29 Jan.

Pointing to “manage.microsoft.com” will no longer work for enrollment

For those of you not actively monitoring the Office 365 Message Center, you might have missed the plan for change message that was posted on January 27. Below you will find the details of the message. If you need more details, take a look at Enroll Windows Phone and Windows 10 Mobile Devices and Enroll Windows PCs As Mobile Devices.

Pointing to “manage.microsoft.com” will no longer work for enrollment


Published On : January 27, 2017

Expires On : March 27, 2017

Action required by

When your users enroll their Windows devices, in Intune, the enrollment server can be automatically discovered if you have a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to enterpriseenrollment-s.manage.microsoft.com. If no enrollment CNAME record is found, users are prompted to manually enter the Mobile Device Management (MDM) server name, https://manage.microsoft.com. Manage.microsoft.com is being deprecated and will no longer work for enrolling devices, beginning February 11.

How does this affect me?

If you have a CNAME in DNS that maps to manage.microsoft.com, it won’t work after this change takes effect. If you tell your users to enter manage.microsoft.com if their device fails to find an enrollment server, those instructions won’t work after this change takes effect. If you already have a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to enterpriseenrollment-s.manage.microsoft.com, and the enrollment server is accessible by the user devices, this change will not impact you.

What do I need to do to prepare for this change?

If you currently have a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to manage.microsoft.com, replace it with a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to enterpriseenrollment-s.manage.microsoft.com. if you currently reference manage.microsoft.com in your user training for Windows MDM enrollment, update it (for both Phone and PCs.) to enrollment.manage.microsoft.com. For more information about configuring Windows enrollment, please click Additional Information.

Additional information

^ Scroll to Top
 25 Jan.

Microsoft announces Intune for Education

Microsoft announced Intune for Education, a customised version of Intune to help education administrators deploy and manage devices and applications, as well as PC settings. With a recent update on Intune User Voice highlighting the incorporation of Apple VPP for Education, this should make the Intune in education story a much better one.

If you missed the announcement it may have been because it was posted on the Windows blog, where they also make some new low cost PC announcements as well. You can sign up for more information at http://aka.ms/intuneforedu but for now, here are a few screenshots of the new interface, if you want to see it in action watch the video at the bottom of the post.

From this screenshot you can see that this is leveraging the Azure Portal.

School Data Sync is on of the features discussed.

An alternate view of where you deploy apps and settings.


Choosing Windows Store apps to deploy, made easy

Applying settings made easy.

^ Scroll to Top
 23 Jan.

Power BI Content Pack for Azure Active Directory

The Power BI team have announced the Power BI Content Pack for Azure Active Directory, and it’s a great way to get additional reporting insights from your Azure Active Directory Premium subscriptions. It’s easy enough to set up, I had it enabled within a few minutes, but I haven’t had too much of a chance to dig in just yet.

First select Azure Active Directory Activity Logs

Click Get It Now

You can choose OAuth2 as I have here to connect in to a non-federated tenant.

Enter the tenant name (you can use yourcompany.com or yourtenant.onmicrosoft.com)

And there’s the default dashboard.

^ Scroll to Top
 12 Jan.

Microsoft Intune January 2017 Updates

This month’s Intune updates have just been published, and includes updates for Android, iOS and Windows 10. Take a look below at the full update announcement from the Intune team.

New Capabilities

Android 7.1.1 support

Intune now fully supports and manages Android 7.1.1.

Resolve issue where iOS devices are inactive, or the admin console cannot communicate with them

When users’ devices lose contact with Intune, you can give them new troubleshooting steps to help them regain access to company resources. See Devices are inactive, or the admin console cannot communicate with them.+


Defaulting to managing Windows desktop devices through Windows settings

The default behavior for enrolling Windows 10 desktops is changing. New enrollments will follow the typical MDM agent enrollment flow rather than through the PC agent.

The Company Portal website will provide Windows 10 desktop users with enrollment instructions that guide them through the process of adding Windows 10 desktop computers as mobile devices. This will not impact currently enrolled PCs, and your organization can still manage Windows 10 desktops using the PC agent if you prefer.

Improving mobile app management support for selective wipe

End users will be given additional guidance on how to regain access to work or school data if that data is automatically removed due to the “Offline interval before app data is wiped” policy.

