Tech Journey with Mishra

Intune

Microsoft Intune is a Microsoft cloud-based unified endpoint management service for both corporate and BYOD devices. It extends some of the “on-premises” functionality of Microsoft Endpoint Configuration Manager to the Microsoft Azure cloud

Intune

Dynamic group

8 Comments / Intune /

Dynamic group is the group which adds and removes group members automatically using membership rules based on member attributes.

We can create complex attribute-based rules to enable dynamic memberships for groups.

Dynamic group membership reduces the administrative overhead of adding and removing users. 


To create a Dynamic Security Group, follow the below steps:


Log into Azure portal (https://portal.azure.com/or Intune portal (https://endpoint.microsoft.com/)

Go to Groups, Click New group.


Choose Security as group type.

Give the security group a Name, and a Description (Optional)

Choose Dynamic device as Membership type



Click the Add dynamic query tab



Choose attribute (Ex: enrollmentprofilename) in the first drop down list (Property)

Choose condition (Ex: match) from the second drop down list (Operator)

In the third field (value) enter the Value (ex: enrollment profile name)

Click Add query – click Save



Click on Create and your Group will be created. 

Members will get automatically added/removed as per membership rules.


Few examples of Dynamic Menmbership rule syntax –

user.department -eq “Sales“,

user.country -eq “value“,

user.objectId -ne null,

(user.objectId -ne null)
-and (user.userType -eq “Member”),

device.objectId -ne null,

 

Note: We can create a dynamic group for devices or for users, but we can’t create a rule that contains both users and devices.

We can’t create a device group based on the device owners’ attributes. Device membership rules can only reference device attributes.


 Details and reference link –  https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership

Dynamic group Read More »

User Creation in Azure Active Directory

1 Comment / Azure AD, Intune /
Let’s learn to create new user in Azure active Directory in very simple steps. Also we will learn to assign License to the user.

To Create User in Azure Active Directory

Log in to Azure Portal (portal.azure.com)

Open Azure Active Directory

Click on Users.


 

Now Go to All users (preview), Click on New user-> Create New user


Now fill all the required details and click on Create


You can view or search the newly created user in All users view


Once we have created the new User, the next step is to assign required License/s to the user.
To Assign the License

Go to All users (preview), Open the User’s Profile by clicking on Users Name

Go to Licenses, Click on Assignments,

 

Select the License and click on Save 

Now you can see that the License has been assigned.

 
Note: Location must be selected, to assign the license to the user.

User Creation in Azure Active Directory Read More »

Microsoft Intune – Introduction

3 Comments / Intune /

Microsoft Intune is the SaaS solution provided by Microsoft. Microsoft Intune is a cloud-based desktop and mobile device management tool. This supports Mac-OS, iOS, Android, and Windows 10. This cloud solution is used as a modern management tool

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). It helps you protect your workforce’s corporate data by managing devices and apps. You control how your organization’s devices are used, including mobile phones, tablets, and laptops. … Intune is part of Microsoft’s Enterprise Mobility + Security (EMS) suite

Microsoft Intune launched in 2011 as Windows Intune. The name change to Microsoft Intune was announced in 2014.

Microsoft Intune launched in 2011 as Windows Intune. The name change to Microsoft Intune was announced in 2014.

Eight years later, in 2019, Microsoft decided to join its Intune unified endpoint management (UEM) platform with its Configuration Manager (ConfigMgr), enabling users to access both with just one interface.

A new service called “Microsoft Endpoint Manager” brings together System Center Configuration Manager (SCCM) and the Microsoft Intune mobile management service.

Intune is available: As a stand-alone Azure service. Included with Microsoft 365 and Microsoft 365 government. As Mobile Device Management in Microsoft 365, which consists of some limited Intune features.

Microsoft Intune – Introduction Read More »

Microsoft Intune test tenant creation and initial console set up

Intune /

Create a free subscription of Microsoft Intune

Prerequisites-

You must have a personal email account.

Creation of Intune test Tenant

We have 2
options to get the free trial Intune test tenant.

Option 1 – Free Trial Tenant for 30 days

Option 2 – Free Trial Intune tenant for 90 days.

This option is available mainly for partners. We can log into this portal with Company Email address and get the access to this tenant for 90 days.

 

To create Intune account with option 1 (Free trial for 30 Days) –

 

Open https://go.microsoft.com/fwlink/?linkid=2019088

Put your Personal email ID, click on Next.

Click on Set up Account.

Fill the required details and click on Next.

Select one of the Verification Method and click on Send verification Code.

Put the Verification code received on your mobile phone and click on Verify.

Now you will be asked to put the User Name and Password.

Note- You can keep the same user name as you given in previous step or you can modify it as this will be your Global Admin ID.

You can also change your Domain name here as by default it will take your Company Name as Domain Name or you change it later with your own custom domain.

Click on Next, after making the required changes

Now Confirm the filled details and put few more details (ex:- Address) and click on Save

Note: You can change your Contact number here

Now Enter the PAN Number and click on Save.


Now you will get a confirmation for your Trial Subscription

Click On Get Started or on Manage Your Subscription, It will take you to MS365 Admin Center (Subscriptions – Microsoft 365 admin center) where you will be able to see your Subscription product

Details and reference link – https://docs.microsoft.com/en-us/mem/intune/fundamentals/free-trial-sign-up

To create Intune account with option 2 (Free trial for 90 Days) –

Open the below link:

https://developer.microsoft.com/en-us/microsoft-365/dev-program

Click on Join Now

Log in with your Company Account

Select the Primary focus as a Developer.

Select your Area of Interest

Now Click on Set up E5 Subscription

Click on Next.

Put the Domain, User Name and Password.

