Archive

Archive for the ‘Enterprise Mobility Management’ Category

Technet Webinar: What’s new on the Configuration Manager horizon – Debrief

November 30, 2015 Leave a comment

faq1Thanks to all who attended my webinar on What’s new on the Configuration Manager  horizon last Friday. As promised a quick debrief blog post to highlight and answer some of the questions from the Q&A.

Here we go:

Q: So you can do an in-place with 2012 right? And for side by side is the full new build?

In place upgrade scenario will be supported from the following:

  • System Center 2012 Configuration Manager SP1
  • System Center 2012 Configuration Manager SP2
  • System Center 2012 R2 Configuration Manager
  • System Center 2012 R2 Configuration Manager SP1

Side-by-side migrations are not supported. A possible approach is to Setup a new vNext environment, then upgrade your existing environment to vNext and then migrate your objects to the new vNext environment you built in step 1.

Q: Will the Application Catalog site still depend on Silverlight?

Application Catalog will be merged into the new Software Center – no need for a separate web interface anymore.

Software Center has a new, modern look and apps that previously only appeared in the Application Catalog (user-available apps) now appear in Software Center under the Applications tab. This makes these deployments more discoverable to users and removes the need for them to use the Application Catalog. Additionally, a Silverlight enabled browser is no longer required.

Q: So no 2016 , no new UI, just monthly updates?

Yes, Yes, and no not really. 🙂

There is a lot more to Configuration Manager than just the “as-a-service” approach. See the session recording for details.

Q: On-prem MDM will support iOS and Android as well as hybrid SCCM+Intune?

In the technical previews support is limited to Windows 10 devices only.

Currently there is no information if/when other platforms will get in scope.

Q: Will SQL Server AAG (AlwaysOn Availability Groups) be supported for an upgraded installation and not only for a new installation?

Currently not supported in the TP.

In future releases you will be able to move to using SQL always on, on already installed sites.

Q: Are there any Statements when ConfigMgr vNext will Support Server 2016 for deployment and for being used as Site Server OS?

I am not aware of any exact statements on timing. Do assume there will also be a ConfigMgr release at the time 2016 products are released.

Q: Can you make software available to the Windows 10 (Business) App Store?

There is no integration with the Business Store yet.

Q: Do you have a list of features you listed and what is in TP4 today?

Have a look here : https://technet.microsoft.com/en-us/library/dn965439.aspx

Q: Are there changes in the app deployment for other os (mac / linux)?

There was a recent announcement where Intune support for Mac OS X was unveiled.

That article also indicates that: for customers using System Center Configuration Manager integrated with Intune to manage devices in a hybrid deployment, we’re excited to announce that all these same Mac OS X management features will be available in the upcoming major update to Configuration Manager.

 

Update 30/11 : Session recording is available here. And also on Channel 9 here.

Until next time!

Tim

Advertisements

IT/Dev Connections 2015 Speaker

September 8, 2015 Leave a comment

End of this week I will be heading to Las Vegas again for the 2015 edition of IT/Dev Connections. The event is taking place from the 14th to the 17th of September at the Aria Resort.

This year I will be delivering 2 sessions again with my regular co-speaker Kenny Buntinx. Both sessions are in the Enterprise Management and Mobility track:

# 1 – Securely Delivering Traditional Windows File Server Home Folders to BYOD Devices.

Discover the most hidden and underestimated Windows Server 2012 R2 feature, called Work Folders. Work Folders lets you leverage your file server investment while simultaneously providing end users with anywhere access to their data, from their work PCs to their personal devices. In this session you’ll learn about challenges for secure implementation and management not only with traditional home folders but also in the BYOD world. Discover how to deploy and manage Work Folders servers and clients, gain an understanding of how Work Folders operates end-to-end and integrates into your existing infrastructure, and learn how Work Folders takes advantage of capabilities such as multi-factor authentication, Workplace Join, and Selective Wipe to ensure that corporate data remains secure wherever it goes.

