Archive

Archive for the ‘Microsoft Intune’ Category

Microsoft MVP Summit 2015 Debrief

November 16, 2015 Leave a comment

2015-11-01 12.16.29Last weekend I got back home after spending two weeks in the United States. The first of those two weeks I have spent in Redmond, attending the Microsoft MVP Global Summit 2015.

Most of the sessions and content shared during the MVP summit is under NDA – so I cannot share any details about them. One topic we got approval to disclose information about is the hackathon.

The concept of the hackathon in a nutshell:

  • Prior to the summit the MVP’s could submit ideas, improvements and features they would like to have in the product.
  • The Product Group made a shortlist out of the proposed items.
  • A mixed team of MVP’s and Product Developers is assigned to work on each of the items on the shortlist.
  • After a short kickoff meeting on Monday each team has a few checkpoint meetings during the week to further discuss and follow-up on the progress.
  • By the end of the week the solution is presented to the entire group. Everyone involved can cast 2 votes and based on those votes the rankings are listed on a scoreboard (Note: there are no prices … just bragging rights).
    These are the topics that got shortlisted:
  • Project Active : real time information on active clients
  • Project ANT : aka Twitter for ConfigMgr
  • Project SCCMARA : Azure Remote App Integration
  • Recursive Task Sequences
  • Wizards of Wizards : ability to save templates for settings
  • In console reporting on TS progress steps
  • Server Patching
  • Alternate UPN for cloud synching
  • Hybrid Intune enrollment troubleshooting tool
  • Powershell support for creating CI settings

I was a member of the Project ANT Team. A quick line-up of the team:

  • MVP’s : Collin Smith, Kenny Buntinx and myself
  • Microsoft PM : Dune
  • Microsoft Developers: Rae, Chris, Pong and Anton

Purpose of our project was to be able to send real time notifications to end-users via the Configuration Manager console and to log end-user consent. Additionally we wanted to be able to include similar notifications when defining deployments. It is all about involving the end-user in (sometimes complex) scenarios.

This all started on Monday and by the end of the week all projects got presented (and live demoed!) to the entire PG and MVP group. Everyone in the room could cast 2 votes for their favorite projects. Based on those votes our project ended taking the second place on the winners podium. At that time we also got approval from Microsoft to also present this solution at the MMS conference in Minnesota (more on that in a separate blog post).

Seeing an idea evolve into a working feature in the product in just a few days time is just an amazing experience. Big thanks to the Microsoft team for making this happen. Do note that this is lab work only – whether or not this feature will ever make it into the final product in any form or format is undecided at the moment.

The hackathon was definitely the top item on the agenda for the week but the content shared during the other sessions was very valuable as well. For those who were in doubt whether Configuration Manager would be dead in a few years from now: I can only say they should not fear: the product is more alive than ever!

TDK_MSFT

This was the first time I have attended the summit and as such I cannot compare to previous editions. All I can say about this edition is that it has been an amazing experience: from meeting the product group, visiting the Microsoft Campus to spending time with my fellow MVP’s – it has all been great.

Until next time!

Tim

Advertisements

IT/Dev Connections 2015 Speaker

September 8, 2015 Leave a comment

End of this week I will be heading to Las Vegas again for the 2015 edition of IT/Dev Connections. The event is taking place from the 14th to the 17th of September at the Aria Resort.

This year I will be delivering 2 sessions again with my regular co-speaker Kenny Buntinx. Both sessions are in the Enterprise Management and Mobility track:

# 1 – Securely Delivering Traditional Windows File Server Home Folders to BYOD Devices.

Discover the most hidden and underestimated Windows Server 2012 R2 feature, called Work Folders. Work Folders lets you leverage your file server investment while simultaneously providing end users with anywhere access to their data, from their work PCs to their personal devices. In this session you’ll learn about challenges for secure implementation and management not only with traditional home folders but also in the BYOD world. Discover how to deploy and manage Work Folders servers and clients, gain an understanding of how Work Folders operates end-to-end and integrates into your existing infrastructure, and learn how Work Folders takes advantage of capabilities such as multi-factor authentication, Workplace Join, and Selective Wipe to ensure that corporate data remains secure wherever it goes.

