This week at WPC Microsoft have been discussing some of the most recent changes to EMS, which has now been rebranded from Enterprise Mobility Suite to Enterprise Mobility + Security to take into account some of the recent additions that focus heavily on security. Over the coming weeks I’ll have time to dig into these in more detail, but for now here are the related blog posts for the announcements.
Learn about the rebranding and the EMS E3 and EMS E5 SKU options.
This initial preview comprises two components:
With the latest Intune service update, there is a further expansion of the conditional access capabilities, which allows you to manage access to corporate email, files and other resources based on customisable conditions that ensure security and compliance, including location, risk, user, device, and app compliance. As conditions shift, access policies which are defined by IT are triggered to ensure that your corporate data is protected. And all this is done without on-premises gateways or appliances.
^ Scroll to Top
One of the downloads I regularly recommend from the TechNet Evaluation Center is the Windows 10 deployment and management lab kit. It’s a self contained virtual machine environment that lets you run through several different Windows 10 deployment and management technologies and scenarios so you can get hands on in a live environment. Following are the full details, and you can download the rest here.
The kit includes a pre-configured virtual lab environment with evaluation versions of:
*Lab environment requires 32 GB of available memory and 300 GB of free disk space. Lab expires August 30, 2016. A new version will be published prior to expiration.
Illustrated lab guides take you through multiple deployment and management scenarios, including:
^ Scroll to Top
I’ll do a more detailed post on this in an upcoming series of tutorial focused posts, but for now it’s worth mentioning one of the things I haven’t had a chance to post about yet – Enterprise State Roaming is now GA. This continues the trend of Windows 10 and Azure Active Directory based capabilities that are really helping to eliminate the need for a consumer Microsoft Account. This is something that has been problematic for many organisations in the past, and this new capability, combined with Windows Store for Business (more posts on this to come) were very well received at a national series of roadshow events I just wrapped up with the Microsoft Education team on Windows 10 Anniversary Update (yes, I know, I need to post more about that too). This doesn’t mean that the Microsoft Account requirement for organisational related purposes completely disappear for everyone, but it’s definitely getting closer.
The way I was able to easily demonstrate this feature was using a new Windows 10 Education virtual machine that I would perform an OOBE AAD Join, and within a short timeframe we would see the background image change, a very easy visual way to highlight activity, as well as showing Internet Explorer home page changes. Obviously there are more, but this was just to give a quick idea of the change. The other important thing to note that is the device that does the initial settings synchronisation needs to be activated, but non-activated devices can receive the changes, even though you can’t make some of the same customisations locally.
To get you going, here are some of the Azure team’s links for Enterprise State Roaming and closely related topics.
Enterprise State Roaming
Azure Active Domain Join^ Scroll to Top
Recently I’ve been involved in a series of events that have included content on Windows Store For Business, and there are some useful resources that I point people back to which are worth sharing here.
If you are using Intune standalone or as part of the Enterprise Mobility Suite, take a look at these two blog posts to begin with.
Other pages you should take a look at are the following.
For App Developers looking to submit apps
For those looking to deploy apps from the Windows Store For Business
Distribute offline apps – this one explains the different files that need to be downloaded and the different license options
Project Centennial aka Windows Bridge For Desktop
These cover what’s involved in moving traditional Win32 apps to the Windows Store.
^ Scroll to Top
This month the Intune documentation got quite a bit of exposure by moving over the docs.microsoft.com platform, so they were getting splashed all over tech blogs around the world. The changes that are most relevant for my focus are the MAM without enrollment for policies for Skype for Business on iOS and Android, Teamviewer support for Remote Assistance on Intune agent based PCs, and notice around upcoming changes in the support of versions of iOS earlier than 8.0
Welcome to the preview version of docs.microsoft.com! This is a completely new, modern content platform designed to make it easier for you, our customers to understand and use Intune. To read about all of the new features, see Introducing docs.microsoft.com+
Service health information for Intune has been moved to a central location with other Microsoft services. You’ll now find this information in the Office 365 management portal under Service Health. For more information, see this blog post.+
End user toast notifications: End users will now see toast notifications from the Android Company Portal app when they are enrolling their devices or removing their devices from the Company Portal.+
Company Portal website: Device identification banner will provide more information to end users. End users can now more easily identify the device they’ve selected when they are using the Company Portal website. If the wrong device is selected, they will be able to select the correct device by tapping the Tap here link in the home page banner.+
Today, to target a notification rule to a group you created from the Microsoft Intune administration console, you would take the following steps:
In the Admin workspace, click Notification Rules > Create New Rule
In step two of the Create Notification Rule Wizard, select the device groups which the rule will target. This step, “select device groups”, is being removed from the Intune Console.
The preliminary timeline for this change is as follows:
A new guide for schools looking to deploy Windows 10 alongside Office 365 and Azure Active Directory Premium can be found at https://technet.microsoft.com/itpro/windows/plan/deploy-windows-10-in-a-school and it includes the following topics.
For anyone looking to set up a small test environment the instructions here will work equally well outside of a school as inside of a school environment.^ Scroll to Top
Since the AADDS preview started I’ve been questioned several times during demonstrations of AAD/AADS/EMS scenarios why my tenants are always in US West, not in AustraliaEast or AustraliaSouthEast, and the primary reason was because the AADDS preview wasn’t available in the local datacenters. In a post on the Active Directory Team Blog they mention Australian DC availability, as well as other enhancements that have rolled into the preview, including…
Check the links above for more details, but the Aus DC availability is something I’m extremely happy to see.^ Scroll to Top
Azure Site Recovery, a component of Microsoft Operations Management Suite, is now generally available in the Azure portal. Those familiar with Site Recovery from the Azure classic portal will be pleased with the new look, feel, and enhancements. Azure Site Recovery now includes support for Azure Resource Manager–based and classic deployments, as well as support for simultaneously protecting multiple virtual machines (VMs), in System Center Virtual Machine Manager to Azure, Hyper-V Site to Azure, and System Center VMM to System Center VMM using Hyper-V Replica. Additional changes included in this release:
|•||Azure Resource Manager support for all scenarios|
|•||First-class support for Cloud Solution Provider (CSP) subscriptions|
|•||Enhanced VMware to Azure
|•||Streamlined Getting Started experience for all Site Recovery scenarios|
|•||New Policy construct for flexible association and management|
|•||Functionality of Backup and Azure Site Recovery in a single vault construct|
If you try Operations Management Suite, you can get 31 days of free workload protection with Site Recovery.^ Scroll to Top
For those of you on Insider builds of Windows 10 or Windows 10 Mobile you can now start testing out the EDP capabilities. Note that you need one of the following management solutions in order to test it out – Intune, Config Manager 1511 (or later) or a 3rd party MDM solution.
^ Scroll to Top
While this hasn’t been a showstopper for most that need the service, having to ship to an overseas datacenter is something that can now be avoided when you want to use the Import/Export Service. The service allows you to ship up to 8TB 3.5 SATA II/III drives that have been prepared following the instructions that Microsoft provides.
If you need more information take a look at Use the Microsoft Azure Import/Export Service to Transfer Data to Blob Storage for more details.
This is live for Australia East and Australia Southeast, so nobody needs to start arguments over which football code is better, instead you can focus on getting large chunks of data into the cloud.
^ Scroll to Top