I did several Intune projects by customers, and with almost every implementation a subset of users’ needs to have local administrator rights (for example developers). There are several ways to grant users these rights, for example via a separate Autopilot profile where you specify that users need to be local Administrator. Or via the “additional local administrators on all Azure AD joined...
Tag - Intune
Intune, Microsoft, Microsoft 365
How to add or remove system apps in the Android Enterprise Work Profile with Microsoft Intune
Depending on the use cases and the requirements of the company, Android Enterprise Work Profile can be a great enrollment mode for both BYOD devices and company owned devices (in fully managed mode) when using Microsoft Intune. With an Android Enterprise Work Profile, you separate private apps and data from the corporate apps and data to prevent data leakage. Depending on the manufacture and the...
Intune, Microsoft, Microsoft 365
How to update Security Baselines in Microsoft Intune to a newer version
Security Baselines in Microsoft Intune are templates that contains policy configurations that by default are configured with the best practice from the Microsoft security teams. And that makes a Security Baseline the perfect starting point when creating a new policy set for the modern workplace. When creating a Security Baseline, all settings are pre-configured with the security best-practice...
Intune, Microsoft, Microsoft 365
How to exclude Shortcuts from syncing to OneDrive with Microsoft Endpoint Manager – Microsoft Intune
Microsoft OneDrive is a great service for storing your files. And when you have “Known Folder Redirection” enabled, your Desktop, Documents and Pictures folders are redirected to OneDrive and synched to the cloud. This way you have the same Desktop, Documents and Pictures folders available on every device which benefits the user experience. However, you have applications that place a...
Intune, Microsoft, Microsoft 365
How to setup Android Zero-Touch Enrollment with Microsoft Endpoint Manager – Microsoft Intune
Android Zero-Touch Enrollment is a (free) service to automate and enforce MDM enrollments for Android devices running Android 9 or higher, independent of device manufacture. It offers end-to-end security because the MDM enrollment cannot be skipped by the user. The first time the user tuns on the device, clear instructions will be displayed to start the enrollment. All policies and applications...
Intune, Microsoft, Microsoft 365
How to add iOS devices manually in the Apple Business Manager (ABM) for automatic Microsoft Endpoint Manager – Microsoft Intune enrollment
It’s a best practice to enroll corporate owned iOS/iPadOS devices via the Apple Automated Device Enrollment (ADE) program (PKA Device Enrollment Program – DEP). It offers “out of the box” security because the enrollment with the MDM solution will start automatically and the user can’t work around it. Next to automatic device enrollment it makes it possible to set...
Intune, Microsoft, Microsoft 365, Windows 365 Cloud PC
How to implement and manage Microsoft Windows 365 Cloud PC
In August 2021, Microsoft released Windows 365 Cloud PC. A new cloud-based service that provides Cloud PCs to end users. With this Windows 365 Cloud PC, users get their own personalized desktop in the cloud, which can be accessed from anywhere on any device. It is optimized for Microsoft 365 including Microsoft Teams AV redirection. Unlike Azure Virtual Desktop you pay a fixed price per-user per...
Azure Virtual Desktop (AVD), Intune, Microsoft, Microsoft 365
How to manage your Windows Virtual Desktop session hosts (single user) with Microsoft Endpoint Manager – Microsoft Intune.
By default all Windows Virtual Desktop session hosts are joined with your domain. And in most cases you will apply policy configurations to them via Group Policy Objects (GPO). If you also using Microsoft Endpoint Manager – Microsoft Intune for managing Windows 10 devices, it might also be worth considering to manage your WVD session hosts VMs with it as well.
Intune, Microsoft, Microsoft 365
How to start with Shared iPads for Business with Microsoft Endpoint Manager (Intune) and Apple Business Manager
I get the following question regularly; “can we configure our Apple iPads as Shared device. Where you as a user, can login and logoff without seeing each other’s data?”. Most of the time it’s about medical personal that works in shifts and don’t have a personal device. But you can also think of maintenance and field agents or flight crew members for example. In this case you want to let the...
Intune, Microsoft, Microsoft 365
How to configure automatic Contact Syncing from Microsoft Outlook to the native Contacts App including Contact Fields filtering on iOS and Android BYOD devices with Microsoft Endpoint Manager
After companies apply Mobile Application Management (MAM) / App Protection Policies to their employees’ mobile devices, and forced them to use the Managed Outlook app instead of the native mail application, one of the most frequently asked questions are “how can I see who’s calling me?” and “where are my contacts? I don’t see them in my native contacts app”. This has everything to do with...
