The April Intune Update

The Microsoft Intune team is always working on new features and service enhancements. This month they are introducing some new features that allow you to manage apps and devices with a higher level of control:

  • Block contact sync from Outlook app to device (for iOS): New Mobile Application Management (MAM) controls allow you to prevent a user from syncing Outlook contacts to the native address book on iOS devices, and  provide you with the ability to remove contacts that have already been saved to the native address book when you perform a selective wipe of the device.
  • Conditional Access support for Skype for Business Online: New conditional access policies allow you to restrict access to Skype for Business Online to only managed and compliant iOS and Android devices.
  • Manage Windows Defender on Windows 10 PCs: The Windows 10 general configuration policy now includes settings to manage Windows Defender on enrolled Windows 10 PCs.

Source : The Microsoft Intune Blog

Moving MDM from Intune to Office 365 *update*

For years I’ve been a Office 365 user and earlier this year and every few months (of sometimes weeks Knipogende emoticon ) new features arrive in the Office 365 Management Portal. Since a couple of months it’s possible to do some (basic) MDM stuff with Office 365.

Since I’m a big fan of Microsoft Intune I prefer to use Intune to do my Mobile Device Management, but sometimes the MDM capabilities will do. In my demo environment I was using Intune, but if I want to switch my MDM Authority to Office 365 there is (at this moment) no automated way to do this.

 

image

To change the MDM Authority you have to contact Intune Support (thanks to Henk Hoogendoorn for the tip) to let them flip the switch for you. The procedure is quiet easy, just follow the steps on the Intune Support website.

  • First you have to select the correct problem type (Service Administration), after which you can select the category Reset mobile device authority. When you click the Start Request button just follow the wizard to create the change.
    image

 

  • A few moments after you submitted the incident you will receive a confirmation email (check the email address you enter during the process).
    SNAGHTML87f8048

 

  • Next up is an email with some questions you should answer. The support engineer would like you to confirm your tenant ID, asks you to retire all devices and remove some stuff from the Intune Admin Console.
    SNAGHTML881d583

 

  • After I send the confirmation and answering the asked questions a few hours later I received another email stating that the request have been submitted to the engineers. It also warns me not to configure my Intune subscription during the process. Doing this prematurely may cause corruption and/or impact your ability to use Intune.
  • This step can take up to 5 days, but typically occur within 1 business day.

The following was added on August 13th:

  • On August 11th I received a reminder that the Intune Support team is still working on resetting the MDM authority for me….and finally two days later I received a phone call from the Microsoft US telling me that the MDM authority had been reset. A few hours later I also received the confirmation through email….
    SNAGHTML9d1c8fd[4]
  • So when I checked my Office 365 Portal again, I was indeed able to enable Office 365 as may MDM Authority! Yeah!
    image

 

In the end the entire process took about 7 business days.

New features for Windows Phone, iOS and Android coming this week!

Earlier today Microsoft has announced this months Intune features that will be released between May 19 and May 26

 

The following new Intune standalone (cloud only) features are in this release:

  • Ability to extend application protection to your existing line-of-business apps using the Intune App Wrapping Tool for Android (Intune App Wrapping Tool for iOS made available in December 2014)
  • Ability to assign help desk permissions to Intune admins, filtering their view of the Intune admin console to only provide access to perform remote tasks (e.g. passcode reset and remote lock)
  • RSS feed notification option added for Intune admin to subscribe to be alerted when new Intune service notifications are available for their service instance
  • Improved end user experience in the Intune Company Portal app for iOS with step-by-step guidance added on how to access corporate email by enrolling for management and validating device compliance
  • Updated Intune Company Portal app for Windows Phone 8.1 to provide enhanced status notifications for app installations
  • New custom policy template for managing new Windows 10 features using OMA-URI
  • New per-platform mobile device security policy templates for Android, iOS, Windows, and Windows Phone, in addition to new Exchange ActiveSync policy template
  • Ability to deploy Google Play store apps that are required/mandatory to install on Android devices

Also, as announced last week, several new hybrid features are now available for those using System Center Configuration Manager integrated with Intune once upgraded to the latest Configuration Manager 2012 or R2 service pack. You can view the full list of hybrid features included in these service packs by visiting here.

