CM12 Extensions for Windows Intune: Resources and gotcha’s

2:43 pm in CM12 R2, email Profiles, intune, SCCM 2012 R2, Windows Intune Extensions, Windws Intune by Kenny Buntinx [MVP]

 

Hi ,

Last week a feature of System Center 2012 R2 Configuration Manager called “Extensions for Windows Intune” was released. This capability enables new features in Windows Intune to be available within your Configuration Manager console alongside the existing features without any on premises upgrade.

Enabling the exchange ActiveSync email profiles to mobile devices

Nico Sienaert wrote a blog post on that already that you could find over here : http://scug.be/nico/2014/02/08/configuration-manager-windows-intune-console-extensions-in-action/

Be careful when enabling “Intune Extensions” as they will be installed automatically. As soon as you enabled the intune extension , the next time someone opens a console , a message pops up to tell you that you need to install the console extensions. Great idea , but not in every scenario as :

– Local install : You will need local admin rights to update them (Helpdesk resources aren’t always local admin )

– Citrix : All your users are having a shared console open. This means that all users need to have the console closed and when launching the console update the user needs to have administrator rights to perform the update. Otherwise you are in an indefinably loop. There is currently no supported way to push the console extensions via applications / SCUP or other methods.

*** Workaround and NOT supported – You are on your own here ***

You can automate the steps below , however this is the manual process.

After enabling certain “Intune Extensions” , go to your primary site server and grab the following under downloads and copy it to your citrix server or local install where an admin has no rights :

image

Make sure you’re Configmgr Consoles are closed and execute all extensions with following syntax

FeatureExtensionInstaller.exe  with following options <Install>  / <Uninstall> / <Validate> / <Repair>

clip_image001

Go to your primary site server and grab  the following file from D:\Microsoft Configuration Manager\AdminConsole\XmlStorage\Other\ and save it to your citrix server or local install where an admin has no rights.

SNAGHTML1145b60 

You’re console will not complain again about the extensions that needs to be installed .

*** Workaround and NOT supported – You are on your own here ***

Using  the exchange ActiveSync email profiles to mobile devices

One of the first features to be available as an extension for Windows Intune is the ability to provision Exchange ActiveSync email profiles to mobile devices. This feature allows enterprises to deploy email profiles and restrictions so that workers can access corporate email on their personal devices without any required setup.

This is a great feature on provisioning corporate mailboxes on corporate owned devices and I like it , however Microsoft needs to catch up fast on the “Company data – selective wipe” of resources including email because when a user’s mobile device is lost or stolen, the administrator or the end user can initiate a ‘selective wipe’ of corporate data including their corporate email.

Be aware that this is currently supported by the iOS native email client app, but not the Windows Phone 8 EAS mail app. I hope that will be fixed soon with the upcoming free Enterprise Feature Pack for Windows Phone 8 sometime in 2014.

This update is due in the first half of 2014 and will add the following features to Windows Phone 8:

  • S/MIME to sign and encrypt email
  • Access to corporate resources behind the firewall with app aware, auto-triggered VPN
  • Enterprise Wi-Fi support with EAP-TLS
  • Enhanced MDM policies to lock down functionality on the phone for more enterprise control, in addition to richer application management such as allowing or denying installation of certain apps
  • Certificate management to enroll, update, and revoke certificates for user authentication

More information on Provision ActiveSync email profiles to mobile devices using System Center 2012 R2 Configuration Manager and Windows Intune see this blog post or following resources below :

https://blogs.technet.com/b/configmgrteam/archive/2014/01/29/provision-activesync-email-profiles-to-mobile-devices-using-configmgr-and-windows-intune.aspx

Here are some updates and added TechNet information about email profiles

Configuration Manager 2012

Planning to Use Extensions in Configuration Manager (http://technet.microsoft.com/en-us/library/dn574730.aspx)

Email Profiles in Configuration Manager (http://technet.microsoft.com/en-us/library/dn554227.aspx )

Introduction to Email Profiles in Configuration Manager (http://technet.microsoft.com/en-us/library/dn554226.aspx )

Planning for Email Profiles in Configuration Manager (http://technet.mnicrosoft.com/en-us/library/dn554232.aspx )

Prerequisites for Email Profiles in Configuration Manager (http://technet.microsoft.com/en-us/library/dn554229.aspx )

Configuring Email Profiles in Configuration Manager (http://technet.microsoft.com/en-us/library/dn554233.aspx )

Operations and Maintenance for Email Profiles in Configuration Manager (http://technet.microsoft.com/en-us/library/dn554231.aspx )

How to Create Exchange ActiveSync Email Profiles in Configuration Manager (http://technet.microsoft.com/en-us/library/dn554236.aspx )

How to Deploy Email Profiles in Configuration Manager (http://technet.microsoft.com/en-us/library/dn554228.aspx )

How to Monitor Email Profiles in Configuration Manager (http://technet.microsoft.com/en-us/library/dn554225.aspx )

Security and Privacy for Email Profiles in Configuration Manager (http://technet.microsoft.com/en-us/library/dn554235.aspx )

Technical Reference for Email Profiles in Configuration Manager (http://technet.microsoft.com/en-us/library/dn554230.aspx )

 

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Client Management