Intune – Enable Windows Redeployment from logon screen

Starting with Window 10 build 1709, it is possible for administrators to re-initialize Windows 10 devices to remove personal files and settings and revert the device to an original state, while keeping the device enrollment. Enable the policy To make Windows Automatic Deployment available from the logon screen, you must first enable the policy; which can be done either with Intune (or any MDM supporting CSP) or with a Windows…

Read More

Intune – You can now assign mobile app to all users

A new option has been his apparition on the Intune management portal when assigning applications. You can now assign an application as available to all users with enrolled devices; you do not need anymore to assign it to a group At the time of writing this post, this option is only available for Microsoft Store for Business app (I’m sure this will come too to Apple and Google stores) In…

Read More

SCCM – Co-management is now available in SCCM Current Branch (1710)

The latest update for SCCM Current Branch is now available and includes the announced co-management feature. The co-management feature allows you to manage your devices with Intune and SCCM without having to setup an Intune subscription on SCCM. Especially in scenarios where Windows 10 Azure AD Joined device needs to use the SCCM agent. Once you have installed the SCCM update (as usual you can force it by using the…

Read More

Intune – Conditional Access is moving to be only on Azure AD

On January 2018, conditional access policies for Intune will be moved for good to Azure AD. Until now (and January 2018), conditional access configuration is/was available through the ‘classic’ Silverlight Intune portal, Intune App Protection (MAM) blade and classic Azure AD portal. If you have policies configured on any of these previous access point, you need to review them and start configuring these policies using the new Azure AD portal.…

Read More

Intune – Enrollment status screen

With Windows 10 build 1709 (Fall Creators Update) and Intune, you can now provide details to the end-user while enrolling the device. This can be quite helpful to let them know what is going on as well as for troubleshooting purpose. To enable and configure it, you need to logon to your Azure ARM portal and go to Intune Then you need to go to the Device enrollment\Windows enrollment section…

Read More

Azure AD – Allow end-users to reset password or PIN from the login screen

UPDATE 21 nov 2017 You can also use the registy key HKLM\Software\Policies\Microsoft\AzureADAccount to enable this. Create a DWORD key named AllowPasswordReset with the value 00000001. I have tested with an AAD Joined device managed with SCCM. Will test with an AD Joined device later.   With Windows 10 Fall Creators Update (build 1709) you can allow your end-user to self reset their password (or PIN) directly from the login screen.…

Read More

Intune – Troubleshooting assistant to resolve end-user’s issues

Troubleshooting Intune issues can be painful and complicated. To help you in this task, a new troubleshooting assistant has been introduced. Access to this troubleshooting assistant is easy: either use the direct URL http://aka.ms/intunetroubleshooting or through the portal by searching for Intune and go to the Help and Support\Troubleshoot section Then you start troubleshooting the issue by first selecting the user having trouble As result the troubleshooting assistant is confirming…

Read More

Intune – You can now switch your MDM authority without Microsoft support and not re enrollment

With the June 2017 updates for Intune, it is now possible to switch the MDM (mobile device management) authority from Intune to SCCM Hybrid and vice-versa without opening a support request AND without having to re enroll devices already enrolled (see https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/change-mdm-authority)

Read More

Microsoft Intune – Enrollment support change for iOS

In the coming months, Microsoft Intune will be updated to allow only iOS 8.x or later to be enrolled. Existing enrolled devices will not be impacted and will continue to be managed for a limited time but it will not be possible to enroll new devices running older version of iOS. As usual, this is always important to run the latest version to ensure you can continue to use the…

Read More

Office 365 – Phantom mobile device

I have been playing with the Mobile Device Management feature for Office 365 for some time already – since it has been in technical preview. I registered many devices running on different OS (Windows, Windows Phone, Windows 10 Tech Preview, Android..) but recently I discovered a rogue/phantom device in the Office 365 Mobile Device Management section. This device was unregistered some time ago already, has been restores and re installed…

Read More

Intune – Azure Authenticator App will be mandatory for Android devices

If you are using Microsoft Intune as client and/or device management solution, you have to be aware that Microsoft will make the Azure Authenticator app a requirements for Android devices in September 2015. You can opt out this requirements using the Intune management portal through the Mobile Device Management\Android If you opt out you need to know that later this year (when the Company Portal app will be updated), single…

Read More