A look at the new Windows Autopilot capability called white glove. Whether you run IT for an organization or you’re a vendor providing IT service, white glove, allows you to pre-provision applications, policies, and settings for a Windows 10 device, so users can be up and running on a new Windows 10 computer in a few moments. Also, the latest Windows 10 Autopilot features that we’ve delivered in Windows 10 1809 and beyond.
Intune managed clients will checkin-in about every 8 hours to see if there are any new policies, profiles, or apps that have been assigned. Clients include iOS, macOS, Android, Windows 10 PCs enrolled as devices, Windows Phone, and Windows 8.1. The 8-hours is an estimate. It doesn’t happen at exactly every 8-hours due to how the device is being used. To get the best results, make sure make the devices are online for at least eight consecutive hours to get the best results.
Microsoft now has a page dedicated to what is in the development pipeline for Microsoft Intune. The first entry is September 2019, but the same page will be updated as time goes on. Link: In development for Microsoft Intune RSS feed: https://docs.microsoft.com/api/search/rss?search=%22in+development+-+microsoft+intune%22&locale=en-us
Windows 10 Mobile, version 1709 (released October 2017) is the last release of Windows 10 Mobile and Microsoft will end support on December 10, 2019. The end of support date applies to all Windows 10 Mobile products, including Windows 10 Mobile and Windows 10 Mobile Enterprise. Windows 10 Mobile users will no longer be eligible to receive new security updates, non-security hotfixes, free assisted support options, or online technical content updates from Microsoft. Those utilizing products like Intune for mobile management may want to configure policies to block these devices once EOL hits so as to better secure the environment.
Just like the old SCCM days, a company using Intune needs to have proper understanding of how to allow distributed management of the organization’s resources. The Intune RBAC table is a Microsoft Word doc that provides the following information in easy-to-reference format: Definition – The name of a role, and the permissions it configures. Members – The user, or group of users who will be given these permissions. Scope – The users or devices that a specified person (the member) can manage. Assignment – When the definition, members, and scope have been configured, the role is assigned. Download: Intune RBAC table
As Intune becomes the more popular option for managing devices in the cloud, the ability to easily migrate from existing system becomes important. One tool, Microsoft Intune Data Importer, aids in that effort. Microsoft Intune Data Importer is currently intended to migrate the following SCCM objects: Configuration items Certificate profiles Email profiles VPN profiles Wi-Fi profiles Compliance policies Apps Deployments Full details: Import Configuration Manager data to Microsoft Intune Download the tool: Microsoft Intune Data Importer
For those utilizing Intune for device management, being able to deliver software much like pre-Intune systems is a must. For Windows, Intune supports both Microsoft Store apps and legacy, “classic” apps. To deliver classic apps, a tool is available that converts (or wrap) the packages into the .intunewin format. The tool is available from here: Microsoft Win32 Content Prep Tool Use the Microsoft Win32 Content Prep Tool to pre-process Windows Classic apps. The packaging tool converts application installation files into the .intunewin format. The packaging tool also detects the parameters required by Intune to determine the application installation state. After you use this tool on your apps, you will be able to upload and assign the apps in the Microsoft Intune console.
If you’d like to assign local administrator rights to specific people in the organization, you do it through the Azure Active Directory blade in the Azure portal. 1. In portal.azure.com go to Azure Active Directory. 2. Select Devices 3. Select Device Settings 4. Under Additional local administrators on Azure AD Joined devices, you can add the admins here.
Many organizations rely on Group Policies to manage various settings for their PCs. But, with a large portion of those organizations now looking to utilize Microsoft Intune for cloud-based management, determining how to manage those settings in a similar way can be difficult. A tool is available called the MDM Migration Analysis Tool (MMAT). MMAT will determine which Group Policies have been set for a target user/computer and cross-reference against its built-in list of supported MDM policies. MMAT will then generate both XML and HTML reports indicating the level of support for each Group Policy in terms of MDM equivalents. Download: https://github.com/WindowsDeviceManagement/MMAT
Microsoft provides a Microsoft 365 Roadmap site that lists out upcoming features and provides proposed dates for release. The site also provides a filter mechanism, allowing you to display only the products you’re most interested in seeing. Intune is included as a filter so you can identify upcoming features. Filtered just by Intune: https://www.microsoft.com/en-us/microsoft-365/roadmap?rtc=3&filters=Microsoft%20Intune RSS feed: https://www.microsoft.com/en-us/microsoft-365/RoadmapFeatureRSS Additionally, you can apply more filters to pare the list down to in development, rolling out, and launched.
We’ve created a brand-new configuration designer that gives you an intuitive interface for creating OEMConfig profiles, no matter how complicated the schema gets. This eliminates the need to hand-code an OEMConfig profile using the JSON editor, which can get tricky, especially when dealing with complex or heavily nested schemas. When you select an OEMConfig application to configure, Intune reads the schema from the app, and automatically generates a full graphical user interface for configuring the settings specified in the schema. The configuration designer lets you easily: Create and manage complex bundles and bundle arrays with many levels of nesting View setting titles and descriptions, which OEMs may use to provide documentation Understand what options are available for a given s...
Hopefully, this is just a reminder and customers won’t be blind-sided by the news. On September 1, 2019, the hybrid capability of Mobile Device Management in Intune will be retired. The original announcement for this was posted in 2018: Move from Hybrid Mobile Device Management to Intune on Azure From an email that went out to Intune customers recently: Microsoft will support hybrid MDM usage only up until September 1, 2019. We will continue to release major bug fixes but will not invest in new features for hybrid MDM. After September 1, any remaining hybrid managed MDM devices will no longer receive policy, apps, or security updates. There are no changes to licensing. Intune licenses are included with hybrid MDM. Note: This change does not affect on-premises System Center Configurat...