This features permit to send important messages to employees. They need have a Windows 11 PC managed by Intune. It’s an interesting features for remote and hybrid work scenarios. The message is send to Azure AD users and the delivery status can be tracked.
Overwiew of Microsoft LAPS Windows LAPS or Local Administrator Password Solution is a Microsoft tools used by the DSI team for manage local password. The password of the local administrator password can be modify and stored in Active Directory and Azure Active Directory. It’s a fantastic tools for on-premise or Hybrid AD Join computer. The computer can be configured by Microsoft intune. With Microsoft Intune, the Windows LAPS CSP (Configuration Service Provider) must be used. If you save the password…
Intune Endpoint Privilege Management is an interesting feature, he permit to a standard user (so without administrator rights) the possibility to elevate privileges if needed. The policy of least privilege is respected. Prerequisites Endpoint Privilege Management require Intune suite or standalone licence.
The GPO analytics tools The Group Policy anlytics tools is a very interesting tools if you want migrate to the modern management and configure computer with Intune. He offer few scenarios Analyzes on-premise GPOs Validate if the parameter configured by Active Directory GPO is supported by Intune (configured through Intune) Verify if any setings in the GPO is deprecated or not available Export a GPO From the Group Policy Management console, expand domain name and click on Group Policy Objects.
It is now possible to register in Microsoft Intune Linux workstations. To date, the equipment must run the Ubuntu distribution Ubuntu Desktop 22.04 or 20.04 LTS. When installing the Linux distribution, it is recommended to activate encryption. This may be required by Microsoft Intune.
What is Autopatch Windows Autopatch is a cloud services that permit to automate windows update, M365 apps Microsoft Edge and Microsoft Teams. Updates are provided to devices registered in Microsoft Intune. Following this registration the following services are offered : Windows quality updates : Windows Autopatch keeps at least 95% of eligible devices on the latest quality Windows update. Windows feature updates : Windows Autopatch aims to keep at least 99% of eligible devices on a supported version of Windows….
Account protection allows you to protect user identities and accounts. It is also possible to manage group membership built into the device. With Account Protection, you can configure Account protection or Local user group membership
Remote help is a tool included in Microsoft Intune, he permit to get assistance at user connected on Windows 10 computer enrolled in Microsoft Intune. Microsoft Intune subscription is required. The workstation must perform Windows 10 or Windows 11. Very important ! Remote help app must be installed on the workstation. Network Prerequisites The tool Remote help use port 443 for communicates and connects to the Remote Assistance Service at https://remoteassistance.support.services.microsoft.com. Note that traffic is encrypted with TLS 1.2. All…
IT Admins can customize home screens of managed devices. we can configure wallpaper, applications and icon positions. The appearance of Android devices is thus standardized.
With Autopilot on Hybrid AD Join, Active Directory must be join by computer. With this scenario, the computer can be enrolled on Microsoft Autopilot without being connected to the local network Requirements A latest version of Windows 10 is supported. You must use the following version of Windows 10 :
What is Microsoft tunnel ? Microsoft Tunnel is a VPN gateway. This solution is used by microsoft Intune and allow access to on-premise solution at IOS/iPadOS or Android devices. Microsoft Tunnel install a Docker container. He is run on Linux server, he can be a virtual or physical server. After that installed Microsoft tunnel, you can deploy on your device a VPN profile. If you hosted the server on Azure, you need deploy an express route or a VPN between…
When registering a Windows 10 workstation in Intune, the user account is used. It is then referenced as Primary user for the workstation.
What is Security baselines Security Baseline permit to secure and protect users and device present on Intune. It can be deploy to the group of user or Windows 10 device. With this settings, you can enable few parameter (automatically enables BitLocker, automatically disables basic authentication, etc.).
Why deploy Company portal ? Company portal is the Microsoft Intune Application. You can deploy it for install available application. On this application user can delete a lost device or force synchronization. This application is not installing when you install your computer. You must install by the windows store. You can deploy automatically this application with Windows Store for Business and Microsoft Intune.
The registration of an IOS device in Microsoft Intune requires to use a certificate. This certificate must be requested on the apple site. It’s valid for 1 year and must be renewed before it’s expiry. In case of deletion or expiry of the certificate, it’s necessary to re-register all the device. It’s very important to use the same Apple ID. From the Azure portal, it’s possible to view the expiration date.
Prerequisites With this feature, administrators have the ability to lock the use of a device ( authorized applications,…). Thus the user cannot install his applications (social networks, games,…). It’s important to note that registration is done without a user account. The equipment is therefore not associated with any end user.