New documentation for app protection policies

We have updated our documentation for admins and app developers who want to enable app protection policies (known as MAM policies) in their iOS and Android apps using the Intune App Wrapping Tool or Intune App SDK.+

The following articles have been updated:


The following articles are new additions to the docs library:+

^ Scroll to Top
 12 Jan.

January Updates To The Intune Preview In Azure

As we get closer to Intune moving over to the Azure portal, there are a few updates that have already worked their way in since the initial preview release last month. The best way to check out all of the new capabilities is a with a new trial tenant, as opposed to waiting for your production or existing test tenants to be updated. As you’ll see in a few of the screenshots below, this is the path I had to go down to expose the preview functionality.

Custom app categories

You can now create, edit, and assign categories for apps you add to Intune. Currently, categories can only be specified in English.

Let’s take a look at how we do this.

First up I need to add an app, and one of the new capabilities is the ability to search directly for the app from within the portal. This means you don’t have to search, copy and past the URL etc.

Searching for Word gives a few hits, but obviously it’s the first one that I need to select.

Once selected, we can move to App Information > Configure, where you will see some of the fields are pre-populated, but you will still need to add some information manually and change fields like the App Description. You will also notice that the Word icon is presented.

Assign line of business apps whether or not devices are enrolled

You can now assign line of business and apps from the store to users whether or not their devices are enrolled with Intune. If the users device is not enrolled with Intune, they must go to the Company Portal website to install it, instead of the Company Portal app.

Resolve issue where iOS devices are inactive, or the admin console cannot communicate with them

When users’ devices lose contact with Intune, you can give them new troubleshooting steps to help them regain access to company resources. See Devices are inactive, or the admin console cannot communicate with them.

^ Scroll to Top
 30 Dec.

Download Windows developer virtual machines – December 2016 build

Microsoft has released the December 2016 edition of their evaluation and licensed Windows developer virtual machines (VM) on Windows Dev Center. The VMs come in Hyper-V, Parallels, VirtualBox and VMWare flavors.  The evaluation version will expire on 8 April 2017.

Evaluation VM contain:

Licensed VM contain:

If you don’t currently have a Windows 10 Pro license, you can get one from the Microsoft Store. If you just want to try out Windows 10 and UWP, use the free evaluation version of the VMs. The evaluation copies will expire after a pre-determined amount of time.

The Azure portal also has virtual machines you can spin up with the Windows Developer tooling installed as well!

If you have feedback on the VMs, please provide it over at the Windows Developer Feedback UserVoice site.

^ Scroll to Top
 29 Dec.

Download The Windows 10 ADK Preview Build 14986

If you are trying to stay a step ahead of the public releases of the Windows ADK, and you haven’t done so already, sign up for the Windows Insider Preview so that you not only get early access to new Windows 10 builds, but you can also grab early releases of the Windows ADK as well.

Windows ADK Insider Preview – Build 14986 is available now, here is the information from the Insider page before you download the ISO.

Install Windows ADK Insider Preview

Download Windows Assessment and Deployment Kit (Windows ADK) Insider Preview to get the new and improved deployment tools used to automate a large-scale deployment. Windows ADK Insider Preview includes:

  • The Windows Assessment Toolkit and the Windows Performance Toolkit to assess the quality and performance of systems or components.
  • Several deployment tools such as WinPE, Windows Imaging and Configuration Designer (Windows ICD), and other tools to customize and deploy Windows 10 images.
^ Scroll to Top
 19 Dec.

Microsoft Intune in the Azure Portal

This post is mainly screenshots of what the Intune preview in the Azure Portal looks like, along with a few comments where appropriate. Since I started working with Intune in early 2011, when it was Windows Intune, and only a cloud based PC management solution, the Silverlight requirement has always been an issue for some, but we can see that progress is definitely being made to reduce the number of portals required for managing Enterprise Mobility + Security, and bringing consistency to the suite. If you are having trouble finding Intune blades in Azure, follow the instructions below.

First up, search for Intune (from more services, bottom left of Azure Portal).

You see two options, which I have selected the stars to favourite them. Intune App Protection links to the Intune Mobile Application Management functionality that has been in the Azure portal for quite a while now.

Once added, you will see the two items above added to the left hand side of the Azure Portal.

Clicking on Intune App Protection opens the Intune MAM blade, which I’ve covered previously. The interesting thing here is the rebranding, which I think we will probably be reading more about pretty soon…

Clicking on the Intune link on the right hand side of the Azure Portal opens the Intune preview blade, where we have the choice of;

Manage apps
Configure devices
Set device compliance
Conditional access
Devices & Groups
Manage Users
Enroll Devices
Access Control
Classic (Silverlight) Intune portal.

Manage Apps provides links to the following



Licensed Apps
App Configuration Policies
App Protection Policies
App Selective Wipe


Discovered Apps
App install status
App Protection User Status


iOS VPP Tokens
Windows Store for Business
Company Portal Branding

Help and Support

Help And Support

Configure Devices provides the following options





Certification Authority
Telecom Expense Management

Help and Support

Help and Support

Set device compliance includes




Help and Support

Help and Support

Conditional Access includes



Exchange on-premises access


Exchange ActiveSync on-premises

Help and Support

Help and Support



All devices


Device Actions

Help and Support

Help and Support


Manage Users is a link to the Azure Active Directory blade, which has been in preview since shortly prior to Ignite. It’s had a few updates since then, but you can see that it’s a bit richer with extra icons and working views.



Apple Enrollment
Windows Hello for Business
Terms and Conditions
Enrollment Restrictions
Device Categories
Corporate Device Identifiers
Device Enrollment Managers


Apple MDM Push Certificate

Help and Support

Help and Support

Well, I can’t show you anything here yet, as you can see, and as you can probably imagine, I know where the classic Intune portal link will take me… our old friend Silverlight… I took these screenshots in Edge, so that’s a good enough reason to not click the link.

^ Scroll to Top
 19 Dec.

Microsoft Intune December 2016 Updates

Another month, another round of Intune updates. The biggest announcement of the month is the public preview of the new Intune admin experience in the Azure Portal which is showing up now. There have also been updates to multi-factor authentication and new device enrolment restrictions. Read below for more details.

Public preview of the new Intune admin experience on Azure

In early calendar year 2017, we will be migrating our full admin experience onto Azure, allowing for powerful and integrated management of core EMS workflows on a modern service platform that’s extensible using Graph APIs. In advance of the general availability of this portal for all Intune tenants, we’re excited to announce that we will begin rolling out a preview of this new admin experience later this month to select tenants.+

The admin experience in the Azure portal will use the already announced new grouping and targeting functionality; when your existing tenant is migrated to the new grouping experience you will also be migrated to preview the new admin experience on your tenant. In the meantime, find out more about what we have in store for Microsoft Intune in the Azure portal in our new documentation.+

If you have any questions about the timeline for your tenant’s migration, contact our migration team at intunegrps@microsoft.com.+

Telecom expense management integration in public preview of Azure portal

We are now beginning to preview integration with third-party telecom expense management (TEM) services within the Azure portal. You can use Intune to enforce limits on domestic and roaming data usage. We are beginning these integrations with Saaswedo.+

New Capabilities

Multi-factor authentication across all platforms

You can now enforce multi-factor authentication (MFA) on a selected group of users when they enroll an iOS, Android, Windows 8.1+, or Windows Phone 8.1+ device from the Azure Management Portal by configuring MFA on the Microsoft Intune Enrollment application in Azure Active Directory.+


Ability to restrict mobile device enrollment

Intune is adding new enrollment restrictions that control which mobile device platforms are allowed to enroll. Intune separates mobile device platforms as iOS, macOS, Android, Windows and Windows Mobile.+

    • Restricting mobile device enrollment does not restrict PC client enrollment.
    • For iOS only, there is one additional option to block the enrollment of personally owned devices.


Intune marks all new devices as personal unless the IT admin takes action to mark them as corporate owned, as explained in this article.+


Multi-Factor Authentication on Enrollment moving to the Azure portal

Previously, admins would go to either the Intune console or the Configuration Manager (earlier than release October 2016) console to set MFA for Intune enrollments. With this updated feature, you will now login to the Microsoft Azure portal using your Intune credentials and configure MFA settings through Azure AD. Learn more about this here.+

Company Portal app for Android now available in China 

We are publishing the Company Portal app for Android for download in China. Due to the absence of Google Play Store in China, Android devices must obtain apps from Chinese app marketplaces. The Company Portal app for Android will be available for download on the following stores:+


