Managing and deploying Web links in Android the modern way, a quick tip

Last year I wrote a blog about how the experience of deploying web clips or web links on Android devices looked like and how you were able to force them to be opened in the Intune Managed Browser. If we look back at this experience with the Company Portal Widget and the links, this is not a really nice solution and we don’t want to talk about updating or removing a web link in this scenario. (which is not possible) Yesterday I was at a customer in Denmark discussing this solution, and while discussing this I remembered the new options [...]

By |2017-12-20T21:12:18+01:00december 21st, 2017|Enterprise Mobility Suite (EMS)|Kommentarer lukket til Managing and deploying Web links in Android the modern way, a quick tip

Androids in the Enterprise, a blessing or nightmare? – part 2

In my last blog we looked at managing the legacy Android devices, like mentioned Google is investing in making Android safer and more enterprise ready. Today Google announced the deprecation of the legacy management of Android devices as of Android Q, like explained here in the blog of Chris Baldwin. One of the ways in making Android enterprise ready is by using Android Enterprise AKA Android for Work. Android for Work is available since the beginning of 2015, in Android 5.0 (Lollipop) and higher. What is Android for Work? (Android Enterprise) With Android for Work you are able to completely [...]

By |2017-12-19T20:53:17+01:00december 19th, 2017|Enterprise Mobility Suite (EMS)|3 Comments

Androids in the Enterprise, a blessing or nightmare? – part 1

Many people who know me know that I am not the fan boy of Android devices. It can be a nightmare when managing those devices, but is that still a valid statement or is it getting better? In this series of blogs, I want to try to get a clear view if Android devices in an Enterprise are a blessing or a nightmare. That there are Android devices connecting to most environments to get access to corporate data is a fact. When looking at Microsoft Intune we can block the ability that Android devices can be enrolled into Intune, but [...]

By |2017-12-01T15:57:46+01:00december 4th, 2017|Enterprise Mobility Suite (EMS), Security|4 Comments

Intune: Reporting Part 1 – create basic inventory report directly from Intune Console

I am a ConfigMgr consultant by heart where I have spent most of my IT-career designing and building ConfigMgr Solutions for customers. And everyone that has worked with ConfigMgr knows that you can report on basically anything from the clients managed by ConfigMgr. If you don't see the data, the reason is probable that the the Agent is not configured to harvest it. Well for the past 3-4 years I have also been working with Intune where the reporting capabilities has been a bit limited, especially devices managed through mdm, however the reporting has capabilities been greatly improved over the [...]

By |2017-11-13T00:23:52+01:00oktober 31st, 2017|Azure, Enterprise Mobility Suite (EMS)|4 Comments

Manage your Windows 10 devices via PowerShell and Microsoft Intune

A big wish of the community and companies using Microsoft Intune was the ability to manage Windows 10 devices that are managed with Microsoft Intune via PowerShell. Since the MDM channel is not supporting deployment and the execution of PowerShell scripts, Microsoft announced today at Ignite the Microsoft Intune Management Extension. Meet the Microsoft Intune Management Extension The Microsoft Intune Management Extension is an addition to the current Windows 10 MDM capabilities and allows us now to deploy and execute PowerShell scripts. The Microsoft Intune Management Extension is automatically deployed and installed on Azure AD joined devices. The Microsoft Intune [...]

It’s here, Android O aka Android Oreo

Google just announced the release of Android 8.0 aka Android Oreo - https://www.android.com/versions/oreo-8-0/ and https://youtu.be/twZggnNbFqo lot’s of new cool features to look forward to, and also important architecture changes. My believe is that especially the architecture change, will have an impact on those administrators managing Android devices as future OS upgrades can come faster. The vendor specific implementation will now be separated from the OS framework as illustrated below. This change, and many of other security features will all be supported from Microsoft Intune and Microsoft System Center Configuration Manager with Zero day support. Before moving into testing, a couple [...]

