How-to-Create-Upload-Apple-Push-Notification-Service-APNs-Certificate-Using-SCCM-CB

How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB

How do I create and Upload an Apple Push Notification Service APN Certificate Using SCCM CB? We need an APN cert to manage iOS and Mac OS devices via Intune and Hybrid SCCM CB. 

In this video tutorial, we can see how to get the certs from Apple and How to upload them to SCCM CB for a hybrid solution. How to Create an Apple Push Notification Service (APN) Certificate to Manage iOS and Mac OS X devices via Intune.

You must have an Apple ID/user name and password to upload and download the SCCM CB hybrid certificates. I’m adding more detailed Videos to my YouTube Channel; subscribe here.  

The following is the location and file where I saved the downloaded cert from the SCCM CB hybrid environment: C: UsersanoopDocumentsApple CertApple_Cert_4_How_2_Manage.CSR.

How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB - Fig.1
How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB – Fig.1

How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB

The screenshot below helps you show the Apple push certificates portal and the certificate for third-party servers. The table below enables you to show more details.

Sep 24, 2016VendorExpiration DateStatus
Mobile Device ManagementMicrosoft Corporation Sep 24, 2016Active
Mobile Device ManagementMicrosoft Corporation Sep 24 2016Active
How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB – Table 1
How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB - Fig.2
How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB – Fig.2

 

How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB

Go to the following website !! Apple Website:- https://identity.apple.com/pushcert/.

You can manage iOS and Mac OS devices via Microsoft Intune and SCCM CB hybrid environments at the end of this process!

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments 2

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments

How do you create and deploy compliance policies using SCCM CB Hybrid and Intune Environments? We will discuss developing and deploying compliance policies using SCCM CB Hybrid and Intune Environments. Ok, at 3 topics in this post. 

  • 1. How to Create Compliance policies using Intune and SCCM CB Hybrid environment.
  • 2. How to deploy Compliance policies and
  • 3. Differences between the compliance policy settings !!

I have created a quick and dirty video tutorial to explain all these steps, and the video is embedded in this post as well 🙂 First and foremost, the compliance policies work along with Conditional Access policies.

The device must comply with our policies to have permission to access corporate resources like emails, SharePoint Online, etc. SCCM CB and Intune Compliance policies can be deployed only to users, not device collections or groups.

As you can see in the following picture, we can specify the type of compliance policy that you want to create in SCCM CB. There are two options: 1. Compliance rules for devices managed with SCCM clients; 2. Compliance rules for devices managed without SCCM clients (MDM clients, etc.).

How Do You Create An SCCM CB Hybrid Compliance Policy?

Moreover, it allows you to select different device platforms, such as Windows 8.1, Windows 10 mobile, iOS, Android, and KNOX. This is a handy option in SCCM CB Hybrid compliance settings! The video tutorial above explains the steps to create an SCCM CB compliance policy.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.1
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.1

How Do You Create a Compliance Policy using Intune?

As you must have noticed, all platforms have one general compliance policy. There is no option to create compliance policies for various device platforms, such as iOS, Android, and Windows.

Yes, we don’t have the option to select a specific OS platform in Intune compliance policies. The three common segregations available are as follows. The video tutorial above explains all the steps to create an Intune compliance policy.

Three Common Segregations
System Security
Device Health
Device Properties
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Table 1
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.2
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.2

How Do You Deploy Compliance Policies Using SCCM CB Hybrid?

Yes, compliance policies can deploy only to User Collections, not device collections, in SCCM. There are no DEVICE Collections in the drop-down menu!! Yes, this makes sense because compliance policies are associated with conditional access policies in BYOD and CYOD scenarios.

Another point is SCCM CB’s granularity regarding Compliance rules/policy evaluation schedules. You can change the Compliance policy evaluation schedule!!! By default, the SCCM CB compliance policy evaluation schedule is 23 hours. You can change and customize it according to your needs. The video tutorial above explains the steps to deploy the SCCM compliance policy.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.3
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.3

How to Deploy Compliance Policy using Intune?

Yes, compliance policies can be deployed only to user groups in Intune, not device groups. Moreover, compared with SCCM CB, the scheduling of compliance policies is not granular. Instead, Intune provides global settings for all the compliance policies we create for that tenant.

Check out the Intune compliance policy settings. What is that? It’s the compliance status validity period. Nice!! It’s a global setting—we can’t specify 31 days for one compliance setting and 20 days for another!! The video tutorial above explains all the steps to deploy the Intune compliance policy.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.4
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.4

Difference Between Intune vs SCCM CB Hybrid Compliance Policies

Following are the differences that I have noticed in Intune vs SCCM CB Hybrid Compliance Policies:-
Intune does not allow users to select a specific supported platform. However, with SCCM CB, we can create platform-specific compliance policies.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.5
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.5

There is no Granularity in Deploy Scheduling options with Intune. However, many more scheduling options are available for SCCM CB compliance policies.

Intune_Vs_SCCMHow to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.6_Compliance_Policies_3
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.6

Outcome/Result of Compliance Policies – Windows 10 Device

The following is an example of a Windows 10 machine that AAD and MDM joined, but it’s not compliant. Device encryption is not enabled on Windows 10 machines.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.7
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.7

The following is an example of a Windows 10 device compliant with an organization’s policies. Once Windows 10 is compliant, the user can access corporate mail and other resources.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.8
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.8

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Video Tutorial to Learn about Intune MAM Policies and App Reporting by Specific User 3

Video Tutorial to Learn about Intune MAM Policies and App Reporting by Specific User

Video Tutorial to Learn about Intune MAM Policies and App Reporting by Specific User? In this post, I would like to share the video tutorial to explain. Microsoft Intune introduced MAM Reporting options with the Intune 2305 release.

