Archive

Posts Tagged ‘Intune’

IT/Dev Connections 2015 Speaker

September 8, 2015 Leave a comment

End of this week I will be heading to Las Vegas again for the 2015 edition of IT/Dev Connections. The event is taking place from the 14th to the 17th of September at the Aria Resort.

This year I will be delivering 2 sessions again with my regular co-speaker Kenny Buntinx. Both sessions are in the Enterprise Management and Mobility track:

# 1 – Securely Delivering Traditional Windows File Server Home Folders to BYOD Devices.

Discover the most hidden and underestimated Windows Server 2012 R2 feature, called Work Folders. Work Folders lets you leverage your file server investment while simultaneously providing end users with anywhere access to their data, from their work PCs to their personal devices. In this session you’ll learn about challenges for secure implementation and management not only with traditional home folders but also in the BYOD world. Discover how to deploy and manage Work Folders servers and clients, gain an understanding of how Work Folders operates end-to-end and integrates into your existing infrastructure, and learn how Work Folders takes advantage of capabilities such as multi-factor authentication, Workplace Join, and Selective Wipe to ensure that corporate data remains secure wherever it goes.

(link)

#2 – Arming Your Mobile Workforce Warriors for the 21st Century

In today’s world, your mobile workforce will most likely have expanded significantly. Managing your ever-expanding legion of mobile warriors and their arsenal of devices can be a challenging task. During this session we’ll show how Configuration Manager and the Intune extensions can help you manage your troops and arm them with the correct tools for battle. Learn how Intune and System Center Configuration Manager make it easy to manage all your Windows, Windows Phone 8, iOS, and Android devices with a single pane of glass. We’ll walk through how to easily configure devices for your users by pushing Wi-Fi, VPN, certificate, and email profiles as soon as they’re enrolled. We’ll cover configuration and management of device settings; provisioning profiles for email, VPN, and Wi-Fi; and other native features that come through the standard Intune extensions.

(link)

DevCon-Teaser1.Next to Kenny and myself there is a third SCUG.be member presenting at IT/Dev Connections: Dieter Wijckmans is going to rock and roll in the Cloud & Datacenter track. Have a look at his sessions here.

Similar to last year the three of us will be using the #meetthebelgians hash tag during the event. Will you help us get this hash tag listed into the Twitter analytics again for this edition? Make sure to do so, and most of all: reach out if you see us hanging around – we are looking forward to meeting you!

Registrations for the event are still open!

Hope to see you there.

Tim

Advertisements

Microsoft Intune: April Update brings more features

April 20, 2015 Leave a comment

Microsoft-IntuneMicrosoft is updating its Intune service this week and will be introducing an additional set of new features.

A quick overview of the new cloud only –or standalone- features that are part of this release:

  • Management of Office mobile apps (Word, Excel, and PowerPoint) for Android tablets.
  • Ability to restrict access to Exchange on-premises for Exchange ActiveSync clients on Android devices.
  • Ability to create WiFi profiles with pre-shared keys (PSK) for Android devices.
  • Ability to resolve certificate chains on Android devices without the need to deploy each intermediate certificate individually.
  • Deployment of .appx bundles to Windows Phone 8.1 devices.
  • Managed Browser app for iOS devices that controls actions that users can perform, including allow/deny access to specific websites.
  • Management of Work Folders app for iOS devices.
  • Updated Endpoint Protection agent for managing Windows PCs.
  • Ability to manage Windows Defender on Windows 10 PCs running Windows 10 Technical Preview without need for separate Microsoft Intune Endpoint Protection agent to be installed.
  • Combined Microsoft Intune Company Portal websites for PCs and mobile devices to provide a more consistent user experience across platforms.
  • Added Windows and Windows Phone Company Portal apps to the Microsoft Download Center to provide an additional option for accessing these app downloads.
  • Enhanced user interface for overview pages within Intune admin console.

Details on when the updates are taking place per service instance can be found here.

Until next time.

Tim

Categories: Microsoft Intune Tags:

UDM: Conditional Access – Saving of Access Rules to Exchange has failed (error: A2CE0100)

March 29, 2015 Leave a comment

A few days ago we have been working on extending our hybrid demo environment. We made some changes required to demonstrate conditional access with Exchange online. Details on how we set things up will follow shortly in another post.

Once the basics were in place we implemented a policy that would block a user to access their mailbox when using an unmanaged device.

The policy was properly deployed to a collection which included my demo user, however I noticed my demo user could still sync his mail on an iPhone 5 which was not enrolled. Even after an hour or two this condition remained unchanged so something was wrong.

Initial investigation did not show anything out of the ordinary in the Configuration Manager console. However in the Intune console I noticed an entry in the Alerts node:

Saving of Access Rules to Exchange has failed


Microsoft Intune was unable to set the requested mobile device access rules or related settings in Exchange due to the following error: A2CE0100

 

image

Unfortunately the “View Troubleshooting Information” link is broken. So is the one on the top right in the console and the right-click one. As such it was hard to find any further details on this specific error.

I made a few attempts to get things working, including the following:
– Modifying the compliance policy (increasing the revision number)
– Removing and adding the user from and to the target collection
– Removing and recreating the deployment of the compliance policy

I can confirm none of the above resolves the issue. The policy still did not get applied.

In the end to get things working again what I had to do was to delete the compliance policy,  recreate it from scratch, and deploy it again.

image

When synching mail on the iPhone 5 a few minutes later, the policy kicked in.

image

Although the problem was solved and we now have a working demo scenario; in the end I have no idea what went wrong initially and how I could have been troubleshooting this in a more optimized way. Whatever it was it does not seem to resolve itself. Also the repeat count of the alert not increasing indicates the system itself does not do any retries.

I definitely see a few areas for improvement here:

  • Fixing the link to the troubleshooting information so the admin can troubleshoot properly and in a most optimized way.
  • Exposing Intune alerts to the Configuration Manager Console so the admin does not have to look in multiple locations.
  • Having the system retry the action “Saving of Access Rules” at least a few times. In case the alert repeat counter increases the admin can further look into a blocking issue. Otherwise there may have just been a glitch and the issue would have resolved itself.

If you are ever facing the same issue, I hope this article will save you some troubleshooting time!

Tim

Microsoft Intune: March updates quick overview

March 6, 2015 Leave a comment

As announced previously Microsoft is planning to release updates to Intune on a monthly basis. The service update for March is ongoing as we speak and will include the following new features for Intune standalone:

  • Ability to streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP)
  • Ability to restrict access to SharePoint Online and OneDrive for Business based upon device enrollment and compliance policies
  • Management of OneDrive apps for iOS and Android devices
  • Ability to deploy .appx files to Windows Phone 8.1 devices
  • Ability to restrict the number of devices a user can enroll in Intune

For hybrid customers (UDM) there is also a new feature:

  • The ability to create custom WiFi profiles with pre-shared keys (PSK) for Android devices

Unfortunately still a rather unfair balance for those working with a hybrid setup, although in the original announcement Microsoft is indicating that delivering new features for those hybrid customer remains a top priority as well.

More details on the Microsoft Intune blog.

Until next time.

Tim

UDM with ConfigMgr and Intune – why CU’s Matter

February 27, 2015 Leave a comment

When delivering sessions on Unified Device Management (UDM) with Configuration Manager and Intune we have always stressed the fact that running on the latest CU level is really important. If you attended our most recent session in Zurich you may recall the following slide header:

image

 

A post that was published on the Configuration Manager Team Blog yesterday now gives a perfect overview on why those CU’s matter: as of CU2 there were a lot of fixes and improvements included related specifically to Mobile Device Management.

First there was CU2 which included fixes and improvements related to policies. CU3 included Simple Certificate Enrollment Protocol (SCEP) related fixes and the latest CU4 added the following:

  • Attempts to enroll a device in a user collection containing security groups will fail with an access denied error.
  • Inventory data collected from mobile devices and the Windows Intune connector may be for the wrong device if two devices synchronize simultaneously.
  • Hotfix extends client notification in System Center 2012 R2 Configuration Manager to MDM devices http://support2.microsoft.com/kb/2990658
  • Mobile Device Management settings are not applied to cloud-managed users in System Center 2012 R2 Configuration Manager http://support2.microsoft.com/kb/3002291

For a full history and overview of what was included in which CU have a look at the original post. Remember that these updates are cumulative so installing CU4 is sufficient as it includes everything from previous releases.

So our recommendation remains: apply the latest available Cumulative Update to your Configuration Manager environment as soon as possible!

Until next time!

Tim

Microsoft Intune: February update introduces more new features

February 6, 2015 Leave a comment

MicrosoftIntune_LogoThe February update for Microsoft Intune just got announced on the Microsoft Intune blog. It will be released between February 6th (today!) and February 11th. You can check the status page for more specific timeframes here.

This update will include the following new features for Intune standalone:

  • Management of Office mobile apps (Word, Excel, and PowerPoint) for Android devices, including ability to restrict actions such as copy, cut, and paste outside of the managed app ecosystem.
  • Management of the OneNote app for iOS devices.
  • Ability to browse and install apps on Windows Phone 8.1 devices using Intune Company Portal website.
  • Deployment of WiFi profiles for Windows devices using XML import and Windows Phone devices using OMA-URI.
  • Support for Cisco AnyConnect per-app VPN configurations for iOS devices.
  • Ability to require encryption on Windows 8.1 (x86) devices.
  • Ability to set minimum classification of platform updates to be installed automatically on Windows 8.1 (x86) devices.

As part of the announcement Microsoft is also mentioning a more frequent release cadence: in the future they will be releasing new features to Intune on a monthly basis.

Have a nice weekend!

Tim

CMCE R2 Community Event Speaker

January 13, 2015 Leave a comment

CMCE-logo_klein2End of last year I received an invitation to talk at a community event in Zurich. This will be my first speaking engagement in 2015 and hopefully one of many.

On February 9th Kenny Buntinx and myself will be delivering two sessions entitled “Armoring your mobile workforce for the 21st century”. Focus for both sessions will be on Unified Device Management with Configuration Manager and Microsoft Intune. The first session will be a general overview and during the second session we will deep-dive further into the technical details and demonstrate some more advanced scenarios.

During this one day event we are joined by other top quality speakers who will be delivering multiple sessions on a wide range of topics.

More information and registration details can be found here.

Something to look forward to. Make sure to join us if you are around!

Tim