Microsoft Intune Enrollment Restriction Update

Since the arrival of Microsoft Intune Enrollment Restrictions, I have been waiting for a way to have more granular control of the restrictions. We have been forced to have the same setting for all users and with no exceptions at all. I have a lot of customers who wants to block the common user from enrolling personal iOS devices or even Windows 10 MDM as the company are not ready for it at the moment.  Continue reading

Microsoft Intune “Built-In” App type to save the day

As I was strolling around in my Intune tenant today I found that a new feature has arrived regarding Intune and Mobile Apps. It has been easy lately to add iOS app by just searching the appstore directly from Intune, but Android has been the same bad experience with me going to the Android play webpages and search for app URLs. Today that might just be gone for 90% of my use cases with Microsoft Intune Built-In App type. Continue reading

Finishing up at #ExpertsLive Europe

After 3 days at Experts Live in Berlin, my speaker duties are finished. This conference was pretty new to me and I would like to share my experiences. I have delivered 4 contributions to this great conference, 2 sessions where I have been talking about Microsoft Intune, Azure AD, Conditional Access and Windows 10 Modern IT and 2 discussion panel session talking about much of the same stuff 🙂

Continue reading

Windows 10 Azure AD Join build 1607

This is going to be a short blogpost on the updated experience on what it looks like for a user doing a out of the box Azure AD Join in the Anniversary Edition of Windows 10. There is a few and cool new things giving the user a much better experience.

One thing to notice is that Convenience Pin is disabled by default for Domain Joined or Azure AD Joined machines. Read on to learn how this affects the users.

Continue reading

Configure PFX Certificate Profile distribution in Microsoft Intune

Businesses are investing a lot in securing access to company resources but still achive a good and simple user experience around accessing those resources. Haven’t we all strugled to actually get access to the corporate WIFI which has been secured with certificates? Or what about strugling with changing password on all devices to get e-mail flowing again after we have changed the password on our work computer.

This can all be made easier with provisioning users with a certificate on the mobile device. With the certificates provisioned to the user on the device, we can also provision wifi-profiles, vpn-profiles and even e-mail profiles for on-prem exchange without the user needing to provide a password to connect to it.

Continue reading

Windows 10: Managing Windows Defender With Intune

Since Microsoft released support for Windows 10 management through Intune we have been able to manage the settings for Defender through custom OMA-URI settings in the Intune portal. The experience around this har been OK, but not optimal.

In the latest update release for Intune it is now possible to manage all settings for Windows Defender directly from the General Windows 10 Policy template. In this blogpost I will show how this new feature work.  Continue reading