Last year I wrote a blog about how to deploy the Citrix Receiver (which is now replaced by the Citrix Workspace app) via Intune. Like described in that blog, the executable consists of 10 MSIs that need to be installed on a Windows 10 device when you are not able to use the store app […]READ MORE
Session controls in Conditional Access now also controlling Exchange Online
I have had and still have customers that want to restrict access via Outlook Web App (OWA) to Exchange Online. For instance, they want to block download of attachments when users access their mailbox via OWA. Until recently this could be done via the OWA Mailbox Policy in Exchange (Online), by setting the DirectFileAccessOnPublicComputersEnabled and […]READ MORE
RBAC in Azure AD, Intune and scope tags explained
Microsoft Intune has a pretty good RBAC model to allow you to give permissions to users who need to be able to perform an administrative task or role within Intune. A role can be for instance a predefined role in Intune or a custom role. Before digging into the Intune roles, there are also Intune […]READ MORE
New App Protection capabilities added to Microsoft Intune
The App Protection Policies in Microsoft Intune are used to protect corporate data in apps that have the Intune SDK integrated. During the last service update of Microsoft Intune some nice new features were added to the policy set. While accessing a by Microsoft Intune managed app, the device can be checked if for instance […]READ MORE
Global- , Exchange-, SharePoint-, Conditional Access Admins -> action required!
Yesterday I was triggered by a colleague of mine that administrators of services in Azure or Office 365 are automatically required to login via Multi-Factor Authentication (MFA) when accessing the service in the future. When logging in to one of my tenants indeed a new conditional access policy listed in the conditional access blade of […]READ MORE
New in Intune location-based device compliance for Android
Released this week in Intune is location-based compliance. In other words, based on your location your device is marked as compliant or not, based on the location you get access to services in Azure or Office 365 or not. A location can be based on the following IPv4 variables; IPv4 Range (eg. 192.168.1.0/24) IPv4 Gateway […]READ MORE
Join me at ExpertsLive Netherlands and/or Techmentor
Besides the conferences during the last couple of weeks, the following confirmed events are currently in the schedule. ExpertsLive Netherlands! In less than three weeks, on the 19th of June, ExpertsLive Netherlands will be held in the CineMec in Ede, during this event I will be presenting two sessions. Transition to Modern Windows Management with […]READ MORE
MMSMOA and Techorama what an awesome experience!
Very busy times lately, not only private, but also businesswise and in the community. A lot of speaking and session preparations are done, unfortunately less blogging at the moment but I have some nice subjects in my mind to write blogs on.. 😊 (if you want me to blog about something, please let me know […]READ MORE
Couple of things to look at when using Office 365 MDM and full Intune MDM together
A couple of weeks ago I had a customer already using the lightweight MDM solution in Office 365, which is built on Microsoft Intune. The lightweight MDM is part of many Office 365 subscriptions and it allows you to control a bit more settings than you can for instance with Exchange ActiveSync Access Policies, for […]READ MORE
Tune your Microsoft Intune device compliance behavior
Last year Microsoft was planning to mark devices that were not evaluated by a compliance policy as non-compliant. The default behavior is that if a device is not evaluated by a compliance policy that it is being marked as compliant and therefor the user has access to services controlled by Conditional Access in Azure AD, […]READ MORE
Device type and limit (enrollment) restrictions can now be assigned to groups
Today I noticed in a couple of Intune tenants that Microsoft is now supporting group-assigned enrollment restriction, with that you are also able to prioritize the restrictions. With this change Microsoft Intune now also supports the ability to not only allow or disallow Android but also allow or disallow Android for Work (Android Enterprise) as […]READ MORE
Subscribe to my YouTube channel!
About Peter Daalmans
Peter tries to speak every year on several events like TechDays Netherlands, ExpertsLive, IT/Dev Connections, BriForum, Midwest Management Summit, TechEd Australia, TechEd New Zealand and in 2017 Peter had the honor to speak at Microsoft Ignite. See more here.
Author of four books about Configurtion Manager and Microsoft Enterprise Mobility +Security