(link)

#2 – Arming Your Mobile Workforce Warriors for the 21st Century

In today’s world, your mobile workforce will most likely have expanded significantly. Managing your ever-expanding legion of mobile warriors and their arsenal of devices can be a challenging task. During this session we’ll show how Configuration Manager and the Intune extensions can help you manage your troops and arm them with the correct tools for battle. Learn how Intune and System Center Configuration Manager make it easy to manage all your Windows, Windows Phone 8, iOS, and Android devices with a single pane of glass. We’ll walk through how to easily configure devices for your users by pushing Wi-Fi, VPN, certificate, and email profiles as soon as they’re enrolled. We’ll cover configuration and management of device settings; provisioning profiles for email, VPN, and Wi-Fi; and other native features that come through the standard Intune extensions.

(link)

DevCon-Teaser1.Next to Kenny and myself there is a third SCUG.be member presenting at IT/Dev Connections: Dieter Wijckmans is going to rock and roll in the Cloud & Datacenter track. Have a look at his sessions here.

Similar to last year the three of us will be using the #meetthebelgians hash tag during the event. Will you help us get this hash tag listed into the Twitter analytics again for this edition? Make sure to do so, and most of all: reach out if you see us hanging around – we are looking forward to meeting you!

Registrations for the event are still open!

Hope to see you there.

Tim

Microsoft Intune: April Update brings more features

April 20, 2015 Leave a comment

Microsoft-IntuneMicrosoft is updating its Intune service this week and will be introducing an additional set of new features.

A quick overview of the new cloud only –or standalone- features that are part of this release:

  • Management of Office mobile apps (Word, Excel, and PowerPoint) for Android tablets.
  • Ability to restrict access to Exchange on-premises for Exchange ActiveSync clients on Android devices.
  • Ability to create WiFi profiles with pre-shared keys (PSK) for Android devices.
  • Ability to resolve certificate chains on Android devices without the need to deploy each intermediate certificate individually.
  • Deployment of .appx bundles to Windows Phone 8.1 devices.
  • Managed Browser app for iOS devices that controls actions that users can perform, including allow/deny access to specific websites.
  • Management of Work Folders app for iOS devices.
  • Updated Endpoint Protection agent for managing Windows PCs.
  • Ability to manage Windows Defender on Windows 10 PCs running Windows 10 Technical Preview without need for separate Microsoft Intune Endpoint Protection agent to be installed.
  • Combined Microsoft Intune Company Portal websites for PCs and mobile devices to provide a more consistent user experience across platforms.
  • Added Windows and Windows Phone Company Portal apps to the Microsoft Download Center to provide an additional option for accessing these app downloads.
  • Enhanced user interface for overview pages within Intune admin console.

Details on when the updates are taking place per service instance can be found here.

Until next time.

Tim

Categories: Microsoft Intune Tags:

UDM: Conditional Access – Saving of Access Rules to Exchange has failed (error: A2CE0100)

March 29, 2015 Leave a comment

A few days ago we have been working on extending our hybrid demo environment. We made some changes required to demonstrate conditional access with Exchange online. Details on how we set things up will follow shortly in another post.

Once the basics were in place we implemented a policy that would block a user to access their mailbox when using an unmanaged device.

The policy was properly deployed to a collection which included my demo user, however I noticed my demo user could still sync his mail on an iPhone 5 which was not enrolled. Even after an hour or two this condition remained unchanged so something was wrong.

Initial investigation did not show anything out of the ordinary in the Configuration Manager console. However in the Intune console I noticed an entry in the Alerts node:

Saving of Access Rules to Exchange has failed


Microsoft Intune was unable to set the requested mobile device access rules or related settings in Exchange due to the following error: A2CE0100

 

image

Unfortunately the “View Troubleshooting Information” link is broken. So is the one on the top right in the console and the right-click one. As such it was hard to find any further details on this specific error.

I made a few attempts to get things working, including the following:
– Modifying the compliance policy (increasing the revision number)
– Removing and adding the user from and to the target collection
– Removing and recreating the deployment of the compliance policy

I can confirm none of the above resolves the issue. The policy still did not get applied.

In the end to get things working again what I had to do was to delete the compliance policy,  recreate it from scratch, and deploy it again.

image

When synching mail on the iPhone 5 a few minutes later, the policy kicked in.

image

Although the problem was solved and we now have a working demo scenario; in the end I have no idea what went wrong initially and how I could have been troubleshooting this in a more optimized way. Whatever it was it does not seem to resolve itself. Also the repeat count of the alert not increasing indicates the system itself does not do any retries.

I definitely see a few areas for improvement here:

  • Fixing the link to the troubleshooting information so the admin can troubleshoot properly and in a most optimized way.
  • Exposing Intune alerts to the Configuration Manager Console so the admin does not have to look in multiple locations.
  • Having the system retry the action “Saving of Access Rules” at least a few times. In case the alert repeat counter increases the admin can further look into a blocking issue. Otherwise there may have just been a glitch and the issue would have resolved itself.

If you are ever facing the same issue, I hope this article will save you some troubleshooting time!

Tim

Microsoft Intune: March updates quick overview

March 6, 2015 Leave a comment

As announced previously Microsoft is planning to release updates to Intune on a monthly basis. The service update for March is ongoing as we speak and will include the following new features for Intune standalone:

  • Ability to streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP)
  • Ability to restrict access to SharePoint Online and OneDrive for Business based upon device enrollment and compliance policies
  • Management of OneDrive apps for iOS and Android devices
  • Ability to deploy .appx files to Windows Phone 8.1 devices
  • Ability to restrict the number of devices a user can enroll in Intune

For hybrid customers (UDM) there is also a new feature:

  • The ability to create custom WiFi profiles with pre-shared keys (PSK) for Android devices

Unfortunately still a rather unfair balance for those working with a hybrid setup, although in the original announcement Microsoft is indicating that delivering new features for those hybrid customer remains a top priority as well.

More details on the Microsoft Intune blog.

Until next time.

Tim

UDM with ConfigMgr and Intune – why CU’s Matter

February 27, 2015 Leave a comment

When delivering sessions on Unified Device Management (UDM) with Configuration Manager and Intune we have always stressed the fact that running on the latest CU level is really important. If you attended our most recent session in Zurich you may recall the following slide header:

image

 

A post that was published on the Configuration Manager Team Blog yesterday now gives a perfect overview on why those CU’s matter: as of CU2 there were a lot of fixes and improvements included related specifically to Mobile Device Management.

First there was CU2 which included fixes and improvements related to policies. CU3 included Simple Certificate Enrollment Protocol (SCEP) related fixes and the latest CU4 added the following:

  • Attempts to enroll a device in a user collection containing security groups will fail with an access denied error.
  • Inventory data collected from mobile devices and the Windows Intune connector may be for the wrong device if two devices synchronize simultaneously.
  • Hotfix extends client notification in System Center 2012 R2 Configuration Manager to MDM devices http://support2.microsoft.com/kb/2990658
  • Mobile Device Management settings are not applied to cloud-managed users in System Center 2012 R2 Configuration Manager http://support2.microsoft.com/kb/3002291

For a full history and overview of what was included in which CU have a look at the original post. Remember that these updates are cumulative so installing CU4 is sufficient as it includes everything from previous releases.

So our recommendation remains: apply the latest available Cumulative Update to your Configuration Manager environment as soon as possible!

Until next time!

Tim

Microsoft Intune: February update introduces more new features

February 6, 2015 Leave a comment

MicrosoftIntune_LogoThe February update for Microsoft Intune just got announced on the Microsoft Intune blog. It will be released between February 6th (today!) and February 11th. You can check the status page for more specific timeframes here.

This update will include the following new features for Intune standalone:

  • Management of Office mobile apps (Word, Excel, and PowerPoint) for Android devices, including ability to restrict actions such as copy, cut, and paste outside of the managed app ecosystem.
  • Management of the OneNote app for iOS devices.
  • Ability to browse and install apps on Windows Phone 8.1 devices using Intune Company Portal website.
  • Deployment of WiFi profiles for Windows devices using XML import and Windows Phone devices using OMA-URI.
  • Support for Cisco AnyConnect per-app VPN configurations for iOS devices.
  • Ability to require encryption on Windows 8.1 (x86) devices.
  • Ability to set minimum classification of platform updates to be installed automatically on Windows 8.1 (x86) devices.

As part of the announcement Microsoft is also mentioning a more frequent release cadence: in the future they will be releasing new features to Intune on a monthly basis.

Have a nice weekend!

Tim