Showing posts with label Microsoft Intune. Show all posts
Showing posts with label Microsoft Intune. Show all posts

Friday, August 14, 2015

Understanding Configuration Policies on Microsoft Intune

In Microsoft Intune, there are 2 types of configuration policies to manage mobile devices. The first type is Common Mobile Device Settings policy which is included PC settings. This kind of policy is based on Exchange ActiveSync and it can manage the following configuration settings for all platform mobile devices like iOS, Android, Windows Phone and Windows PC.
  • Security
  • Encryption
  • System
  • Email
  • Applications


The second type is platform aware policy like iOS, Android, Windows Phone and Windows PC. This kind of policy is only applied to the specific platform. For example, iOS Configuration Policy is applied to iOS devices only. Other platforms like Android and Windows Phone won't be applied the setting from iOS Configuration Policy even it applies to all user groups or all mobile devices group.




To manage multiple platforms environment on Microsoft Intune, you may consider to create specific configuration policies for each platform.


This posting is provided “AS IS” with no warranties, and confers no rights!
Posted by at No comments:
Labels: , ,

Saturday, August 8, 2015

My view of compliance policy on Microsoft Intune

Compliance policy are some basic rules and settings for enrolled devices of users. A compliance policy can be applied to all devices of users like iOS, Andorid, Windows Phone and so on. In Microsoft Intune, the compliance policy will check the following on devices.
  • Password
  • Encryption
  • Jailbreak
  • Email Profile

Microsoft defined the settings of non-compliance devices. For example, a device doesn't meet the pin or password requirement. The compliance policy will force the device, iOS, to change the pin or password within 60 minutes. If the device isn't set pin or password within 60 minutes, the user is forced to configure it after 60 minutes. For other scenarios, Microsoft listed a table about what actions will be applied for non-compliance devices.


To compare with other Enterprise Mobility Management products, compliance policy settings of Microsoft Intune are lack of flexible. there is no option for administrators to control OS version of enrolled devices. For security reason, administrators would like to apply this setting on compliance policy to filter OS version for their companies.

 Even though the device is non-compliance like not configure pin or password, user still can download applications through Company Portal. It seems that the compliance policies of Microsoft Intune isn't flexible and mature enough.

I hope Microsoft will add more flexible settings on compliance policy of Microsoft Intune like other EMM products.

This posting is provided “AS IS” with no warranties, and confers no rights!
Posted by at No comments:
Labels: , ,

Friday, July 24, 2015

Migrate Office 365 Mobile Device Management to Microsoft Intune problem

I enabled Mobile Device Management on Office 365 for my lab domain. Now, I'd like to change it to Microsoft Intune for testing. However, I cannot move it from Office 365 to Microsoft Intune because there is no option to do this task on both. At Microsoft Intune, it shows Set to Office 365.
On Office 365, it shows the current MDM configuration.


Eventually, I submitted a service request on Office 365 to report this status and let them to change the status on Microsoft Intune. 

If you plan to manage devices on Microsoft Intune, all devices are needed to re-enroll after configuring to Microsoft Intune.

 Make sure what solution your customers need before deploying Mobile Device Management on Office 365 or Microsoft Intune.

 More information:
Manage mobile devices with Microsoft Intune

This posting is provided “AS IS” with no warranties, and confers no rights!
Posted by at No comments:
Labels: , ,

Sunday, February 15, 2015

The management and remote access connectivity of Windows 10

Speaker: Michael Niehaus, Senior Product Marketing Manager

In the last few days, I attended Tech.Days Hong Kong 2015.


In this event, I attended 2 Windows 10 sessions which are "Windows 10: Remote Access Connectivity and Windows 10 Management Technologies: What's New". After attending Windows 10 sessions, it seems that Microsoft tends to use more Microsoft Intune and System Center Configuration Manager to manage Windows 10 or later operating systems. I'm going to explain this.

In Windows 10, we can join the Windows 10 device to Azure Active Directory (AAD).


There is no group policy on AAD. To apply the security settings to Windows 10 device which is joined to AAD, administrators can configure Microsoft Intune on the cloud to integrate with Azure Active Directory. When a device is joined to the Azure Active Directory, it will automatically applied the company policies through Microsoft Intune. Many security settings can be through Microsoft Intune to configure it. If there isn't enough option for administrators to configure it, administrators can upload the PowerShell script to Microsoft Intune. The next version of Microsoft Intune supports WMI bridge and PowerShell configuration. administrators can also upload PowerShell script though Microsoft Intune to apply to the device. Honestly, Microsoft Intune for management desktop isn't robust enough to compare with Group Policy but Microsoft will add more options based on market trend.

The next version of System Center Configuration Manager will be integrated with Microsoft Intune. administrators can use one portal to manage mobile and desktop devices


The next version of Microsoft Intune is not only for applying security settings to Windows 10 device but also apply a new feature to Windows 10 device like "Per-application VPN". "Per-application VPN" is a new feature on Windows 10 to control which applications can be connected to the corporate network. For an example, your company only allows Internet Explorer to connect to your corporate web site through VPN. Apply "Per-application VPN" to a Windows 10 device which is enrolled Mobile Device Management (MDM) by Microsoft Intune. The user still can use other browsers like Chrome to access other web sites but the chrome browser cannot access the corporate web site.

In Windows 10, Microsoft works with other VPN vendors like Cisco, F5 and so on to change the configuration method of VPN. Users can be through Windows Store to download and install VPN plug-in from supported vendors. After that, users can set up a VPN connection at "Add a VPN connection" Wizard.


After installing other VPN plus-in from Windows Store, we can select it from "VPN provider". It's easy for us to set up a VPN connection from any vendor.

Eventually, there are some new management solutions in Windows environment. The old management solution like Group Policy will be phased out in the future.

This posting is provided “AS IS” with no warranties, and confers no rights!
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)