Deploy Email profile Intune allows to deploy an email profile on registered devices. It is thus possible to automate the configuration of an email profile on one or more devices. It is interesting to note that the built-in mail client is supported for most platforms. Email profile can be deployed on this platforms.
Deploy certificate with Microsoft Intune? Some company resources are accessible through a digital certificate. It’s therefore necessary for users to have a certificate to access VPN, Wifi,… These certificates prevent the use a user name and password. Intune allows you to assign and manage these certificates. Two types of certificates can be used:
Intune Compliance Policy The compliance policy in Intune is an important point because it makes it possible to verify that mobile device complies with security constraints. Several parameters can be configured in the compliance policy.
Co-management for Windows 10 devices Co-management can meet several requirements: If you have a Microsoft 365 subscription and want to use the included Windows 10 licenses.
What is the MDM Authority Before any Microsoft Intune implementation project, a choice should be made between setting up a Microsoft Intune platform in standalone or hybrid mode (with System Center Configuration Manager). It is necessary to know the two solutions, but also the advantages and disadvantages of these solutions. Switching from one mode to another has been simplified from System Center Configuration Manager 1610. It is no longer necessary to contact Microsoft support for this. This is discussed in…
Android for work allows a more complete management of Android mobile. It allows to expand the possible configurations in an MDM as Microsoft Intune.Several benefits are provided by this solution which:
Cname records for Auto-discovery If you want add Windows Device (Windows Phone 8.1/10 or Windows PC 8.1/10) on the intune platform, you need add cname records on your Public DNS Server. This operation is needed to operate the auto-discovery with the Windows devices only. There is no problem with IOS and Android Device.
Enroll Device into Intune After you configure the platform Microsoft Intune, it is important to add mobile devices (IOS, Windows Phone or Android). This operation must be performed directly from the equipment. So, this article presents the steps to add an equipment.
Enroll Windows 10 Computer The enrollment of a computer Windows 10 can be done through the Microsoft Intune agent or through the Workplace Join functionality. This feature allows a Windows 10 equipment of enroller in Microsoft Intune. Unlike the agent who allows to add equipment such as a computer, Workplace Join allows the addition of the computer as a mobile. So some functionality may not be used (anti-virus, firewall management, Microsoft patch management). Join workplace join is native to Windows…
Office 365 conditionnal access If you have a subscription intune and office 365, it is possible to configure the conditional access. This feature allows to control access to the boxes mail Office 365. Only devices enrolles in Microsoft Intune and respecting security defined constraints will have access to their mailbox Microsoft Office 365.
The different mode of intune Microsoft Intune can be used with two distinct modes. In stand-alone mode, the platform is present in the Microsoft cloud. No interaction with your information system. The facilities administration and management of the platform. This action takes place from the web portal. The second mode is more “complex” because it contains an intermediary more.
With System Center Configuration Manager, it is very easy to implement dynamic collections to categorize internal and mobile devices from Intune. Thus the deployment of an application or a strategy is largely simplified. Indeed, on the basis of a criterion (OS, type network adapter,…) the different device are grouped in a collection. These work through inventory returned by mobile devices or not. In intune in SAAS mode, it is very difficult to have dynamic groups. The choice and much smaller…
The Deployment of Office 365 (Office Click to run Office 2016) can be done in different ways. This article details the different steps for a deployment of this software with Microsoft Intune on a Windows 10 workstation managed as a mobile device.
Enterprise mobility is widely used nowadays. Many employees now has a smartphone, tablet or both. It is common to find on these devices to enterprise data but also of personal data. The risk of disclosure of professional data is more important. Windows 10 offers an interesting feature EDP (Enterprise Data Protection). You can use EDP for this scenarios : Encryption of the data on personal and professional device. Remote wipe of business data on managed computers (personal data are not…
You have choosen to install the Microsoft Intune Platform. After performing user synchronisation and configure Platform, it’s necessary to enroll the devices. This step is mandatory to apply rules or install application. so make sure the protection of corporate Data and manage device.Users cant access to the company portal if the device is not enroll into Microsoft Intune Platform.
Managed Application in Intune Since few years, Microsoft had add into Intune plateforme the functionnality managed application. Microsoft Skype for Business (MAM with MDM) available now for iOS and Android Microsoft Dynamics CRM (MAM with MDM) available now for iOS and Android Adobe Reader (MAM with MDM) available now for iOS