The Company Portal app for Android uses Google Play Services to communicate with the Microsoft Intune service. Since Google Play Services are not yet available in China, performing any of the following tasks can take up to 8 hours to complete. +

Intune Admin Console Intune Company Portal app for Android Intune Company Portal Website
Full wipe Remove a remote device Remove device (local and remote)
Selective wipe Reset device Reset device
New or updated app deployments Install available line-of-business apps Device passcode reset
Remote lock
Passcode reset


Firefox to no longer support Silverlight

Mozilla is removing support for Silverlight in version 52 of the Firefox browser, effective March 2017. As a result, you will no longer be able to log in to the existing Intune console using Firefox versions greater than 51. We recommend using Internet Explorer 10 or 11 to access the admin console, or a version of Firefox prior to version 52. Intune’s transition to the Azure portal will allow it to support a number of modern browsers without dependency on Silverlight.+

Removal of Exchange Online mobile inbox policies

Beginning in December, admins will no longer be able to view or configure Exchange Online (EAS) mobile mailbox policies within the Intune console. This change will roll out to all Intune tenants over December and January. All existing policies will stay as configured; for configuring new policies, use the Exchange Management Shell. Find out more information here.+

Intune AV Player, Image Viewer, and PDF Viewer apps are no longer supported on Android

From mid-December 2016 on, users will no longer be able to use the Intune AV Player, Image Viewer, and PDF Viewer apps. These apps have been replaced with the Azure Information Protection app. Find out more about the Azure Information Protection app here.



^ Scroll to Top
 9 Dec.

Windows 10 Deployment And Management Lab Kit December 2016 Update

Head on over to the TechNet Evaluation Center to grab the latest release of the Windows 10 Deployment and Management Lab Kit, which provides you with a hands-on lab environment for evaluating the latest Microsoft products and tools available for managing your Windows 10 deployment. The kit includes:

Lab environment

The lab includes the latest evaluation versions of:

  • Windows 10 Enterprise, Version 1607
  • System Center Configuration Manager 1511
  • Windows Assessment and Deployment Kit for Windows 10, version 1607
  • Microsoft Deployment Toolkit 2013 Update 2
  • Microsoft Application Virtualization 5.1
  • Microsoft BitLocker Administration and Monitoring 2.5 SP1
  • Windows Server 2012 R2
  • SQL Server 2014

Step-by-step lab guides

Illustrated lab guides take you through multiple deployment and management scenarios:

  • In-Place Upgrade
  • Image Creation
  • Lite-Touch Deployment
  • Zero-Touch Deployment
  • Managing Windows 10 with Configuration Manager
  • Windows Information Protection
  • Code Integrity
  • Windows 10 Provisioning
  • Application Compatibility
  • Application Virtualization
  • Provisioning
  • Web Application Compatibility
  • Microsoft BitLocker Administration and Monitoring
  • Secure Host
  • Credential Guard
  • Windows Store for Business
  • Upgrade Analytics


English (United States)


The lab kit consists of two self-extracting zip files: the lab environment and the lab guides.

Preinstall Information

Carefully read the information below before you continue with the download.

Windows 10 Deployment and Management Lab Kit system requirements

The lab supports the 64-bit editions of Windows 10 RTM and Windows Server 2012 R2. It must be imported to set up a lab once Hyper-V is installed.

The Hyper-V Host on which the Windows 10 PoC Lab needs to be imported must meet the following minimum specifications:

  • Hyper-V role installed
  • Administrative rights on the device
  • 300 gigabytes of free disk space
  • High-throughput disk subsystem
  • 32 gigabytes of available memory
  • High-end processor for faster processing
  • An External virtual switch in Hyper-V connecting to the external adapter of the host machine for internet connectivity named External 2
  • A Private virtual switch in Hyper-V for private connectivity between the virtual machines named HYD-Corpnet

The required hardware will vary based on the scale of the provisioned lab and the physical resources assigned to each virtual machine.

Lab expires March 1, 2017. A new version will be published prior to expiration.

Things to Know

This lab kit contains evaluation software that is designed for IT professionals interested in evaluating Windows 10 deployment and management products and tools on behalf of their organization. We do not recommend that you install this evaluation if you are not an IT professional or are not professionally managing corporate networks or devices. Additionally, the lab environment is intended for evaluation purposes only. It is a standalone virtual environment and should not be used or connected to your production environment.

^ Scroll to Top

%d bloggers like this: