Plan for Change: Use Intune on Azure now for your MDM management

Updated 1/4/18 & 1/8/18 with hybrid clarifications. Over a year ago, we announced public preview of Intune on Azure and followed up six months ago with general availability of the new admin experience for Intune on Azure. Starting on April 2, 2018, we will turn off mobile device management (MDM) in the classic Silverlight console for…


Support Tip: Conditional Access policies for Intune will now be available in Azure Active Directory

We recently posted a Message Center post reminding you about the Conditional Access policies move from v1 to v2 and re-iterated the impact to Intune admins. In this support blog, we share a few frequently asked questions related to CA policies and Intune. We will keep this post updated as we hear more questions from…


Support Tip: New Intune Diagnostic Console for Log Submission in the Intune Managed Browser

By David Meyerson |  Software Engineer With the latest release of Intune Managed Browser (Version 1.2.8+), diagnosing issues with all Intune App Protection Policy enrolled apps (also known as MAM-enrolled apps) is easier than ever for you – the Intune Admin – and end users on iOS. The Intune Diagnostic Console streamlines log collection and submission….


PFX certificates issued using the Intune Certificate Connector: Fix your Intune Migration Configuration Issues

During the migration process, we identified a few dozen accounts that would have problems with certificate hashes after being migrated. We put those accounts on hold and came up with a fix for the issue, but before the fix can take effect, all PFX policies have to be regenerated. You can regenerate the policy yourself,…


Support Tip: Steps to Decrypt and Reencrypt a BitLockered Device & Intune

In this post, we’re sharing where to find a list of BitLockered devices in the Intune console and pulling together two different ways to decrypt and reencrypt a BitLockered device. First off, to find which devices are BitLockered in console, just go to Device configuration-Profiles, select your Endpoint protection profile, then in the blade that extends out,…


Using the New Role Based Access Controls in Intune

By Dave Randall | Sr. PM I’m Dave, a Program Manager in the Intune team. Many of you – our customers and partners – are now using the Azure Portal to manage Intune. One new area of functionality is role based access control (RBAC). This feature offers much greater flexibility and control to ensure your IT…


Removing Access Control from Mobile Device Management for Office 365

Author: Joel Stevens | Microsoft Support Escalation Engineer When you activate the Mobile Device Management (MDM) for Office 365 service, you are prompted to create a Device Management Security Policy. The mobile devices for users that you target with this policy will be quarantined, and the user will be sent an email asking them to…


Using the Microsoft Graph API to access data in Microsoft Intune

Although for most administrators the Microsoft Intune administration console will be the primary method of looking at information in Microsoft Intune, developers and IT pros that have a level of technical knowledge to understand REST API calls may use Microsoft Graph to query data from the service backend of Intune. Microsoft Graph exposes multiple API’s…


Support Tip: Another way to access Intune service health and notifications for your organization

~ Chaohao Xu | Sr. Software Engineer As you may have already seen, we are migrating our service health data into the Office 365 management portal. We will also be utilizing the Office 365 portal for posting messages, including those for service deployments. One benefit of this move is that your enterprise can now access the service…


Support Tip: Best Practices for Intune Software Distribution to PC’s

~ Joel Stevens | Support Escalation Engineer This articles describes tips and recommended best practices for distributing a software or update package to PC clients using Microsoft Intune. Note that in this particular example we are talking about full PC clients rather than MDM enrolled Windows desktops. For more information on the various options for…