Intune – Be prepared as an updated CSP path is going to break your Email Profiles

With incoming April updates for Intune (version 1904), an update CSP path for email profiles is going to be deployed and will break your existing email profiles configured for Windows 10 (desktop and mobile). This fix is going to solve an identified issue with selective wipe. To be prepared, you need to capture every email profiles and their corresponding settings. After the 1904 April update is deployed in your tenant,…

Read More

Intune – You can now rename Windows 10 devices from the Intune portal

The latest Intune updates introduce the ability to rename Windows 10 devices (1809 [aka RS4] and later). When using the feature, the next time the Windows 10 client connects to Intune his name will be changed. To start using it, logon to your Intune tenant either from the Azure portal (https://portal.azure.com) or your Devices Management portal (https://devicemanagement.microsoft.com/) and go to the Devices blade Then select All Devices and locate the…

Read More

Intune – Security Baselines is getting available

After starting delivering group policy objects like capability, Intune is now getting a security baseline feature. You can start using it either by searching for Security Baselines from your Azure portal, Office 365 mobile device management portal, or by accessing it through the direct URL (as the feature deployment is still in progress this may  not yet be visible) https://ms.portal.azure.com/#blade/Microsoft_Intune_Workflows/SecurityBaselineMenu/securityBaselines The Security Baslines capability is based on the well known…

Read More

Intune – You can now check the compliance from SCCM

As you may already know, System Center Configuration Manager (SCCM) and Intune can work together, delivering a co-managed device management solution. Well, you can now use the compliance state from SCCM with Intune. This setting will only apply to co-managed devices, if the devices are managed by Intune only, this will not be applicable. To enable the ‘co-management compliance state’ go to your Azure portal (https://portal.azure.com) and reach out the…

Read More

Intune – Group Policy is coming in Intune (preview)

The latest update on Intune is providing (in preview) the ability to configure group policy (GPO) for Windows 10 devices. This is not (yet?) the exact group policy we have in Active Directory but the idea is the same and based on the well known Administrative Templates (ADM/ADMX). NOTE this is currently not supported for co-managed device (aka Azure AD joined devices managed with System Center Configuration Manager (SCCM)) but…

Read More

Intune – New Intune tenant details blade available

Intune has been updated to include a new blade resuming all Intune tenant details and health information. This new blade, called Tenant Status, is available below the Help and Support section of your Intune tenant, accessible either from the Azure portal – https://portal.azure.com It gives you your Intune tenant details (name, location, service release (version), number of licenses available and applied, number of enrolled devices) as well as health details…

Read More

Intune / Windows 10 – You can refresh a device while keeping it enrolled

This has been available for few months already but apparently was not quite known. Since last August 2018, you can now request to refresh an enrolled Windows 10 (1703 and later) from Intune. The refresh option – called Fresh Start – will remove all preinstalled application while keeping the device enrolled. It is important to Retain the user data if you want to keep the device enrolled (Azure AD Joined,…

Read More

Intune / Windows 10 – You can now configure the Delivery Optimization for Windows Update

The latest Intune update allows you to configure the Delivery Optimization for Windows Update in Windows 10/Windows Server 2019 (yes, Delivery Optimization is also available on Windows Server 2019 ) Do configure the Delivery Optimization you need to create a new Device Profile for Windows 10 or Later and then choose the Delivery Optimization profile type, then you can define how the Delivery Optimization will work – from HTTP only…

Read More

SCCM – Use Autopilot when deploying OS

Following the availability of the new SCCM Current Branch build (1810), it is now possible to use the built-in SCCM task sequence to use Autopilot when deploying OS. To use it, you need to create an SCCM package which will contains the Autopilot settings and use the SCCM tasks sequence (this is not available for MDT integrated task sequence) and choose the Deploy Windows Autopilot for existing devices To create…

Read More

Intune – You can now get Windows 10 join an Active Directory Domain (preview)

It has been quite a limitation so far for Windows 10 managed with Intune; it was impossible to get them to join an Active Directory domain using Autopilot, making these devices Azure AD Hybrid joined devices. Now (currently in preview – so there could be some glitch and may change), you can assign an Intune profile to your Windows 10 devices to join your Active Directory domain. Off course, to…

Read More

Intune – You can now assign Windows Autopilot profile to already registered clients

As you may already know Windows Autopilot simplifies Windows 10 device enrollment to Azure Active Directory (AAD) and providing seamless user experience. One of the problem with Windows Autopilot was if your already have Windows 10 devices registered to your Azure AD, you were not able to assign an Autopilot profile. With the latest update on Intune, you can now update your Autopilot policy to apply the policy also on…

Read More

Intune – Display an enrollment status page

With the latest Intune update, you can now display an enrollment status page after a Windows 10 device has been registered. The page will let your end-users know what is happening while their device is finalizing the registration process. To do so, you first need to enable the feature in Intune Connect to your Azure portal and reach out the Intune configuration blade Then reach out the Device Enrollment\Windows Enrollment…

Read More

Intune – You can allow/block personal devices to register

If your company policy requires to allow only corporate devices to register to Intune, you can now block personally owned devices to join. To do so, from your Intune configuration blade reach out the Device enrolment blade and create/edit an Enrolment Restrictions policy The option to allow/block personally owned devices is available for each supported OS in the Configure platforms configuration blade

Read More

Intune – You can now target specific users/devices when applying Windows Hello policy

With the latest updates on Intune, you can now define specific users/devices when you apply a Windows Hello policy. Until then, the Windows Hello policy was a tenant level settings and as such applied to all users/devices. To define the Windows Hello policy, go to your Intune configuration blade and reach out the Device configuration\Profiles and create an Identity Protection profile, then you will be able to define the targeted…

Read More

Intune – You can edit the update channel for your Office 365 Click to Run and define which version to get installed

With the latest updates on Intune, you can now edit the channel update after you have added your Office 365 Click to Run application on Intune as well as define (if required) which specific release needs to be installed on the client. To edit the update channel and/or define the version to be installed, go to your Intune configuration blade from your Azure portal and reach out the Mobile apps…

Read More