Microsoft recently announced that ,Adobe has integrated Microsoft Intune application protection directly into the Adobe Acrobat Reader mobile app for iOS and android. For more information, please refer https://www.microsoft.com/en-us/microsoft-365/blog/2019/09/05/adobe-acrobat-ios-android-microsoft-365-app-protection/ To deliver the best experience, Adobe will discontinue support for the Adobe Acrobat Reader Intune mobile app on November 30, 2019. All customers must migrate to Adobe Acrobat Reader mobile app, which now supports Microsoft Intune, to continue working in Acrobat on the go. For more information,please refer https://helpx.adobe.com/acrobat/kb/intune-app-end-of-life.html With this new app for iOS , there are some changes introduced which may confuse the end users on how to sign…
Author: Eswar Koneti
Recently, we had a requirement from customer, that they wanted to deploy applications /apply device configurations etc. from Intune to Azure AD Joined devices ONLY but not other devices like BYOD intune enrolled devices. (MAM/MDM) With intune, you can target apps ,device configurations, profiles ,deployments to both user groups OR device groups but not to specific users or device. If you target to user groups ,then it will apply to user irrespective of device join type whether it is intune enrolled (BYOD) or Azure AD join (Corporate device) . If you perform Azure AD join through auto-pilot then the…
SCCM has multiple discovery methods help you discover devices on your network, devices and users from Active Directory, or users from Azure Active Directory (Azure AD). Read more about the discovery methods in SCCM https://docs.microsoft.com/en-us/sccm/core/servers/deploy/configure/about-discovery-methods AD system discovery help to discover computer resources that can be used to create collections and queries. You can also install the SCCM Client client on a discovered device by using client push installation. In order to successfully discover the computer (by creating the DDR Record) in domain by AD system Discovery , it must be able to identify the computer account and then successfully…
Friend of mine had asked for help to create device based dynamic group with deviceOSType=iOS ,and deviceOSversion less than 12.4.1. The reason for this group was to limit anything below iOS 12.4.1 for iPhone devices and MDM managed devices only to have a collection. So that ,we can exclude them from VPN to restrict users from internal resources. This is because of vulnerability issues on lower version (12.4.1) as per Apple blogs. First when i read this request ,i thought this can be achieved with dynamic group membership rules available from Azure AD and i have shared the Microsoft Docs…
I did detailed blog post on 'how to get office 365 proplus activation status' with help of extended MOF file and inventory changes. With this method ,you will get the activation details such as user email address, shared computer activation etc. For more information, please refer http://eskonr.com/2018/10/how-to-get-office-365-proplus-activation-status-and-excluded-apps-etc-using-sccm-configmgr/ .This method requires extension of MOF files ,make changes to hardware inventory which will then create new SQL views . If you don't' want go through all these , but just looking for office activation status (yes or No) ,then this blog will help you to achieve it.In this blog post, we will…
Recently ,we had requirement to allow ipad devices to connect to corporate network. This is due to the fact that ,some of the iOS apps that are being developed inhouse need to be tested with corporate network ONLY. In order to evaluate and test the app , the ipad devices need to connect to office network (corporate) . The team who does the testing are at remote site and there is no corporate network. If you are pure MAM shop, please do note that MAM does not enforce device compliance. The reason being, you cannot enforce device configuration policies. That…
I have worked on couple of office 365 proplus rollout projects. In all projects ,one of the critical task is to manage MSI based deployments for visio/project 2016 on computer that runs office 365 proplus (Click-to-Run).Click-to-Run is the technology used to install Office 365 proplus subscription based .Windows Installer technology (MSI) was used to install the volume license editions of older versions of Office 2016 and older, such as Microsoft Office Professional Plus ,Microsoft Office Standard,visio and project.Until now ( if you are not on office 365) ,we usually deploy volume licensed versions of Project 2016 and Visio 2016 by…
Microsoft has just released update 1906 for Configuration Manager current branch is available as an in-console update. You can apply this update on sites that run version 1806, 1810, or 1902 from the console. If you want to install new site ,you can download 1902 as baseline build and install the update. Before we start upgrading the site to latest build ,lets review the features that are newly added and deprecated: Features added/updated: Site infrastructure: Site server maintenance task improvements Configuration Manager update database upgrade monitoring Management insights rule for NTLM fallback Add a SQL AlwaysOn node Cloud-attached management: Azure…