Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.
X
Aside

Intune: New Features

Latest batch of Intune features was announced, read the original post here.

New Microsoft Intune features and enhancements will be released over the next week. Building on the Intune management capabilities for Windows 10 that were announced in May, this service update adds support for creating and deploying Windows 10 configuration policies and VPN profiles using new Windows 10-specific templates. Additionally, as detailed on the Active Directory team blog, you can now automatically enroll Windows 10 devices into Intune device management using Azure AD join.

In addition to these new Windows 10 management capabilities, this Intune service update includes several other features and enhancements, such as:

Deployment of certificates in .pfx format: You can deploy certificates in Personal Information Exchange (.pfx) format to Windows 10 and Android devices without need for Network Device Enrollment Service (NDES).

  • Multi-identity support for OneDrive app on Android: When using the OneDrive app for Android devices, users can access both their personal and corporate accounts in the same app while Intune mobile application management policies are only applied to the user’s corporate account (Multi-identity support for OneDrive app on iOS previously released in June).
  • User-specific terms and conditions: You can deploy customized terms and conditions to Intune user groups which they must accept before using the Intune Company Portal to enroll devices and access corporate resources.
  • Conditional access for Windows PCs: You can restrict access to Office 365 so that only domain-joined PCs running Office 2013 can connect.
  • Support for custom VPN profiles for iOS: You have the ability to define VPN settings for additional VPN providers on iOS devices using the new custom option in the VPN profile dropdown menu.
  • Management of Activation Lock feature for iOS: You have the ability to manage the Activation Lock feature on iOS 7.1+ devices, providing you with the option to turn the feature on/off, view status, and bypass the Activation Lock.
  • Intune Company Portal app for Android updated: The Intune Company Portal app for Android has been updated to display device enrollment instructions after signing in for those who have not yet enrolled their device for management.
Aside

Intune: Managed Browser Write-Up

Very well done write-up on the Intune Managed Browser done by Peter van der Woude.

Read his excellent post here.

Before I’ll start with the second part of the my blog post about multi-identity in the managed Outlook app, I thought it would be wise to make a side-step to the Microsoft Intune Managed Browser first. The main reason for that is that the Microsoft Intune Managed Browser can also have a managed browser policy configured. That policy can have a direct impact on the end-user experience when opening links from the Outlook app.

The good thing, for this blog post, is that the Microsoft Intune Managed Browser doesn’t use multiple identities. It’s either managed, or not. This blog post will describe the behavior of the Microsoft Intune Managed Browser. During the second part, of my post about multi-identity in the managed Outlook app, this behavior will also be shown.

Aside

Table of Contents: Windows 10 + EMS & ConfigMgr

Great post over on the TechNet Blogs. 

Some posts are already published, others are coming, either way, it’s a great resource and I recommend you check it out!

Aside

Intune: Multi-Identity and Mobile App Management (MAM)

Great explanation of the new features around Multi-Identity in Mobile App Management (MAM) layer.  Read the full article here.

The currently supported apps are here on Technet, and whether or not they support Multi-Identity is listed as well (*).

In June, we released an update to the Microsoft Intune mobile application management (MAM) capabilities for iOS and Android that enables coexistence of policy-managed (corporate) and unmanaged (personal) accounts in a single app – this new feature is known as multi-identity. Here’s a high-level example of how this works:

Many users access both corporate and personal email accounts in the Outlook app for iOS and Android. When a user is accessing data in their corporate account, the IT pro needs to be confident that MAM policy management will be applied and help protect this corporate data. However, when a user is accessing a personal email account that data should be outside of IT’s control. Intune achieves this by targeting the management policy to only the corporate account in the application. The multi-identity feature helps solve the data protection problem that organizations are facing with devices and apps that support both personal and work accounts while maintaining the end user’s experience and the privacy of his/her personal data.

Aside

Windows 10: Provisioning Packages Walkthrough on TechNet

Very cool read!  I think these provisioning packages will greatly assist with how we traditionally build images and handle customizations.

Read the full post here.

Standard practice for most IT administrators when migrating to a new client offering entails creating a baseline image of a desired client state. Next the IT administrator wipes the computer to be worked on to image it with the newly created client image.  This procedure is not without it’s faults however and hardware inconsistencies have in past plagued imaging installs. Windows 10 provides an alternative to this with a more stable offering.

