Intune / Windows 10 – You can refresh a device while keeping it enrolled

This has been available for few months already but apparently was not quite known. Since last August 2018, you can now request to refresh an enrolled Windows 10 (1703 and later) from Intune. The refresh option – called Fresh Start – will remove all preinstalled application while keeping the device enrolled. It is important to Retain the user data if you want to keep the device enrolled (Azure AD Joined,…

Read More

Intune / Windows 10 – You can now configure the Delivery Optimization for Windows Update

The latest Intune update allows you to configure the Delivery Optimization for Windows Update in Windows 10/Windows Server 2019 (yes, Delivery Optimization is also available on Windows Server 2019 ) Do configure the Delivery Optimization you need to create a new Device Profile for Windows 10 or Later and then choose the Delivery Optimization profile type, then you can define how the Delivery Optimization will work – from HTTP only…

Read More

Intune – You can allow/block personal devices to register

If your company policy requires to allow only corporate devices to register to Intune, you can now block personally owned devices to join. To do so, from your Intune configuration blade reach out the Device enrolment blade and create/edit an Enrolment Restrictions policy The option to allow/block personally owned devices is available for each supported OS in the Configure platforms configuration blade

Read More

SCCM/Intune – Hybrid mobile device management is deprecated

It seems it has not been widely and properly communicated As you may know with System Center Configuration Manager (SCCM) you were able to setup an hybrid mobile device management with Intune, meaning you were able to use Intune to register your device and use SCCM to manage them. So, since August 14th 2018, this hybrid mobile device management is deprecated. If you are using this hybrid MDM feature, you…

Read More

SCCM – A new version of SCCM Current Branch is now available

The update 1806 for System Center Configuration Manager (SCCM) Current Branch has been released and is now available for production customers. As usual the update is being delivered with the ‘in-console update’ (Administration workspace\Updates and Servicing) If the update is not yet available and you do not want to wait, a PowerShell script is available to force the detection here https://gallery.technet.microsoft.com/ConfigMgr-1806-Enable-3eb4b46c As part of the new capabilities, you can: add…

Read More

Intune – Third party certification authorities is now supported for SCEP

One of the important security management responsibilities of Microsoft Intune is the ability to issue certificates to devices using the Simple Certificate Enrollment Protocol (SCEP). Starting today, Intune now supports third party certification authorities for SCEP – starting with Entrust as first CA. Support of Active Directory Certificate Services is still supported of course Below an high level diagram explaining how SCEP works with Intune (courtesy Microsoft) To setup the…

Read More

Intune – Automatic device cleanup

With the latest Intune update (week of July 2, 2018), a new feature has been added to automatically cleanup Intune from devices which did not contact the service. As you may be aware, devices which do not contact Intune service for a certain period of time are marked as not compliant and there maybe some work for the Intune administrators to cleanup these devices. With this update you can now…

Read More