(link)

#2 – Arming Your Mobile Workforce Warriors for the 21st Century

In today’s world, your mobile workforce will most likely have expanded significantly. Managing your ever-expanding legion of mobile warriors and their arsenal of devices can be a challenging task. During this session we’ll show how Configuration Manager and the Intune extensions can help you manage your troops and arm them with the correct tools for battle. Learn how Intune and System Center Configuration Manager make it easy to manage all your Windows, Windows Phone 8, iOS, and Android devices with a single pane of glass. We’ll walk through how to easily configure devices for your users by pushing Wi-Fi, VPN, certificate, and email profiles as soon as they’re enrolled. We’ll cover configuration and management of device settings; provisioning profiles for email, VPN, and Wi-Fi; and other native features that come through the standard Intune extensions.

(link)

DevCon-Teaser1.Next to Kenny and myself there is a third SCUG.be member presenting at IT/Dev Connections: Dieter Wijckmans is going to rock and roll in the Cloud & Datacenter track. Have a look at his sessions here.

Similar to last year the three of us will be using the #meetthebelgians hash tag during the event. Will you help us get this hash tag listed into the Twitter analytics again for this edition? Make sure to do so, and most of all: reach out if you see us hanging around – we are looking forward to meeting you!

Registrations for the event are still open!

Hope to see you there.

Tim

UDM: Conditional Access – Saving of Access Rules to Exchange has failed (error: A2CE0100)

March 29, 2015 Leave a comment

A few days ago we have been working on extending our hybrid demo environment. We made some changes required to demonstrate conditional access with Exchange online. Details on how we set things up will follow shortly in another post.

Once the basics were in place we implemented a policy that would block a user to access their mailbox when using an unmanaged device.

The policy was properly deployed to a collection which included my demo user, however I noticed my demo user could still sync his mail on an iPhone 5 which was not enrolled. Even after an hour or two this condition remained unchanged so something was wrong.

Initial investigation did not show anything out of the ordinary in the Configuration Manager console. However in the Intune console I noticed an entry in the Alerts node:

Saving of Access Rules to Exchange has failed


Microsoft Intune was unable to set the requested mobile device access rules or related settings in Exchange due to the following error: A2CE0100

 

image

Unfortunately the “View Troubleshooting Information” link is broken. So is the one on the top right in the console and the right-click one. As such it was hard to find any further details on this specific error.

I made a few attempts to get things working, including the following:
– Modifying the compliance policy (increasing the revision number)
– Removing and adding the user from and to the target collection
– Removing and recreating the deployment of the compliance policy

I can confirm none of the above resolves the issue. The policy still did not get applied.

In the end to get things working again what I had to do was to delete the compliance policy,  recreate it from scratch, and deploy it again.

image

When synching mail on the iPhone 5 a few minutes later, the policy kicked in.

image

Although the problem was solved and we now have a working demo scenario; in the end I have no idea what went wrong initially and how I could have been troubleshooting this in a more optimized way. Whatever it was it does not seem to resolve itself. Also the repeat count of the alert not increasing indicates the system itself does not do any retries.

I definitely see a few areas for improvement here:

  • Fixing the link to the troubleshooting information so the admin can troubleshoot properly and in a most optimized way.
  • Exposing Intune alerts to the Configuration Manager Console so the admin does not have to look in multiple locations.
  • Having the system retry the action “Saving of Access Rules” at least a few times. In case the alert repeat counter increases the admin can further look into a blocking issue. Otherwise there may have just been a glitch and the issue would have resolved itself.

If you are ever facing the same issue, I hope this article will save you some troubleshooting time!

Tim

UDM with ConfigMgr and Intune – why CU’s Matter

February 27, 2015 Leave a comment

When delivering sessions on Unified Device Management (UDM) with Configuration Manager and Intune we have always stressed the fact that running on the latest CU level is really important. If you attended our most recent session in Zurich you may recall the following slide header:

image

 

A post that was published on the Configuration Manager Team Blog yesterday now gives a perfect overview on why those CU’s matter: as of CU2 there were a lot of fixes and improvements included related specifically to Mobile Device Management.

First there was CU2 which included fixes and improvements related to policies. CU3 included Simple Certificate Enrollment Protocol (SCEP) related fixes and the latest CU4 added the following:

  • Attempts to enroll a device in a user collection containing security groups will fail with an access denied error.
  • Inventory data collected from mobile devices and the Windows Intune connector may be for the wrong device if two devices synchronize simultaneously.
  • Hotfix extends client notification in System Center 2012 R2 Configuration Manager to MDM devices http://support2.microsoft.com/kb/2990658
  • Mobile Device Management settings are not applied to cloud-managed users in System Center 2012 R2 Configuration Manager http://support2.microsoft.com/kb/3002291

For a full history and overview of what was included in which CU have a look at the original post. Remember that these updates are cumulative so installing CU4 is sufficient as it includes everything from previous releases.

So our recommendation remains: apply the latest available Cumulative Update to your Configuration Manager environment as soon as possible!

Until next time!

Tim

Microsoft Intune: February update introduces more new features

February 6, 2015 Leave a comment

MicrosoftIntune_LogoThe February update for Microsoft Intune just got announced on the Microsoft Intune blog. It will be released between February 6th (today!) and February 11th. You can check the status page for more specific timeframes here.

This update will include the following new features for Intune standalone:

  • Management of Office mobile apps (Word, Excel, and PowerPoint) for Android devices, including ability to restrict actions such as copy, cut, and paste outside of the managed app ecosystem.
  • Management of the OneNote app for iOS devices.
  • Ability to browse and install apps on Windows Phone 8.1 devices using Intune Company Portal website.
  • Deployment of WiFi profiles for Windows devices using XML import and Windows Phone devices using OMA-URI.
  • Support for Cisco AnyConnect per-app VPN configurations for iOS devices.
  • Ability to require encryption on Windows 8.1 (x86) devices.
  • Ability to set minimum classification of platform updates to be installed automatically on Windows 8.1 (x86) devices.

As part of the announcement Microsoft is also mentioning a more frequent release cadence: in the future they will be releasing new features to Intune on a monthly basis.

Have a nice weekend!

Tim

Outlook for iOS badge count not showing

February 2, 2015 3 comments

Earlier this week Microsoft has released the Outlook for iOS application. I have been using the application for the past few days and I personally find it a major improvement compared to the default mail application.

One thing I noticed straight away was that the badge counter indicating the number of unread emails did not display for the Outlook application. The counter did work fine for my old email app. As I am not using any other notifications (sound or display) for email I found this is a feature I quite heavily rely on when quickly checking for new mails. I needed to get this resolved.

First step I did for troubleshooting was to check the settings menu in the application to see if anything was hinting toward this option. There is a badge count setting, but other than switching between the Focused and All inboxes there are no other options to set.

2015-02-02 16.38.23

 

When digging further into this I found that the key to solve this problem is in the notification settings for the application (in the general phone settings). Here I had to enable the Allow Notifications option first to reveal further options. The badge app icon is the one that I needed to enable.

2015-02-02 16.37.59

 

The immediate result:

OutlookIOSBadge

Simple fix for a simple issue. Why the Allow Notifications setting was disabled by default remains an unanswered question. A few of my friends installed the application as well and for them the badge count was enabled immediately.

I hope this may help you save some troubleshooting time in case you are also missing the badge count on your Outlook for iOS application.

Until next time!

Tim

Microsoft Intune: more new capabilities released

December 10, 2014 Leave a comment

MicrosoftIntune_LogoOn Monday Brad Anderson has announced that a new set of updates was coming to Microsoft Intune this week. Brad described this release as the most significant set of updates in the history of the product.

This is the summary of the new capabilities that Brad provided in his blog post:

  • Mobile Application Management: introducing containers to separate corporate data and application from personal data and applications.
  • Conditional Access to Exchange Online: allowing to restrict access to Exchange online only to devices that are enrolled for management and are meeting the compliance policies defined by the IT administrators.
  • Deep Management of the Office Mobile Apps on iOS and Android and restricting copy/paste possibilities and save locations.
  • Managed Browser and Managed PDF View, AV Player and Image Viewer apps. Full details on this capability and some scenarios are outlined in this earlier blog post by Brad.
  • Bulk enrollment of iOS devices using Apple Configurator: through integration with Apple Configurator bulk enrollment of devices is now supported. This also enables the use of configuration files that can be imported into Intune to set custom iOS policies

    image

This service update is being rolled out at this very moment; between December 9th and December 12th. To see when tenants will be updated customers can have a look at the Intune Service Dashboard.

As this is currently only applicable to Intune Standalone the next logical question would be if / when we will see these features for UDM implementations (integrating Configuration Manager with Intune). That question remains unanswered for now but based on this post on the Microsoft Intune blog we can assume these will be made available shortly.