One of the downloads I regularly recommend from the TechNet Evaluation Center is the Windows 10 deployment and management lab kit. It’s a self contained virtual machine environment that lets you run through several different Windows 10 deployment and management technologies and scenarios so you can get hands on in a live environment. Following are the full details, and you can download the rest here.
The kit includes a pre-configured virtual lab environment with evaluation versions of:
*Lab environment requires 32 GB of available memory and 300 GB of free disk space. Lab expires August 30, 2016. A new version will be published prior to expiration.
Illustrated lab guides take you through multiple deployment and management scenarios, including:
^ Scroll to Top
I’ll do a more detailed post on this in an upcoming series of tutorial focused posts, but for now it’s worth mentioning one of the things I haven’t had a chance to post about yet – Enterprise State Roaming is now GA. This continues the trend of Windows 10 and Azure Active Directory based capabilities that are really helping to eliminate the need for a consumer Microsoft Account. This is something that has been problematic for many organisations in the past, and this new capability, combined with Windows Store for Business (more posts on this to come) were very well received at a national series of roadshow events I just wrapped up with the Microsoft Education team on Windows 10 Anniversary Update (yes, I know, I need to post more about that too). This doesn’t mean that the Microsoft Account requirement for organisational related purposes completely disappear for everyone, but it’s definitely getting closer.
The way I was able to easily demonstrate this feature was using a new Windows 10 Education virtual machine that I would perform an OOBE AAD Join, and within a short timeframe we would see the background image change, a very easy visual way to highlight activity, as well as showing Internet Explorer home page changes. Obviously there are more, but this was just to give a quick idea of the change. The other important thing to note that is the device that does the initial settings synchronisation needs to be activated, but non-activated devices can receive the changes, even though you can’t make some of the same customisations locally.
To get you going, here are some of the Azure team’s links for Enterprise State Roaming and closely related topics.
Enterprise State Roaming
Azure Active Domain Join^ Scroll to Top
Recently I’ve been involved in a series of events that have included content on Windows Store For Business, and there are some useful resources that I point people back to which are worth sharing here.
If you are using Intune standalone or as part of the Enterprise Mobility Suite, take a look at these two blog posts to begin with.
Other pages you should take a look at are the following.
For App Developers looking to submit apps
For those looking to deploy apps from the Windows Store For Business
Distribute offline apps – this one explains the different files that need to be downloaded and the different license options
Project Centennial aka Windows Bridge For Desktop
These cover what’s involved in moving traditional Win32 apps to the Windows Store.
^ Scroll to Top
This month the Intune documentation got quite a bit of exposure by moving over the docs.microsoft.com platform, so they were getting splashed all over tech blogs around the world. The changes that are most relevant for my focus are the MAM without enrollment for policies for Skype for Business on iOS and Android, Teamviewer support for Remote Assistance on Intune agent based PCs, and notice around upcoming changes in the support of versions of iOS earlier than 8.0
Welcome to the preview version of docs.microsoft.com! This is a completely new, modern content platform designed to make it easier for you, our customers to understand and use Intune. To read about all of the new features, see Introducing docs.microsoft.com+
Service health information for Intune has been moved to a central location with other Microsoft services. You’ll now find this information in the Office 365 management portal under Service Health. For more information, see this blog post.+
End user toast notifications: End users will now see toast notifications from the Android Company Portal app when they are enrolling their devices or removing their devices from the Company Portal.+
Company Portal website: Device identification banner will provide more information to end users. End users can now more easily identify the device they’ve selected when they are using the Company Portal website. If the wrong device is selected, they will be able to select the correct device by tapping the Tap here link in the home page banner.+
Today, to target a notification rule to a group you created from the Microsoft Intune administration console, you would take the following steps:
In the Admin workspace, click Notification Rules > Create New Rule
In step two of the Create Notification Rule Wizard, select the device groups which the rule will target. This step, “select device groups”, is being removed from the Intune Console.
The preliminary timeline for this change is as follows:
A new guide for schools looking to deploy Windows 10 alongside Office 365 and Azure Active Directory Premium can be found at https://technet.microsoft.com/itpro/windows/plan/deploy-windows-10-in-a-school and it includes the following topics.
For anyone looking to set up a small test environment the instructions here will work equally well outside of a school as inside of a school environment.^ Scroll to Top
Since the AADDS preview started I’ve been questioned several times during demonstrations of AAD/AADS/EMS scenarios why my tenants are always in US West, not in AustraliaEast or AustraliaSouthEast, and the primary reason was because the AADDS preview wasn’t available in the local datacenters. In a post on the Active Directory Team Blog they mention Australian DC availability, as well as other enhancements that have rolled into the preview, including…
Check the links above for more details, but the Aus DC availability is something I’m extremely happy to see.^ Scroll to Top
Azure Site Recovery, a component of Microsoft Operations Management Suite, is now generally available in the Azure portal. Those familiar with Site Recovery from the Azure classic portal will be pleased with the new look, feel, and enhancements. Azure Site Recovery now includes support for Azure Resource Manager–based and classic deployments, as well as support for simultaneously protecting multiple virtual machines (VMs), in System Center Virtual Machine Manager to Azure, Hyper-V Site to Azure, and System Center VMM to System Center VMM using Hyper-V Replica. Additional changes included in this release:
|•||Azure Resource Manager support for all scenarios|
|•||First-class support for Cloud Solution Provider (CSP) subscriptions|
|•||Enhanced VMware to Azure
|•||Streamlined Getting Started experience for all Site Recovery scenarios|
|•||New Policy construct for flexible association and management|
|•||Functionality of Backup and Azure Site Recovery in a single vault construct|
If you try Operations Management Suite, you can get 31 days of free workload protection with Site Recovery.^ Scroll to Top
For those of you on Insider builds of Windows 10 or Windows 10 Mobile you can now start testing out the EDP capabilities. Note that you need one of the following management solutions in order to test it out – Intune, Config Manager 1511 (or later) or a 3rd party MDM solution.
^ Scroll to Top
While this hasn’t been a showstopper for most that need the service, having to ship to an overseas datacenter is something that can now be avoided when you want to use the Import/Export Service. The service allows you to ship up to 8TB 3.5 SATA II/III drives that have been prepared following the instructions that Microsoft provides.
If you need more information take a look at Use the Microsoft Azure Import/Export Service to Transfer Data to Blob Storage for more details.
This is live for Australia East and Australia Southeast, so nobody needs to start arguments over which football code is better, instead you can focus on getting large chunks of data into the cloud.
^ Scroll to Top
Listed below are the details of the Intune updates for April 2016, and as per usual there are likely a few that are particularly applicable to your environment.
All of the April 2016 features are also supported for hybrid customers (Configuration Manager integrated with Intune).
Checked in: Indicates the policy was deployed to the user, and app was used in work context, and successfully received the policy.
Not checked in: Indicates the policy was deployed to the user, but app has not been used in the work context since then.
Android Company portal app
Users who have not enrolled their device in Intune and who do not have the correct certificate installed will not be able to sign in to the Android Company Portal app and will see the message, “You cannot sign in because your device is missing a required certificate.” The message includes a “How to resolve this” link that users can tap to see instructions for installing the certificate. To see the steps that end users follow to resolve the issue, see Your device is missing a required certificate.
Windows 10 Mobile and Windows Phone 8.1 Company Portal app
When end users are installing line-of-business apps, they will now see an improved app installation experience. If the app installation is taking a long time, users can manually sync their device to force the sync process to resume. To review the end-user instructions, see Sync your device manually to speed up app installations.
Company Portal website
When Windows 10 Mobile and Windows Phone 8.1 users are installing line-of-business apps, they will now see the following new statuses, which provide them with more detail about the status of their installation:
Before these statuses were added, users got confused if an app installation took a long time, because they saw only an “Installing” status, which might remain on the screen for hours. Adding the new statuses means that, instead of calling support, users can now tap the “Waiting for device to sync” link and follow the instructions to force the sync process to resume.
Changes to Device Enrollment Managers accounts. To improve performance and scale, Intune will no longer show all Device Enrollment Managers (DEM) devices in the My Devices pane of the Company Portal app. Only the local device running the app is displayed, and only if it is enrolled via the Company Portal app. The DEM user may perform actions on the local device, but remote management of other enrolled devices can only be performed from the Intune admin console. Additionally, Intune will deprecate using DEM accounts with either the Apple Device Enrollment Program or the Apple Configurator tool. Both these enrollment methods already support user-less enrollment for shared iOS devices. Only use DEM accounts when user-less enrollment for shared devices is unavailable.
Keep informed about upcoming developments for Intune with the Cloud Platform roadmap.^ Scroll to Top