End of this week I will be heading to Las Vegas again for the 2015 edition of IT/Dev Connections. The event is taking place from the 14th to the 17th of September at the Aria Resort.
This year I will be delivering 2 sessions again with my regular co-speaker Kenny Buntinx. Both sessions are in the Enterprise Management and Mobility track:
# 1 – Securely Delivering Traditional Windows File Server Home Folders to BYOD Devices.
Discover the most hidden and underestimated Windows Server 2012 R2 feature, called Work Folders. Work Folders lets you leverage your file server investment while simultaneously providing end users with anywhere access to their data, from their work PCs to their personal devices. In this session you’ll learn about challenges for secure implementation and management not only with traditional home folders but also in the BYOD world. Discover how to deploy and manage Work Folders servers and clients, gain an understanding of how Work Folders operates end-to-end and integrates into your existing infrastructure, and learn how Work Folders takes advantage of capabilities such as multi-factor authentication, Workplace Join, and Selective Wipe to ensure that corporate data remains secure wherever it goes.
#2 – Arming Your Mobile Workforce Warriors for the 21st Century
In today’s world, your mobile workforce will most likely have expanded significantly. Managing your ever-expanding legion of mobile warriors and their arsenal of devices can be a challenging task. During this session we’ll show how Configuration Manager and the Intune extensions can help you manage your troops and arm them with the correct tools for battle. Learn how Intune and System Center Configuration Manager make it easy to manage all your Windows, Windows Phone 8, iOS, and Android devices with a single pane of glass. We’ll walk through how to easily configure devices for your users by pushing Wi-Fi, VPN, certificate, and email profiles as soon as they’re enrolled. We’ll cover configuration and management of device settings; provisioning profiles for email, VPN, and Wi-Fi; and other native features that come through the standard Intune extensions.
Next to Kenny and myself there is a third SCUG.be member presenting at IT/Dev Connections: Dieter Wijckmans is going to rock and roll in the Cloud & Datacenter track. Have a look at his sessions here.
Similar to last year the three of us will be using the #meetthebelgians hash tag during the event. Will you help us get this hash tag listed into the Twitter analytics again for this edition? Make sure to do so, and most of all: reach out if you see us hanging around – we are looking forward to meeting you!
Registrations for the event are still open!
Hope to see you there.
As announced previously Microsoft is planning to release updates to Intune on a monthly basis. The service update for March is ongoing as we speak and will include the following new features for Intune standalone:
- Ability to streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP)
- Ability to restrict access to SharePoint Online and OneDrive for Business based upon device enrollment and compliance policies
- Management of OneDrive apps for iOS and Android devices
- Ability to deploy .appx files to Windows Phone 8.1 devices
- Ability to restrict the number of devices a user can enroll in Intune
For hybrid customers (UDM) there is also a new feature:
- The ability to create custom WiFi profiles with pre-shared keys (PSK) for Android devices
Unfortunately still a rather unfair balance for those working with a hybrid setup, although in the original announcement Microsoft is indicating that delivering new features for those hybrid customer remains a top priority as well.
More details on the Microsoft Intune blog.
Until next time.
The February update for Microsoft Intune just got announced on the Microsoft Intune blog. It will be released between February 6th (today!) and February 11th. You can check the status page for more specific timeframes here.
This update will include the following new features for Intune standalone:
- Management of Office mobile apps (Word, Excel, and PowerPoint) for Android devices, including ability to restrict actions such as copy, cut, and paste outside of the managed app ecosystem.
- Management of the OneNote app for iOS devices.
- Ability to browse and install apps on Windows Phone 8.1 devices using Intune Company Portal website.
- Deployment of WiFi profiles for Windows devices using XML import and Windows Phone devices using OMA-URI.
- Support for Cisco AnyConnect per-app VPN configurations for iOS devices.
- Ability to require encryption on Windows 8.1 (x86) devices.
- Ability to set minimum classification of platform updates to be installed automatically on Windows 8.1 (x86) devices.
As part of the announcement Microsoft is also mentioning a more frequent release cadence: in the future they will be releasing new features to Intune on a monthly basis.
Have a nice weekend!
On Monday Brad Anderson has announced that a new set of updates was coming to Microsoft Intune this week. Brad described this release as the most significant set of updates in the history of the product.
This is the summary of the new capabilities that Brad provided in his blog post:
- Mobile Application Management: introducing containers to separate corporate data and application from personal data and applications.
- Conditional Access to Exchange Online: allowing to restrict access to Exchange online only to devices that are enrolled for management and are meeting the compliance policies defined by the IT administrators.
- Deep Management of the Office Mobile Apps on iOS and Android and restricting copy/paste possibilities and save locations.
- Managed Browser and Managed PDF View, AV Player and Image Viewer apps. Full details on this capability and some scenarios are outlined in this earlier blog post by Brad.
