Intune – Third party antivirus solutions are now supported for Device Compliance Policy

Until the last Intune update (week of July 2, 2018), when you were setting up a Windows 10 Device Compliance Policy you were obliged to use Windows Defender as local antivirus solution if you wanted to set an antivirus solution is required to be marked as compliant. After this update, you can now set this requirement even if you are using a third party antivirus solution (such as Symantec) as…

Read More

Intune – Automatic device cleanup

With the latest Intune update (week of July 2, 2018), a new feature has been added to automatically cleanup Intune from devices which did not contact the service. As you may be aware, devices which do not contact Intune service for a certain period of time are marked as not compliant and there maybe some work for the Intune administrators to cleanup these devices. With this update you can now…

Read More

Intune – The Intune Silverlight portal is going to be removed

About 18 months ago, Microsoft has announced the integration of Intune service into the Azure ARM portal. Now, the Intune Silverlight portal is going to be removed (starting August 31st, 2018) with all Intune capabilities moved to the Azure ARM portal. If you are still using the Intune agent to manage Window 7 (and later), the Silverlight portal will remain available.  This will be the only workload remaining in this…

Read More

Intune – Enhanced conditional access with Windows Defender ATP

With Windows 10, Microsoft has introduced an advanced protection system integrated with Windows Defender caller Windows Defender Advanced Threat Protection (WDATP) (see https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection to know more). Now, with Intune you can also use Windows Defender ATP status to allow/deny access to resources. To use Windows Defender ATP in your conditional access, go to your Azure ARM portal (https://portal.azure.com) and access your Intune\Device Compliance configuration blade Access the policies blade and…

Read More

Intune – Enable Windows Redeployment from logon screen

Starting with Window 10 build 1709, it is possible for administrators to re-initialize Windows 10 devices to remove personal files and settings and revert the device to an original state, while keeping the device enrollment. Enable the policy To make Windows Automatic Deployment available from the logon screen, you must first enable the policy; which can be done either with Intune (or any MDM supporting CSP) or with a Windows…

Read More

Intune – You can now assign mobile app to all users

A new option has been his apparition on the Intune management portal when assigning applications. You can now assign an application as available to all users with enrolled devices; you do not need anymore to assign it to a group At the time of writing this post, this option is only available for Microsoft Store for Business app (I’m sure this will come too to Apple and Google stores) In…

Read More

SCCM – Co-management is now available in SCCM Current Branch (1710)

The latest update for SCCM Current Branch is now available and includes the announced co-management feature. The co-management feature allows you to manage your devices with Intune and SCCM without having to setup an Intune subscription on SCCM. Especially in scenarios where Windows 10 Azure AD Joined device needs to use the SCCM agent. Once you have installed the SCCM update (as usual you can force it by using the…

Read More

Intune – Conditional Access is moving to be only on Azure AD

On January 2018, conditional access policies for Intune will be moved for good to Azure AD. Until now (and January 2018), conditional access configuration is/was available through the ‘classic’ Silverlight Intune portal, Intune App Protection (MAM) blade and classic Azure AD portal. If you have policies configured on any of these previous access point, you need to review them and start configuring these policies using the new Azure AD portal.…

Read More

Intune – Enrollment status screen

With Windows 10 build 1709 (Fall Creators Update) and Intune, you can now provide details to the end-user while enrolling the device. This can be quite helpful to let them know what is going on as well as for troubleshooting purpose. To enable and configure it, you need to logon to your Azure ARM portal and go to Intune Then you need to go to the Device enrollment\Windows enrollment section…

Read More

Azure AD – Allow end-users to reset password or PIN from the login screen

UPDATE 21 nov 2017 You can also use the registy key HKLM\Software\Policies\Microsoft\AzureADAccount to enable this. Create a DWORD key named AllowPasswordReset with the value 00000001. I have tested with an AAD Joined device managed with SCCM. Will test with an AD Joined device later.   With Windows 10 Fall Creators Update (build 1709) you can allow your end-user to self reset their password (or PIN) directly from the login screen.…

Read More

Intune – Troubleshooting assistant to resolve end-user’s issues

Troubleshooting Intune issues can be painful and complicated. To help you in this task, a new troubleshooting assistant has been introduced. Access to this troubleshooting assistant is easy: either use the direct URL http://aka.ms/intunetroubleshooting or through the portal by searching for Intune and go to the Help and Support\Troubleshoot section Then you start troubleshooting the issue by first selecting the user having trouble As result the troubleshooting assistant is confirming…

Read More

Intune – You can now switch your MDM authority without Microsoft support and not re enrollment

With the June 2017 updates for Intune, it is now possible to switch the MDM (mobile device management) authority from Intune to SCCM Hybrid and vice-versa without opening a support request AND without having to re enroll devices already enrolled (see https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/change-mdm-authority)

Read More

Microsoft Intune – Enrollment support change for iOS

In the coming months, Microsoft Intune will be updated to allow only iOS 8.x or later to be enrolled. Existing enrolled devices will not be impacted and will continue to be managed for a limited time but it will not be possible to enroll new devices running older version of iOS. As usual, this is always important to run the latest version to ensure you can continue to use the…

Read More

Office 365 – Phantom mobile device

I have been playing with the Mobile Device Management feature for Office 365 for some time already – since it has been in technical preview. I registered many devices running on different OS (Windows, Windows Phone, Windows 10 Tech Preview, Android..) but recently I discovered a rogue/phantom device in the Office 365 Mobile Device Management section. This device was unregistered some time ago already, has been restores and re installed…

Read More