25 Nov.
0

EMS Partner Training Events Coming Q1 2017

This year’s EMS training courses have all been booked out, but the long waiting lists for Sydney and Melbourne mean that we have some additional dates for next year to share. Make sure you reach out to the Microsoft Australia readiness team via the contact details below to register your interest and secure a seat.

Enterprise Mobility + Security (EMS)

 

Enterprise Mobility + Security

Type: Technical (L300)

Audience: Partners with existing competencies around devices and deployment, access and identity, management and virtualization, Office 365 and Azure related competencies. Suite Solution architects, pre-sales technical, and deployment roles

Cost: $499

Product: EMS

Duration: 4 Days

Location: Sydney (Mar 6-9), Melbourne (Mar 13-16)

This training consists of instructor-led technical content and hands-on labs covering Hybrid Identity and Access Management (Azure Active Directory Premium), Microsoft Device and Application Management (Intune), Information Protection (Azure Rights Management Service), identifying security threats to the datacentre (Advance Threat Analytics), and data protection in the cloud (Cloud App Security). For Expression of Interest please email msaupr@microsoft.com

^ Scroll to Top
 24 Nov.
0

Windows 10 Tech Series For Australian Partners

If you are attending the Sydney event make sure you let me know, I can’t make the first two days as I’ll be wrapping up an EMS training event, but I will be there on day 3. 

You are invited to enroll in the Windows Tech Series training course. Building on deployment, management and security features first introduced with Windows 10 at release, this 3-day workshop, which includes hands-on labs, will provide you with the opportunity to explore the different deployment, management and security options and functionality available for your customers. It will also review the opportunity to develop your business as a Microsoft Cloud Solution Provider — either as a new CSP for Windows or to understand how adding Windows to your existing CSP portfolio can provide opportunities to develop your business further. The Course While the course provides extensive information from Microsoft trainers, we believe you will benefit most in developing your understanding of Windows 10 through seeing it in action, and working with it hands-on. In this course, you will work your way through the labs, demos, and other content to learn about:

Deployment infrastructure overview
Applications and updates
Managing Windows as a Service
Browsers and Internet Security
Deploying Secure Boot and Device Guard
Base system setup
Configuration
Managing Client devices
Advanced Client management
Analysis of common threats
Advanced Threat Analytics
Hardening Windows
Windows for SMB
Windows Enterprise Subscription
Deploying through CSP and managing updates
Competency Assessment Upon completion of the course, you will be given the opportunity to take the Security and Deployment Management assessment for the Windows and Devices competency. This competency provides you with tools, content and resources to help you build and grow your Windows 10 practice and shows customers that you are a trusted expert. Space is limited. Register today! We look forward to your participation in this interactive event. Please be advised that this workshop requires a commitment from you to attend from start to finish. We understand that your workload does not diminish while attending this workshop. Rest assured that numerous opportunities to stay connected will be provided throughout the day.
When and When Cliftons Sydney Office Level 13, 60 Margaret St 30th Nov – 2nd Dec 2016

 

Register Now!
Cliftons Melbourne Office Level 1, 440 Collins St 5th – 7th Dec 2016

 

Register Now!
^ Scroll to Top
 23 Nov.
0

Download The Windows 10 ADK Preview Build 14965

If you are trying to stay a step ahead of the public releases of the Windows ADK, and you haven’t done so already, sign up for the Windows Insider Preview so that you not only get early access to new Windows 10 builds, but you can also grab early releases of the Windows ADK as well.

Windows ADK Insider Preview – Build 14965 is available now, here is the information from the Insider page before you download the ISO.

