Import Windows Devices for AutoPilot in Microsoft Endpoint Manager

Benoit LecoursIntune13 Comments

Windows Autopilot is a solution designed that allows you to set up and pre-configure Windows devices for your environment using Azure and Endpoint Manager. The goal of Autopilot is to reduce the OS deployment complexity. If done correctly, a user logs to an out-of-box computer, logs on his computer with his ADD user account, and applications and configurations get deployed. All that with minimum infrastructure requirements. If you are new to Autopilot, we have a post that describes every step you need to do to get started. Autopilot has its flaws but it’s improving very fast. One of those flaws was that device importation was made from the Windows Store for Business or the Microsoft Partner Center. Those days are over since you can now import your device directly from Endpoint Manager. Endpoint Manager Autopilot device import Launch Endpoint Manager Select Device / Enroll Devices / Windows enrollment In the Windows Autopilot … Read More

Windows 10 Intune and Autopilot Customization

Jonathan LefebvreIntune7 Comments

windows 10 intune autopilot customization

With the latest updates Microsoft released to Intune and Autopilot, it is becoming more realistic to leave the task sequence behind in favour of using Autopilot with Intune to deliver the computer standards required by an enterprise. While it will not be possible for all scenarios, a standard PC used for administrative tasks can be delivered with many, if not all, of the required windows 10 intune autopilot customization. While many of our previous Windows 10 Customization tricks are still gonna be useful, the delivery will be different from simply running various scripts from a Task Sequence. In this post, we will go over multiple Windows 10 customization all done with Intune in order to leverage Windows Autopilot. The ultimate goal is to be able to replicate a standard deployment made with a Task sequence from SCCM or MDT This post is part of a series on Windows Autopilot that … Read More

Getting Started with Microsoft Autopilot and Windows 10| Step-by-Step Guide

Jonathan LefebvreIntune11 Comments

Since the announcement of Windows Autopilot there has been a lot of interest and questions about how it actually works, will it blend easily in our environment, etc. While at the beginning there was some major drawback compared to what a Task sequence’s configured computer can deliver, with the latest updates to the service, it is now a good time to start your journey with it. In this post, we will detail all the requirements and how to set up an environment for Microsoft AutoPilot and Windows 10 devices. This post is part of a series on Windows Autopilot that will be published in the following weeks. In the next posts, we will cover the following subjects : Getting started with Windows Autopilot | Step-by-step guide How to deploy Win32 Applications in Microsoft Intune How to customize Windows 10 with Microsoft Intune and Autopilot How to join Autopilot devices to … Read More

Block Apple Facetime Built-in App with Microsoft Intune

Nicolas PilonApp Protection Policies, Intune, SCCMLeave a Comment

Block Apple Facetime Intune

A new bug was discovered with Apple’s Facetime app that gives the caller the ability to listen to the other device and even watch the video without approving the call. This vulnerability is not giving access to corporate data or personal information, but have more consequences on personal level. Even though Apple temporarily kill the switch of the service and seems to have solved the problem via a future software update, there are some actions that can be made if you want to avoid trouble. You can manually turn off the Facetime app with iOS and MacOS. But, can we block this kind of app in an enterprise environment? Yes, you can block the facetime app on all devices by deploying a device configuration with Microsoft Intune. This post will show you how to block Apple facetime built-in app with Microsoft Intune. Device Configuration Note that you can deploy this … Read More

Migrate Users from iOS Mail Native to Microsoft Outlook with Intune

Nicolas PilonApp Protection Policies, Conditional Access, EMS, Intune6 Comments

Nowadays, the smartphone takes up a lot of room in our personal and professional lives. Being able to receive your work emails directly on a mobile device is becoming popular. Based on latest numbers provided by Brad Anderson from Microsoft, companies are more willing to use mobile device management solution like Microsoft Intune and let users access company data from outside the corporate network. Some companies shared beautiful stories of using Microsoft’s EMS solution, like Pepsi Cola and much more. Companies gain a lot of benefits in letting their employees access corporate data from everywhere, especially emails. There are several mail applications available in the App Store or Google Play Store for Android, but iOS native mail app and Outlook app are by far the most popular for iOS platform. Which one do you prefer? Some users will gain more productivity with iOS native mail app while some users will choose Outlook app for preference … Read More

Updating your Mobile Devices against Meltdown and Spectre with Intune

Nicolas PilonEMS, IntuneLeave a Comment

Everyone has heard of Meltdown, and Spectre vulnerabilities in modern computers leak passwords and sensitive data. In case you don’t, the most important thing to remember is to update all devices that mainly have an Intel processor, including mobile devices. If you are using Microsoft Intune to manage mobile devices in your organization, you can configure compliant rules to force the users to update their operating system version. For those who want to keep their old OS version, will lose their access to Office 365 at one point. It’s essential that employees know the importance of updating their devices more often, without being enforced. On the other hand, updating OS means some types of the device won’t be supported anymore. In case your company accepts BYOD, some users will require purchasing a new mobile device. In the end, securing your endpoints is more important. In this post, we will use the … Read More

How to Deploy an iOS Application with Intune and SCCM

Benoit LecoursIntune, SCCM11 Comments

Updated 2018-03-19 One of Microsoft Intune feature is to deploy useful mobile applications that your users need to get their job done. We can think of the Office suite such as Word, Excel, Powerpoint and One Note. This blog post will show how to deploy Microsoft Word on managed iOS devices with Microsoft Intune and SCCM. This is the 9th post of the Mobile Device Management with Intune and SCCM 2012 blog series. Microsoft Word for iOS devices requires Mobile Application Management (MAM) policies in Microsoft Intune. Since it’s a pre-requisites for Microsoft Word, we will configure a MAM policy in this post at step 2. MAM policies give the ability to protect company data without affecting personal data. You can also apply restrictions like Save As, Clipboard and many more. You can read more about MAM on Technet. Step 1 | Create the Application in SCCM Creating a mobile … Read More

No Enrollment Policy during Intune Client Installation

Nicolas PilonClient, Intune, SCCM1 Comment

  When a company wants to manage an iOS mobile device, an Apple Push Notification Service (APN) certificate is installed on the iOS devices. This certificate installation makes sure that the connectivity between the devices, Apple, and your MDM solution is trusted. Intune makes no exception to this process. It’s the main reason why, from Intune or SCCM console, you have the possibility to send remote actions directly on iOS devices. After the certificate is configured in Intune, users can install the Company Portal app to enroll their devices (Android, iOS, Windows). When you open the Company Portal for the first time, the user must enter his tenant credentials to identify himself. Once the authentication succeeds, the Company portal will prompt the user to install an MDM profile including the APN certificate. If the configuration of your Apple APN certificate is missing or expires, the No Enrollment Policy error message appears. Do not panic. … Read More

How to Strengthen Security for Intune with RBAC in SCCM

Nicolas PilonApplication, Console, Intune, SCCMLeave a Comment

  The majority of companies use SCCM to manage laptops, computers, servers and some for mobile devices, if they use Microsoft Intune in hybrid mode. In some situations, Intune and SCCM management is done by 2 different teams. Except for the Full Administrator role in SCCM, it’s possible to separate Intune with Configuration Manager infrastructure in the console by using security roles and security groups (RBAC). The goal is to ensure that an Intune administrator does not access Configuration Manager client devices and objects, as you don’t want to end up with people who may wipes or manages mobile devices when they are supposed to be only Configuration Manager admins. This post will explain how to strengthen security and separate Intune with Configuration Manager infrastructure in SCCM console. Create Devices Collection for Intune Client The first thing to do is create a device collection that targets Intune clients. There’s two ways to create … Read More

Intune Client | Error User License Type Invalid

Nicolas PilonClient, Intune, SCCM6 Comments

  The starting point of all mobile management project is enrolling devices. Without enrollment, you can’t manage any devices. When running in hybrid mode, the enrollment process is different than running Microsoft Intune in standalone mode. The SCCM Service Connection Point role keeps connectivity between both end (SCCM on-premise and the Cloud). Both environments must be synchronized, otherwise, you have chance of getting Intune error User License Type Invalid during Intune enrollment on your mobile devices. This post will explains how to resolve this issue. Intune Error User License Type Invalid This is the error message shown just before the enrollment process when you click Enroll : If you take a look, at the Company Portal log from the mobile device, you will see : <ErrorType>UserLicense</ErrorType><Message>Invalid User License</Message> ** How to see Company Portal log? Please read this Technet post **  Cloud User Sync During the configuration of the Intune subscription in your SCCM, you need to create and configure a … Read More