Author: Eswar Koneti

WIP (windows information protection) is the mobile application management (MAM) mechanism on Windows 10. WIP gives you a new way to manage data policy enforcement for apps and documents on Windows 10 desktop operating systems, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune). WIP provides: Obvious separation between personal and corporate data, without requiring employees to switch environments or apps. Additional data protection for existing line-of-business apps without a need to update the apps. Ability to wipe corporate data from Intune MDM enrolled…

Read More

I was working on SCCM report for client health dashboard. During this report creation ,found that ,device appear twice with different GUID ID and resource ID but with same hostname. So i started looking at this issue to see how identify the records with duplicate hostnames. SCCM clients are uniquely identified by a GUID. A GUID is a combination of the client's media access control (MAC) address and the time when the GUID is assigned. This combination produces a number that is virtually always unique. The GUID assignment occurs during the client discovery and installation processes. The GUID is stored…

Read More

Role-based access control (RBAC) helps you manage who has access to your organization’s resources and what they can do with those resources. By assigning roles to your Intune users, you can limit what they can see and change. Each role has a set of permissions that determine what users with that role can access and change within your organization. To create, edit, or assign roles, your account must have one of the following permissions in Azure AD: Global Administrator Intune Service Administrator (also known as Intune Administrator) we are into MAM ONLY and no device enrollment. When a device is…

Read More

We can use the Azure portal to invite B2B collaboration users. You can invite guest users to the directory, to a group, or to an application. After you invite a user through any of these methods, the invited user's account is added to Azure Active Directory (Azure AD), with a user type of Guest. The guest user must then redeem their invitation to access resources. You can use an allow list or a deny list to allow or block invitations to B2B users from specific organizations. For example, if you want to block personal email address domains, you can set…

Read More

I recently worked on requirement to create conditional access that will block access to office365 via browser app on intune enrolled device . We are still Hybrid Azure AD join and yet to be Azure AD join. we have BYOD windows 10 intune enrolled devices and we have decided to block browser based sessions on these enrolled devices using conditional access for the apps like onedrive,exchange online,teams,Sharepoint etc. In order to block browser session on Intune enrolled devices ,I will be using device state in conditional access which is still in preview for almost year . To read more about …

Read More

Few months ago ,Microsoft announced the preview of Administrative templates which include hundreds of settings that you can configure for Internet Explorer, OneDrive, remote desktop, Word, Excel, and other Office programs.These templates give administrators a simplified view of settings similar to group-policy, but they're 100% cloud-based.This feature supports Windows 10 and later operating system.As part of mobile device management (MDM) solution, we can make use of these administrative templates (admx) and create configuration profiles to complete different tasks. In this blog post ,we will see ,how to create device configuration profile with Onedrive settings and deploy to users/devices for the…

Read More

You can use Intune app protection policies independent of any mobile-device management (MDM) solution which means ,if you device is already enrolled to airwatch ,mobile iron,black berry ,these devices can still be managed with intune using Mobile application Management (MAM).we are into MAM (MAM-WE) and no enrollment . So when we setup intune MAM protection policy ,we choose Require PIN in Access requirements with value 4 (user is prompted to set up this PIN the first time they run the app in a work or school context.)As you can see below ,the access requirement settings, we have setup the PIN…

Read More

Enrolling your devices into Microsoft Intune allows your Windows 10 devices to get access to your organization’s secure data, including email, files, and other resources. If your users want to access your organization's data from their BYOD windows 10 device , they can do so by themselves with simple steps without the need of admin. Here is the Quick start: Enroll your Windows 10 device https://docs.microsoft.com/en-us/intune/quickstart-enroll-windows-device Even though the steps are simple to enroll windows 10 device using the quick start guide , it is always required to create user guide documentation with limitations and some FAQ’s as per the…

Read More