You are browsing the archive for Microsoft Intune.

Avatar of timdk

by timdk

Configuration Manager Technical Preview 1604 available

9:35 pm in Configuration Manager, Microsoft Intune by timdk

Microsoft has just released update 1604 for Configuration Manager Technical Preview.

The update includes the following new features:

  • Windows Store for Business integration – You can now manage and deploy applications purchased through the Windows Store for Business portal for both online and offline licensed apps.
  • Passport for Work policies – You can now deploy Passport for Work policies to domain-joined Windows 10 PCs managed by the ConfigMgr client as well as mobile devices managed by Microsoft Intune.
  • On-premises Health Attestation Service integration – You can now configure devices that cannot connect to the cloud-based Health Attestation Service to connect with the on-premises Health Attestation Service instead.
  • VPN for Windows 10 – You can now deploy VPN profiles with 3rd-party providers to Windows 10 devices managed with ConfigMgr client.
  • Software Updates Compliance dashboard – You can now use this dashboard to view the current compliance status of devices in your organization and quickly analyze the data to see which devices are at risk.

And an additional feature for hybrid setups:

  • New setting for Android devices – You now have an option to configure Smart Lock setting for Android 5.X devices in order to prevent users from bypassing the lock screen.

     

    On the Technet evaluation center the baseline version for new installations has also been updated. The Technical Preview 5 available for download is actually based on build 1603.

    More details on the release can be found on the Configuration Manager Team Blog.

    For details on the upgrading experience please have a look at my previous blog post.

    Quick sidenote: As I just upgraded a first lab environment with the 1604 TP build it seems the updates and servicing node gets cleaned up also. Previous builds (installed or not) are no longer listed after the upgrade.

    TP1604-UpdatesServicingBeforeAfter

    Have fun in your labs!

    Tim

Avatar of timdk

by timdk

WMUG NL Community Event Speaker

11:55 pm in Community, Configuration Manager, Microsoft Intune by timdk

2015-12-14_23-41-19Tomorrow I will be presenting at a community event hosted by the Windows Management User Group (WMUG) in the Netherlands.

Session: What to expect from ConfigMgr vNext?

Abstract : The next version of Configuration Manager is soon to be released. In this session we will look at the future roadmap of Configuration Manager and explore the new features, enhancements and infrastructure changes that are coming with the next release. Additionally will also outline how to get to this release from your current environments.

More information on the sessions and the full event agenda can be found here.

Registrations are currently still open. Click here if you want to attend!

Hope to see you there!

Avatar of timdk

by timdk

Technet Webinar: What’s new on the Configuration Manager horizon Debrief

8:15 am in Community, Configuration Manager, Enterprise Mobility Management, Events, Microsoft Intune by timdk

faq1Thanks to all who attended my webinar on What’s new on the Configuration Manager  horizon last Friday. As promised a quick debrief blog post to highlight and answer some of the questions from the Q&A.

Here we go:

Q: So you can do an in-place with 2012 right? And for side by side is the full new build?

In place upgrade scenario will be supported from the following:

  • System Center 2012 Configuration Manager SP1
  • System Center 2012 Configuration Manager SP2
  • System Center 2012 R2 Configuration Manager
  • System Center 2012 R2 Configuration Manager SP1

Side-by-side migrations are not supported. A possible approach is to Setup a new vNext environment, then upgrade your existing environment to vNext and then migrate your objects to the new vNext environment you built in step 1.

Q: Will the Application Catalog site still depend on Silverlight?

Application Catalog will be merged into the new Software Center – no need for a separate web interface anymore.

Software Center has a new, modern look and apps that previously only appeared in the Application Catalog (user-available apps) now appear in Software Center under the Applications tab. This makes these deployments more discoverable to users and removes the need for them to use the Application Catalog. Additionally, a Silverlight enabled browser is no longer required.

Q: So no 2016 , no new UI, just monthly updates?

Yes, Yes, and no not really. :-)

There is a lot more to Configuration Manager than just the “as-a-service” approach. See the session recording for details.

Q: On-prem MDM will support iOS and Android as well as hybrid SCCM+Intune?

In the technical previews support is limited to Windows 10 devices only.

Currently there is no information if/when other platforms will get in scope.

Q: Will SQL Server AAG (AlwaysOn Availability Groups) be supported for an upgraded installation and not only for a new installation?

Currently not supported in the TP.

In future releases you will be able to move to using SQL always on, on already installed sites.

Q: Are there any Statements when ConfigMgr vNext will Support Server 2016 for deployment and for being used as Site Server OS?