Now Enter your Mobile Number and verify it with OTP

Click on Set up and let it create your Subscription.

Your Setup is Complete now.

Click on Go to subscription to login to Admin Centre to manage your Intune tenant.

Once your Tenant is created

    • Go through the console.

    • In Azure AD setup your Custom Domain

    • Configure your Company Branding

    • Check your Licenses and subscribe for more free License (for Outlook, emails etc), if required

    • Set MDM authority to Intune.

Microsoft Intune test tenant creation and initial console set up Read More »

Android device administrator vs Android Enterprise

Android, Intune /
Intune provides us two Android management Solution-
  1. Android device administrator and
  2. Android Enterprise

Android device admin is legacy management solution.

  • In 2010, Google released Android 2.2 (Froyo) with the ability to support the management of mobile devices via Android Device Administrator.
  • In the decade since, remote work rose by 400%1, along with the overall needs of the enterprise; especially as they relate to mobile device usage. Consider:
  • In 2010, less than 60% of employees brought personal phones and tablets to work. Today, nearly 70% of workers utilize Bring Your Own Device (BYOD) in some way.
  • It took just three years (2011 to 2014) for companies embracing BYOD to grow from 25% to 90%.
  • In 2010, approximately nine billion apps were downloaded worldwide. In 2011, it jumped to 29 billion. In 2019, over 200 billion apps were downloaded globally.

As enterprise mobility became more complex, the Android Device Admin application programming interface (API) was being asked to do more than it could.

Android Enterprise supports far more deployment scenarios and provides better security, privacy and configuration options on Android devices.

The launch of Android 5 (Lollipop) in 2014 introduced Android Enterprise with Fully Managed Device (Device Owner) and Work Profile (Profile Owner) modes. Since then, Device Admin has been considered legacy Android Management.8

Android Enterprise supports the separation of data in a BYOD scenario.

Android Enterprise features enhanced app management through Managed Google Play, which was not available in Device Admin.

Device Admin partially supports VPN whereas Android Enterprise offers full-blown support with its configuration abilities via Managed Configs.

Android device administrator vs Android Enterprise Read More »

APNS and iOS Device Enrollment

Intune, iOS /

Apple Push Notifications (APNS)
APNS is a notification service used to push notifications on Apple devices. 
 
APNs workflow: 
iOS requests a device token from Apple Push Notification Service (APNS).
The app receives the token, which functions as the address to send a push notification to.
The app sends the token of the device to your server.
When prompted, the server will send a push notification with a device token to the APNS.
APNS will send a push notification to the user’s device.
 
APNS hosts and ports
If you use a firewall or private Access Point Name for cellular data, your Apple devices must be able to connect to specific ports on specific hosts:
 
TCP port 5223 to communicate with APNs.
TCP port 443 or 2197 to send notifications to APNs.
TCP port 443 is used during device activation, and afterwards for fallback if devices can't reach APNs on port 5223.
IP range- 17.0.0.0/8

An Apple MDM Push certificate is required for Intune to manage iOS/iPadOS and macOS devices. After you add the certificate to Intune, your users can enroll their devices using:
•	The Company Portal app.
•	Apple's bulk enrollment methods like ADE
The Apple MDM push certificate is valid for one year and must be renewed annually to maintain iOS/iPadOS and macOS device management. If your certificate expires, enrolled Apple devices cannot be contacted.
When a push certificate expires, you must renew it. When renewing, make sure to use the same Apple ID that you used when you first created the push certificate. If you request a new certificate instead of renewing your existing certificate, you will be forced to unenroll and re-enroll all of your existing iOS devices.
 
Steps to get your certificate
choose Devices > Enroll devices > Apple enrollment > Apple MDM Push Certificate
Select I agree. to give Microsoft permission to send data to Apple.
Select Download your CSR to download and save the request file locally. The file is used to request a trust relationship certificate from the Apple Push Certificates Portal.
Select Create your MDM push Certificate to go to the Apple Push Certificates Portal. Sign in with your company email address Apple ID, and then click Create a Certificate. Select Choose File and browse to the certificate signing request file, and then choose Upload. On the Confirmation page, choose Download to the download the certificate (.pem) file, and save the file locally.
(Record this ID as a reminder for when you need to renew this certificate.)
Now Go to Endpoint portal again and Enter the Apple ID used to create your Apple MDM push certificate and click on Select a file under “Browse to your Apple MDM push certificate to upload” section , select the certificate (.pem) file, choose Open, and then choose Upload. 

Renew Apple MDM push certificate
1.	Sign in to the Microsoft Endpoint Manager admin center, choose Devices > Enroll devices > Apple enrollment > Apple MDM Push Certificate.
2.	Choose Download your CSR to download and save the request file locally. The file is used to request a trust relationship certificate from the Apple Push Certificates Portal.
3.	Select Create your MDM push Certificate to go to the Apple Push Certificates Portal. Find the certificate you want to renew and select Renew.
4.	On the Renew Push Certificate screen, provide notes to help you identify the certificate in the future, select Choose File to browse to the new request file you downloaded, and choose Upload.
5.	On the Confirmation screen, select Download and save the .pem file locally.
6.	In Intune, select the Apple MDM push certificate browse icon, select the .pem file downloaded from Apple, and choose Upload.
      Your Apple MDM push certificate appears Active and has 365 days until expiration.
Note: A Certificate can be identified by its UID. Examine the Subject ID in the certificate details to find the GUID portion of the UID. Or, on an enrolled iOS/iPadOS device, go to Settings > General > Device Management > Management Profile > More Details > Management Profile. The second line item, Topic, contains the unique GUID that you can match up to the certificate in the Apple Push Certificates portal.

APNS and iOS Device Enrollment Read More »

Subscribe to my blog to get notified of new posts by email.