Set Desktop and Lock Screen wallpaper with Intune in Windows 10

This is a quick blog post to show you can set this fairly easily using Intune. Intune requires you to point to a URL for the wallpaper which at first seems a bit odd, but it actually makes a lot of sense when you have solutions like OneDrive. What am I talking about? Well, find a suitable wallpaper and place it on your Sharepoint OneDrive or Personal OneDrive. Then share the wallpaper and create a public viewing link like so   Next, test the link by pasting the URL into your browser and take a look at the result. It [...]

How to manage Bitlocker on a Azure AD Joined Windows 10 Device managed by Intune.

When joining a computer to AAD either manually or by using a provisioning package, Bitlocker will be enabled automatically if your device has the necessary prerequisites. However in the case that Bitlocker is disabled this is how you enable Bitlocker, save the Bitlocker Key Protector to ADD (also known as the recovery key) and recover the key in the case you need it. So this blog post is both for the end-user and IT-pro I guess. In this scenario we have configured a Device Compliance Policy in Intune where we require Encryption of data storage on devices and sent the [...]

Windows 10: Upgrade the edition with Intune in the new Azure Portal

Most professional PC’s delivered today is delivered with Windows 10 Pro (out of the box) which is a really good Operating System, covering most use-cases. However in the world of BYOD and CYOD (Bring your Own / Choose your Own Device) companies, enterprises, goverments, schools etc. often want to upgrade to either Enterprise or Education since these editions of Windows 10 are more feature rich and has a couple of enhancements compared to Pro. Luckly, changeing the SKU does not involve a reinstallation or an major upgrade of the OS. And from Windows 10 1607 (Anniversary Update) you could go [...]

Windows 10 1703 Creators Update: First impressions

Windows 10 creators update is out and I wanted to create a quick blog of the initial experience installing and enrolling it into one of my Azure Active Directory (AAD) test tenants. The initial installation is more or less the same as before, but we know for a while that Microsoft will improve the OoBE (Out of Box Experience) where it now has a new nicer flow and UI. It’s very interesting to see how Microsoft is investing in these types of features and it tells us (in my opinion) how Microsoft looks at the future of Device/Windows deployment and [...]

By |2017-04-06T11:47:03+01:00april 6th, 2017|Configuration Manager (SCCM), Enterprise Mobility Suite (EMS), Windows Client|Kommentarer lukket til Windows 10 1703 Creators Update: First impressions

The Impact of introducing the Microsoft Enterprise Mobility + Security in the organization

The Impact of introducing the Microsoft Enterprise Mobility + Security in the organization In my work as an advisor and consultant I see organizations adapting to the emerging IT landscape, where user behavior is changing and security risks are increasing. In the midst of this change, I encounter frustrated IT professionals trying to keep up with everything and not having enough time to do so. I encourage my customers to be on top of changes and make sure they stay on top. That message goes beyond IT pros and extends to business owners and managers who can no longer afford [...]

Unknown error creating the Intune connector in Configuration Manager CB

Recently ran into an unknown error while trying to create the Intune connector in ConfigMgr 1602 (and 1606). The error occurred in the “Create Microsoft Intune Subscription Wizard” when trying to Sign in using a Global Admin Azure account. For those of you who do not understand Danish (yet), the error message is something like “An Unexpected error occurred”. The GA Azure account is a “service account” and not used to enroll mobile devices. For that reason the account wasn’t assigned an Enterprise Mobility Suite (EMS) license.  The solution: Assign an EMS license in Azure Active Directory to the Global [...]

Error enrolling devices into Intune & Configuration Manager 1602

Enrolling devices into Intune and & ConfigMgr is normally straight forward until you run into issues. Below is an example where I received an enrollment error (picture 1), clicking Continue leads me to picture 2. As you can see in picture two the Enrollment Update turns from Warning to Checkmark, but only for about 5 seconds then it goes back to a warning.     Troubleshooting mobile devices is slightly different than traditional desktop troubleshooting. The troubleshooting options depends on the device (Android, iOS or Windows). In this example my device was an Android. You can email the log files [...]

Conditional access with ConfigMgr+Intune and On-Premises Exchange

Conditional Access in either a Cloud-only or Hybrid scenario is a great way to control data by saying we do not allow you to access Corporate Email without enrolling the device to a Corporate MDM solution where Data Protection Policies will be applied. This is in my opinion the best compromise where we let the user be productive where they get the ability to access corporate data on any device, anywhere, where we at the same time have control over the device, forcing security and compliance policies, encrypting data, deploy (LoB) apps and las but not least have the ability [...]

Android OS version not on the requirement list

Managing mobile devices can be different compared to managing traditional computers for many reasons. One of them being the lack of control with operating system versions on the devices. We simply don’t control when Android and iOS devices are being upgraded and as such we don’t control what version users are using. That can be a challenge when you are using requirement rules on your web applications (and other deployment types). In the illustrations below it’s easy to see that we have a bunch of Android 6+ versions and looking at the requirement rules for the web apps you’ll see [...]

Microsoft Azure AD Connect not syncing at a cycle

Recently I had a customer who had implemented the latest version of Azure AD Connect (v. 1.1.119.0) which was available in February 2016. In this version Microsoft changed a lot the make it easier to administrate and convenient to use. They also added some great new features like! Reduction in the sync interval to keep your Azure AD in sync with AD on-premises more quickly Support for automatic upgrades Ability to switch between sign-in methods through the wizard to enable faster pilots Support for Domain and OU filtering within the wizard Read more here: https://blogs.technet.microsoft.com/ad/2016/02/18/azure-ad-connect-1-1-is-now-ga-faster-sync-times-automatic-upgrades-and-more/  Well as it turned out, [...]

Community Web page to help corporate users enroll their devices!

Guidence on how you can enroll your device and gain access to your corporate data and applications: This web page is created by the community for the community to help corporate users to efficiently enroll their devices into an Microsoft Enterprise Mobility Solution. Businesses can use this webpage as an How-To for their users and link it to their existing documentation. The site covers: Microsoft Windows 10 Devices Apple iOS Devices Google Android Devices Visit the page by going clickin here: www.enrollyourdevice.com Also check out the Microsoft EMS Resources App https://www.microsoft.com/store/apps/9nblggh6j3fq and YouTube page https://www.youtube.com/channel/UCbf6dOWcNhRgLHDEXJWqiNw for more information about Microsoft [...]

By |2016-04-04T15:03:56+01:00april 4th, 2016|Configuration Manager (SCCM), Enterprise Mobility Suite (EMS)|Kommentarer lukket til Community Web page to help corporate users enroll their devices!

OMS/EMS Seminar March 2016: Enterprise Mobility Suite Session Notes and slides

Hi First and foremost, thanks to all attendees for a great day on Wednesday. Lots of great questions and discussions and to all of you who is wondering what happened to my girlfriend’s phone – well I had to un-enroll it the morning after!  For those of you who are waiting for the EMS-book that Kent is writing together with Peter Daalmans, it is not to long until it is published so stay tuned! I will update this blog post with link to the book when it is out.. Download the slide deck: EMS Microsoft EMS Resources app is free and [...]

Windows WI-FI profiles

Currently working on an Enterprise Mobility project, and thought I should share a little trick. In the project; we are deploying WI-FI profiles to Windows 10 devices. Some WI-FI profiles use SCEP/NDES certificates while others are configured using a pre-shared secret. When working with Windows WI-FI profiles, the only way to add a pre-shared secret to the profile is by creating a custom XML file. An easy way to create the WI-FI profile XML file; is to create the profile on a Windows 10 computer and then export the profile. To do that, use the steps below: To list all [...]

By |2016-01-10T06:19:40+01:00januar 10th, 2016|Configuration Manager (SCCM), Enterprise Mobility Suite (EMS), General info|Kommentarer lukket til Windows WI-FI profiles

December 11: Microsoft Enterprise Mobility Suite (EMS) Resources at your fingertips

I know it's a pompous title, but that still the idea behind what I want to show next. As an IT-Pro I am used to staying up to date on the latest technology that I am working with. And with On-premises solutions like traditional ConfigMgr implementations, staying up to date is not too hard with a little bit of effort since new features and updates are not added daily as opposed to what is going on in the Cloud. Now for some time now I have been working with Cloud services like Microsoft Intune and eventually EMS after the suite [...]

Microsoft EMS News App for Windows 10 and Windows Phone 10

Update: The app has now changed name and is published to the Microsoft store under the name Microsoft EMS Resources An updated blog post is published here: https://blog.ctglobalservices.com/mas/december-11-microsoft-enterprise-mobility-suite-ems-resources-at-your-fingertips/ As an IT-Pro I am used to staying up to date on the latest technology that I am working with. And with On-premises solutions like traditional ConfigMgr implementations, staying up to to date is not too hard with a little bit of effort since new features and updates are not added daily as opposed to what is going on in the Cloud. The cloud is evolving so fast with new features and services added daily [...]

IT Devconnections Enterprise Mobility and Identity BOF

During the BOF last week @ #ITDevCon i briefly talked about creating a couple of managed apps using PowerShell in ConfigMgr. Below are a few examples, open PowerShell ISE aas administrator and magic happens #Import Module Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") $SiteCode = Get-PSDrive -PSProvider CMSITE Set-Location "$($SiteCode.Name):\" #Create the Word Application New-CMApplication -Name "Word" #To create a iOS deployment type for the application Add-CMDeploymentType -ApplicationName "Word" -AutoIdentifyFromInstallationFile -IosDeepLinkInstaller -DeploymentTypeName "Word iOS" -InstallationFileLocation "https://itunes.apple.com/us/app/microsoft-word/id586447913?mt=8" -ForceForUnknownPublisher $True #Create the OneNote Application New-CMApplication -Name "OneNote" #To create a iOS deployment type for the application Add-CMDeploymentType -ApplicationName "OneNote" -AutoIdentifyFromInstallationFile -IosDeepLinkInstaller -DeploymentTypeName "OneNote iPhone" -InstallationFileLocation "https://itunes.apple.com/us/app/microsoft-onenote-for-iphone/id410395246?mt=8" -ForceForUnknownPublisher [...]

By |2015-09-22T23:54:47+01:00september 22nd, 2015|Configuration Manager (SCCM), Enterprise Mobility Suite (EMS), Events|Kommentarer lukket til IT Devconnections Enterprise Mobility and Identity BOF

Install and Configure on-prem mobile device management (MDM) with ConfigMgr vNext TP3

This guide is written by Panu Saukko and Kent Agerlund (both Microsoft Enterprise Client MVP’s). These are the steps we used in our demo environments to configure the new on-prem MDM feature in system Center Configuration Manager vNext Technical Preview 3. In the article you will notice that we used two different environments and you will see screenshots from both environments. Don’t let that confuse you, happy reading and enrolling. The environments we used are: Configuration Manager site: vn3, Site Server: vnext.corp.viamonstra.com, Domain: corp.viamonstra.com, PKI server: dc.corp.viamonstra.com Configuration Manager site: C15, Domain: cmdemo.local, PKI server: cm-dc1.cmdemo.local System Center 2012 Configuration [...]

Deploying WIFI profiles with pre-shared secret to Android devices using ConfigMgr

Today I have spend some time creating and deploying WIFI profiles to Android devices and would like to share my experiences. To get started with Android and WiFi profiles I used this TechNet article https://technet.microsoft.com/en-us/library/dn705842.aspx is almost correct, but there a few bugs in the XML example (as I see it, authentication and encryption). To get me all the way I combined the knowledge from the article with information from MSDN https://technet.microsoft.com/en-us/library/dn705842.aspx and finally this super nice Android PSK Generator community tool - http://johnathonb.com/2015/05/intune-android-pre-shared-key-generator/  The Android XML configuration is really easy,just add the WiFI information into the Configurator and click [...]