Aside

Microsoft Intune: Improved App Catalog Experience

Great post over on the Intune Blog.  The company portal app has been updated with some very nice changed that I think are welcomed. 

Read the entire post here.

Aside

Microsoft Intune: New Features June/July

Read the original post here on the Intune Team Blog.

We are planning to release the next set of Microsoft Intune features between June 22 and July 2. As part of this service update, customers using Intune standalone (cloud only) and System Center Configuration Manager integrated with Intune (hybrid) can expect the following new features:

  • Multi-identity support added for Word, PowerPoint, and OneDrive apps for iOS devices, enabling users to access both their personal and work accounts in the same Office mobile apps while Intune mobile application management policies are only applied to the user’s work account (Updated Excel app for iOS devices pending store approval)
  • Notifications added in the Company Portal app for iOS to notify users when a new app version is available in the App Store

In addition to the above features, the following new features will be made available for customers using Intune standalone:

  • Ability to install .appx apps from the Intune Company Portal website (already available within ConfigMgr console for hybrid customers)
  • Updated Endpoint Protection agent for managing Windows PCs
  • Ability for admins to view malware-infected file paths from Intune admin console (already available within ConfigMgr console for hybrid customers)

Also, as announced last week, customers using Intune standalone now have the ability to restrict access to the Outlook app based upon device enrollment and compliance policies and can restrict actions such as cut, copy, paste, and “save as” of corporate data between the Intune-managed Outlook app and apps not managed by Intune. These Outlook apps for iOS and Android are also enabled with multi-identity support. The features for managing the Outlook apps will be made available to customers using ConfigMgr integrated with Intune (hybrid) as part of the Intune service update rolling out between June 22 and July 2.

Aside

ConfigMgr: Windows 7 32-bit and Software Updates

Pretty nasty bug out there right now with 32-bit Windows 7 and Software Updates.  If you are struggling with getting your clients to download/install updates.  Check your WindowsUpdate.log, if you see the following error:

WARNING: ISusInternal::GetUpdateMetadata2 failed, hr=8007000E

Then I’d strongly encourage you to apply the following KB/Hotfix (KB3050265). 

Here is also a great article explaining what is going on from the ConfigMgr Team Blog.  Read that article here.

After applying this update in my client environment, patches immediately started working again.

Aside

ConfigMgr: ConfigMgr 2012 R2 SP1 and ConfigMgr 2012 SP2 Now Available

SP1/SP2 for ConfigMgr 2012 has been released.

Read more from the ConfigMgr Team Blog here.

Following the announcements made at the Microsoft Ignite conference last week, we are happy to let you know that System Center 2012 R2 Configuration Manager SP1 and System Center 2012 Configuration Manager SP2 are now generally available and can be downloaded on the Microsoft Evaluation Center. These service packs deliver full compatibility with existingfeatures for Windows 10 deployment, upgrade, and management.

Also included in these service packs are new hybrid features for customers using System Center Configuration Manager integrated with Microsoft Intune to manage devices. Some of the hybrid features that you can expect to see are conditional access policy, mobile application management, and support for Apple Device Enrollment Program (DEP). You can view the full list of hybrid features included in these service packs here.

Below are a few additional links that you may find helpful as you begin to explore these new releases.

Aside

ConfigMgr/Intune: Ignite 2015 Sessions

Here are the sessions of note for Ignite 2015 around Configuration Manager and Microsoft Intune. Links to Channel9 to watch the recording are below.

Managing Windows 10 with Microsoft Intune and System Center Configuration Manager

Excited about the new Windows 10 features? We are as well! Join this session to learn about how Microsoft Intune and System Center Configuration Manager are going to support and enhance new features coming in Windows 10.

What’s New and Upcoming with Microsoft Intune and System Center Configuration Manager

This session outlines the latest enhancements in enterprise mobility management using Microsoft Intune and System Center Configuration Manager. See the newest Microsoft Intune improvements for managing mobile productivity without compromising compliance, and learn about the futures of Microsoft Intune and Configuration Manager, including new Windows 10 management scenarios.

