12 Jan.
0

January Updates To The Intune Preview In Azure

As we get closer to Intune moving over to the Azure portal, there are a few updates that have already worked their way in since the initial preview release last month. The best way to check out all of the new capabilities is a with a new trial tenant, as opposed to waiting for your production or existing test tenants to be updated. As you’ll see in a few of the screenshots below, this is the path I had to go down to expose the preview functionality.

Custom app categories

You can now create, edit, and assign categories for apps you add to Intune. Currently, categories can only be specified in English.

Let’s take a look at how we do this.

First up I need to add an app, and one of the new capabilities is the ability to search directly for the app from within the portal. This means you don’t have to search, copy and past the URL etc.

Searching for Word gives a few hits, but obviously it’s the first one that I need to select.

Once selected, we can move to App Information > Configure, where you will see some of the fields are pre-populated, but you will still need to add some information manually and change fields like the App Description. You will also notice that the Word icon is presented.

Assign line of business apps whether or not devices are enrolled

You can now assign line of business and apps from the store to users whether or not their devices are enrolled with Intune. If the users device is not enrolled with Intune, they must go to the Company Portal website to install it, instead of the Company Portal app.

Resolve issue where iOS devices are inactive, or the admin console cannot communicate with them

When users’ devices lose contact with Intune, you can give them new troubleshooting steps to help them regain access to company resources. See Devices are inactive, or the admin console cannot communicate with them.

^ Scroll to Top
 30 Dec.
0

Download Windows developer virtual machines – December 2016 build

Microsoft has released the December 2016 edition of their evaluation and licensed Windows developer virtual machines (VM) on Windows Dev Center. The VMs come in Hyper-V, Parallels, VirtualBox and VMWare flavors.  The evaluation version will expire on 8 April 2017.

Evaluation VM contain:

Licensed VM contain:

If you don’t currently have a Windows 10 Pro license, you can get one from the Microsoft Store. If you just want to try out Windows 10 and UWP, use the free evaluation version of the VMs. The evaluation copies will expire after a pre-determined amount of time.

The Azure portal also has virtual machines you can spin up with the Windows Developer tooling installed as well!

If you have feedback on the VMs, please provide it over at the Windows Developer Feedback UserVoice site.

^ Scroll to Top
 29 Dec.
0

Download The Windows 10 ADK Preview Build 14986

If you are trying to stay a step ahead of the public releases of the Windows ADK, and you haven’t done so already, sign up for the Windows Insider Preview so that you not only get early access to new Windows 10 builds, but you can also grab early releases of the Windows ADK as well.

Windows ADK Insider Preview – Build 14986 is available now, here is the information from the Insider page before you download the ISO.

Install Windows ADK Insider Preview

Download Windows Assessment and Deployment Kit (Windows ADK) Insider Preview to get the new and improved deployment tools used to automate a large-scale deployment. Windows ADK Insider Preview includes:

  • The Windows Assessment Toolkit and the Windows Performance Toolkit to assess the quality and performance of systems or components.
  • Several deployment tools such as WinPE, Windows Imaging and Configuration Designer (Windows ICD), and other tools to customize and deploy Windows 10 images.
^ Scroll to Top
 19 Dec.
0

Microsoft Intune in the Azure Portal

This post is mainly screenshots of what the Intune preview in the Azure Portal looks like, along with a few comments where appropriate. Since I started working with Intune in early 2011, when it was Windows Intune, and only a cloud based PC management solution, the Silverlight requirement has always been an issue for some, but we can see that progress is definitely being made to reduce the number of portals required for managing Enterprise Mobility + Security, and bringing consistency to the suite. If you are having trouble finding Intune blades in Azure, follow the instructions below.

First up, search for Intune (from more services, bottom left of Azure Portal).

You see two options, which I have selected the stars to favourite them. Intune App Protection links to the Intune Mobile Application Management functionality that has been in the Azure portal for quite a while now.

Once added, you will see the two items above added to the left hand side of the Azure Portal.

Clicking on Intune App Protection opens the Intune MAM blade, which I’ve covered previously. The interesting thing here is the rebranding, which I think we will probably be reading more about pretty soon…

Clicking on the Intune link on the right hand side of the Azure Portal opens the Intune preview blade, where we have the choice of;

Manage apps
Configure devices
Set device compliance
Conditional access
Devices & Groups
Manage Users
Enroll Devices
Access Control
Classic (Silverlight) Intune portal.