I am not aware of any exact statements on timing. Do assume there will also be a ConfigMgr release at the time 2016 products are released.

Q: Can you make software available to the Windows 10 (Business) App Store?

There is no integration with the Business Store yet.

Q: Do you have a list of features you listed and what is in TP4 today?

Have a look here : https://technet.microsoft.com/en-us/library/dn965439.aspx

Q: Are there changes in the app deployment for other os (mac / linux)?

There was a recent announcement where Intune support for Mac OS X was unveiled.

That article also indicates that: for customers using System Center Configuration Manager integrated with Intune to manage devices in a hybrid deployment, we’re excited to announce that all these same Mac OS X management features will be available in the upcoming major update to Configuration Manager.

 

Update 30/11 : Session recording has been made available here.

Until next time!

Tim

Avatar of timdk

by timdk

Microsoft MVP Summit 2015 Debrief

6:05 pm in Configuration Manager, Microsoft Intune by timdk

2015-11-01 12.16.29Last weekend I got back home after spending two weeks in the United States. The first of those two weeks I have spent in Redmond, attending the Microsoft MVP Global Summit 2015.

Most of the sessions and content shared during the MVP summit is under NDA – so I cannot share any details about them. One topic we got approval to disclose information about is the hackathon.

The concept of the hackathon in a nutshell:

  • Prior to the summit the MVP’s could submit ideas, improvements and features they would like to have in the product.
  • The Product Group made a shortlist out of the proposed items.
  • A mixed team of MVP’s and Product Developers is assigned to work on each of the items on the shortlist.
  • After a short kickoff meeting on Monday each team has a few checkpoint meetings during the week to further discuss and follow-up on the progress.
  • By the end of the week the solution is presented to the entire group. Everyone involved can cast 2 votes and based on those votes the rankings are listed on a scoreboard (Note: there are no prices … just bragging rights).
    These are the topics that got shortlisted:
  • Project Active : real time information on active clients
  • Project ANT : aka Twitter for ConfigMgr
  • Project SCCMARA : Azure Remote App Integration
  • Recursive Task Sequences
  • Wizards of Wizards : ability to save templates for settings
  • In console reporting on TS progress steps
  • Server Patching
  • Alternate UPN for cloud synching
  • Hybrid Intune enrollment troubleshooting tool
  • Powershell support for creating CI settings

I was a member of the Project ANT Team. A quick line-up of the team:

  • MVP’s : Collin Smith, Kenny Buntinx and myself
  • Microsoft PM : Dune
  • Microsoft Developers: Rae, Chris, Pong and Anton

Purpose of our project was to be able to send real time notifications to end-users via the Configuration Manager console and to log end-user consent. Additionally we wanted to be able to include similar notifications when defining deployments. It is all about involving the end-user in (sometimes complex) scenarios.

This all started on Monday and by the end of the week all projects got presented (and live demoed!) to the entire PG and MVP group. Everyone in the room could cast 2 votes for their favorite projects. Based on those votes our project ended taking the second place on the winners podium. At that time we also got approval from Microsoft to also present this solution at the MMS conference in Minnesota (more on that in a separate blog post).

Seeing an idea evolve into a working feature in the product in just a few days time is just an amazing experience. Big thanks to the Microsoft team for making this happen. Do note that this is lab work only – whether or not this feature will ever make it into the final product in any form or format is undecided at the moment.

The hackathon was definitely the top item on the agenda for the week but the content shared during the other sessions was very valuable as well. For those who were in doubt whether Configuration Manager would be dead in a few years from now: I can only say they should not fear: the product is more alive than ever!

TDK_MSFT

This was the first time I have attended the summit and as such I cannot compare to previous editions. All I can say about this edition is that it has been an amazing experience: from meeting the product group, visiting the Microsoft Campus to spending time with my fellow MVP’s – it has all been great.

Until next time!

Tim

Avatar of timdk

by timdk

IT/Dev Connections 2015 Speaker

7:47 pm in Community, Configuration Manager, Events, Microsoft Intune by timdk

End of this week I will be heading to Las Vegas again for the 2015 edition of IT/Dev Connections. The event is taking place from the 14th to the 17th of September at the Aria Resort.

This year I will be delivering 2 sessions again with my regular co-speaker Kenny Buntinx. Both sessions are in the Enterprise Management and Mobility track:

# 1 – Securely Delivering Traditional Windows File Server Home Folders to BYOD Devices.

Discover the most hidden and underestimated Windows Server 2012 R2 feature, called Work Folders. Work Folders lets you leverage your file server investment while simultaneously providing end users with anywhere access to their data, from their work PCs to their personal devices. In this session you’ll learn about challenges for secure implementation and management not only with traditional home folders but also in the BYOD world. Discover how to deploy and manage Work Folders servers and clients, gain an understanding of how Work Folders operates end-to-end and integrates into your existing infrastructure, and learn how Work Folders takes advantage of capabilities such as multi-factor authentication, Workplace Join, and Selective Wipe to ensure that corporate data remains secure wherever it goes.

(link)

#2 – Arming Your Mobile Workforce Warriors for the 21st Century

In today’s world, your mobile workforce will most likely have expanded significantly. Managing your ever-expanding legion of mobile warriors and their arsenal of devices can be a challenging task. During this session we’ll show how Configuration Manager and the Intune extensions can help you manage your troops and arm them with the correct tools for battle. Learn how Intune and System Center Configuration Manager make it easy to manage all your Windows, Windows Phone 8, iOS, and Android devices with a single pane of glass. We’ll walk through how to easily configure devices for your users by pushing Wi-Fi, VPN, certificate, and email profiles as soon as they’re enrolled. We’ll cover configuration and management of device settings; provisioning profiles for email, VPN, and Wi-Fi; and other native features that come through the standard Intune extensions.

(link)

DevCon-Teaser1.Next to Kenny and myself there is a third SCUG.be member presenting at IT/Dev Connections: Dieter Wijckmans is going to rock and roll in the Cloud & Datacenter track. Have a look at his sessions here.

Similar to last year the three of us will be using the #meetthebelgians hash tag during the event. Will you help us get this hash tag listed into the Twitter analytics again for this edition? Make sure to do so, and most of all: reach out if you see us hanging around – we are looking forward to meeting you!

Registrations for the event are still open!

Hope to see you there.

Tim

Avatar of timdk

by timdk

System Center 2012 R2 Configuration Manager SP1 and System Center 2012 Configuration Manager SP2 released!

5:10 pm in Configuration Manager, Microsoft Intune by timdk

metrofixToday Microsoft has announced the availability of System Center 2012 R2 Configuration Manager SP1 and System Center 2012 Configuration Manager SP2.

According to the announcement on the Configuration Manager Team blog these service packs deliver full compatibility with existing features for Windows 10 deployment, upgrade, and management. Additionally there are some changes and improvements in the following areas:

  • Infrastructure: sites and hierarchies
  • Application Management
  • Content Management
  • OSD
  • Reporting
  • Hybrid setups with Configuration Manager and Microsoft Intune

Full details on what’s new can be found here.

Both service packs are available for download on the Technet Evaluation Center website.

Until next time!

Tim

Avatar of timdk

by timdk

Microsoft Intune: April Update brings more features

8:05 pm in Microsoft Intune by timdk

Microsoft-IntuneMicrosoft is updating its Intune service this week and will be introducing an additional set of new features.

A quick overview of the new cloud only –or standalone- features that are part of this release:

  • Management of Office mobile apps (Word, Excel, and PowerPoint) for Android tablets.
  • Ability to restrict access to Exchange on-premises for Exchange ActiveSync clients on Android devices.
  • Ability to create WiFi profiles with pre-shared keys (PSK) for Android devices.
  • Ability to resolve certificate chains on Android devices without the need to deploy each intermediate certificate individually.
  • Deployment of .appx bundles to Windows Phone 8.1 devices.
  • Managed Browser app for iOS devices that controls actions that users can perform, including allow/deny access to specific websites.
  • Management of Work Folders app for iOS devices.
  • Updated Endpoint Protection agent for managing Windows PCs.
  • Ability to manage Windows Defender on Windows 10 PCs running Windows 10 Technical Preview without need for separate Microsoft Intune Endpoint Protection agent to be installed.
  • Combined Microsoft Intune Company Portal websites for PCs and mobile devices to provide a more consistent user experience across platforms.
  • Added Windows and Windows Phone Company Portal apps to the Microsoft Download Center to provide an additional option for accessing these app downloads.
  • Enhanced user interface for overview pages within Intune admin console.

Details on when the updates are taking place per service instance can be found here.

Until next time.

Tim

Avatar of timdk

by timdk

UDM: Conditional Access – Saving of Access Rules to Exchange has failed (error: A2CE0100)

8:05 pm in Configuration Manager, Enterprise Mobility Management, Microsoft Intune by timdk

A few days ago we have been working on extending our hybrid demo environment. We made some changes required to demonstrate conditional access with Exchange online. Details on how we set things up will follow shortly in another post.

Once the basics were in place we implemented a policy that would block a user to access their mailbox when using an unmanaged device.

The policy was properly deployed to a collection which included my demo user, however I noticed my demo user could still sync his mail on an iPhone 5 which was not enrolled. Even after an hour or two this condition remained unchanged so something was wrong.

Initial investigation did not show anything out of the ordinary in the Configuration Manager console. However in the Intune console I noticed an entry in the Alerts node:

Saving of Access Rules to Exchange has failed


Microsoft Intune was unable to set the requested mobile device access rules or related settings in Exchange due to the following error: A2CE0100

 

image

Unfortunately the “View Troubleshooting Information” link is broken. So is the one on the top right in the console and the right-click one. As such it was hard to find any further details on this specific error.

I made a few attempts to get things working, including the following:
– Modifying the compliance policy (increasing the revision number)
– Removing and adding the user from and to the target collection
– Removing and recreating the deployment of the compliance policy

I can confirm none of the above resolves the issue. The policy still did not get applied.

In the end to get things working again what I had to do was to delete the compliance policy,  recreate it from scratch, and deploy it again.

image

When synching mail on the iPhone 5 a few minutes later, the policy kicked in.

image

Although the problem was solved and we now have a working demo scenario; in the end I have no idea what went wrong initially and how I could have been troubleshooting this in a more optimized way. Whatever it was it does not seem to resolve itself. Also the repeat count of the alert not increasing indicates the system itself does not do any retries.

I definitely see a few areas for improvement here:

  • Fixing the link to the troubleshooting information so the admin can troubleshoot properly and in a most optimized way.
  • Exposing Intune alerts to the Configuration Manager Console so the admin does not have to look in multiple locations.
  • Having the system retry the action “Saving of Access Rules” at least a few times. In case the alert repeat counter increases the admin can further look into a blocking issue. Otherwise there may have just been a glitch and the issue would have resolved itself.

If you are ever facing the same issue, I hope this article will save you some troubleshooting time!

Tim

Avatar of timdk

by timdk

Microsoft Intune: March updates quick overview

4:10 pm in Configuration Manager, Microsoft Intune by timdk

Microsoft-IntuneAs announced previously Microsoft is planning to release updates to Intune on a monthly basis. The service update for March is ongoing as we speak and will include the following new features for Intune standalone:

  • Ability to streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP)
  • Ability to restrict access to SharePoint Online and OneDrive for Business based upon device enrollment and compliance policies
  • Management of OneDrive apps for iOS and Android devices
  • Ability to deploy .appx files to Windows Phone 8.1 devices
  • Ability to restrict the number of devices a user can enroll in Intune

For hybrid customers (UDM) there is also a new feature:

  • The ability to create custom WiFi profiles with pre-shared keys (PSK) for Android devices

Unfortunately still a rather unfair balance for those working with a hybrid setup, although in the original announcement Microsoft is indicating that delivering new features for those hybrid customer remains a top priority as well.

More details on the Microsoft Intune blog.

Until next time.

Tim

Avatar of timdk

by timdk

UDM with ConfigMgr and Intune – why CU’s Matter

6:35 pm in Configuration Manager, Microsoft Intune by timdk

When delivering sessions on Unified Device Management (UDM) with Configuration Manager and Intune we have always stressed the fact that running on the latest CU level is really important. If you attended our most recent session in Zurich you may recall the following slide header:

image

 

A post that was published on the Configuration Manager Team Blog yesterday now gives a perfect overview on why those CU’s matter: as of CU2 there were a lot of fixes and improvements included related specifically to Mobile Device Management.

First there was CU2 which included fixes and improvements related to policies. CU3 included Simple Certificate Enrollment Protocol (SCEP) related fixes and the latest CU4 added the following:

  • Attempts to enroll a device in a user collection containing security groups will fail with an access denied error.
  • Inventory data collected from mobile devices and the Windows Intune connector may be for the wrong device if two devices synchronize simultaneously.
  • Hotfix extends client notification in System Center 2012 R2 Configuration Manager to MDM devices http://support2.microsoft.com/kb/2990658
  • Mobile Device Management settings are not applied to cloud-managed users in System Center 2012 R2 Configuration Manager http://support2.microsoft.com/kb/3002291

For a full history and overview of what was included in which CU have a look at the original post. Remember that these updates are cumulative so installing CU4 is sufficient as it includes everything from previous releases.

So our recommendation remains: apply the latest available Cumulative Update to your Configuration Manager environment as soon as possible!

Until next time!

Tim