Role-based access control (RBAC) helps you manage who has access to your organization’s resources and what they can do with those resources. By assigning roles to your Intune users, you can limit what they can see and change. Each role has a set of permissions that determine what users with that role can access and change within your organization. To create, edit, or assign roles, your account must have one of the following permissions in Azure AD: Global Administrator Intune Service Administrator (also known as Intune Administrator) we are into MAM ONLY and no device enrollment. When a device is…
Author: Eswar Koneti
We can use the Azure portal to invite B2B collaboration users. You can invite guest users to the directory, to a group, or to an application. After you invite a user through any of these methods, the invited user's account is added to Azure Active Directory (Azure AD), with a user type of Guest. The guest user must then redeem their invitation to access resources. You can use an allow list or a deny list to allow or block invitations to B2B users from specific organizations. For example, if you want to block personal email address domains, you can set…
I recently worked on requirement to create conditional access that will block access to office365 via browser app on intune enrolled device . We are still Hybrid Azure AD join and yet to be Azure AD join. we have BYOD windows 10 intune enrolled devices and we have decided to block browser based sessions on these enrolled devices using conditional access for the apps like onedrive,exchange online,teams,Sharepoint etc. In order to block browser session on Intune enrolled devices ,I will be using device state in conditional access which is still in preview for almost year . To read more about …
Few months ago ,Microsoft announced the preview of Administrative templates which include hundreds of settings that you can configure for Internet Explorer, OneDrive, remote desktop, Word, Excel, and other Office programs.These templates give administrators a simplified view of settings similar to group-policy, but they're 100% cloud-based.This feature supports Windows 10 and later operating system.As part of mobile device management (MDM) solution, we can make use of these administrative templates (admx) and create configuration profiles to complete different tasks. In this blog post ,we will see ,how to create device configuration profile with Onedrive settings and deploy to users/devices for the…
You can use Intune app protection policies independent of any mobile-device management (MDM) solution which means ,if you device is already enrolled to airwatch ,mobile iron,black berry ,these devices can still be managed with intune using Mobile application Management (MAM).we are into MAM (MAM-WE) and no enrollment . So when we setup intune MAM protection policy ,we choose Require PIN in Access requirements with value 4 (user is prompted to set up this PIN the first time they run the app in a work or school context.)As you can see below ,the access requirement settings, we have setup the PIN…
Enrolling your devices into Microsoft Intune allows your Windows 10 devices to get access to your organization’s secure data, including email, files, and other resources. If your users want to access your organization's data from their BYOD windows 10 device , they can do so by themselves with simple steps without the need of admin. Here is the Quick start: Enroll your Windows 10 device https://docs.microsoft.com/en-us/intune/quickstart-enroll-windows-device Even though the steps are simple to enroll windows 10 device using the quick start guide , it is always required to create user guide documentation with limitations and some FAQ’s as per the…
Microsoft made Office cloud policy service for Office 365 ProPlus generally available and supported for all Office 365 ProPlus customers. The Office cloud policy service is a cloud-based service that enables you to enforce policy settings for Office 365 ProPlus on a user’s device, even if the device isn’t domain joined or otherwise managed. The policy settings roam to whichever device the user signs into and uses Office 365 ProPlus. The Office cloud policy service is part of a portal for managing Office 365 ProPlus and includes many of the same user-based policy settings that are available when using Group…
Issue Description:Few months ago, I have migrated the Primary SCCM site along with its secondary sites to SCCM build 1806 . Update of Primary site along with secondary site upgrades went fine except 1 secondary site. The failed secondary site throw the following error code in log.On the secondary site ,in the root of windows directory (C:\) ,you will find log called Configmgrsetup.logServer components are experiencing fatal errors.Failed to create process of SetupWpf.exe. return value 1Error code 1 means Incorrect function.While reading the log file ,found Registered OCX: D:\Configmgr\bin\x64\smsprov.dll with regsvr32.exeIt looks to me that ,it is failing to register…