Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.

Microsoft Intune: Intune and EMS subscriptions now available in the Office 365 portal!

Nice update to the o365 portal to make management easier.

Read the full post here.

We have received feedback from you asking for fewer portals to manage your Microsoft subscriptions. Based upon this feedback, we are merging the Microsoft Intune account portal with the Office 365 management portal to simplify your user experience.

As an initial change, the Office 365 management portal now supports subscription management and license assignment for Intune and Enterprise Mobility Suite (EMS). Until late September, you can continue to use the Intune account portal while you update your workflows and bookmarks. Following this transition period, the Office 365 management portal will be where you will manage subscriptions and license assignments. We anticipate retiring the Intune portal on or after September 28, 2015 and an in-service banner will be added to remind you of this change.

For EMS customers who previously visited the Azure portal for user creation and license assignment, you can continue to use the Azure portal to take advantage of advanced features such as group license assignment. Alternatively, you can begin assigning licenses while already managing other subscriptions in the Office 365 management portal. There are no changes to the Azure portal or the Intune admin console as part of this migration.



Lunch Break, ep. 1: Todd Bishop, Editor & Co-Founder, GeekWire

Fun video series by Brad Anderson.  I enjoyed watching it and am looking forward to more!

Read the original post here.

Today marks the launch of Season 1 of my new series featuring some of the smartest and most interesting people I know from around the industry.

In episode 1, I talk with Todd Bishop, the editor and co-founder of the tech site


Intune: New Features

Latest batch of Intune features was announced, read the original post here.

New Microsoft Intune features and enhancements will be released over the next week. Building on the Intune management capabilities for Windows 10 that were announced in May, this service update adds support for creating and deploying Windows 10 configuration policies and VPN profiles using new Windows 10-specific templates. Additionally, as detailed on the Active Directory team blog, you can now automatically enroll Windows 10 devices into Intune device management using Azure AD join.

In addition to these new Windows 10 management capabilities, this Intune service update includes several other features and enhancements, such as:

Deployment of certificates in .pfx format: You can deploy certificates in Personal Information Exchange (.pfx) format to Windows 10 and Android devices without need for Network Device Enrollment Service (NDES).

  • Multi-identity support for OneDrive app on Android: When using the OneDrive app for Android devices, users can access both their personal and corporate accounts in the same app while Intune mobile application management policies are only applied to the user’s corporate account (Multi-identity support for OneDrive app on iOS previously released in June).
  • User-specific terms and conditions: You can deploy customized terms and conditions to Intune user groups which they must accept before using the Intune Company Portal to enroll devices and access corporate resources.
  • Conditional access for Windows PCs: You can restrict access to Office 365 so that only domain-joined PCs running Office 2013 can connect.
  • Support for custom VPN profiles for iOS: You have the ability to define VPN settings for additional VPN providers on iOS devices using the new custom option in the VPN profile dropdown menu.
  • Management of Activation Lock feature for iOS: You have the ability to manage the Activation Lock feature on iOS 7.1+ devices, providing you with the option to turn the feature on/off, view status, and bypass the Activation Lock.
  • Intune Company Portal app for Android updated: The Intune Company Portal app for Android has been updated to display device enrollment instructions after signing in for those who have not yet enrolled their device for management.

Intune: Managed Browser Write-Up

Very well done write-up on the Intune Managed Browser done by Peter van der Woude.

Read his excellent post here.

Before I’ll start with the second part of the my blog post about multi-identity in the managed Outlook app, I thought it would be wise to make a side-step to the Microsoft Intune Managed Browser first. The main reason for that is that the Microsoft Intune Managed Browser can also have a managed browser policy configured. That policy can have a direct impact on the end-user experience when opening links from the Outlook app.

The good thing, for this blog post, is that the Microsoft Intune Managed Browser doesn’t use multiple identities. It’s either managed, or not. This blog post will describe the behavior of the Microsoft Intune Managed Browser. During the second part, of my post about multi-identity in the managed Outlook app, this behavior will also be shown.


Table of Contents: Windows 10 + EMS & ConfigMgr

Great post over on the TechNet Blogs. 

Some posts are already published, others are coming, either way, it’s a great resource and I recommend you check it out!


Intune: Multi-Identity and Mobile App Management (MAM)

Great explanation of the new features around Multi-Identity in Mobile App Management (MAM) layer.  Read the full article here.

The currently supported apps are here on Technet, and whether or not they support Multi-Identity is listed as well (*).

In June, we released an update to the Microsoft Intune mobile application management (MAM) capabilities for iOS and Android that enables coexistence of policy-managed (corporate) and unmanaged (personal) accounts in a single app – this new feature is known as multi-identity. Here’s a high-level example of how this works:

Many users access both corporate and personal email accounts in the Outlook app for iOS and Android. When a user is accessing data in their corporate account, the IT pro needs to be confident that MAM policy management will be applied and help protect this corporate data. However, when a user is accessing a personal email account that data should be outside of IT’s control. Intune achieves this by targeting the management policy to only the corporate account in the application. The multi-identity feature helps solve the data protection problem that organizations are facing with devices and apps that support both personal and work accounts while maintaining the end user’s experience and the privacy of his/her personal data.


Windows 10: Provisioning Packages Walkthrough on TechNet

Very cool read!  I think these provisioning packages will greatly assist with how we traditionally build images and handle customizations.

Read the full post here.

Standard practice for most IT administrators when migrating to a new client offering entails creating a baseline image of a desired client state. Next the IT administrator wipes the computer to be worked on to image it with the newly created client image.  This procedure is not without it’s faults however and hardware inconsistencies have in past plagued imaging installs. Windows 10 provides an alternative to this with a more stable offering.


Microsoft Intune: Improved App Catalog Experience

Great post over on the Intune Blog.  The company portal app has been updated with some very nice changed that I think are welcomed. 

Read the entire post here.


Microsoft Intune: New Features June/July

Read the original post here on the Intune Team Blog.

We are planning to release the next set of Microsoft Intune features between June 22 and July 2. As part of this service update, customers using Intune standalone (cloud only) and System Center Configuration Manager integrated with Intune (hybrid) can expect the following new features:

  • Multi-identity support added for Word, PowerPoint, and OneDrive apps for iOS devices, enabling users to access both their personal and work accounts in the same Office mobile apps while Intune mobile application management policies are only applied to the user’s work account (Updated Excel app for iOS devices pending store approval)
  • Notifications added in the Company Portal app for iOS to notify users when a new app version is available in the App Store

In addition to the above features, the following new features will be made available for customers using Intune standalone:

  • Ability to install .appx apps from the Intune Company Portal website (already available within ConfigMgr console for hybrid customers)
  • Updated Endpoint Protection agent for managing Windows PCs
  • Ability for admins to view malware-infected file paths from Intune admin console (already available within ConfigMgr console for hybrid customers)

Also, as announced last week, customers using Intune standalone now have the ability to restrict access to the Outlook app based upon device enrollment and compliance policies and can restrict actions such as cut, copy, paste, and “save as” of corporate data between the Intune-managed Outlook app and apps not managed by Intune. These Outlook apps for iOS and Android are also enabled with multi-identity support. The features for managing the Outlook apps will be made available to customers using ConfigMgr integrated with Intune (hybrid) as part of the Intune service update rolling out between June 22 and July 2.


ConfigMgr: Windows 7 32-bit and Software Updates

Pretty nasty bug out there right now with 32-bit Windows 7 and Software Updates.  If you are struggling with getting your clients to download/install updates.  Check your WindowsUpdate.log, if you see the following error:

WARNING: ISusInternal::GetUpdateMetadata2 failed, hr=8007000E

Then I’d strongly encourage you to apply the following KB/Hotfix (KB3050265). 

Here is also a great article explaining what is going on from the ConfigMgr Team Blog.  Read that article here.

After applying this update in my client environment, patches immediately started working again.