30 Jun.
0

Windows 10 Deployment and Management Lab Kit Update Now Available

One of the downloads I regularly recommend from the TechNet Evaluation Center is the Windows 10 deployment and management lab kit. It’s a self contained virtual machine environment that lets you run through several different Windows 10 deployment and management technologies and scenarios so you can get hands on in a live environment. Following are the full details, and you can download the rest here.

A complete lab environment*

The kit includes a pre-configured virtual lab environment with evaluation versions of:

  • Windows 10 Enterprise, Version 1511
  • System Center 2012 Configuration Manager 1511 (including upgrade guidance for Configuration Manager 1602)
  • Windows Assessment and Deployment Kit for Windows 10
  • Microsoft Deployment Toolkit 2013 Update 2
  • Microsoft Application Virtualization (App-V) 5.1
  • Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 Service Pack 1
  • Windows Server 2012 R2

*Lab environment requires 32 GB of available memory and 300 GB of free disk space. Lab expires August 30, 2016. A new version will be published prior to expiration.

Step-by-step labs

Illustrated lab guides take you through multiple deployment and management scenarios, including:

  • Image creation
  • Lite-touch and zero touch deployment
  • Managing Windows 10 with Configuration Manager
  • Code integrity
  • Windows 10 provisioning
  • In-place upgrade
  • Application compatibility
  • Application virtualization
  • BitLocker administration and monitoring
  • Credential Guard

^ Scroll to Top
 28 Jun.
0

Azure Active Directory Enterprise State Roaming Generally Available

I’ll do a more detailed post on this in an upcoming series of tutorial focused posts, but for now it’s worth mentioning one of the things I haven’t had a chance to post about yet – Enterprise State Roaming is now GA. This continues the trend of Windows 10 and Azure Active Directory based capabilities that are really helping to eliminate the need for a consumer Microsoft Account. This is something that has been problematic for many organisations in the past, and this new capability, combined with Windows Store for Business (more posts on this to come) were very well received at a national series of roadshow events I just wrapped up with the Microsoft Education team on Windows 10 Anniversary Update (yes, I know, I need to post more about that too).  This doesn’t mean that the Microsoft Account requirement for organisational related purposes completely disappear for everyone, but it’s definitely getting closer.

The way I was able to easily demonstrate this feature was using a new Windows 10 Education virtual machine that I would perform an OOBE AAD Join, and within a short timeframe we would see the background image change, a very easy visual way to highlight activity, as well as showing Internet Explorer home page changes. Obviously there are more, but this was just to give a quick idea of the change. The other important thing to note that is the device that does the initial settings synchronisation needs to be activated, but non-activated devices can receive the changes, even though you can’t make some of the same customisations locally.

To get you going, here are some of the Azure team’s links for Enterprise State Roaming and closely related topics.

Enterprise State Roaming

Enable Enterprise State Roaming in Azure Active Directory

Settings and data roaming FAQ

Group policy and MDM settings for settings sync

Windows 10 roaming settings reference

Azure Active Domain Join

Connect domain-joined devices to Azure AD for Windows 10 experiences

Extending cloud capabilities to Windows 10 devices through Azure Active Directory Join

Learn about usage scenarios for Azure AD Join

Windows 10 for the enterprise: Ways to use devices for work

Set up Azure AD Join

^ Scroll to Top
 9 Jun.
0

Windows Store For Business Resources

Recently I’ve been involved in a series of events that have included content on Windows Store For Business, and there are some useful resources that I point people back to which are worth sharing here.

If you are using Intune standalone or as part of the Enterprise Mobility Suite, take a look at these two blog posts to begin with.

Silently push the Microsoft Intune Company Portal to Azure AD Joined Windows 10 devices

Block Windows 10 Public Store using Microsoft Intune (but still allow the business store)

Other pages you should take a look at are the following.

For App Developers looking to submit apps

Organizational licensing options

For those looking to deploy apps from the Windows Store For Business

Windows Store for Business overview

Distribute apps with a management tool

Distribute offline apps – this one explains the different files that need to be downloaded and the different license options

Project Centennial aka Windows Bridge For Desktop

These cover what’s involved in moving traditional Win32 apps to the Windows Store.