 Let’s learn how to create Intune App Protection Policies for iOS iPadOS. In this article – Create Intune App Protection Policies For IOS IPadOS. App Protection Policies can be applied to both enrolled and non-enrolled devices. APP can be used for third-party MDM solutions.

MAM policies created in the MEM portal are different from the MAM policies that we make from the Intune portal for MDM-enrolled devices. Outlook Groups is the newest application included in the Azure portal for Intune MAM-enabled applications.

Let’s check how to enable Intune App Protection Policies for Android and iOS devices. The video below provides more details and an end-user experience.

Intune MAM Policies and App Reporting?

Also, I can see the PREVIEW option to add custom applications for MAM policies without MDM enrollment. This is an excellent feature. Settings –>PreviewLine-of-business apps –>  Preview – Add a custom app.

Intune MAM Policies and App Reporting
Settings
Preview – Line of business apps
Preview – Add a custom app
Video Tutorial to Learn about Intune MAM Policies and App Reporting by Specific User – Table 1
Video Tutorial to Learn about Intune MAM Policies and App Reporting by Specific User - Fig.1
Video Tutorial to Learn about Intune MAM Policies and App Reporting by Specific User – Fig.1

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Learn How to Setup Dynamic Device Groups in Intune 5

Learn How to Setup Dynamic Device Groups in Intune

Learn how to Set up Dynamic Device Groups in Intune. Do you want to add mobile devices automatically to Microsoft Intune Device Groups? Intune Dynamic groups have been a customer request for a long time.

This feature is similar to dynamic collections in SCCM/ConfigMgr. There are two ways to do it: one using the Azure AD Premium feature called AAD Dynamic Groups, and another is pretty new in Intune, something called Device Group Mapping.

One of our recent posts explains how to create nested Azure AD dynamic groups, a highly anticipated feature from the Azure AD team. This functionality shows the memberOf attribute, which was introduced to facilitate the nesting of Azure AD groups.

This capability allows for more flexible and efficient management of group memberships within Azure Active Directory, enabling organizations to simplify access controls and administration across their Azure resources.

How Do you Add Devices/Users Automatically to Intune Groups using Azure AD Dynamic Groups? – Learn How to Setup Dynamic Device Groups in Intune

Log in to the Azure AD portal (AAD Premium subscription should be there). Read More -> Create AAD Dynamic Groups Based On MDM Intune SCCM Management.

Learn How to Setup Dynamic Device Groups in Intune - Fig.1
Learn How to Setup Dynamic Device Groups in Intune – Fig.1

Navigate via – Directory –> Groups –> Open the group (MDM Group) –> Configure. Enable Dynamic Group (Only available for AAD Premium subscriptions) Membership –> Add Users where <Department> is equal to “IT”.

Learn How to Setup Dynamic Device Groups in Intune
Login to AAD.Portal.Azure.com.
Navigate to the Azure Active Directory -> Groups node -> Click on the New Group button.
Group Type -> Security
Group Name -> HTMD AAD Group based on Dept
Group Description -> To add all devices or users from a dept
Membership Type -> Dynamic User
Learn How to Setup Dynamic Device Groups in Intune – Table 1

In this scenario, all the users from the IT department will be added to the AAD Dynamic Security Group, which is called MDM Group.

Don’t panic if the group is not reflecting with users immediately; give it some time. It will get updated

Once the AAD Dynamic Group is created and updated, log in to the Intune portal (endpoint.microsoft.com) and Create a New User Group to fetch all the devices of IT department users.

Learn How to Setup Dynamic Device Groups in Intune - Fig.2
Learn How to Setup Dynamic Device Groups in Intune – Fig.2

Whenever a new user joins the IT department, that user is automatically added to the Intune MDM group. Provisioning and de-provisioning groups is made easy with this.

More Details -> Create AAD Dynamic Groups Based On Domain Join Type Hybrid Azure AD And Azure AD

There are two options to build the Azure AD dynamic group query. You can use the rule builder or rule syntax text box to create or edit an AAD device group dynamic membership rule.

  • Rule Builder -> Graphical interface – Easy to create the dynamic query.
  • Rule Syntax -> Advanced technical users for complex queries.

Follow the steps below to use Azure AD dynamic group Rule Builder to create dynamic query rules for Hybrid Azure AD joined devices.

  • Under Configure Rules -> Choose Property drop-down list.
  • Select deviceTrustType as the property from the drop-down list.

How do you Add Devices automatically to Intune Device Groups using Device Group Mapping?

Click on the Admin tab in the Intune console. Navigate via Device Group Mapping—enable Device Group Mapping—Create a Device Group and ADD a CATEGORY to manage device group mapping rules. Once you click on Create Device Group, it will guide you through creating one device group.

When every user enrolls (during the Enrollment Process) to Intune using the Microsoft Intune Company Portal application, the User will get an extra screen to select “Choose the best category for this device.” I have created only one category, “ADMIN,” for users. You are free to make an Intune device category for each department!!

More details on AAD Groups Based On Intune Device Categories.

Learn How to Setup Dynamic Device Groups in Intune - Fig.3
Learn How to Setup Dynamic Device Groups in Intune – Fig.3

Resources

SCCM Related Posts Real World Experiences Of SCCM Admins (anoopcnair.com)

SCCM Video Tutorials For IT Pros – HTMD Blog #2 (howtomanagedevices.com)

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.