Configure Pass-through Authentication

9 January 2019 by nbonnet·0 Comments

The Pass-through Authentication

This authentification allows you to use the same password for the on-premise and Cloud-based applications. However, it’s important to note that user authentication is done through the Active Directory on-premise and not through Azure Active Directory. It’s a good alternative to Azure AD Password Hash Synchronization. However, it makes it easier to apply a security policy to passwords.

Benefits of the solution

This solution offers the following benefits :

The same password for cloud-based applications and on-premise applications
When user change password, the modification for cloud-based application is instantaneous
Easy to deploy: only one agent to install
Passwords are never stored in the cloud
Agents can be installed on multiple on-premises servers to provide high availability

Renew IOS Certificate

26 September 2018 by nbonnet·0 Comments

The registration of an IOS device in Microsoft Intune requires to use a certificate. This certificate must be requested on the apple site. It’s valid for 1 year and must be renewed before it’s expiry. In case of deletion or expiry of the certificate, it’s necessary to re-register all the device. It’s very important to use the same Apple ID.

From the Azure portal, it’s possible to view the expiration date.

Configure AIP Scanner

11 September 2018 by nbonnet·0 Comments

Overview of AIP Scanner

Azure information Protection allows document classification and this to apply protection. Microsoft implemented the AIP scanner to perform automatic document classification. Following the discovery of the files, an AIP label is positioned. This operation is performed automatically, so the protection is applied. In the same case, the protection can be removed.

A Windows indexed file inspection is performed by the scanner. This operation is performed using the iFilters installed on the computer. The scanner thus has the possibility of classifying and protecting these files if need be.
Continue reading

Android enterprise kiosk devices

30 August 2018 by nbonnet·0 Comments

Android enterprise kiosk devices

With this feature, administrators have the ability to lock the use of a device ( authorized applications,…). Thus the user cannot install his applications (social networks, games,…). It’s important to note that registration is done without a user account. The equipment is therefore not associated with any end user.
Continue reading

Deploy Email profile

25 July 2018 by nbonnet·0 Comments

Deploy Email profile

intune allows to deploy an email profile on registered devices. It is thus possible to automate the configuration of an email profile on one or more devices. It is interesting to note that the built-in mail client is supported for most platforms. Email profile can be deployed on this platforms.
Continue reading

Deploy certificate with Microsoft Intune

22 July 2018 by nbonnet·0 Comments

How you need deploy certificate with Microsoft Intune?

Some company resources are accessible through a digital certificate. It’s therefore necessary for users to have a certificate to access VPN, Wifi,…

These certificates prevent the use a user name and password. Intune allows you to assign and manage these certificates. Two types of certificates can be used:

Simple Certificate Enrollment Protocol (SCEP)
PKCS#12 (or PFX)

Intune Compliance Policy

15 July 2018 by nbonnet·0 Comments

Intune Compliance Policy

The compliance policy in Intune is an important point because it makes it possible to verify that mobile device complies with security constraints. Several parameters can be configured in the compliance policy.

Using a password to access devices
Encryption of the device
Prohibit jailbroken or root device
Minimum operating system version required
Maximum allowed version of the operating system
Require the device to be at or below the level of defense against mobile threats

Hybrid equipment with Azure AD

12 July 2018 by nbonnet·0 Comments

We have had the possibility for many years to join a machine to an Active Directory domain. With cloud services (Office 365, Azure AD, …) identity management has become a very important point. Microsoft implemented in Windows 10, the functionality Azure AD Join (previously Workplace Join) allowing the junction of the machine in Azure AD Join.

Several hybridization scenarios can be implemented:

Device Writeback : To allow a computer join to Azure AD to access internal resources.
Azure AD hybrid : This scenario allows a computer attached to an AD domain to access cloud resources.

Azure File Sync

2 June 2018 by nbonnet·0 Comments

Azure File Sync

Files are an important resource in a company. For workstations rarely connected to the local network, these files are stored locally.
It is therefore important to ensure that these files are synchronized on an enterprise server or in the cloud. All protocols offered by Windows Server (SMB, NFS et FTPS) are available in Azure File Sync.

Co-management for Windows 10 devices

23 January 2018 by nbonnet·0 Comments

Co-management for Windows 10 devices

Co-management can meet several needs:

If you have a Microsoft 365 subscription and want to use the included Windows 10 licenses.
If you want to manage your Windows 10 devices as a mobile device and thus switch from traditional management to modern management.