NDES: Event ID 29 (The password in the certificate request cannot be verified)

This week I received an e-mail from our support organization about a case regarding NDES. One of our customers (Bechir Hammami from Germany) ran into an issue where NDES stopped working after performing an upgrade on their ConfigMgr 2012 environment. Luckily the customer managed to resolve the issue themselves and even shared the steps he…


Useful ConfigMgr query for Intune Enrolled Devices

The following SQL query was shared by Gerjan Eghuizen an Unified Communications Consultant working at Enexis and Niels Buit (Microsoft), useful for anyone who has Mobile Devices enrolled via Microsoft Intune in ConfigMgr 2012 R2. The end-result is a report with this information (clickable): The SQL query: CREATE TABLE          #machines          (          DeviceID uniqueidentifier, — Remove…


Assigned Access (kiosk mode) Windows Phone and Microsoft Intune

Use this example to configure your own assigned access (previously known as Kiosk Mode) for Windows Phone. Don’t forget to restart your Windows Phone after the policy has been applied. Heads up! This feature should only be used on devices that are owned or provided by the enterprise company or organization or on a user…


Deploying .appx package to Windows Phone via Microsoft Intune failes with 0x0 or 0x87D103E8

Are you trying to deploy a Windows Phone .appx but the installation via Microsoft Intune fails? It could be that your application needs dependencies installed. When deploying an .appx from the public Store or via Visual Studio dependencies are installed automatically. When creating an .appx and manually sideloading this to a device OR using Microsoft…


Part 4 – Protecting NDES with Azure AD Application Proxy

In the past few months I published a series of posts on setting up certificate distribution to mobile devices. In summary this is what was discussed: Part 1 – First tips and tricks on how to troubleshoot and check existing ConfigMgr/SCEP/NDES infrastructures.Part 2 – After many asks for clarity, a full guide on how to…


Cumulative Update 4 for System Center 2012 R2 Configuration Manager

Using this linkyou can download the latest ConfigMgr 2012 R2 which contains a few Mobile Device Management enhancements: Mobile devices Trying to enroll a device in a user collection that contains security groups fails with an "access denied" error. Inventory data that's collected from mobile devices and the Microsoft Intune connector may be for the…


Create a VPN profile using Microsoft Intune (Standalone) via Custom OMA-URI’s

Microsoft Intune allows you to deploy several VPN connection profiles to Windows Phone 8.1 devices. The available options are: Juniper Pulse F5 Edge Client Dell SonicWALL Mobile Connect CheckPoint Mobile VPN If you want to deploy another type, e.g. IKEv2 based – it’s possible to use custom URI’s. In order to create one, select “Policy”…


Deploy Wi-Fi profiles to Windows Phone devices with Microsoft Intune OMA-URI policy

One of our partners in The Netherlands that has a lot of experience with EMS deployments is Inovativ. In this blog Ronny de Jong will explain how to deploy WiFi Profiles using OMA-URI policies using Microsoft Intune Cloud (also known as Standalone). Hi, I am Ronny de Jong and as consultant I am working for…


Force a refresh of Microsoft Intune policies on iOS

When testing new policies or deploying applications it’s useful to force a policy refresh. In iOS you can force this when using the latest Company Portal. Follow these easy steps: Open the Company Portal Select your device in use Hit the Sync button


Hotfix: Large URI request in Web Application Proxy on Windows Server 2012 R2

In one of the last postswe discussed the option to put a Web Application Proxy in the DMZ as a reverse proxy for NDES. You could request a hotfix via Microsoft Support in order to get this to work. The good news is that you no longer have to contact support, it’s available in the…