Intune – You can allow/block personal devices to register

If your company policy requires to allow only corporate devices to register to Intune, you can now block personally owned devices to join. To do so, from your Intune configuration blade reach out the Device enrolment blade and create/edit an Enrolment Restrictions policy The option to allow/block personally owned devices is available for each supported OS in the Configure platforms configuration blade

Read More

Intune – You can now target specific users/devices when applying Windows Hello policy

With the latest updates on Intune, you can now define specific users/devices when you apply a Windows Hello policy. Until then, the Windows Hello policy was a tenant level settings and as such applied to all users/devices. To define the Windows Hello policy, go to your Intune configuration blade and reach out the Device configuration\Profiles and create an Identity Protection profile, then you will be able to define the targeted…

Read More

Intune – You can edit the update channel for your Office 365 Click to Run and define which version to get installed

With the latest updates on Intune, you can now edit the channel update after you have added your Office 365 Click to Run application on Intune as well as define (if required) which specific release needs to be installed on the client. To edit the update channel and/or define the version to be installed, go to your Intune configuration blade from your Azure portal and reach out the Mobile apps…

Read More

Intune – You can now edit your Office 365 Click to Run Deployment

With the latest updates on Intune, you can now update your Office 365 Click to Run deployment. Previously you had to delete the deployment and re-create a new one with the updated deployment settings if you had to add/remove Office application from your deployment. Just access your Intune configuration blade from the Azure portal and reach out the Mobile apps blade to edit your existing Office 365 Click to Run…

Read More

SCCM/Intune – Hybrid mobile device management is deprecated

It seems it has not been widely and properly communicated As you may know with System Center Configuration Manager (SCCM) you were able to setup an hybrid mobile device management with Intune, meaning you were able to use Intune to register your device and use SCCM to manage them. So, since August 14th 2018, this hybrid mobile device management is deprecated. If you are using this hybrid MDM feature, you…

Read More

SCCM – A new version of SCCM Current Branch is now available

The update 1806 for System Center Configuration Manager (SCCM) Current Branch has been released and is now available for production customers. As usual the update is being delivered with the ‘in-console update’ (Administration workspace\Updates and Servicing) If the update is not yet available and you do not want to wait, a PowerShell script is available to force the detection here https://gallery.technet.microsoft.com/ConfigMgr-1806-Enable-3eb4b46c As part of the new capabilities, you can: add…

Read More

Intune – Third party certification authorities is now supported for SCEP

One of the important security management responsibilities of Microsoft Intune is the ability to issue certificates to devices using the Simple Certificate Enrollment Protocol (SCEP). Starting today, Intune now supports third party certification authorities for SCEP – starting with Entrust as first CA. Support of Active Directory Certificate Services is still supported of course Below an high level diagram explaining how SCEP works with Intune (courtesy Microsoft) To setup the…

Read More

Windows 10 – Error 0x80180014 when joining Windows 10 to Azure AD

I just got an interesting error when trying to join a Windows 10 1803 to Azure AD; I was continuously getting the error ‘0x80180014’ when trying to join the device to Azure AD. The interesting thing was this device has been already Azure AD Joined but has been reset, with all reference in Azure AD or Intune removed. Nonetheless, each time I tried to join again I was getting this…

Read More

Intune – Third party antivirus solutions are now supported for Device Compliance Policy

Until the last Intune update (week of July 2, 2018), when you were setting up a Windows 10 Device Compliance Policy you were obliged to use Windows Defender as local antivirus solution if you wanted to set an antivirus solution is required to be marked as compliant. After this update, you can now set this requirement even if you are using a third party antivirus solution (such as Symantec) as…

Read More

Intune – Automatic device cleanup

With the latest Intune update (week of July 2, 2018), a new feature has been added to automatically cleanup Intune from devices which did not contact the service. As you may be aware, devices which do not contact Intune service for a certain period of time are marked as not compliant and there maybe some work for the Intune administrators to cleanup these devices. With this update you can now…

Read More

Intune – The Intune Silverlight portal is going to be removed

About 18 months ago, Microsoft has announced the integration of Intune service into the Azure ARM portal. Now, the Intune Silverlight portal is going to be removed (starting August 31st, 2018) with all Intune capabilities moved to the Azure ARM portal. If you are still using the Intune agent to manage Window 7 (and later), the Silverlight portal will remain available.  This will be the only workload remaining in this…

Read More

Intune – Enhanced conditional access with Windows Defender ATP

With Windows 10, Microsoft has introduced an advanced protection system integrated with Windows Defender caller Windows Defender Advanced Threat Protection (WDATP) (see https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection to know more). Now, with Intune you can also use Windows Defender ATP status to allow/deny access to resources. To use Windows Defender ATP in your conditional access, go to your Azure ARM portal (https://portal.azure.com) and access your Intune\Device Compliance configuration blade Access the policies blade and…

Read More

Intune – Enable Windows Redeployment from logon screen

Starting with Window 10 build 1709, it is possible for administrators to re-initialize Windows 10 devices to remove personal files and settings and revert the device to an original state, while keeping the device enrollment. Enable the policy To make Windows Automatic Deployment available from the logon screen, you must first enable the policy; which can be done either with Intune (or any MDM supporting CSP) or with a Windows…

Read More

Intune – You can now assign mobile app to all users

A new option has been his apparition on the Intune management portal when assigning applications. You can now assign an application as available to all users with enrolled devices; you do not need anymore to assign it to a group At the time of writing this post, this option is only available for Microsoft Store for Business app (I’m sure this will come too to Apple and Google stores) In…

Read More