For those of you not actively monitoring the Office 365 Message Center, you might have missed the plan for change message that was posted on January 27. Below you will find the details of the message. If you need more details, take a look at Enroll Windows Phone and Windows 10 Mobile Devices and Enroll Windows PCs As Mobile Devices.
Published On : January 27, 2017
Expires On : March 27, 2017
Action required by
When your users enroll their Windows devices, in Intune, the enrollment server can be automatically discovered if you have a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to enterpriseenrollment-s.manage.microsoft.com. If no enrollment CNAME record is found, users are prompted to manually enter the Mobile Device Management (MDM) server name, https://manage.microsoft.com. Manage.microsoft.com is being deprecated and will no longer work for enrolling devices, beginning February 11.
How does this affect me?
If you have a CNAME in DNS that maps to manage.microsoft.com, it won’t work after this change takes effect. If you tell your users to enter manage.microsoft.com if their device fails to find an enrollment server, those instructions won’t work after this change takes effect. If you already have a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to enterpriseenrollment-s.manage.microsoft.com, and the enrollment server is accessible by the user devices, this change will not impact you.
What do I need to do to prepare for this change?
If you currently have a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to manage.microsoft.com, replace it with a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to enterpriseenrollment-s.manage.microsoft.com. if you currently reference manage.microsoft.com in your user training for Windows MDM enrollment, update it (for both Phone and PCs.) to enrollment.manage.microsoft.com. For more information about configuring Windows enrollment, please click Additional Information.^ Scroll to Top
Microsoft announced Intune for Education, a customised version of Intune to help education administrators deploy and manage devices and applications, as well as PC settings. With a recent update on Intune User Voice highlighting the incorporation of Apple VPP for Education, this should make the Intune in education story a much better one.
If you missed the announcement it may have been because it was posted on the Windows blog, where they also make some new low cost PC announcements as well. You can sign up for more information at http://aka.ms/intuneforedu but for now, here are a few screenshots of the new interface, if you want to see it in action watch the video at the bottom of the post.
From this screenshot you can see that this is leveraging the Azure Portal.
School Data Sync is on of the features discussed.
An alternate view of where you deploy apps and settings.
Choosing Windows Store apps to deploy, made easy
Applying settings made easy.
The Power BI team have announced the Power BI Content Pack for Azure Active Directory, and it’s a great way to get additional reporting insights from your Azure Active Directory Premium subscriptions. It’s easy enough to set up, I had it enabled within a few minutes, but I haven’t had too much of a chance to dig in just yet.
First select Azure Active Directory Activity Logs
Click Get It Now
You can choose OAuth2 as I have here to connect in to a non-federated tenant.
Enter the tenant name (you can use yourcompany.com or yourtenant.onmicrosoft.com)
And there’s the default dashboard.^ Scroll to Top
This month’s Intune updates have just been published, and includes updates for Android, iOS and Windows 10. Take a look below at the full update announcement from the Intune team.
Intune now fully supports and manages Android 7.1.1.
When users’ devices lose contact with Intune, you can give them new troubleshooting steps to help them regain access to company resources. See Devices are inactive, or the admin console cannot communicate with them.+
The default behavior for enrolling Windows 10 desktops is changing. New enrollments will follow the typical MDM agent enrollment flow rather than through the PC agent.
The Company Portal website will provide Windows 10 desktop users with enrollment instructions that guide them through the process of adding Windows 10 desktop computers as mobile devices. This will not impact currently enrolled PCs, and your organization can still manage Windows 10 desktops using the PC agent if you prefer.
End users will be given additional guidance on how to regain access to work or school data if that data is automatically removed due to the “Offline interval before app data is wiped” policy.
We have updated our documentation for admins and app developers who want to enable app protection policies (known as MAM policies) in their iOS and Android apps using the Intune App Wrapping Tool or Intune App SDK.+
The following articles have been updated:
The following articles are new additions to the docs library:+^ Scroll to Top
As we get closer to Intune moving over to the Azure portal, there are a few updates that have already worked their way in since the initial preview release last month. The best way to check out all of the new capabilities is a with a new trial tenant, as opposed to waiting for your production or existing test tenants to be updated. As you’ll see in a few of the screenshots below, this is the path I had to go down to expose the preview functionality.
You can now create, edit, and assign categories for apps you add to Intune. Currently, categories can only be specified in English.
Let’s take a look at how we do this.
First up I need to add an app, and one of the new capabilities is the ability to search directly for the app from within the portal. This means you don’t have to search, copy and past the URL etc.
Searching for Word gives a few hits, but obviously it’s the first one that I need to select.
Once selected, we can move to App Information > Configure, where you will see some of the fields are pre-populated, but you will still need to add some information manually and change fields like the App Description. You will also notice that the Word icon is presented.
You can now assign line of business and apps from the store to users whether or not their devices are enrolled with Intune. If the users device is not enrolled with Intune, they must go to the Company Portal website to install it, instead of the Company Portal app.
When users’ devices lose contact with Intune, you can give them new troubleshooting steps to help them regain access to company resources. See Devices are inactive, or the admin console cannot communicate with them.^ Scroll to Top
Microsoft has released the December 2016 edition of their evaluation and licensed Windows developer virtual machines (VM) on Windows Dev Center. The VMs come in Hyper-V, Parallels, VirtualBox and VMWare flavors. The evaluation version will expire on 8 April 2017.
If you don’t currently have a Windows 10 Pro license, you can get one from the Microsoft Store. If you just want to try out Windows 10 and UWP, use the free evaluation version of the VMs. The evaluation copies will expire after a pre-determined amount of time.
The Azure portal also has virtual machines you can spin up with the Windows Developer tooling installed as well!
If you have feedback on the VMs, please provide it over at the Windows Developer Feedback UserVoice site.^ Scroll to Top
If you are trying to stay a step ahead of the public releases of the Windows ADK, and you haven’t done so already, sign up for the Windows Insider Preview so that you not only get early access to new Windows 10 builds, but you can also grab early releases of the Windows ADK as well.
Windows ADK Insider Preview – Build 14986 is available now, here is the information from the Insider page before you download the ISO.
Download Windows Assessment and Deployment Kit (Windows ADK) Insider Preview to get the new and improved deployment tools used to automate a large-scale deployment. Windows ADK Insider Preview includes:
This post is mainly screenshots of what the Intune preview in the Azure Portal looks like, along with a few comments where appropriate. Since I started working with Intune in early 2011, when it was Windows Intune, and only a cloud based PC management solution, the Silverlight requirement has always been an issue for some, but we can see that progress is definitely being made to reduce the number of portals required for managing Enterprise Mobility + Security, and bringing consistency to the suite. If you are having trouble finding Intune blades in Azure, follow the instructions below.
First up, search for Intune (from more services, bottom left of Azure Portal).
You see two options, which I have selected the stars to favourite them. Intune App Protection links to the Intune Mobile Application Management functionality that has been in the Azure portal for quite a while now.
Once added, you will see the two items above added to the left hand side of the Azure Portal.
Clicking on Intune App Protection opens the Intune MAM blade, which I’ve covered previously. The interesting thing here is the rebranding, which I think we will probably be reading more about pretty soon…
Clicking on the Intune link on the right hand side of the Azure Portal opens the Intune preview blade, where we have the choice of;
Set device compliance
Devices & Groups
Classic (Silverlight) Intune portal.
Manage Apps provides links to the following
App Configuration Policies
App Protection Policies
App Selective Wipe
App install status
App Protection User Status
iOS VPP Tokens
Windows Store for Business
Company Portal Branding
Help and Support
Help And Support
Configure Devices provides the following options
Telecom Expense Management
Help and Support
Help and Support
Set device compliance includes
Help and Support
Help and Support
Conditional Access includes
Exchange on-premises access
Exchange ActiveSync on-premises
Help and Support
Help and Support
Help and Support
Help and Support
Manage Users is a link to the Azure Active Directory blade, which has been in preview since shortly prior to Ignite. It’s had a few updates since then, but you can see that it’s a bit richer with extra icons and working views.
Windows Hello for Business
Terms and Conditions
Corporate Device Identifiers
Device Enrollment Managers
Apple MDM Push Certificate
Help and Support
Help and Support
Well, I can’t show you anything here yet, as you can see, and as you can probably imagine, I know where the classic Intune portal link will take me… our old friend Silverlight… I took these screenshots in Edge, so that’s a good enough reason to not click the link.^ Scroll to Top
Another month, another round of Intune updates. The biggest announcement of the month is the public preview of the new Intune admin experience in the Azure Portal which is showing up now. There have also been updates to multi-factor authentication and new device enrolment restrictions. Read below for more details.
In early calendar year 2017, we will be migrating our full admin experience onto Azure, allowing for powerful and integrated management of core EMS workflows on a modern service platform that’s extensible using Graph APIs. In advance of the general availability of this portal for all Intune tenants, we’re excited to announce that we will begin rolling out a preview of this new admin experience later this month to select tenants.+
The admin experience in the Azure portal will use the already announced new grouping and targeting functionality; when your existing tenant is migrated to the new grouping experience you will also be migrated to preview the new admin experience on your tenant. In the meantime, find out more about what we have in store for Microsoft Intune in the Azure portal in our new documentation.+
We are now beginning to preview integration with third-party telecom expense management (TEM) services within the Azure portal. You can use Intune to enforce limits on domestic and roaming data usage. We are beginning these integrations with Saaswedo.+
You can now enforce multi-factor authentication (MFA) on a selected group of users when they enroll an iOS, Android, Windows 8.1+, or Windows Phone 8.1+ device from the Azure Management Portal by configuring MFA on the Microsoft Intune Enrollment application in Azure Active Directory.+
Intune is adding new enrollment restrictions that control which mobile device platforms are allowed to enroll. Intune separates mobile device platforms as iOS, macOS, Android, Windows and Windows Mobile.+
Previously, admins would go to either the Intune console or the Configuration Manager (earlier than release October 2016) console to set MFA for Intune enrollments. With this updated feature, you will now login to the Microsoft Azure portal using your Intune credentials and configure MFA settings through Azure AD. Learn more about this here.+
We are publishing the Company Portal app for Android for download in China. Due to the absence of Google Play Store in China, Android devices must obtain apps from Chinese app marketplaces. The Company Portal app for Android will be available for download on the following stores:+
The Company Portal app for Android uses Google Play Services to communicate with the Microsoft Intune service. Since Google Play Services are not yet available in China, performing any of the following tasks can take up to 8 hours to complete. +
|Intune Admin Console||Intune Company Portal app for Android||Intune Company Portal Website|
|Full wipe||Remove a remote device||Remove device (local and remote)|
|Selective wipe||Reset device||Reset device|
|New or updated app deployments||Install available line-of-business apps||Device passcode reset|
Mozilla is removing support for Silverlight in version 52 of the Firefox browser, effective March 2017. As a result, you will no longer be able to log in to the existing Intune console using Firefox versions greater than 51. We recommend using Internet Explorer 10 or 11 to access the admin console, or a version of Firefox prior to version 52. Intune’s transition to the Azure portal will allow it to support a number of modern browsers without dependency on Silverlight.+
Beginning in December, admins will no longer be able to view or configure Exchange Online (EAS) mobile mailbox policies within the Intune console. This change will roll out to all Intune tenants over December and January. All existing policies will stay as configured; for configuring new policies, use the Exchange Management Shell. Find out more information here.+
From mid-December 2016 on, users will no longer be able to use the Intune AV Player, Image Viewer, and PDF Viewer apps. These apps have been replaced with the Azure Information Protection app. Find out more about the Azure Information Protection app here.
^ Scroll to Top
Head on over to the TechNet Evaluation Center to grab the latest release of the Windows 10 Deployment and Management Lab Kit, which provides you with a hands-on lab environment for evaluating the latest Microsoft products and tools available for managing your Windows 10 deployment. The kit includes:
The lab includes the latest evaluation versions of:
Step-by-step lab guides
Illustrated lab guides take you through multiple deployment and management scenarios:
English (United States)
The lab kit consists of two self-extracting zip files: the lab environment and the lab guides.
Carefully read the information below before you continue with the download.
Windows 10 Deployment and Management Lab Kit system requirements
The lab supports the 64-bit editions of Windows 10 RTM and Windows Server 2012 R2. It must be imported to set up a lab once Hyper-V is installed.
The Hyper-V Host on which the Windows 10 PoC Lab needs to be imported must meet the following minimum specifications:
The required hardware will vary based on the scale of the provisioned lab and the physical resources assigned to each virtual machine.
Lab expires March 1, 2017. A new version will be published prior to expiration.
Things to Know
This lab kit contains evaluation software that is designed for IT professionals interested in evaluating Windows 10 deployment and management products and tools on behalf of their organization. We do not recommend that you install this evaluation if you are not an IT professional or are not professionally managing corporate networks or devices. Additionally, the lab environment is intended for evaluation purposes only. It is a standalone virtual environment and should not be used or connected to your production environment.