Intune, Microsoft, Microsoft 365
Quicker assign multiple resources within Microsoft Intune with Policy Sets
With the October 14, 2019 Microsoft Intune update, management of Microsoft Intune has become a little easier. And with “little easier” I mean that it is now possible to assign multiple resources like applications and policies at once. With Policy Sets you can assign applications, application protection policies (MAM), configuration-, compliance- and type restriction policies, AutoPilot profiles...
Some time ago I wrote a blog about “How to setup Windows AutoPilot and add existing devices the quickest way”. At that time, White Glove did not exist yet. And it’s great to know how to setup Windows AutoPilot and add existing devices the fastest way, but how to get endusers to work on a new device the fastest way?
Intune, Microsoft, Microsoft 365
How to enroll an Apple device with iOS 13 “User Enrollment” mode in Microsoft Intune
With the release of iOS 13 there were a few major changes, not only did the iPad’s got their own iPadOS, also with the Mobile Device Management (MDM) enrollment modes there are major changes. The Device Enrollment Program (DEP) is renamed to “Automated Device Enrollment” and all devices enrolled with “Automated Device Enrollment” are now automatically set in supervised mode. There is also a new...
Intune, Microsoft, Microsoft 365
How to control iOS app uninstall behavior at device unenrollment with Microsoft Intune
Previously, during a device unenrollment, all applications were removed that where pushed/installed via Microsoft Intune by default. This is not always handy, for example take the Microsoft Office applications. You can add multiple accounts within these applications and if you are using Microsoft Outlook for your work mail and also for your private mail. You want Microsoft Outlook to stay on...
One of the most frequently asked questions from customers is whether it is possible to publish Win32 applications with Microsoft Intune. The answer is Yes. It is possible to deploy Windows 10 Store Apps, MSI files and even .EXE files. Although .EXE files cannot be published directly. You need to “wrap” the .EXE file (and other required source files if applicable) to an .INTUNEWIN file. In this...
Intune, Microsoft, Microsoft 365
How to configure Android Enterprise – Corporate-owned, fully managed user devices mode with Microsoft Intune
In the last two months I wrote some blogs regarding different type of Android Enterprise modes. It’s now time for the last mode; Android Enterprise – Corporate-owned, fully managed user devices. And as the name of this mode indicates, this mode is for user based scenario’s. The enrollment process is more or less the same as with the dedicated device mode. The enrollment process also start with...
Intune, Microsoft, Microsoft 365
How to configure an Android device in Multi App Kiosk mode with Microsoft Intune
In previous blogs I talked about how to configure Android Enterprise – Corporate-owned – dedicated device mode, and as an addition, how to configure Kiosk Single app mode for Android devices. In this blog I want to show you the Multi-app Kiosk mode for Android devices and how the end user experience looks like. There are some steps different than in Single app mode, I will show you this step-by...
Intune, Microsoft, Microsoft 365
How to configure an Android device in Single App Kiosk mode with Microsoft Intune
In my previous blog I talked about how to configure Android Enterprise – Corporate-owned dedicated devices mode with Microsoft Intune. The end result was a device on which the end user cannot do much more than open the published applications, and if it concerns a phone, make phone calls and send text messages. If this is still too much, you can go one step further by pushing a Kiosk profile to...
Intune, Microsoft, Microsoft 365
How to setup Android Enterprise – Corporate-owned dedicated devices with Microsoft Intune
Earlier I wrote about how to configure Android Enterprise – Work Profile. This Android Enterprise mode is designed for personal-owned mobile devices. For corporate-owned devies there are two Android Enterprise modes, one for dedicated devices and one for fully managed user devices. In this blog I will show you how to configure Android Enterprise – Corporate-owned dedicated device mode...
Intune, Microsoft, Microsoft 365
How to configure Apple DEP within Microsoft Intune and migrate existing DEP devices from another MDM solution to Microsoft Intune
In the January, 2019 update of Microsoft Intune, new Apple DEP capabilities became available. With the latest release of iOS, more options are displayed during the initial setup of an iPhone or iPad, for example, Screen Time and Onboarding. Now, with this update, Microsoft Intune can hide these screens with the Setup Assistant Customization settings.
Intune, Microsoft, Microsoft 365
How to Migrate from Android Device Admin (legacy) to Android Enterprise with Microsoft Intune
A few days ago I wrote a blog on How to Enable Android Enterprise and configure Personal devices with a Work Profile in Microsoft Intune. After posting this blog I got some questions from people who asked me how to migrate the current enrolled devices to Android Enterprise. Unfortunately, this process cannot be fully automated. Current Android managed devices needs to be re-enrolled before you...
Intune, Microsoft, Microsoft 365
How to Enable Android Enterprise and configure Personal devices with a Work Profile in Microsoft Intune – The ultimate Step-By-Step Guide
This year Google will stop with the support of Android Device Admin API’s with the release of Android 10. This means that the traditional way to manage Android devices is no longer possible with new Android 10 devices or older Android devices that are upgrading to Android 10 (or higher). Android Enterprise is the new way to manage Android devices. With Microsoft Intune you can manage Android...
Intune, Microsoft, Microsoft 365, Windows 11
How to configure Windows 10 in Multi App Kiosk mode with Microsoft Intune
Last week I wrote a blog about Windows 10 Kiosk Single App mode. A good way if you have only one app that needs to run on the Windows 10 device. If you have multiple apps that you want to run in Kiosk mode you can configure Windows 10 in “Multi App Kiosk” mode. For example, an Internet cafe that want to make different Internet Browsers available. In this blog I will show you step-by-step how to...
Intune, Microsoft, Microsoft 365, Windows 11
How to configure Windows 10 in Kiosk Single App, full-screen mode with Microsoft Intune
Recently a few different customers told me they have plans to replace their expensive and hard to manage thin clients with cheaper Windows 10 fat-clients. And I think it’s a good move because you can easily configure Windows 10 in Kiosk mode via Microsoft Intune (by the time of writing this blog still in preview). With Windows 10 in Kiosk mode you can replace the Windows 10 shell with a dedicated...
Intune, Microsoft, Microsoft 365
How to deploy the Microsoft Teams Desktop client with Microsoft Intune
A few weeks ago I wrote a blog about how to deploy Microsoft Office 365 ProPlus with Microsoft Intune. One of the steps during this configuration was to select which application must be part of the installation. I deselected Skype for Business with the reason that we are now using Microsoft Teams for Instant Messaging (chat) and online meetings. Therefor I will show you how to deploy the...
Intune, Microsoft, Microsoft 365
How to deploy the Microsoft Office 365 ProPlus Suite with Microsoft Intune in a few easy steps
Deploying a full Microsoft Office suite to end points was usually quite a challenge. The first step was always to customize the installation to make sure the correct applications, languages and latest patches were included. The second step was the challenge with the deployment itself. If you had an environment that includes a full operating System Center Configuration Manager (SCCM) then you was...
If you as an IT admin are using Microsoft Intune for a while, the chance is quite big that you will see devices that are not checked in for a very long time. Often these are devices that are no longer in use or whose device management has been manually removed. By default Microsoft Intune will remove every device that not checked in for over 270 days. This is too long for most IT admins that...
Intune, Microsoft, Microsoft 365, Windows 11
Automatic add existing Windows 10 devices to Windows Autopilot
A few weeks ago I wrote a blog about “How to setup Windows AutoPilot and add existing devices the quickest way”. At that time I meant with “existing devices”, devices that were not yet in use but were already delivered to the company without being added to AutoPilot. What I didn’t cover in my blog were the Windows 10 devices that are already in use. A few days after I posted my...
Intune, Microsoft, Microsoft 365, Windows 11
How to setup Windows Autopilot and add existing devices the quickest way
UPDATE 2 (Jan 28, 2023): An up-to-date version of this blog can be found here: UPDATE (Dec 2, 2020) : There is now an even faster way of adding devices to Autopilot. Step 3 of this blog can be replaces with new steps described in this blog : How to add Windows 10 devices to Windows Autopilot even faster Windows 10 Modern Management is hot. More and more companies are looking for the possibilities...
Azure AD, Intune, Microsoft, Microsoft 365
How to configure Microsoft Intune / Azure AD Conditional Access to Microsoft Office 365 Exchange Online
With Microsoft Intune you can do great things. You can enroll all kind of mobile devices to enforce MDM policies, push applications and even configure managed mobile applicaties like the Microsoft Office applications. You can add an additional security layer to these managed applications by applying an additional access pincode and encrypt the data within the applications. Data can be isolated...
About Robin Hobo
I am a Technology Specialist Cloud Endpoint working for Microsoft. I am specialized in Microsoft Intune, Azure Virtual Desktop (AVD), Windows 365, Windows 11 and Azure AD. Also interested in mental health, NLP and personal development.
For more information, see my LinkedIn profile.