Bring your desktop app to the Universal Windows Platform

Converting your desktop app to use the Universal Windows Platform

Converting your desktop app to use the Universal Windows Platform (Project Centennial)

Desktop App Converter Preview (Project Centennial)

 

^ Scroll to Top
 21 May.
0

May 2016 Updates For Microsoft Intune

This month the Intune documentation got quite a bit of exposure by moving over the docs.microsoft.com platform, so they were getting splashed all over tech blogs around the world.  The changes that are most relevant for my focus are the MAM without enrollment for policies for Skype for Business on iOS and Android, Teamviewer support for Remote Assistance on Intune agent based PCs, and notice around upcoming changes in the support of versions of iOS earlier than 8.0

May 2016

All of these features are also supported for hybrid deployments (Configuration Manager with Intune). For more information about new hybrid features, check out the Hybrid What’s New page.+

Documentation

Welcome to the preview version of docs.microsoft.com! This is a completely new, modern content platform designed to make it easier for you, our customers to understand and use Intune. To read about all of the new features, see Introducing docs.microsoft.com+

Intune service health

Service health information for Intune has been moved to a central location with other Microsoft services. You’ll now find this information in the Office 365 management portal under Service Health. For more information, see this blog post.+

App management

    • MAM SDK: Support PIN length configuration. You will be able to specify the length of the PIN for MAM apps similar to a device PIN. This will require end users to comply with the new restrictions you set. They will see a slightly modified PIN screen to account for the longer input. For details, see MAM policy settings for Android, and MAM policy settings for iOS.
    • Skype for Business for iOS and Android. You can now target Skype for business with MAM without enrollment policies. Once users log in, the MAM policies will be applied.
    • New apps available for management with MAM policies. The Microsoft Word, Excel, and PowerPoint apps for Android can now be associated with MAM policies on devices that are not enrolled with Intune. For a full list of supported apps, go the Microsoft Intune mobile application gallery on the Microsoft Intune application partners page.

+

Device management

+

Company portal updates

Android Company portal app

End user toast notifications: End users will now see toast notifications from the Android Company Portal app when they are enrolling their devices or removing their devices from the Company Portal.+

Company Portal website

Company Portal website: Device identification banner will provide more information to end users. End users can now more easily identify the device they’ve selected when they are using the Company Portal website. If the wrong device is selected, they will be able to select the correct device by tapping the Tap here link in the home page banner.+

What’s coming

    • Message center UI onboarding. As part of the migration of Intune into the Office 365 Management portal, we will begin taking advantage of their Message Center to communicate new features and other notifications. Also, by installing the companion Office 365 Admin mobile app, you can receive notifications on your mobile phone and easily forward any messages to users or a distribution alias. We will begin using the Message Center with our May release to notify you when updates are completed and will include information on new and improved Intune features. Check out the Message Center today by logging into the Office 365 Management portal and choosing the MESSAGE CENTER option in the left navigation pane.
    • Changes to Device Enrollment Managers accounts. To improve performance and scale, Intune will no longer show all Device Enrollment Managers (DEM) devices in the My Devices pane of the Company Portal app. Only the local device running the app is displayed, and only if it is enrolled via the Company Portal app. The DEM user may perform actions on the local device, but remote management of other enrolled devices can only be performed from the Intune admin console. Additionally, Intune will deprecate using DEM accounts with either the Apple Device Enrollment Program or the Apple Configurator tool. Both these enrollment methods already support user-less enrollment for shared iOS devices. Only use DEM accounts when user-less enrollment for shared devices is unavailable.

+

Keep informed about upcoming developments for Intune with the Cloud Platform roadmap.+

Service deprecation

  • Custom Group Targeting of Notification Rules Removal. Intune notification rules define who an email alert will be sent to from Intune. Currently, you can configure notification rules to send emails to all users of devices in an Intune device group that you created. From around June 1st 2016 moving forward, targeting user-created groups will no longer be supported.