Manage Apps provides links to the following

Overview

Manage

Apps
Licensed Apps
App Configuration Policies
App Protection Policies
App Selective Wipe

Monitor

Discovered Apps
App install status
App Protection User Status

Setup

iOS VPP Tokens
Windows Store for Business
Company Portal Branding

Help and Support

Help And Support

Configure Devices provides the following options

Overview

Manage

Profiles

Setup

Certification Authority
Telecom Expense Management

Help and Support

Help and Support

Set device compliance includes

Overview

Manage

Policies

Help and Support

Help and Support

Conditional Access includes

Overview

Manage

Exchange on-premises access

Setup

Exchange ActiveSync on-premises

Help and Support

Help and Support

Overview

Manage

All devices

Monitor

Device Actions

Help and Support

Help and Support

 

Manage Users is a link to the Azure Active Directory blade, which has been in preview since shortly prior to Ignite. It’s had a few updates since then, but you can see that it’s a bit richer with extra icons and working views.

Overview

Manage

Apple Enrollment
Windows Hello for Business
Terms and Conditions
Enrollment Restrictions
Device Categories
Corporate Device Identifiers
Device Enrollment Managers

Setup

Apple MDM Push Certificate

Help and Support

Help and Support

Well, I can’t show you anything here yet, as you can see, and as you can probably imagine, I know where the classic Intune portal link will take me… our old friend Silverlight… I took these screenshots in Edge, so that’s a good enough reason to not click the link.

^ Scroll to Top
 19 Dec.
0

Microsoft Intune December 2016 Updates

Another month, another round of Intune updates. The biggest announcement of the month is the public preview of the new Intune admin experience in the Azure Portal which is showing up now. There have also been updates to multi-factor authentication and new device enrolment restrictions. Read below for more details.

Public preview of the new Intune admin experience on Azure

In early calendar year 2017, we will be migrating our full admin experience onto Azure, allowing for powerful and integrated management of core EMS workflows on a modern service platform that’s extensible using Graph APIs. In advance of the general availability of this portal for all Intune tenants, we’re excited to announce that we will begin rolling out a preview of this new admin experience later this month to select tenants.+

The admin experience in the Azure portal will use the already announced new grouping and targeting functionality; when your existing tenant is migrated to the new grouping experience you will also be migrated to preview the new admin experience on your tenant. In the meantime, find out more about what we have in store for Microsoft Intune in the Azure portal in our new documentation.+

If you have any questions about the timeline for your tenant’s migration, contact our migration team at intunegrps@microsoft.com.+

Telecom expense management integration in public preview of Azure portal

We are now beginning to preview integration with third-party telecom expense management (TEM) services within the Azure portal. You can use Intune to enforce limits on domestic and roaming data usage. We are beginning these integrations with Saaswedo.+

New Capabilities

Multi-factor authentication across all platforms

You can now enforce multi-factor authentication (MFA) on a selected group of users when they enroll an iOS, Android, Windows 8.1+, or Windows Phone 8.1+ device from the Azure Management Portal by configuring MFA on the Microsoft Intune Enrollment application in Azure Active Directory.+

+

Ability to restrict mobile device enrollment

Intune is adding new enrollment restrictions that control which mobile device platforms are allowed to enroll. Intune separates mobile device platforms as iOS, macOS, Android, Windows and Windows Mobile.+

    • Restricting mobile device enrollment does not restrict PC client enrollment.
    • For iOS only, there is one additional option to block the enrollment of personally owned devices.

+

Intune marks all new devices as personal unless the IT admin takes action to mark them as corporate owned, as explained in this article.+

Notices

Multi-Factor Authentication on Enrollment moving to the Azure portal

Previously, admins would go to either the Intune console or the Configuration Manager (earlier than release October 2016) console to set MFA for Intune enrollments. With this updated feature, you will now login to the Microsoft Azure portal using your Intune credentials and configure MFA settings through Azure AD. Learn more about this here.+

Company Portal app for Android now available in China 

We are publishing the Company Portal app for Android for download in China. Due to the absence of Google Play Store in China, Android devices must obtain apps from Chinese app marketplaces. The Company Portal app for Android will be available for download on the following stores:+

+

The Company Portal app for Android uses Google Play Services to communicate with the Microsoft Intune service. Since Google Play Services are not yet available in China, performing any of the following tasks can take up to 8 hours to complete. +

Intune Admin Console Intune Company Portal app for Android Intune Company Portal Website
Full wipe Remove a remote device Remove device (local and remote)
Selective wipe Reset device Reset device
New or updated app deployments Install available line-of-business apps Device passcode reset
Remote lock
Passcode reset