Make sure to bookmark this blog and the ConfigMgr blog to keep up-to-date on the latest features being released and read the latest how-to technical posts written by the engineering team.

Source : Microsoft Intune Blog

New Intune Features Are Coming This Week

Microsoft is releasing their next service update for Microsoft Intune as we speak. This service update will introduce several new features for Android devices plus much more.

New Intune standalone (cloud only) features that will be made available as part of this update include:

  • Management of Office mobile apps (Word, Excel, and PowerPoint) for Android tablets. (Management of Office Mobile app for Android phones made available in February 2015)
  • Ability to restrict access to Exchange on-premises for Exchange ActiveSync clients on Android devices
  • Ability to create WiFi profiles with pre-shared keys (PSK) for Android devices
  • Ability to resolve certificate chains on Android devices without the need to deploy each intermediate certificate individually
  • Deployment of .appx bundles to Windows Phone 8.1 devices (Support for .appx files made available in March 2015)
  • Managed Browser app for iOS devices that controls actions that users can perform, including allow/deny access to specific websites (Managed Browser app for Android devices made available in December 2014)
  • Management of Work Folders app for iOS devices
  • Updated Endpoint Protection agent for managing Windows PCs
  • Ability to manage Windows Defender on Windows 10 PCs running Windows 10 Technical Preview without need for separate Microsoft Intune Endpoint Protection agent to be installed
  • Combined Microsoft Intune Company Portal websites for PCs and mobile devices to provide a more consistent user experience across platforms
  • Added Windows and Windows Phone Company Portal apps to the Microsoft Download Center to provide an additional option for accessing these app downloads
  • Enhanced user interface for overview pages within Intune admin console

We plan to continue rapidly adding new features to the Intune service and look forward to sharing more information with you on this blog over the coming months. Along with the Intune service updates we are releasing monthly, you can also expect new features to be made available soon for those using System Center Configuration Manager integrated with Intune (hybrid). Make sure to bookmark this blog and the ConfigMgr blog to stay up-to-date as we continue to release new features.

Note: To see the specific timeframe for when your tenant will be updated, please visit the Microsoft Intune status page. You can identify the Service Instance that your Intune subscription is running on by opening your Intune administration console, clicking on the Admin tab and then selecting View Service Status. Your Service Instance will be displayed at the top of this page.

Source : Microsoft Intune Blog

March 2015 update for Microsoft Intune

Also this month Microsoft will update Intune with some new features

New Intune standalone (cloud only) features that will be released as part of this service update include:

  • Ability to streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP)
  • Ability to restrict access to SharePoint Online and OneDrive for Business based upon device enrollment and compliance policies
  • Management of OneDrive apps for iOS and Android devices
  • Ability to deploy .appx files to Windows Phone 8.1 devices
  • Ability to restrict the number of devices a user can enroll in Intune

Additionally, as part of this service update, we will be providing hybrid customers with the ability to create custom WiFi profiles with pre-shared keys (PSK) for Android devices. Delivering new features to our hybrid customers using System Center Configuration Manager integrated with Intune remains a top priority for our team, and you can expect additional hybrid features to be made available soon.

Source : Microsoft Intune blog

New February 2015 Intune features

Somewhere between today and February 11th Microsoft will release some new Intune features!

New Intune standalone (cloud only) features that will be made available as part of this service update include:

  • Management of the Office Mobile app (access, view, and edit Word, Excel, and PowerPoint documents) for Android phones
  • Management of the OneNote app for iOS devices. Management of Office mobile apps (Word, Excel, and PowerPoint) on iOS devices made available in December 2014 
  • Ability to browse and install apps on Windows Phone 8.1 devices using Intune Company Portal website
  • Deployment of WiFi profiles for Windows devices using XML import and Windows Phone devices using OMA-URI (deployment of WiFi profiles currently supported for iOS and Android devices)
  • Support for Cisco AnyConnect per-app VPN configurations for iOS devices
  • Ability to require encryption on Windows 8.1 (x86) devices
  • Ability to set minimum classification of platform updates to be installed automatically on Windows 8.1 (x86) devices

Additionally, you can expect conditional access capabilities for SharePoint Online and OneDrive for Business to be made available over the next few weeks.

