You are browsing the archive for Enterprise Mobility Management.

Avatar of timdk

by timdk

Technet Webinar: What’s new on the Configuration Manager horizon Debrief

8:15 am in Community, Configuration Manager, Enterprise Mobility Management, Events, Microsoft Intune by timdk

faq1Thanks to all who attended my webinar on What’s new on the Configuration Manager  horizon last Friday. As promised a quick debrief blog post to highlight and answer some of the questions from the Q&A.

Here we go:

Q: So you can do an in-place with 2012 right? And for side by side is the full new build?

In place upgrade scenario will be supported from the following:

  • System Center 2012 Configuration Manager SP1
  • System Center 2012 Configuration Manager SP2
  • System Center 2012 R2 Configuration Manager
  • System Center 2012 R2 Configuration Manager SP1

Side-by-side migrations are not supported. A possible approach is to Setup a new vNext environment, then upgrade your existing environment to vNext and then migrate your objects to the new vNext environment you built in step 1.

Q: Will the Application Catalog site still depend on Silverlight?

Application Catalog will be merged into the new Software Center – no need for a separate web interface anymore.

Software Center has a new, modern look and apps that previously only appeared in the Application Catalog (user-available apps) now appear in Software Center under the Applications tab. This makes these deployments more discoverable to users and removes the need for them to use the Application Catalog. Additionally, a Silverlight enabled browser is no longer required.

Q: So no 2016 , no new UI, just monthly updates?

Yes, Yes, and no not really. :-)

There is a lot more to Configuration Manager than just the “as-a-service” approach. See the session recording for details.

Q: On-prem MDM will support iOS and Android as well as hybrid SCCM+Intune?

In the technical previews support is limited to Windows 10 devices only.

Currently there is no information if/when other platforms will get in scope.

Q: Will SQL Server AAG (AlwaysOn Availability Groups) be supported for an upgraded installation and not only for a new installation?

Currently not supported in the TP.

In future releases you will be able to move to using SQL always on, on already installed sites.

Q: Are there any Statements when ConfigMgr vNext will Support Server 2016 for deployment and for being used as Site Server OS?

I am not aware of any exact statements on timing. Do assume there will also be a ConfigMgr release at the time 2016 products are released.

Q: Can you make software available to the Windows 10 (Business) App Store?

There is no integration with the Business Store yet.

Q: Do you have a list of features you listed and what is in TP4 today?

Have a look here : https://technet.microsoft.com/en-us/library/dn965439.aspx

Q: Are there changes in the app deployment for other os (mac / linux)?

There was a recent announcement where Intune support for Mac OS X was unveiled.

That article also indicates that: for customers using System Center Configuration Manager integrated with Intune to manage devices in a hybrid deployment, we’re excited to announce that all these same Mac OS X management features will be available in the upcoming major update to Configuration Manager.

 

Update 30/11 : Session recording has been made available here.

Until next time!

Tim

Avatar of timdk

by timdk

UDM: Conditional Access – Saving of Access Rules to Exchange has failed (error: A2CE0100)

8:05 pm in Configuration Manager, Enterprise Mobility Management, Microsoft Intune by timdk

A few days ago we have been working on extending our hybrid demo environment. We made some changes required to demonstrate conditional access with Exchange online. Details on how we set things up will follow shortly in another post.

Once the basics were in place we implemented a policy that would block a user to access their mailbox when using an unmanaged device.

The policy was properly deployed to a collection which included my demo user, however I noticed my demo user could still sync his mail on an iPhone 5 which was not enrolled. Even after an hour or two this condition remained unchanged so something was wrong.

Initial investigation did not show anything out of the ordinary in the Configuration Manager console. However in the Intune console I noticed an entry in the Alerts node:

Saving of Access Rules to Exchange has failed


Microsoft Intune was unable to set the requested mobile device access rules or related settings in Exchange due to the following error: A2CE0100

 

image

Unfortunately the “View Troubleshooting Information” link is broken. So is the one on the top right in the console and the right-click one. As such it was hard to find any further details on this specific error.

I made a few attempts to get things working, including the following:
– Modifying the compliance policy (increasing the revision number)
– Removing and adding the user from and to the target collection
– Removing and recreating the deployment of the compliance policy

I can confirm none of the above resolves the issue. The policy still did not get applied.

In the end to get things working again what I had to do was to delete the compliance policy,  recreate it from scratch, and deploy it again.

image

When synching mail on the iPhone 5 a few minutes later, the policy kicked in.

image

Although the problem was solved and we now have a working demo scenario; in the end I have no idea what went wrong initially and how I could have been troubleshooting this in a more optimized way. Whatever it was it does not seem to resolve itself. Also the repeat count of the alert not increasing indicates the system itself does not do any retries.

I definitely see a few areas for improvement here:

  • Fixing the link to the troubleshooting information so the admin can troubleshoot properly and in a most optimized way.
  • Exposing Intune alerts to the Configuration Manager Console so the admin does not have to look in multiple locations.
  • Having the system retry the action “Saving of Access Rules” at least a few times. In case the alert repeat counter increases the admin can further look into a blocking issue. Otherwise there may have just been a glitch and the issue would have resolved itself.

If you are ever facing the same issue, I hope this article will save you some troubleshooting time!

Tim

Avatar of timdk

by timdk

Microsoft Intune: more new capabilities released

11:00 pm in Enterprise Mobility Management, Microsoft Intune by timdk

MicrosoftIntune_LogoOn Monday Brad Anderson has announced that a new set of updates was coming to Microsoft Intune this week. Brad described this release as the most significant set of updates in the history of the product.

This is the summary of the new capabilities that Brad provided in his blog post:

  • Mobile Application Management: introducing containers to separate corporate data and application from personal data and applications.
  • Conditional Access to Exchange Online: allowing to restrict access to Exchange online only to devices that are enrolled for management and are meeting the compliance policies defined by the IT administrators.
  • Deep Management of the Office Mobile Apps on iOS and Android and restricting copy/paste possibilities and save locations.
  • Managed Browser and Managed PDF View, AV Player and Image Viewer apps. Full details on this capability and some scenarios are outlined in this earlier blog post by Brad.
  • Bulk enrollment of iOS devices using Apple Configurator: through integration with Apple Configurator bulk enrollment of devices is now supported. This also enables the use of configuration files that can be imported into Intune to set custom iOS policies

    image

This service update is being rolled out at this very moment; between December 9th and December 12th. To see when tenants will be updated customers can have a look at the Intune Service Dashboard.

As this is currently only applicable to Intune Standalone the next logical question would be if / when we will see these features for UDM implementations (integrating Configuration Manager with Intune). That question remains unanswered for now but based on this post on the Microsoft Intune blog we can assume these will be made available shortly.

Avatar of timdk

by timdk

UDM: Enrolling an iOS device step by step

12:57 am in Configuration Manager, Enterprise Mobility Management, Microsoft Intune by timdk

To be able to demonstrate Unified Device Management scenarios we recently added some new mobile devices to our demo environment. Amongst these devices are also iPads and iPhones which we had to enroll. The integration between Windows Intune and System Center 2012 R2 Configuration Manager was done earlier on.

Over-the-air enrollment of iOS devices is a rather straightforward process. In this blog post we will outline the step by step procedure to enroll an iPhone.

 

Enrollment

Time to fire up our iPhone 3GS and get started:

IMG_0003

First you need the get the Windows Intune Company Portal app from the App Store. Be aware that this app can only be installed on devices that are running iOS 6 or a later version.

 

IMG_0006

As soon as the Company Portal app is opened you will have to provide your user credentials and tap Sign In. We have ADFS implemented in our demo environment so we provide our AD credentials.

 

IMG_0007

So far so good – but at this point our device is not enrolled yet. The notification icon in the top right corner, and the blue ‘i’ icon on the device name indicate there are still further actions to be taken. Tap the icon at the top or the device name at the bottom.

 

IMG_0009

Tap Add this device.

 

IMG_0010

Tap Add in the top right corner.

 

IMG_0011

The device is being enrolled. This may take a minute.

 

IMG_0012

Tap the install button to install the management profile.

 

IMG_0013

A notification is displayed. Confirm by tapping Install Now.

 

IMG_0014

Tap Install in the top right corner.

 

IMG_0015

Profile installed successfully. Tap Done in the top right corner.

 

IMG_0016

And that is all there is to it!

 

image

The device then also becomes visible in the ConfigMgr console. Our ConfigMgr administrators are now able to manage this device.

 

Troubleshooting

 

If you encounter any problems during the enrollment process you can shake the iOS device to get a diagnostics screen. Make sure the Company Portal app is running when you start shaking.

IMG_0025

A diagnostics dialog box is shown where you can open up the log file for further analysis or email it.

 

Removing the profile

 

The management profile can be removed afterwards as well.  This is the out-of-the-box behavior. We can block the user from doing this but that is a subject for a future blog post.

 

IMG_0020

To remove the management profile go to Settings > General > Profile – Management Profile.

 

I hope you found this information helpful.

Until next time!

Tim

Avatar of timdk

by timdk

Week in Review – CW25

9:05 am in Configuration Manager, Enterprise Mobility Management by timdk

I guess in the meantime most of my blog readers know the concept of my Week in Review blog posts. This is my list of stuff to catch up on for the past week:

Until next time!

Tim

Avatar of timdk

by timdk

ITPROCeed – Take home a signed copy of Jack Madden’s EMM Book!

9:35 pm in Enterprise Mobility Management, Events by timdk

2014-06-09 12.07.06-2A few weeks ago Kenny Buntinx and myself have had the honor to attend and present a session at BriForum in London.

During the event we have had the chance to network and meet up with some great people. One of them was Jack Madden (@jackmadden) who is an expert in the field of Enterprise Mobility Management. We brought home a few copies of his new book on Enterprise Mobility Management. Jack was kind enough to sign the books for us – which adds some extra uniqueness to them.

We will be raffling these books during the next session Kenny and I are presenting, which will be at ITPROCeed in Antwerp this Thursday. If you have registered for the event then make sure to attend our session to have a chance on taking home a signed copy of the book.

See you at ITPROCeed!

Tim