Introduction:With the recent Current Branch updates starting from 1806 , Microsoft is making good improvement on Software updates maintenance but there is lot to come in the near future. Read the Software updates maintenance tasks available in SCCM https://docs.microsoft.com/en-us/sccm/sum/deploy-use/software-updates-maintenanceMany SCCM Admins think that ,installing WSUS ,doing initial configuration and configuring SUP role is enough for software update patching but that's not true. When you finish initial WSUS configuration ,you go SUP properties and start selecting classification and products. Based on this selection criteria , updates get synced with Microsoft . These synced updates include itanium and many other junk updates.…
Author: Eswar Koneti
WIP (windows information protection) is the mobile application management (MAM) mechanism on Windows 10. WIP gives you a new way to manage data policy enforcement for apps and documents on Windows 10 desktop operating systems, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune). WIP provides: Obvious separation between personal and corporate data, without requiring employees to switch environments or apps. Additional data protection for existing line-of-business apps without a need to update the apps. Ability to wipe corporate data from Intune MDM enrolled…
I was working on SCCM report for client health dashboard. During this report creation ,found that ,device appear twice with different GUID ID and resource ID but with same hostname. So i started looking at this issue to see how identify the records with duplicate hostnames. SCCM clients are uniquely identified by a GUID. A GUID is a combination of the client's media access control (MAC) address and the time when the GUID is assigned. This combination produces a number that is virtually always unique. The GUID assignment occurs during the client discovery and installation processes. The GUID is stored…
Role-based access control (RBAC) helps you manage who has access to your organization’s resources and what they can do with those resources. By assigning roles to your Intune users, you can limit what they can see and change. Each role has a set of permissions that determine what users with that role can access and change within your organization. To create, edit, or assign roles, your account must have one of the following permissions in Azure AD: Global Administrator Intune Service Administrator (also known as Intune Administrator) we are into MAM ONLY and no device enrollment. When a device is…
We can use the Azure portal to invite B2B collaboration users. You can invite guest users to the directory, to a group, or to an application. After you invite a user through any of these methods, the invited user's account is added to Azure Active Directory (Azure AD), with a user type of Guest. The guest user must then redeem their invitation to access resources. You can use an allow list or a deny list to allow or block invitations to B2B users from specific organizations. For example, if you want to block personal email address domains, you can set…
I recently worked on requirement to create conditional access that will block access to office365 via browser app on intune enrolled device . We are still Hybrid Azure AD join and yet to be Azure AD join. we have BYOD windows 10 intune enrolled devices and we have decided to block browser based sessions on these enrolled devices using conditional access for the apps like onedrive,exchange online,teams,Sharepoint etc. In order to block browser session on Intune enrolled devices ,I will be using device state in conditional access which is still in preview for almost year . To read more about …
Few months ago ,Microsoft announced the preview of Administrative templates which include hundreds of settings that you can configure for Internet Explorer, OneDrive, remote desktop, Word, Excel, and other Office programs.These templates give administrators a simplified view of settings similar to group-policy, but they're 100% cloud-based.This feature supports Windows 10 and later operating system.As part of mobile device management (MDM) solution, we can make use of these administrative templates (admx) and create configuration profiles to complete different tasks. In this blog post ,we will see ,how to create device configuration profile with Onedrive settings and deploy to users/devices for the…
You can use Intune app protection policies independent of any mobile-device management (MDM) solution which means ,if you device is already enrolled to airwatch ,mobile iron,black berry ,these devices can still be managed with intune using Mobile application Management (MAM).we are into MAM (MAM-WE) and no enrollment . So when we setup intune MAM protection policy ,we choose Require PIN in Access requirements with value 4 (user is prompted to set up this PIN the first time they run the app in a work or school context.)As you can see below ,the access requirement settings, we have setup the PIN…