Managing Your Datacenter with Microsoft System Center Configuration Manager

Is deploying, updating, and maintaining configuration compliance still a challenge in your datacenter environment? Join this session to learn how System Center Configuration Manager along with the other components of System Center can make your life easier by addressing these common challenges. We share with you lessons learned from customer deployments, common industry practices, and provide insights into what is coming in the future.

What’s New with OSD in System Center Configuration Manager and the Microsoft Deployment Toolkit

This session covers future improvements for deployment and upgrade in the next versions of System Center Configuration Manager, Microsoft Deployment Toolkit (MDT), and Windows. Learn how Microsoft is gearing up to make the deployment and upgrade of the next version of Windows using Configuration Manager or MDT the easiest yet.

Configuring Corporate-Owned Mobile Devices with Microsoft Intune

Not all mobile devices are personally owned. Often, corporations own the devices and issue them to end users. It’s up to the IT Pro to configure these devices. Intune makes it easy for IT Pros to provision, configure, and manage corporate-owned devices. In this session, learn how to use Apple Configurator to bulk-enroll iOS devices, how to tightly control device usage, and how to pre-provision apps and policies to devices. We walk you through how Microsoft Intune enables IT Pros to keep devices secure and managed, while enabling end users to be productive.

Evolving Mobile Application Management for BYOD Devices with Microsoft Intune

Protecting company assets on mobile devices will continue to grow as a crucial challenge to IT in 2015. In this session, you’ll see the latest advancements in Microsoft Intune’s Mobile Application Management solution. The focus will be on two differentiating technologies: first, enforcing application management for specific identities to ensure company assets are protected and personal assets remain under user control; and second, enabling application-level data protection independent of MDM. This session will include both a discussion of the features and capabilities as well as a demonstrations of these scenarios in key Microsoft applications.

Deep Dive on Android and iOS Device Management with Microsoft Intune

Do you manage Apple devices in an enterprise or educational environment? How about Android? Do you think they’re fully secured? Think again. In this deep dive session we will provide insights into managing mobile devices using Microsoft Intune and the MDM channel. This session will dive into advanced topics like Supervised mode, Apple Configurator, jailbreak detection as well as new Android features. We will also provide a first glimpse into managing Mac OS X devices using the modern MDM functionality of Microsoft Intune, rounding out Intune support for every major platform.

Configuring Corporate-Owned Mobile Devices with Microsoft Intune

Not all mobile devices are personally owned. Often, corporations own the devices and issue them to end users. It’s up to the IT Pro to configure these devices. Intune makes it easy for IT Pros to provision, configure, and manage corporate-owned devices. In this session, learn how to use Apple Configurator to bulk-enroll iOS devices, how to tightly control device usage, and how to pre-provision apps and policies to devices. We walk you through how Microsoft Intune enables IT Pros to keep devices secure and managed, while enabling end users to be productive.

Building Out a Successful Microsoft Intune Pilot

Are you planning to pilot or deploy Microsoft Intune and looking for straight forward technical guidance to help you accelerate these efforts? Please join the Intune Engineering Customer Acceleration Team as they share their extensive Intune implementation experience working with customers from all over the world. During this session the team will share their experiences, covering the end to end implementation process, from planning, architecture, deployment and management. At the end of this session you will have everything you will need to successfully deploy Intune in your environment, even if you have no prior knowledge or experience with Intune.

Evolving Mobile Application Management for BYOD Devices with Microsoft Intune

Protecting company assets on mobile devices will continue to grow as a crucial challenge to IT in 2015. In this session, you’ll see the latest advancements in Microsoft Intune’s Mobile Application Management solution. The focus will be on two differentiating technologies: first, enforcing application management for specific identities to ensure company assets are protected and personal assets remain under user control; and second, enabling application-level data protection independent of MDM. This session will include both a discussion of the features and capabilities as well as a demonstrations of these scenarios in key Microsoft applications.

Device and Data Protection with Mobile Device Management in Office 365

In this session we dive deep into mobile device and data management for Office 365. This includes our new MDM for Office 365 feature and application management with Microsoft Intune. Both of these features now include conditional access to Office 365 data so you can protect Office 365 content on any device with ease!