- Bulk enrollment of iOS devices using Apple Configurator: through integration with Apple Configurator bulk enrollment of devices is now supported. This also enables the use of configuration files that can be imported into Intune to set custom iOS policies
This service update is being rolled out at this very moment; between December 9th and December 12th. To see when tenants will be updated customers can have a look at the Intune Service Dashboard.
As this is currently only applicable to Intune Standalone the next logical question would be if / when we will see these features for UDM implementations (integrating Configuration Manager with Intune). That question remains unanswered for now but based on this post on the Microsoft Intune blog we can assume these will be made available shortly.
To be able to demonstrate Unified Device Management scenarios we recently added some new mobile devices to our demo environment. Amongst these devices are also iPads and iPhones which we had to enroll. The integration between Windows Intune and System Center 2012 R2 Configuration Manager was done earlier on.
Over-the-air enrollment of iOS devices is a rather straightforward process. In this blog post we will outline the step by step procedure to enroll an iPhone.
Time to fire up our iPhone 3GS and get started:
First you need the get the Windows Intune Company Portal app from the App Store. Be aware that this app can only be installed on devices that are running iOS 6 or a later version.
As soon as the Company Portal app is opened you will have to provide your user credentials and tap Sign In. We have ADFS implemented in our demo environment so we provide our AD credentials.
So far so good – but at this point our device is not enrolled yet. The notification icon in the top right corner, and the blue ‘i’ icon on the device name indicate there are still further actions to be taken. Tap the icon at the top or the device name at the bottom.
Tap Add this device.
Tap Add in the top right corner.
The device is being enrolled. This may take a minute.
Tap the install button to install the management profile.
A notification is displayed. Confirm by tapping Install Now.
Tap Install in the top right corner.
Profile installed successfully. Tap Done in the top right corner.
And that is all there is to it!
The device then also becomes visible in the ConfigMgr console. Our ConfigMgr administrators are now able to manage this device.
If you encounter any problems during the enrollment process you can shake the iOS device to get a diagnostics screen. Make sure the Company Portal app is running when you start shaking.
A diagnostics dialog box is shown where you can open up the log file for further analysis or email it.
Removing the profile
The management profile can be removed afterwards as well. This is the out-of-the-box behavior. We can block the user from doing this but that is a subject for a future blog post.
To remove the management profile go to Settings > General > Profile – Management Profile.
I hope you found this information helpful.
Until next time!
In a few weeks I will be heading to Las Vegas for IT/Dev Connections. This conference is taking place at the Aria Resort from September 15th to the 19th.
With MMS being discontinued, this is an event I have been really looking forward to for the past few months. Next to being a first time attendee I am also honored to be able to deliver 2 sessions in the Windows track.
The Windows track has a great line-up of speakers and sessions, and the keynote for this track will be presented by Brad Anderson, Corporate VP at Microsoft (blog).
These are the session titles and abstracts of the sessions that I will be delivering:
Session 1 : System Center 2012 R2 Configuration Manager and Intune: Setup and deployment Notes from the field, with a focus on Single Sign on.
This session dives into what you’ll do at the server level to drive System Center 2012 R2 Configuration Manager and Windows Intune integration for mobile device management.
The session includes real-life experience from the field to set up a subscription, connectors, certificates, Active Directory Federation Services (AD FS 2.0/2.1/3.0), DirSync, and workplace join scenarios among all possible server configurations that enable mobile device management.
Learn best practices for setting up AD FS from the field for user authentication and Single Sign-On; prepare for the challenges if you invested in previous AD FS 2.0/2.1 and want to take advantage of AD …
Session 2 : Managing your hybrid Mobile cloud workforce demystified with System Center Configuration Manager 2012 R2.
Do you need to manage Windows 8.1/RT, including non-Microsoft mobile devices, with Microsoft’s UDM solution (Configuration Manager 2012 R2 plus Intune)? Do you need to provide functionality for deploying the new Intune extensions (such as email profiles), managing your MDM settings, configuring VPN and wireless profiles, and deploying certificates?
Compliance settings, company resource access, and Intune extensions delivered in Configuration Manager are mostly unexplored territory for the Configuration Manager administrator. In this session we’ll use numerous demos to demystify these features. …
Note that Kenny and myself will not be the only Belgians presenting at the conference. Also in the Windows track there will be 2 sessions from our fellow SCUG member Dieter Wijckmans and a session from Michael Van Horenbeeck. Together we will show some serious Belgian Community Power!
Interested? Registrations for the event are still open. Click here for details.
Hope to see you there!
I guess in the meantime most of my blog readers know the concept of my Week in Review blog posts. This is my list of stuff to catch up on for the past week:
- Kaido blogs about Working with Security Scopes in Configuration Manager with PowerShell and recent changes under the hood in Configuration Manager 2012 R2 CU1.
- Rod Trent looks further into what exactly EMM is. Do you share his opinion that this is mainly an evolution in name only?
- Garth Jones has published a step-by-step guide on how to deploy CMTrace using the Application Model.
- Released: KB2962927 – You cannot distribute a driver package to a package share on a pull-distribution point.
Until next time!