    Today, to target a notification rule to a group you created from the Microsoft Intune administration console, you would take the following steps:

    In the Admin workspace, click Notification Rules > Create New Rule

    In step two of the Create Notification Rule Wizard, select the device groups which the rule will target. This step, “select device groups”, is being removed from the Intune Console.

    The preliminary timeline for this change is as follows:

    • In June, 2016, new tenants will not see step two of the Create Notification Rule Wizard. Exiting tenants are unaffected.
    • Around August, 2016, some existing tenants will not see the “select device groups” in the wizard.
    • Around October, 2016, we expect that all tenants will not see the “select device groups” in the wizard.
  • Changes in support for the iOS Company Portal app. In the coming months, there will be an update for the Microsoft Intune Company Portal app for iOS that will only support devices running iOS 8.0 or later. Users won’t be able to enroll new devices running versions below iOS 8.0. Enrolled devices running versions below iOS 8.0 will continue to be managed and will, for a limited time, be able to continue using the Company Portal app. However, devices must be on iOS 8.0 or later to access the latest versions of the Company Portal app. We encourage you to notify users to update to iOS 8.0 or later to take full advantage of new Intune features.
^ Scroll to Top
 17 May.
0

Deploy Windows 10 in a school

A new guide for schools looking to deploy Windows 10 alongside Office 365 and Azure Active Directory Premium can be found at https://technet.microsoft.com/itpro/windows/plan/deploy-windows-10-in-a-school and it includes the following topics.

For anyone looking to set up a small test environment the instructions here will work equally well outside of a school as inside of a school environment.

^ Scroll to Top
 12 May.
0

Azure Active Directory Domain Services Preview Now Available In Australia

Since the AADDS preview started I’ve been questioned several times during demonstrations of AAD/AADS/EMS scenarios why my tenants are always in US West, not in AustraliaEast or AustraliaSouthEast, and the primary reason was because the AADDS preview wasn’t available in the local datacenters. In a post on the Active Directory Team Blog they mention Australian DC availability, as well as other enhancements that have rolled into the preview, including…

  • Secure LDAP access
  • Custom OU support
  • Administer DNS for your managed domain
  • Domain join for Linux VM’s (no, that is not a typo!)

Check the links above for more details, but the Aus DC availability is something I’m extremely happy to see.

^ Scroll to Top
 29 Apr.
0

Azure Site Recovery generally available in the Azure portal

Azure Site Recovery, a component of Microsoft Operations Management Suite, is now generally available in the Azure portal. Those familiar with Site Recovery from the Azure classic portal will be pleased with the new look, feel, and enhancements. Azure Site Recovery now includes support for Azure Resource Manager–based and classic deployments, as well as support for simultaneously protecting multiple virtual machines (VMs), in System Center Virtual Machine Manager to Azure, Hyper-V Site to Azure, and System Center VMM to System Center VMM using Hyper-V Replica. Additional changes included in this release:

Azure Resource Manager support for all scenarios
First-class support for Cloud Solution Provider (CSP) subscriptions
Enhanced VMware to Azure

º New Exclude Disk functionality when replicating VMware VMs to Azure
º Support for Premium Storage for high-churn workloads
Streamlined Getting Started experience for all Site Recovery scenarios
New Policy construct for flexible association and management
Functionality of Backup and Azure Site Recovery in a single vault construct

If you try Operations Management Suite, you can get 31 days of free workload protection with Site Recovery.

^ Scroll to Top
 28 Apr.
0

Windows 10 Enterprise Data Protection Documentation Is Online

For those of you on Insider builds of Windows 10 or Windows 10 Mobile you can now start testing out the EDP capabilities. Note that you need one of the following management solutions in order to test it out – Intune, Config Manager 1511 (or later) or a 3rd party MDM solution.

Protect your enterprise data using enterprise data protection (EDP)

Create an enterprise data protection (EDP) policy

Create an enterprise data protection (EDP) policy using Intune

Create and deploy an enterprise data protection (EDP) policy using Configuration Manager

 

^ Scroll to Top
 28 Apr.
0

Azure Import/Export Service Now Live In Australia

While this hasn’t been a showstopper for most that need the service, having to ship to an overseas datacenter is something that can now be avoided when you want to use the Import/Export Service. The service allows you to ship up to 8TB 3.5 SATA II/III drives that have been prepared following the instructions that Microsoft provides.