Source : Microsoft Intune blog

New MAM capabilities in december update of MS Intune

Microsoft will be rolling out some new features to Intune this week….they arrive somewhere between December 9th and December 12th 2014.

New features that will be released to Intune standalone (cloud only) as part of this service update include:

  • Ability to restrict access to Exchange Online email based upon device enrollment and compliance policies
  • Management of Office mobile apps (Word, Excel, PowerPoint) for iOS devices, including ability to restrict actions such as copy, cut, and paste outside of the managed app ecosystem
  • Ability to extend application protection to existing line-of-business apps using the Intune App Wrapping Tool for iOS
  • Managed Browser app for Android devices that controls actions that users can perform, including allow/deny access to specific websites. Managed Browser app for iOS devices currently pending store approval
  • PDF Viewer, AV Player, and Image Viewer apps for Android devices that help users securely view corporate content
  • Bulk enrollment of iOS devices using Apple Configurator
  • Ability to create configuration files using Apple Configurator and import these files into Intune to set custom iOS policies
  • Lockdown of Windows Phone 8.1 devices with Assigned Access mode using OMA-URI settings
  • Ability to set additional policies on Windows Phone 8.1 devices using OMA-URI settings

In partnership with the Office team, you can also expect new Intune-managed Office mobile apps (Word, Excel, and PowerPoint) for Android devices coming soon.

Be sure to bookmark this blog or subscribe to the RSS feed to stay up-to-date on all of the exciting capabilities coming to Microsoft Intune. We are rapidly adding new features and look forward to sharing more information with you over the coming months. You can also expect us to share more information on when these new capabilities will be made available to customers using System Center Configuration Manager integrated with Intune on this blog and on the ConfigMgr blog.

New version of Microsoft Intune arrives this week!

Last week I already wrote a short blog about an issue I ran into, but today everything became clear. They were probably doing some last testing of the new Microsoft Intune portal, because earlier today Microsoft has announced it will release a service update (read: new Microsoft Intune version) between today (November 17th) and Wednesday (November 19th) that will bring us some cool new stuff to Intune (cloud only!).

This are the new features:

  • Enhanced user interface for Intune administration console
  • Ability to restrict access to Exchange on-premises email based upon device enrollment
  • Bulk enrollment of devices using a single service account
  • Lockdown of Supervised iOS devices and devices using Samsung KNOX with Kiosk mode
  • Targeting of policies and apps by device groups
  • Ability to report on and allow or block a specific set of applications
  • Enforcement of application install or uninstall
  • Deployment of certificates, email, VPN and WiFi profiles
  • Ability to push free store apps to iOS devices
  • More convenient access to internal corporate resources using per-app VPN configurations for iOS devices
  • Remote pin reset for Windows Phone 8.1 devices
  • Multi-factor authentication at enrollment for Windows 8.1 and Windows Phone 8.1 devices
  • Ability to restrict administrator access to a specific set of user and device groups
  • Updated Company Portal apps to support customizable terms and conditions

Also, as part of this service update, you’ll notice that all references to Windows Intune have been updated to Microsoft Intune. This name more accurately represents Intune’s cloud-based mobile device management (MDM) and mobile application management (MAM) capabilities across iOS and Android platforms, as well as Windows.

Since Intune if, off course, Cloud based….they can’t update everything at once. You can check on which service instance your Intune subscription is running by opening the Intune Administration Console and click on the Administration tab (on the bottom left) and press the View Service Status link.

image

A new page will open and at the top of that page you can see on which service instance your subscription is running.

image

My subscription is running at North America 05, so I’m in the first Scheduled Maintenance time slot.

Source : Intune Blog

New version of Microsoft Intune arriving soon?

Tonight while I was working on the last slides of my Microsoft Intune demo tomorrow morning, Microsoft decided that it was time to launch the new version of Microsoft Intune. Microsoft already showed the new version at TechEd Europe a couple of weeks ago, but it looks like their launching it as we speak. Too bad the new interface isn’t quiet ‘working’ yet, so after a short ‘loading’ I’ll receive en error.

When the new version is completely available, I’ll probably will blog about it some more….

Current Version (November 13, 2014 –  23:00 CET)

image

image

 

Old version (November 13, 2014 – before 22:30)

image

New version (screenshot from TechEd Europe, available later today?)

image

image