Category: Intune
-
Blocking Screenshots in iOS Work Applications
A new feature to Intune managed iOS devices, via App Protection Policies, is the ability to block screenshots (“screencapture” in Apple’s terminology). This has started to become available since the end of November 2024 and was mentioned in Message Center MC907517, though this article targeted developers and not administrators. Microsoft has released two new versions…
-
Adding Apple Well-Known RemoteManagement JSON to IIS Web Servers
To do Account driven BYOD device enrolment in Intune for iOS devices you need to publish to the website on your domain a JSON file that contains your tenant ID. The URL for this file is https://c7solutions.com/.well-known/com.apple.remotemanagement where the domain (c7solutions.com in this case) is the same as the domain of the username on the…
-
Intune App Protection Policies and “All Apps” Do Not Automatically Stay Up To Date
When you create an App Protection Policy and select “All Apps”, Microsoft points out in Intune that they will keep the policy up to date for you and add new apps as they are released (so it is always “All Apps”) and not “All Apps on the date I made the policy and no changes…
-
Renewing Apple Tokens in Intune
To sync Apple OS devices to Intune you need a token created by Apple and uploaded to Intune. There are at least 3 seperate tokens that you might use and each of these expires one year after creation and needs renewing before they expire. The three (plus) tokens you need are: Apple MDM Push Certificate…
-
Enabling BitLocker In Silent Mode Using the Settings Catalog (2023)
There are many blog posts and articles online about the old way to configure silent BitLocker. These used a template that Microsoft added to Intune. Since March 2023 BitLocker has moved (along with lots of other configurations) to using the Settings Catalog. Often the settings are similar and you can take a old blog post…
-
Adding App Tokens To Intune From Apple Business Manager (VPP)
Documentation on this process is hard to come by. Either Microsoft says “download the Apple Business Manager location token (Apple VPP token) for your account” but does not say how, or other documentation covers other bits of the process, but not this step. So, how do you download and create a Apps Content Token so…
-
LAPS for Beginners
This is a simple blog post to outline how to turn on Windows LAPS via Intune to ensure that all your managed devices have a local admin account that has a unique password per device. A unique, and frequently changed, local admin password stops lateral movement by malicious actors from a compromised machine across some…
-
Adobe Creative Cloud and Conditional Access Restrictions
In Azure Active Directory it is possible to create Conditional Access rules that restrict applications to only running on company owned or managed devices. Conditional Access approves or rejects the login based on that knowledge – so what happens if the app in question is running on a company (managed or compliant) machine, but the…
-
Zoom For Intune 5003 and Network Connection Errors
This was an interesting error to track down and fix. Its probably not going to affect a lot of my readers, but its was an interesting problem to get to the bottom of and it might apply for any Intune based app and not just Zoom. The specific scenario I have is a tenant to…
-
Intune MAM Exemptions – Discovering URL Protocols
In Microsoft Intune you can create a secure container where the data in your apps cannot leak outside of. That is, you can restrict copy/paste outside of the supported apps and restrict opening the data in a different app. But sometimes you need to open the data in a different app and with the Intune…
-
What Is The Value of enrollmentProfileName
In Microsoft EndPoint Manager there are a few different device registration scenarios that make use of a property called device.enrollmentProfileName. To find and apply other settings (apps, config, etc) to these devices later on you need to have a Dynamic Device Group based on this property. The problem is the value of the property is…
-
Blocking Apps With a Low Reputation
One of the benefits of Microsoft 365 is the interaction across many products and features to create services that otherwise you might not have available to you or need to implement unrelated and unconnected additional software and maybe client agents as well. Recently announced is an interaction between Windows Defender (client AV and other security…