Install Windows ADK Insider Preview

Download Windows Assessment and Deployment Kit (Windows ADK) Insider Preview to get the new and improved deployment tools used to automate a large-scale deployment. Windows ADK Insider Preview includes:

  • The Windows Assessment Toolkit and the Windows Performance Toolkit to assess the quality and performance of systems or components.
  • Several deployment tools such as WinPE, Windows Imaging and Configuration Designer (Windows ICD), and other tools to customize and deploy Windows 10 images.
^ Scroll to Top
 21 Nov.
0

Use cases for Microsoft Intune Client Software vs MDM

Something that often comes up during conversations about managing Windows PCs with Intune is whether they should be managed as a PC or as a mobile device. As with most conversations, there isn’t usually a clear cut answer. In this post I will highlight some of the scenarios where one option might make more sense than the other. In the next post I will have table that compares the two options side by side. Please note that these do not cover every single scenario that you might encounter, but instead should get you started in making the right decision.

Scenarios where the client software install makes sense

  1. More complex application setup requirements – if you have setup requirements greater than an MSI file, the Intune client can address this. With support for .exe and .msi setups with additional files and folders included it offers much more flexibility. You also benefit from the peer distribution capabilities of Intune if you allow that traffic on your network
  2. Centralised anti-malware management and reporting – if you are planning on using Intune Endpoint Protection as managed through the Intune Portal, MDM doesn’t deploy/manage that.
  3. Better update management and insights – Windows 10 isn’t as heavily impacted here as 8.1, with Windows 8.1 offering finer control over what gets updated. The insight into installed and missing updates isn’t something that MDM provides.
  4. Software inventory – the PC agent provides reporting on all software it detects, as opposed to reporting on just reporting on what it manages.
  5. Support for Windows 7 through to Windows 10 – if you want a consistent Intune management experience for all supported versions of Windows, this is your best option. Once the majority of the mobile PC fleet is Windows 10 based, it might be worth reinvestigating if MDM provides the capabilities that you require.

Scenarios where MDM makes sense

These are the flip side to the above points

  1. You have single file MSI installs, or are willing to repackage
  2. You already have centralised anti-malware management and reporting
  3. You are dealing with a BYOD environment where you don’t care as much about the update status of the PC
  4. You do not want full software inventory, eg BYOD
  5. You have moved away from previous editions of Windows

Things aren’t usually this clear cut, but these are part of the conversation you will need to have around these topics. If you need details on getting started with the Intune PC client software, start with the following…

https://docs.microsoft.com/en-us/intune/deploy-use/manage-windows-pcs-with-microsoft-intune

https://docs.microsoft.com/en-us/intune/deploy-use/policies-to-protect-windows-pcs-in-microsoft-intune

 

^ Scroll to Top
 20 Nov.
0

Microsoft Intune November 2016 Updates

Another month, another round of feature updates for Intune. This month’s updates include news on enhanced Cordova and Xamarin support for MAM without enrollment. If you need a refresher on what’s currently available for MAM without MDM, take a look at the table here.

Over the last few months we’ve seen new tenants moving from traditional Intune groups over to AAD groups, a huge improvement, but one that also requires some planning for those who have been using Intune since before this change. This has an impact on Android for Work, with new or migrated tenants, providing support for the Available option for apps. If you are on a non-migrated tenants, you will have to rely on Required for now.

The last few updates related to the Windows Phone 8 Company Portal, take a look at the text below from the update page for more information.

 

New capabilities

An Update on Intune and Android for Work

While you can deploy Android for Work apps with an action of Required, you can only deploy apps as Available if your Intune groups have been migrated to the new Azure AD groups experience.+

Intune App SDK for Cordova plugin now supports MAM without enrollment

App developers can now use the Intune App SDK for Cordova plugin to enable MAM functionality without device enrollment in their Cordova-based apps for Android and iOS. The Intune App SDK for Cordova plugin can be found here.+

Intune App SDK Xamarin component now supports MAM without enrollment

App developers can now use the Intune App SDK Xamarin component to enable MAM functionality without device enrollment in their Xamarin-based apps for Android and iOS. The Intune App SDK Xamarin component can be found here.+

Notices

Symantec signing certificate no longer requires signed Windows Phone 8 Company Portal for upload

Uploading the Symantec signing certificate will no longer require a signed Windows Phone 8 Company Portal app. The certificate can be uploaded independently.+

Deprecations

Support for the Windows Phone 8 Company Portal

Support for Windows Phone 8 Company Portal will now be deprecated. Support for the Windows Phone 8 and WinRT platforms was deprecated in October 2016. Support for the Windows 8 Company Portal was also deprecated in October 2016.

^ Scroll to Top
 11 Nov.
0

Microsoft Intune October 2016 Updates

As is usually the case, there are a few new features in October, including updates to Conditional Access, Android for Work support, Lookout integration, Android fingerprint reader support and more. One of the things that you do need to be aware of is that newly provisioned tenants that leverage the updated grouping and targeting features for the Android for Work features.

What’s new

Conditional access for mobile application management

You will be able to restrict access to Exchange Online so that access can come only from apps that support Intune mobile application management policies such as Outlook. This new feature pairs up perfectly with Intune mobile app management (MAM) policies as you can block access to built-in mail clients or other apps that have not been configured with the Intune MAM policies. This ensures your users are accessing your organization’s data with apps that can be protected using Intune MAM. You can get started in Intune mobile app management via the Azure portal. Look for the new Conditional Access section in the “Settings” blade.

Conditional access for Windows PCs

You can now create conditional access policies through the Intune admin console to block Windows PCs from accessing Exchange Online and SharePoint Online. You can also create conditional access policies to block access to Office desktop and universal applications. 

Android for Work support

Intune is now part of the Android for Work (AfW) program. We will begin rolling out support for AfW features starting this month and continuing over the next few months. Note that available app deployment of AfW leverages the new grouping and targeting experience. Newly provisioned Intune Service accounts will be able to use this feature once AfW is available to them. 

Existing Intune customers can use this feature in production once their tenant has been migrated. Existing customers are welcome to create a trial Intune account to plan for and test this feature until their tenant has been migrated. Any questions on grouping and targeting timelines, please contact our migration team.+

Read Microsoft’s announcement about Intune support for Android for Work. 

The following Intune topics are new, or updated with Android for Work information: 

For IT professionals: 

For end users: 

Lookout integration to protect iOS devices

In October, Microsoft is integrating with Lookout’s mobile threat protection solution to protect iOS mobile devices by detecting malware, risky apps, and more, on devices. Lookout’s solution helps you determine the threat level, which is configurable. You can create a compliance policy rule in Intune to determine device compliance based on the risk assessment by Lookout. Using conditional access policies, you can allow or block access to company resources based on the device compliance status. 

End users of noncompliant iOS devices will be prompted to enroll, and will be required to install the Lookout for Work app on their devices, activate the app, and remediate threats reported in the Lookout for Work application to gain access to company data. Learn how to Configure and deploy Lookout for Work apps 

Intune App Wrapping Tool for Android

You can enable your apps to use Intune mobile application management (MAM) policies by using the Intune App Wrapping Tool. Support for Intune MAM policies without requiring device enrollment is now available.+

Manage printing from apps managed using MAM policies

You can now prevent printing company data from apps that have MAM policies. This setting is available on the Azure portal and is supported on both iOS and Android devices. +

Support for fingerprints on Android devices

Android mobile app management (MAM) policies now allow users to access an app with their fingerprint instead of typing out their PIN. See this and other mobile app management policy settings for Android here.+

Notices

Android Samsung KNOX compatibility with Intune

Certain models of the Samsung Galaxy Ace phone cannot be managed by Intune as Samsung KNOX devices. When you enroll these devices with Intune, they will instead be managed as standard Android devices.+

The model numbers affected are:+

    • SM-G313HU
    • SM-G313HY
    • SM-G313M
    • SM-G313MY
    • SM-G313U

  You and your end users need take no further action. For more information, visit the Samsung KNOX website.

Company Portal app for Windows 8 is deprecated; support for Windows Phone 8 and Windows RT platforms are being deprecated

Starting in October 2016, Microsoft Intune will deprecate support for the Windows 8 Company Portal. Microsoft Intune will also deprecate support for the Windows Phone 8 and Windows RT platforms. As a consequence, you will not be able to enroll or update any Windows Phone 8 or Windows RT devices.+

You can continue to manage Windows Phone 8, Windows RT and Windows 8 devices that are already enrolled. Update Windows Phone 8 and Windows 8 devices to Windows 8.1 and Windows Phone 8.1, and use the corresponding Windows 8.1 and Windows Phone 8.1 Company Portal apps to continue distributing apps to these devices without disruptions.+

Starting in November 2016, we will deprecate support for the Windows Phone 8 Company Portal. +

What’s coming

New Microsoft Intune Company Portal available for Windows 10 devices

Microsoft is releasing a new Microsoft Intune Company Portal for Windows 10 devices. This app, which leverages the new Windows 10 Universal format, will provide the user with an updated user experience within the app and identical experiences across all Windows 10 devices, PC and Mobile alike, while still enabling all the same functionality that they are using today.+

The new app will also allow users to leverage additional platform features like single sign-on (SSO) and certificate-based authentication on Windows 10 devices. The app will be made available as an upgrade to the existing Windows 8.1 Company Portal and Windows Phone 8.1 Company Portal installs from the Windows Store. For more details, go to aka.ms/intunecp_universalapp. +

See also

+

To submit product feedback, please visit Intune Feedback
^ Scroll to Top
 10 Nov.
0

Bio-Key SideTouch USB for Windows Hello Review

I didn’t have too many things on my shopping list for trip to Redmond for the 2016 MVP Summit, but one of them was the Bio-Key SideTouch USB device from the Bellevue Microsoft Store. For anyone who has a Windows Hello compatible fingerprinter reader on their device already, you know the convenience, and moving forward, Windows Hello for Business will play an important role for many organisations deploying Windows 10. Bio-Key have a number of different devices available, here’s a picture of the one I chose.

sidetouch

Here are my initial impressions, based on having the device for less than a day.

Size

This was bigger than I was expecting. This isn’t a deal breaker, for me, my 2016 Dell XPS 15 isn’t a tiny, ultrathin device, but it’s large enough that I’m not comfortable with the idea of leaving it my laptop when I put it into a bag.

sidetouch3-png

Accuracy 

I’m still getting used to it, the angle that it sits at means that it’s a different experience to the reader on the Surface 4 Keyboard, or for the masses, TouchID on iPhones and iPads. It’s also not in a location where it would seem more natural, below the keyboard, alongside the trackpad. I’ve run through the fingerprint setup several times to improve accuracy if my finger lands at a different angle, and so far it’s working well.

sidetouch2

Setup

My setup experience was terrible. The device was recognised, but it wouldn’t download a driver. I went over to the Bio-Key website, and the driver was presented as a cab file. I checked the Microsoft Update Catalog.

sidetouch4

So far so good.

sidetouch5

But again, it’s a cab file. This meant that I needed to install 7Zip (other tools would work as well), because the native cab viewing features in Windows Explorer didn’t show the folder structure, or show the 32 vs. 64 bit drivers.

sidetouch6

After installing 7Zip, I was able to get what I wanted, and setup was successful.

sidetouch7

As you can imagine, this makes it hard to recommend to people who expect it to just work, especially considering this is a generic Windows 10 1607 build, not an Insiders build or similar. It could have just been my PC being fussy, but I’m not in a position to confirm that just yet.

 

 

 

^ Scroll to Top
 8 Nov.
0

Intune MAM With And Without MDM App List

Recently while discussing MAM with and without MDM with Microsoft Intune I mentioned that there was a page that gave the list of apps that supported the different options, which you can find here. Unfortunately it doesn’t give a table view of what options you have for the different apps, so I have created that table at the bottom of the page.

If you haven’t seen the MAM settings in the Azure Portal, here are a couple of screenshots for Android and iOS.

Android MAM only apps available through the portal.

iOS MAM apps available through the portal.

What  is obvious right now is that the 3rd part apps that work with Intune MAM are not available for standalone MAM, and the table below highlights this, with information taken from

MAM with MDM

MAM without MDM

Multi-Identiy

Acronis Access

iOS

Adobe Acrobat

Android

iOS

Box for EMM

iOS

Foxit Mobile PDF

Android

iOS

Microsoft Dynamics CRM

iOS

Android

iOS

Android

Microsoft Excel

iOS

Android

iOS

Android

iOS

Microsoft Intune Managed Browser

iOS

Android

iOS

Android

Microsoft OneDrive For Business

iOS

Android

iOS

Android

iOS

Android

Microsoft OneNote

iOS

iOS

Microsoft Outlook

iOS

Android

iOS

Android

iOS

Android

Microsoft PowerPoint

iOS

Android

iOS

Android

iOS

Microsoft PowerBI

iOS

Android

iOS

Microsoft Remote Desktop

iOS

Android

iOS

Android

Microsoft RMS Sharing/Azure Information Protection

iOS

Android

Microsoft SharePoint

iOS

Microsoft Skype For Business

iOS

Android

iOS

Android

Microsoft Word

iOS

Android

iOS

Android

iOS

Microsoft Work Folders

iOS

Android

Outlook Groups

iOS

Android

iOS

Android

SAP Fiori
Yammer

iOS

Android

iOS

Android

^ Scroll to Top
 30 Oct.
0

October Windows 10 development environment VMs available for download

For those of you who are constantly spinning up new VMs and installing a number of different developer tools and SDKs, these VMs act as a good base to starting on. The VMs are available for Hyper-V, VMWare, VirtualBox and Parallels users. There is a choice to get an eval version based on Windows 10 Enterprise 1067 which expires on January 17, 2017, or alternatively you can download the Windows 10 Pro 1607 based version and apply your own product key.

This evaluation virtual machines include:

If you just want to try out Windows 10 and UWP, use the free evaluation version of the VMs. This will expire after a pre-determined amount of time. However, if you want a VM that won’t expire, choose the licensed version and add your Windows license key. Don’t already have one? Buy a new Windows 10 Pro license (EN-US only).

The other option for spinning up VMs with these tools installed is to use the corresponding Windows 10 VM options in Azure if you have an MSDN subscription, or alternatively you can spin up Windows Server VMs with these tools preinstalled and ready to go.

 

^ Scroll to Top
 28 Oct.
0

Azure Active Directory Domain Services generally available

It’s been in preview for roughly a year, but Azure Active Directory Domain Services is now generally available. It definitely opens up some interesting integration between Azure IaaS and Azure AD, and is one of the considerations to take into account when planning out your Azure subscriptions and AAD namespace planning. It still currently is only exposed directly to classic virtual networks in Azure, but you can easily connect it to an ARM virtual network.

If you need more information on the virtual network requirements, take a look at Networking considerations for Azure AD Domain Services which covers Network Security Groups, subnets and port requirements, as well as having links to several other critical articles.

Now generally available, Azure Active Directory Domain Services general availability pricing will begin on December 1, 2016. The original pricing model, proposed during public preview, included three prices based on number of directory objects: 0–5,000, 5,000–25,000, and 25,000–100,000. Now we are combining the first two tiers into a single price point for all directories with under 25,000 objects and lowering the price by 25 percent. If your directory size is under 25,000 objects, you will continue to see usage listed against “S2 Domain Services Hours” on your invoice until December 1, 2016. After that, it will be renamed “S1 Domain Services Hours.” If your directory size is between 25,000 and 100,000 objects, you will see usage listed against “S3 Domain Services Hours” on your invoice until December 1, 2016, after which it will be renamed “S2 Domain Services Hours.” For more information, please visit the Azure Active Directory Domain Services Pricing webpage. To learn more about Azure Active Directory Domain Services, please visit the Azure Active Directory Domain Services webpage. Azure Active Directory Domain Services can provide scalable, high-performance, managed services such as domain-join, LDAP, Kerberos, Windows Integrated Authentication, and Group Policy support.

^ Scroll to Top

%d bloggers like this: