Force a refresh of Microsoft Intune policies on iOS

When testing new policies or deploying applications it’s useful to force a policy refresh. In iOS you can force this when using the latest Company Portal. Follow these easy steps: Open the Company Portal Select your device in use Hit the Sync button


Hotfix: Large URI request in Web Application Proxy on Windows Server 2012 R2

In one of the last postswe discussed the option to put a Web Application Proxy in the DMZ as a reverse proxy for NDES. You could request a hotfix via Microsoft Support in order to get this to work. The good news is that you no longer have to contact support, it’s available in the…


How to assign EMS licenses using the Azure Portal

In this post I will show you how to assign EMS licenses using the Azure Portal. Open a browser, to prevent cookie issues I recommend to use InPrivate mode. Navigate to sign-in using your administrator account for your tenant (e.g. After successful logon, on the left side navigate to Active Directory. Select the…


Configure certificate based authentication to Wi-Fi with ConfigMgr and Intune

Once you have certificate deployment working, you can use it for several purposes. One example would be to use certificate based authentication against Exchange (on-prem), VPN or WiFi Profiles. Certificate based authentication against WiFi profiles is a common ask, in this post I'll explain how to configure this in ConfigMgr 2012 R2. Create a new…


NDES – Error 12186 in ndesplugin.log

Are you trying to configure certificate deployment for mobile devices and run into the error 12186 in ndesplugin.log? This post might help you reach a solution. The exact error shown in ndesplugin.log is: Failed to send http request /CMCertificateRegistration/Certificate/VerifyRequest. Error 12186 This error occurs if the account under which NDES application pool runs may not…


Certificate Revocation using Microsoft Intune

There are several ways to initiate a revocation of a certificate on a mobile device, in this post we will discuss the options and their behavior per platform. It’s important to note that we can only revoke certificates which are delivered via SCEP. There are two types of removal: Due to device wipe/retire or unenrollment….


New Blog Location

My role has previously primarily focused on Microsoft Intune, nowadays it’s more towards our whole Enterprise Mobility Suite. This includes Azure AD premium, Microsoft Intune and Azure Rights Management Service. Due to the change of focus (and name change of Microsoft Intune) I decided to create a new blog. The new blog can be found…


Part 3 – Protecting NDES with Web Application Proxy (WAP) in the DMZ

As you might have learned from my previous blog post about certificate deployment to mobile devices via NDES it’s mandatory to open port 443 (TCP) from any IP on the internet inbound to your NDES server. At the same time the NDES server needs to be domain joined to the same domain as your Certificate…


Hotfix available for faster remote retire or wipe via Intune

This hotfix adds the client notification component to Microsoft System Center 2012 R2 Configuration Manager. This component provides fast channel communications that a Configuration Manager administrator can use to notify clients to start time-sensitive tasks as soon as possible. Additionally, this hotfix greatly reduces the time that's required to execute a successful retire or wipe…


Windows Phone 8.1 in Kiosk Mode (Assigned Access) using Intune and ConfigMgr

It’s possible to configure Windows Phone 8.1 in kiosk mode, allowing you to only allow specific settings/applications and hiding all the other stuff. In this post I will explain how to achieve just that. A big thanks goes out to Mike Danoski form our GBS department who came up with all the content – all…