If you need more information take a look at Use the Microsoft Azure Import/Export Service to Transfer Data to Blob Storage for more details.

This is live for Australia East and Australia Southeast, so nobody needs to start arguments over which football code is better, instead you can focus on getting large chunks of data into the cloud.

 

 

^ Scroll to Top
 22 Apr.
0

Microsoft Intune April 2016 Updates

Listed below are the details of the Intune updates for April 2016, and as per usual there are likely a few that are particularly applicable to your environment.

 

All of the April 2016 features are also supported for hybrid customers (Configuration Manager integrated with Intune).

App management

  • MAM user compliance.
    You can now view the status of your application management policies for any user in your Azure Active Directory (AAD) tenant. This includes:

    • Devices
    • Apps on the device

    Status values:
    Checked in: Indicates the policy was deployed to the user, and app was used in work context, and successfully received the policy.
    Not checked in: Indicates the policy was deployed to the user, but app has not been used in the work context since then.

  • MAM controls to prevent Outlook contacts sync (Android).
    A new setting is available for mobile application management without device enrollment. This setting allows you to prevent an application from syncing contacts to the native address book on Android devices. When this setting is enabled, targeted applications will no longer be able to save contacts to the native address book. When this setting is disabled, targeted applications will be able to save contacts to the native address book. When you remotely wipe a device or app, contacts that have already been saved to the native address book will be removed. This new setting is supported initially by the Outlook application on Android devices.

Device management

  • Phone number identification for corporate-owned devices. Phones that are categorized as “Corporate” are now identified with their full phone number when, for example, you run a mobile device inventory report. BYOD phone numbers continue to be masked with ****, with only the last 4 digits displayed.

Company portal updates

Android Company portal app
Users who have not enrolled their device in Intune and who do not have the correct certificate installed will not be able to sign in to the Android Company Portal app and will see the message, “You cannot sign in because your device is missing a required certificate.” The message includes a “How to resolve this” link that users can tap to see instructions for installing the certificate. To see the steps that end users follow to resolve the issue, see Your device is missing a required certificate.

Windows 10 Mobile and Windows Phone 8.1 Company Portal app
When end users are installing line-of-business apps, they will now see an improved app installation experience. If the app installation is taking a long time, users can manually sync their device to force the sync process to resume. To review the end-user instructions, see Sync your device manually to speed up app installations.

Company Portal website
When Windows 10 Mobile and Windows Phone 8.1 users are installing line-of-business apps, they will now see the following new statuses, which provide them with more detail about the status of their installation:

  • Waiting for device to sync – the user has tapped “Install” and the device now tries to sync with the Intune infrastructure. The sync is required before the installation can complete. The “Waiting for device to sync” message is also a link that users can tap to see instructions on how to manually sync their device with Intune if the sync process is taking a long time or gets stalled.
  • Downloading – the user’s download request is being processed and the device is downloading and installing the app.

Before these statuses were added, users got confused if an app installation took a long time, because they saw only an “Installing” status, which might remain on the screen for hours. Adding the new statuses means that, instead of calling support, users can now tap the “Waiting for device to sync” link and follow the instructions to force the sync process to resume.

What’s coming

Changes to Device Enrollment Managers accounts. To improve performance and scale, Intune will no longer show all Device Enrollment Managers (DEM) devices in the My Devices pane of the Company Portal app. Only the local device running the app is displayed, and only if it is enrolled via the Company Portal app. The DEM user may perform actions on the local device, but remote management of other enrolled devices can only be performed from the Intune admin console. Additionally, Intune will deprecate using DEM accounts with either the Apple Device Enrollment Program or the Apple Configurator tool. Both these enrollment methods already support user-less enrollment for shared iOS devices. Only use DEM accounts when user-less enrollment for shared devices is unavailable.

Keep informed about upcoming developments for Intune with the Cloud Platform roadmap.

^ Scroll to Top

%d bloggers like this: