Top 5 No-Brainers Security Features in Microsoft Intune

Nicolas PilonApp Protection Policies, Azure, Cloud, Conditional Access, EMS, Intune2 Comments

By 2019, when you plan to deploy modern device management solutions in your company, the security must be a priority. The cloud is accessible from anywhere on the planet and mobility allows users to connect from anywhere. Also, our society is changing and our lifestyle habits as well. Users that have access to corporate data without being forced to connect to the corporate network, is much more convenient. Before you start registering devices in Microsoft Intune, it’s important to set up the Intune portal safely. Moreover, the different operating system platforms, and the types of devices that connect to your network or cloud applications is important as well. Microsoft Intune is a leader in MDM solution and it contains strong security capabilities that you can’t miss like role-based administrative control (RBAC), enrollment restrictions, compliance policy and a couple more. On several occasions, we have noticed that companies do not use … Read More

Block Apple Facetime Built-in App with Microsoft Intune

Nicolas PilonApp Protection Policies, Intune, SCCMLeave a Comment

Block Apple Facetime Intune

A new bug was discovered with Apple’s Facetime app that gives the caller the ability to listen to the other device and even watch the video without approving the call. This vulnerability is not giving access to corporate data or personal information, but have more consequences on personal level. Even though Apple temporarily kill the switch of the service and seems to have solved the problem via a future software update, there are some actions that can be made if you want to avoid trouble. You can manually turn off the Facetime app with iOS and MacOS. But, can we block this kind of app in an enterprise environment? Yes, you can block the facetime app on all devices by deploying a device configuration with Microsoft Intune. This post will show you how to block Apple facetime built-in app with Microsoft Intune. Device Configuration Note that you can deploy this … Read More

Step-by-Step SCCM 1810 Upgrade Guide

Nicolas PilonSCCM21 Comments

Microsoft has released the final SCCM version for 2018. Microsoft still uses the same standard naming versions. You can begin upgrading your SCCM Current Branch environment to the latest 1810 release. If you want to install the latest updates, this post is a complete step-by-step SCCM 1810 upgrade guide. If you’re looking for a comprehensive SCCM installation guide, see our blog series which covers it all. You won’t be able to install 1810 if you are running SCCM 2012, the baseline version is 1802. To install SCCM 1810 as an update, you must have installed at least SCCM 1710, SCCM 1802 or SCCM 1806. Keeping your infrastructure up to date is essential. You will benefit from the new features and fixes, which some of them can apply to your environment. It’s easier than ever to upgrade since Microsoft has implemented the new servicing model which is done directly from the console. SCCM 1810 New … Read More

Step-by-Step SCCM 1806 Upgrade Guide

Nicolas PilonSCCM28 Comments

It is now time to plan the migration of your SCCM Current Branch environment since Microsoft releases a new version of SCCM Current Branch. If you want to receive the latest updates, this post is a complete step-by-step SCCM 1806 upgrade guide. If you’re looking for a comprehensive SCCM installation guide, see our blog series which covers it all. You won’t be able to install 1806 if you are running SCCM 2012, the baseline version is 1802. To install SCCM 1806 as an update, you must have installed at least SCCM 1706, SCCM 1710 or SCCM 1802. Keeping your infrastructure up to date is essential. You can benefit from the new features and fixes issues, which some of them can be related to your SCCM. It’s also easier to upgrade to the latest version since Microsoft has implemented the new model of update servicing which is the in-console upgrade. SCCM 1806 New … Read More

Migrate Users from iOS Mail Native to Microsoft Outlook with Intune

Nicolas PilonApp Protection Policies, Conditional Access, EMS, Intune6 Comments

Nowadays, the smartphone takes up a lot of room in our personal and professional lives. Being able to receive your work emails directly on a mobile device is becoming popular. Based on latest numbers provided by Brad Anderson from Microsoft, companies are more willing to use mobile device management solution like Microsoft Intune and let users access company data from outside the corporate network. Some companies shared beautiful stories of using Microsoft’s EMS solution, like Pepsi Cola and much more. Companies gain a lot of benefits in letting their employees access corporate data from everywhere, especially emails. There are several mail applications available in the App Store or Google Play Store for Android, but iOS native mail app and Outlook app are by far the most popular for iOS platform. Which one do you prefer? Some users will gain more productivity with iOS native mail app while some users will choose Outlook app for preference … Read More

Updating your Mobile Devices against Meltdown and Spectre with Intune

Nicolas PilonEMS, IntuneLeave a Comment

Everyone has heard of Meltdown, and Spectre vulnerabilities in modern computers leak passwords and sensitive data. In case you don’t, the most important thing to remember is to update all devices that mainly have an Intel processor, including mobile devices. If you are using Microsoft Intune to manage mobile devices in your organization, you can configure compliant rules to force the users to update their operating system version. For those who want to keep their old OS version, will lose their access to Office 365 at one point. It’s essential that employees know the importance of updating their devices more often, without being enforced. On the other hand, updating OS means some types of the device won’t be supported anymore. In case your company accepts BYOD, some users will require purchasing a new mobile device. In the end, securing your endpoints is more important. In this post, we will use the … Read More

Step-by-Step SCCM 1706 Upgrade Guide

Nicolas PilonSCCM42 Comments

Microsoft has released a new version of SCCM Current Branch. It’s now time to upgrade your environment! This post is a complete step-by-step SCCM 1706 upgrade guide. If you’re looking for a complete SCCM installation guide, see our blog series which covers it all. You won’t be able to install this upgrade if you are running SCCM 2012, the minimum required version is at least SCCM 1702. This version is the latest baseline version. It’s very important to keep your infrastructure up to date. You can benefit from the new features and fixes lots of issues, which some of them are important. It’s also easier to upgrade to the new version since Microsoft has implemented the new model of update servicing. SCCM 1706 New Features and Fixes 1706 includes lots of new features and enhancements in the adoption of Windows 10 and Office 365 as well in modern management, mobile device management, … Read More

No Enrollment Policy during Intune Client Installation

Nicolas PilonClient, Intune, SCCM1 Comment

  When a company wants to manage an iOS mobile device, an Apple Push Notification Service (APN) certificate is installed on the iOS devices. This certificate installation makes sure that the connectivity between the devices, Apple, and your MDM solution is trusted. Intune makes no exception to this process. It’s the main reason why, from Intune or SCCM console, you have the possibility to send remote actions directly on iOS devices. After the certificate is configured in Intune, users can install the Company Portal app to enroll their devices (Android, iOS, Windows). When you open the Company Portal for the first time, the user must enter his tenant credentials to identify himself. Once the authentication succeeds, the Company portal will prompt the user to install an MDM profile including the APN certificate. If the configuration of your Apple APN certificate is missing or expires, the No Enrollment Policy error message appears. Do not panic. … Read More

5 Ways to view Hardware Inventory Information of a Device with SCCM

Nicolas PilonConsole, Hardware Inventory, REPORT, SCCM, SQL, SSRS6 Comments

One of the SCCM features is to inventory hardware information from devices that are managed by the SCCM client. It’s not very difficult to enable and configure the hardware inventory client settings in SCCM. Once the devices received next machine policy and hardware inventory scan, data will start to populate in your SCCM database. The information gathered from the devices can be very useful from a system health, inventory or operation perspective. You can use this information to create collections, queries as well as reports. However, one thing not too obvious with the hardware inventory information is to see all the data of a device in a one pager. There’s several ways to do it, some more difficult than others, but we will show you how. SCCM Hardware Inventory – Resource Explorer The first one is the Resource Explorer tool. It’s a tool accessible directly within the console and which don’t require any … Read More

Send Sync Request to Intune Mobile Devices from SCCM 1610 Console

Nicolas PilonConsole, Intune, SCCMLeave a Comment

This month, SCCM 1610 was released with a bunch of new features, including exiting Intune features. One of these Intune feature is to send sync request directly from the SCCM console. It’s a new remote actions that Intune administrators will use daily. For example, you can send sync request to a mobile device that is having deployment or client health issue. In fact, each mobile devices managed by Intune need to communicate with Intune to get the latest policy and compliance state. Normally, the Intune client synchronizes every 6 hours for iOS and 8 hours for Android. Additionally, there’s a scan every 15 minutes in the first 6 hours of enrollment. The mobile device can be synchronized as well from the Company Portal application. Take note that Send Sync Request is unavailable for the moment in Intune standalone. Maybe one day! SCCM 1610 Send Sync Request Open the SCCM Console, navigate to … Read More