Renew IOS Certificate

The registration of an IOS device in Microsoft Intune requires to use a certificate. This certificate must be requested on the apple site. It’s valid for 1 year and must be renewed before it’s expiry. In case of deletion or expiry of the certificate, it’s necessary to re-register all the device. It’s very important to use the same Apple ID.

From the Azure portal, it’s possible to view the expiration date.

Continue reading

Android enterprise kiosk devices

Android enterprise kiosk devices

With this feature, administrators have the ability to lock the use of a device ( authorized applications,…). Thus the user cannot install his applications (social networks, games,…). It’s important to note that registration is done without a user account. The equipment is therefore not associated with any end user.
Continue reading

Deploy Email profile

Deploy Email profile

intune allows to deploy an email profile on registered devices. It is thus possible to automate the configuration of an email profile on one or more devices. It is interesting to note that the built-in mail client is supported for most platforms. Email profile can be deployed on this platforms.
Continue reading

Deploy certificate with Microsoft Intune

How you need deploy certificate with Microsoft Intune?

Some company resources are accessible through a digital certificate. It’s therefore necessary for users to have a certificate to access VPN, Wifi,…

These certificates prevent the use a user name and password. Intune allows you to assign and manage these certificates. Two types of certificates can be used:

  • Simple Certificate Enrollment Protocol (SCEP)
  • PKCS#12 (or PFX)

Continue reading

Intune Compliance Policy

Intune Compliance Policy

The compliance policy in Intune is an important point because it makes it possible to verify that mobile device complies with security constraints. Several parameters can be configured in the compliance policy.

  • Using a password to access devices
  • Encryption of the device
  • Prohibit jailbroken or root device
  • Minimum operating system version required
  • Maximum allowed version of the operating system
  • Require the device to be at or below the level of defense against mobile threats

Continue reading

Reset MDM Authority

What is the MDM Authority

Before any Microsoft Intune implementation project, a choice should be made between setting up a Microsoft Intune platform in standalone or hybrid mode (with System Center Configuration Manager). It is necessary to know the two solutions, but also the advantages and disadvantages of these solutions. Switching from one mode to another has been simplified from System Center Configuration Manager 1610. It is no longer necessary to contact Microsoft support for this. This is discussed in the next chapter.
Continue reading

Active Android for Work

Android for Work and Intune

Android for work allows a more complete management of Android mobile. It allows to expand the possible configurations in an MDM as Microsoft Intune.
Several benefits are provided by this solution which:
Continue reading

Cname records for Auto-discovery

Cname records for Auto-discovery

If you want add Windows Device (Windows Phone 8.1/10 or Windows PC 8.1/10) on the intune platform, you need add cname records on your Public DNS Server. This operation is needed to operate the auto-discovery with the Windows devices only. There is no problem with IOS and Android Device.
Continue reading

Azure AD Connect

Azure AD Connect

Azure Ad Connect is a tool provided by Microsoft that allows to extend the scope of AD accounts for cloud services. Indeed the AD user accounts can be used only in an AD domain. To allow a user to use the login and password in a cloud service (Azure, EMS, Office 365,…) it is necessary to proceed with the synchronization of accounts. Several solutions are possible, using ADFS server, the password synchronization or Azure AD pass-through). The tool can be installed on a domain controller or a member (joined to the domain or workgroup) server.
It is possible to synchronize multiple AD forests for a same nevertheless requirements are to be respected.

Continue reading