Deprecations

Firefox to no longer support Silverlight

Mozilla is removing support for Silverlight in version 52 of the Firefox browser, effective March 2017. As a result, you will no longer be able to log in to the existing Intune console using Firefox versions greater than 51. We recommend using Internet Explorer 10 or 11 to access the admin console, or a version of Firefox prior to version 52. Intune’s transition to the Azure portal will allow it to support a number of modern browsers without dependency on Silverlight.+

Removal of Exchange Online mobile inbox policies

Beginning in December, admins will no longer be able to view or configure Exchange Online (EAS) mobile mailbox policies within the Intune console. This change will roll out to all Intune tenants over December and January. All existing policies will stay as configured; for configuring new policies, use the Exchange Management Shell. Find out more information here.+

Intune AV Player, Image Viewer, and PDF Viewer apps are no longer supported on Android

From mid-December 2016 on, users will no longer be able to use the Intune AV Player, Image Viewer, and PDF Viewer apps. These apps have been replaced with the Azure Information Protection app. Find out more about the Azure Information Protection app here.

 

 

^ Scroll to Top
 9 Dec.
0

Windows 10 Deployment And Management Lab Kit December 2016 Update

Head on over to the TechNet Evaluation Center to grab the latest release of the Windows 10 Deployment and Management Lab Kit, which provides you with a hands-on lab environment for evaluating the latest Microsoft products and tools available for managing your Windows 10 deployment. The kit includes:

Lab environment

The lab includes the latest evaluation versions of:

  • Windows 10 Enterprise, Version 1607
  • System Center Configuration Manager 1511
  • Windows Assessment and Deployment Kit for Windows 10, version 1607
  • Microsoft Deployment Toolkit 2013 Update 2
  • Microsoft Application Virtualization 5.1
  • Microsoft BitLocker Administration and Monitoring 2.5 SP1
  • Windows Server 2012 R2
  • SQL Server 2014

Step-by-step lab guides

Illustrated lab guides take you through multiple deployment and management scenarios:

  • In-Place Upgrade
  • Image Creation
  • Lite-Touch Deployment
  • Zero-Touch Deployment
  • Managing Windows 10 with Configuration Manager
  • Windows Information Protection
  • Code Integrity
  • Windows 10 Provisioning
  • Application Compatibility
  • Application Virtualization
  • Provisioning
  • Web Application Compatibility
  • Microsoft BitLocker Administration and Monitoring
  • Secure Host
  • Credential Guard
  • Windows Store for Business
  • Upgrade Analytics

Languages

English (United States)

File

The lab kit consists of two self-extracting zip files: the lab environment and the lab guides.

Preinstall Information

Carefully read the information below before you continue with the download.

Windows 10 Deployment and Management Lab Kit system requirements

The lab supports the 64-bit editions of Windows 10 RTM and Windows Server 2012 R2. It must be imported to set up a lab once Hyper-V is installed.

The Hyper-V Host on which the Windows 10 PoC Lab needs to be imported must meet the following minimum specifications:

  • Hyper-V role installed
  • Administrative rights on the device
  • 300 gigabytes of free disk space
  • High-throughput disk subsystem
  • 32 gigabytes of available memory
  • High-end processor for faster processing
  • An External virtual switch in Hyper-V connecting to the external adapter of the host machine for internet connectivity named External 2
  • A Private virtual switch in Hyper-V for private connectivity between the virtual machines named HYD-Corpnet

The required hardware will vary based on the scale of the provisioned lab and the physical resources assigned to each virtual machine.

Lab expires March 1, 2017. A new version will be published prior to expiration.

Things to Know

This lab kit contains evaluation software that is designed for IT professionals interested in evaluating Windows 10 deployment and management products and tools on behalf of their organization. We do not recommend that you install this evaluation if you are not an IT professional or are not professionally managing corporate networks or devices. Additionally, the lab environment is intended for evaluation purposes only. It is a standalone virtual environment and should not be used or connected to your production environment.

^ Scroll to Top
 8 Dec.
0

Azure AD Connect Now Supported On Windows Server 2016

Another update for Windows Server 2016 compatibility – you can now download install Microsoft Azure Active Directory Connect with Windows Server 2016 as a supported platform.

Details

Version: 1.1.371.0
File Name: AzureADConnect.msi
Date Published: 12/7/2016
File Size: 78.1 MB
Integrating your on-premises directories with Azure AD makes your users more productive by providing a common identity for accessing both cloud and on-premises resources. With this integration users and organizations can take advantage of the following:
    • Organizations can provide users with a common hybrid identity across on-premises or cloud-based services leveraging Windows Server Active Directory and then connecting to Azure Active Directory.
    • Administrators can provide conditional access based on application resource, device and user identity, network location and multifactor authentication.
    • Users can leverage their common identity through accounts in Azure AD to Office 365, Intune, SaaS apps and third-party applications.
    • Developers can build applications that leverage the common identity model, integrating applications into Active Directory on-premises or Azure for cloud-based applications

Azure AD Connect makes this integration easy and simplifies the management of your on-premises and cloud identity infrastructure.

System Requirements

Supported Operating System

Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016

For more information, please refer to

https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-prerequisites/

Install Instructions

For more information, please refer to

 

^ Scroll to Top
 8 Dec.
1

Updated Intune MAM With And Without MDM App List December 2016

Last month I created the table in this post to highlight the mobile apps that are MAM and MDM enabled with Intune, and this month there are some updates. Let’s start with the Android piece.

Android MAM only apps available through the portal last month gave us 11 apps.

androidmamdec2016

This month you can see the new additions – Dynamics CRM and SharePoint.

iOS MAM apps available through the portal – no updates this month.

Below is the updated table, based on information found in the Intune-enlightened apps as well as the most recent updates and announcements. With the recent announcement of the new Intune SDK availability, we should start seeing some third party apps dropping in to the currently ISV free territory.

MAM with MDM MAM without MDM Multi-Identiy
Acronis Access iOS
Adobe Acrobat Android

iOS

Box for EMM iOS
Foxit Mobile PDF Android

iOS

Microsoft Dynamics CRM iOS

Android

iOS

Android

Microsoft Excel iOS

Android

iOS

Android

iOS
Microsoft Intune Managed Browser iOS

Android

iOS

Android

Microsoft OneDrive For Business iOS

Android

iOS

Android

iOS

Android

Microsoft OneNote iOS iOS
Microsoft Outlook iOS

Android

iOS

Android

iOS

Android

Microsoft PowerPoint iOS

Android

iOS

Android

iOS
Microsoft PowerBI iOS

Android

iOS
Microsoft Remote Desktop iOS

Android

iOS

Android

Microsoft RMS Sharing/Azure Information Protection iOS

Android

Android
Microsoft SharePoint iOS

Android

iOS

Android

Microsoft Skype For Business iOS

Android

iOS

Android

Microsoft Word iOS

Android

iOS

Android

iOS
Microsoft Work Folders iOS

Android

Outlook Groups iOS

Android

iOS

Android

SAP Fiori
Yammer iOS

Android

iOS

Android

^ Scroll to Top
 8 Dec.
0

Intune December 2016 Updates

There have been several new announcements over the last few days regarding EMS, but the one that many have been holding out for is the public preview of the Intune admin experience in the Azure Portal. While we can’t quite lay our Silverlight dependency to rest just yet, it’s getting closer. We’ve had MAM without enrolment in the Azure Portal for quite a while, recently user groups have moved out of Intune groups, and now the new portal preview.

What’s in the preview?

December 2016 (initial release)

  • Deploy and manage apps from a store to iOS, Android, and Windows devices
  • Deploy and manage line of business (LOB) apps to iOS, Android, and Windows devices
  • Deploy and manage volume-purchased apps to iOS, and Windows devices
  • Deploy and manage web apps for Android, iOS, and Windows devices
  • Volume-purchased apps for iOS (business and education)
  • iOS managed app configuration profiles
  • Configure app protection policies, and deploy line of business apps to devices that are not enrolled with Intune
  • VPN profiles, per-app VPN, Wi-Fi, email, and certificate profiles
  • Compliance policies
  • Conditional access for Azure AD
  • Conditional access for On-Premises Exchange
  • Device enrollment
  • Role-based access control

Here are the Intune team’s update for December 2016.

Public preview of the new Intune admin experience on Azure

In early calendar year 2017 we will be migrating our full admin experience onto Azure, allowing for powerful and integrated management of core EMS workflows on a modern service platform that’s extensible using Graph APIs.+

New trial tenants will start to see the public preview of the new admin experience in the Azure portal this month. While in preview state, capabilities and parity with the existing Intune console will be delivered iteratively.+

The admin experience in the Azure portal will use the already announced new grouping and targeting functionality; when your existing tenant is migrated to the new grouping experience you will also be migrated to preview the new admin experience on your tenant. In the meantime, if you want to test or look at any of the new functionality until your tenant is migrated, sign up for a new Intune trial account or take a look at the new documentation.+

If you have any questions about the timeline for your tenant’s migration, contact our migration team at intunegrps@microsoft.com.+

Telecom expense management integration in public preview of Azure portal

We are now beginning to preview integration with third-party telecom expense management (TEM) services within the Azure portal. You can use Intune to enforce limits on domestic and roaming data usage. We are beginning these integrations with Saaswedo.+

New Capabilities

Multi-factor authentication across all platforms

You can now enforce multi-factor authentication (MFA) on a selected group of users when they enroll an iOS, Android, Windows 8.1+, or Windows Phone 8.1+ device from the Azure Management Portal by configuring MFA on the Microsoft Intune Enrollment application in Azure Active Directory.+

+

Ability to restrict mobile device enrollment

Intune is adding new enrollment restrictions that control which mobile device platforms are allowed to enroll. Intune separates mobile device platforms as iOS, macOS, Android, Windows and Windows Mobile.+

    • Restricting mobile device enrollment does not restrict PC client enrollment.
    • For iOS only, there is one additional option to block the enrollment of personally owned devices.

+

Intune marks all new devices as personal unless the IT admin takes action to mark them as corporate owned, as explained in this article.+

Notices

Multi-Factor Authentication on Enrollment moving to the Azure portal

Previously, admins would go to either the Intune console or the Configuration Manager (earlier than release October 2016) console to set MFA for Intune enrollments. With this updated feature, you will now login to the Microsoft Azure portal using your Intune credentials and configure MFA settings through Azure AD. Learn more about this here.+

Company Portal app for Android now available in China 

We are publishing the Company Portal app for Android for download in China. Due to the absence of Google Play Store in China, Android devices must obtain apps from Chinese app marketplaces. The Company Portal app for Android will be available for download on the following stores:+

+

The Company Portal app for Android uses Google Play Services to communicate with the Microsoft Intune service. Since Google Play Services are not yet available in China, performing any of the following tasks can take up to 8 hours to complete. +

Intune Admin Console Intune Company Portal app for Android Intune Company Portal Website
Full wipe Remove a remote device Remove device (local and remote)
Selective wipe Reset device Reset device
New or updated app deployments Install available line-of-business apps Device passcode reset
Remote lock
Passcode reset

Deprecations

Firefox to no longer support Silverlight

Mozilla is removing support for Silverlight in version 52 of the Firefox browser, effective March 2017. As a result, you will no longer be able to log in to the existing Intune console using Firefox versions greater than 51. We recommend using Internet Explorer 10 or 11 to access the admin console, or a version of Firefox prior to version 52. Intune’s transition to the Azure portal will allow it to support a number of modern browsers without dependency on Silverlight.+

Removal of Exchange Online mobile inbox policies

Beginning in December, admins will no longer be able to view or configure Exchange Online (EAS) mobile mailbox policies within the Intune console. This change will roll out to all Intune tenants over December and January. All existing policies will stay as configured; for configuring new policies, use the Exchange Management Shell. Find out more information here.+

Intune AV Player, Image Viewer, and PDF Viewer apps are no longer supported on Android

From mid-December 2016 on, users will no longer be able to use the Intune AV Player, Image Viewer, and PDF Viewer apps. These apps have been replaced with the Azure Information Protection app. Find out more about the Azure Information Protection app here.

^ Scroll to Top
 2 Dec.
0

Intune MAM Exchange Online Conditional Access Now In Azure Portal

In a recent blog post New in Intune: More conditional access, App SDK updates, and Android for Work! the Intune team announced additional conditional access capabilities, including the ability to restrict access to Exchange Online to certain clients for MAM only scenarios.

Here is what they posted…

Conditional access is one of the signature experiences from Microsoft Enterprise Mobility + Security, bringing together the power of Intune and Azure Active Directory Premium to allow you to define policies that provide contextual control at the user, location, device and app levels. This rich set of features gives you the control you need to ensure your corporate data is secure, while giving your users the experience they expect in today’s world. We’re excited to announce these new features that further expand our conditional access capabilities to mobile applications and Windows PCs:

  • Conditional access for mobile apps
    This update allows you to restrict access to Exchange Online from only apps that are enabled with Intune’s mobile application protection policies, such as Outlook. If you’ve been looking for a way to block access to Exchange Online from built-in mail clients or other apps, look no further.

I’ve taken some screenshots of the updated portal so you can get an idea of how it works.

mamdec201601

First of all you can see above that I’ve highlighted the new tile that appears.

mamdec201602

Alternatively, if you customise it and hide the tile, you have the Exchange Online link underneath Conditional Access on the right.

mamdec201603

From here we can start seeing what configuration options we’ve got.

mamdec201605

First up, Allowed apps has the default setting of all apps.

mamdec201604

The dropdown reveals the current MAM only enabled apps that are available to use.

 

mamdec201606

We can add restricted user groups.

mamdec201608

We can make exceptions for certain use cases or troubleshooting scenarios.

 

All up, pretty easy to follow and implement.

^ Scroll to Top

%d bloggers like this: