Intune – You can now get Windows 10 join an Active Directory Domain (preview)

It has been quite a limitation so far for Windows 10 managed with Intune; it was impossible to get them to join an Active Directory domain using Autopilot, making these devices Azure AD Hybrid joined devices. Now (currently in preview – so there could be some glitch and may change), you can assign an Intune profile to your Windows 10 devices to join your Active Directory domain. Off course, to…

Read More

Intune – You can now assign Windows Autopilot profile to already registered clients

As you may already know Windows Autopilot simplifies Windows 10 device enrollment to Azure Active Directory (AAD) and providing seamless user experience. One of the problem with Windows Autopilot was if your already have Windows 10 devices registered to your Azure AD, you were not able to assign an Autopilot profile. With the latest update on Intune, you can now update your Autopilot policy to apply the policy also on…

Read More

Intune – Display an enrollment status page

With the latest Intune update, you can now display an enrollment status page after a Windows 10 device has been registered. The page will let your end-users know what is happening while their device is finalizing the registration process. To do so, you first need to enable the feature in Intune Connect to your Azure portal and reach out the Intune configuration blade Then reach out the Device Enrollment\Windows Enrollment…

Read More

Intune – You can allow/block personal devices to register

If your company policy requires to allow only corporate devices to register to Intune, you can now block personally owned devices to join. To do so, from your Intune configuration blade reach out the Device enrolment blade and create/edit an Enrolment Restrictions policy The option to allow/block personally owned devices is available for each supported OS in the Configure platforms configuration blade

Read More

Intune – You can now target specific users/devices when applying Windows Hello policy

With the latest updates on Intune, you can now define specific users/devices when you apply a Windows Hello policy. Until then, the Windows Hello policy was a tenant level settings and as such applied to all users/devices. To define the Windows Hello policy, go to your Intune configuration blade and reach out the Device configuration\Profiles and create an Identity Protection profile, then you will be able to define the targeted…

Read More

Intune – You can edit the update channel for your Office 365 Click to Run and define which version to get installed

With the latest updates on Intune, you can now edit the channel update after you have added your Office 365 Click to Run application on Intune as well as define (if required) which specific release needs to be installed on the client. To edit the update channel and/or define the version to be installed, go to your Intune configuration blade from your Azure portal and reach out the Mobile apps…

Read More

Intune – You can now edit your Office 365 Click to Run Deployment

With the latest updates on Intune, you can now update your Office 365 Click to Run deployment. Previously you had to delete the deployment and re-create a new one with the updated deployment settings if you had to add/remove Office application from your deployment. Just access your Intune configuration blade from the Azure portal and reach out the Mobile apps blade to edit your existing Office 365 Click to Run…

Read More

SCCM/Intune – Hybrid mobile device management is deprecated

It seems it has not been widely and properly communicated As you may know with System Center Configuration Manager (SCCM) you were able to setup an hybrid mobile device management with Intune, meaning you were able to use Intune to register your device and use SCCM to manage them. So, since August 14th 2018, this hybrid mobile device management is deprecated. If you are using this hybrid MDM feature, you…

Read More

SCCM – A new version of SCCM Current Branch is now available

The update 1806 for System Center Configuration Manager (SCCM) Current Branch has been released and is now available for production customers. As usual the update is being delivered with the ‘in-console update’ (Administration workspace\Updates and Servicing) If the update is not yet available and you do not want to wait, a PowerShell script is available to force the detection here https://gallery.technet.microsoft.com/ConfigMgr-1806-Enable-3eb4b46c As part of the new capabilities, you can: add…

Read More

Intune – Third party certification authorities is now supported for SCEP

One of the important security management responsibilities of Microsoft Intune is the ability to issue certificates to devices using the Simple Certificate Enrollment Protocol (SCEP). Starting today, Intune now supports third party certification authorities for SCEP – starting with Entrust as first CA. Support of Active Directory Certificate Services is still supported of course Below an high level diagram explaining how SCEP works with Intune (courtesy Microsoft) To setup the…

Read More

Windows 10 – Error 0x80180014 when joining Windows 10 to Azure AD

I just got an interesting error when trying to join a Windows 10 1803 to Azure AD; I was continuously getting the error ‘0x80180014’ when trying to join the device to Azure AD. The interesting thing was this device has been already Azure AD Joined but has been reset, with all reference in Azure AD or Intune removed. Nonetheless, each time I tried to join again I was getting this…

Read More

Intune – Third party antivirus solutions are now supported for Device Compliance Policy

Until the last Intune update (week of July 2, 2018), when you were setting up a Windows 10 Device Compliance Policy you were obliged to use Windows Defender as local antivirus solution if you wanted to set an antivirus solution is required to be marked as compliant. After this update, you can now set this requirement even if you are using a third party antivirus solution (such as Symantec) as…

Read More

Intune – Automatic device cleanup

With the latest Intune update (week of July 2, 2018), a new feature has been added to automatically cleanup Intune from devices which did not contact the service. As you may be aware, devices which do not contact Intune service for a certain period of time are marked as not compliant and there maybe some work for the Intune administrators to cleanup these devices. With this update you can now…

Read More

Intune – The Intune Silverlight portal is going to be removed

About 18 months ago, Microsoft has announced the integration of Intune service into the Azure ARM portal. Now, the Intune Silverlight portal is going to be removed (starting August 31st, 2018) with all Intune capabilities moved to the Azure ARM portal. If you are still using the Intune agent to manage Window 7 (and later), the Silverlight portal will remain available.  This will be the only workload remaining in this…

Read More