The process of enrolling your Windows 10 computers in Intune should be as simple as possible for your users. If you’re using Azure Active Directory in your organization, the enrollment process can be made automatically when a user joins it’s device to AAD. It couldn’t be simpler. The process is the same rather for Intune Standalone or Hybrid mode (integrated with SCCM) Windows 10 Intune Automatic Enrollment Prerequisites CNAME DNS Entry created on your domain for automatic name resolution A valid Intune Tenant (Standalone or SCCM Integrated) Azure Active Directory Premium enabled For this post, we’ll be using a Windows 10 1703 device but the process is the same for Windows 10 1607 and slightly different for older versions but is supported. CNAME DNS Follow our Intune Preparation post for the steps to create CNAME entry. The Azure portal let you test your configuration Open the Azure Portal Go to Intune / Device Enrollment / Windows … Read More
How to Change SCCM MDM Authority to Intune Standalone
With the release of SCCM 1710, one of the key new features is the Co-Management possibility with Intune. Going in the direction of the Co-Management would eventually allow to offload some management task to Intune and be more aligned with the concept of Modern Management for Windows 10. One of the main requirement to enable Co-Management is to have Intune as the MDM Authority. This goes against what many SCCM admins have done over the past few years, by enabling the Intune Connector in SCCM to manage mobile devices from the SCCM console. This is called Intune in Hybrid mode. Microsoft has come up with a solution to bring back Intune as the MDM authority, which is the Standalone mode. All this without impacting the end-user with his enrolled devices. In this post, we will detail how to move Intune from Hybrid mode to Standalone. Prerequisites to Change SCCM MDM … Read More
How to enable Android for Work in SCCM and Intune
Starting with SCCM 1702, mobile device management with SCCM and Microsoft Intune (Hybrid) now supports Android for Work device enrollment and management. You can manage compliance settings, wipe or delete Android devices, deploy apps, and collect software and hardware inventory. Users can download the Android company portal app from Google Play that lets them enroll Android for Work devices. Enable SCCM Android for Work The first step is to create a Google account and configure your Intune subscription to accept Android for Work devices. Refer to our previous blog post, if you don’t already have an active Intune subscription. Create a Google account that will be used as your Android for Work admin account. This account will be shared by the administrators in your team who manage Android devices. It will also be used to manage and publish and approve apps in the Play for Work console Once the account created, open … Read More
Send Sync Request to Intune Mobile Devices from SCCM 1610 Console
This month, SCCM 1610 was released with a bunch of new features, including exiting Intune features. One of these Intune feature is to send sync request directly from the SCCM console. It’s a new remote actions that Intune administrators will use daily. For example, you can send sync request to a mobile device that is having deployment or client health issue. In fact, each mobile devices managed by Intune need to communicate with Intune to get the latest policy and compliance state. Normally, the Intune client synchronizes every 6 hours for iOS and 8 hours for Android. Additionally, there’s a scan every 15 minutes in the first 6 hours of enrollment. The mobile device can be synchronized as well from the Company Portal application. Take note that Send Sync Request is unavailable for the moment in Intune standalone. Maybe one day! SCCM 1610 Send Sync Request Open the SCCM Console, navigate to … Read More
How to configure SCCM Device Categories
Beginning with SCCM 1606, you can create device categories to automatically add devices into device collections when you are using SCCM and Intune in a hybrid scenario. (In a standalone scenario, this feature is named Device group mapping). At enrollment time, the mobile users are required to choose a device category. Once a device category is selected, the device is added to the corresponding collection based on a new collection membership : Device Category Rule. Device categories can also be set manually on a single device using the SCCM Console. Here’s everything you need to know in order to manage this new features : Create SCCM Device Categories Open the SCCM Console Go to Assets and Compliance / Device Collections On the top ribbon, click Manage Device Categories In the Manage Device Categories dialog box, you can create, edit, or remove categories. For our post, we will be creating a Test category Create Device Category Rule When you associate a collection with … Read More
How to use Windows 10 Deep Link Enrollment
Starting with Windows 10, version 1607, you can create a deep link to launch the Windows 10 enrollment app using an URI link. This allows to send a user-friendly display text to your user to simplify their device enrollment. You can use this link in an email sent to your users or add this link to an internal web page that users refer for enrollment. The URI link must use the following format : ms-device-enrollment:?mode=mdm At the time of this writing, the only supported mode value is mdm. [su_box title=”Note” style=”glass” box_color=”#000000″ title_color=”#F0F0F0″]Starting with Windows 10, v1607 deep linking is only supported for connecting devices to MDM. It will not support adding a work or school account, joining a device to Azure AD, and joining a device to Active Directory.[/su_box] User Experience using Windows 10 Deep Link Enrollment When clicking the link, Windows 10 will launch the enrollment app in … Read More
How to install a Certificate Registration Point in SCCM 2012
In this part of SCCM 2012 and SCCM 1511 blog series, we will describe how to install SCCM 2012 R2 or SCCM 1511 Certificate Registration Point (CRP). Role Description Using SCCM and Intune, the CRP communicates with a server that runs the Network Device Enrollment Service (NDES) to provision device certificate requests. This is not a mandatory Site System but we recommend to install a CRP if you need to provision client certificates to your devices (like VPN or WIFI). Prerequisites Before the CRP can be installed, dependencies outside SCCM is required. I won’t cover the prerequisite configuration in details as they are well documented on this Technet article and it goes beyond SCCM. Here’s an overview of what needs to be done : Install the NDES role on a Windows 2012 R2 Server Modify the security permissions for the certificate templates that the NDES is using Deploy a PKI certificate that supports client authentication Locate … Read More
How to install SCCM 2012 R2 Windows Intune Connector
Download and own part 1 to 18 of the SCCM 2012 R2 Installation Guide in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be. [purchase_link id=”3614″ style=”button” color=”Gray” text=”Guide | SCCM 2012 R2 Installation Guide | Part 1-18″ direct=”true”] In part 1 of this blog series, we planned our hierarchy, prepared our Server and Active Directory. In part 2, we installed and configured SQL in order to install SCCM. In part 3, we installed a stand-alone Primary site. In the next 16 parts, we will describe how to install the numerous Site Systems roles available in SCCM. Role installation order is not important, you can install roles independently of others. This part will describe how to install SCCM 2012 R2 Windows Intune Connector (WIC) role. Role Description The WIC is used to sends settings and software deployment information to Micosoft Intune and retrieves … Read More
How to enroll an iOS device in SCCM
Download and own all parts of the blog series in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be. [purchase_link id=”3885″ style=”button” color=”gray” text=”Add to Cart | Mobile Device Management guide” price=”yes”] In Part 1 of this series, we prepared the Intune environment for mobile device management. We also make sure we got the Intune subscription account. In Part 2, we configured Active Directory and create users in Intune. In Part 3, we prepared our Configuration Manager server in order to link it to Intune using the SCCM connector. In Part 4, we will begin device enrollment starting with Apple iOS devices. Here’s the main steps to enroll an iOS device : You need an Apple certificate to establish communication between Apple and Intune SCCM must be enabled for iOS enrollment Your iOS devices need to download … Read More
Configuring SCCM 2012 Intune Integration
Download and own all parts of the blog series in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be. [purchase_link id=”3885″ style=”button” color=”gray” text=”Add to Cart | Mobile Device Management guide” price=”yes”] In Part 1 of this series, we prepared the Intune environment for mobile device management. We also make sure we got the Intune subscription account. In Part 2, we configured Active Directory and create users in Intune. In Part 3, we will prepare our Configuration Manager server in order to link it to Intune using the SCCM connector. This will allow Configuration Manager and Intune to sync data. There’s 3 main steps to do so : Create Configuration Manager Collection Create the Windows Intune subscription in the console Add the Windows Intune Connector Site System Role Create SCCM Collection We need to create a new collection that contains users that will be … Read More