more

Manage Windows Defender, of Windows 10, via OMA-DM

A couple of weeks ago I did a blog post about the different management options for Windows 8.1. In that specific post I already mentioned OMA-DM as a very valid method to manage Windows 8.1 and Windows 10 devices. To refresh the memories, OMA Device Management (OMA-DM) is an open management standard designed for mobile devices. The nice thing is that OMA-DM is also fully utilized in Windows 10, even the desktop version. That means that OMA-DM can be used to fully manage specific parts of a Windows 10 device. In this post I’ll show how OMA-DM can be used to fully manage Windows Defender in Windows 10. For Windows 10 it’s possible to manage all the settings available for Windows Defender. This includes everything, …

Read more

How to use the Microsoft Intune Company Portal app for Windows Phone 8.1 from the Download Center

A bit more than a month ago Microsoft released the Microsoft Intune Company Portal app specifically for Windows Phone 8.1 in the Download Center. This version of the Microsoft Intune Company Portal app is created specifically for Windows Phone 8.1 and later, as it’s created in the APPX format, which is not supported by Windows Phone 8. It can be used by administrators to deploy to end-users who do not have access to the Windows Phone Store. The main feature of this version of the Microsoft Intune Company Portal app is the ability to show the configured Terms and Conditions in Microsoft Intune standalone. In this blog post I’ll describe how this version of the Microsoft Intune Company Portal app can be signed and how …

Read more

Windows 8.1 and the different management options

In this blog post I would like to address a topic that’s often forgotten in the mobile devices management discussion. That topic is based on the question, “How are we going to manage the Windows 8.1 devices?”. Yes, I know, technically speaking a Windows 8.1 device is not a mobile device, but that doesn’t mean that we can’t treat it like one. In this blog post I’ll go through the different management options for Windows 8.1 from a Microsoft Intune standalone and a Microsoft Intune hybrid perspective. Also, I will provide an overview of the related management prerequisites, from both perspectives, and I’ll show the end-user enrollment possibilities. Management options The introduction of Microsoft Intune introduced a lot of management options for all the iOS, …

Read more

Automagically set the mobile device owner to company

Before I’ll start with this blog post I would like to say thank you to Kim Oppalfens, for his great suggestion to look at WMI Eventing. I didn’t know that it was that versatile and powerful! Thanks Kim! Scenario The scenario for this post is actually quite simple and is applicable to an environment with Microsoft Intune integrated with ConfigMgr. By default, the device owner of a mobile device is set to Personal and that’s not always the desired value. A lot of customers still provide their employees with (mobile) devices and want the tooling to reflect that information. This blog post will provide an automagic method to set the mobile device owner to Company, by default. The best thing is that it’s still possible …

Read more