featured

SCCM Console Keyboard Shortcuts_1

SCCM Keyboard Shortcuts

Let’s discuss the SCCM Keyboard Shortcuts. SCCM console shortcuts are handy in some scenarios, like during demos, training sessions, etc. We can just “show off” that we have some handy SCCM CB Console keyboard shortcuts.

This video post will discuss some very useful SCCM Console keyboard shortcuts. How many of you have used MMC keyboard shortcuts with the SCCM 2007 MMC console? Those MMC shortcuts won’t work with SCCM CB versions.

The SCCM CB preview version introduced new keyboard shortcuts, such as CTL + M, CTL + T, etc. I’m not a frequent user of SCCM console keyboard shortcuts, but I think they could be useful at times.

As you can see in the video below, I have not used MOUSE at all to move around the SCCM CB console.

SCCM Keyboard Shortcuts

This video provides a detailed explanation of the SCCM Keyboard Shortcuts Quick Video Guide. It covers a comprehensive range of keyboard shortcuts designed to enhance your efficiency and productivity when using SCCM.

SCCM Keyboard Shortcuts – Video 1

SCCM Workspace Keyboard ShortcutsSCCM Console Keyboard Shortcuts

Some extra shortcut keys are available for the SCCM CB Preview 1706 version (I’ve shown them in the video and the screen capture below).

  • Assets and ComplianceCtrl+1
  • Software Library – Ctrl+2
  • Monitoring – Ctrl+3
  • Administration – Ctrl+4
SCCM Keyboard shortcutWorkspace
Ctrl + 1Assets and Compliance
Ctrl + 2Software Library
Ctrl + 3Monitoring
Ctrl + 4Administration
SCCM Keyboard Shortcuts – Table 1
SCCM Keyboard Shortcuts - Fig.1
SCCM Keyboard Shortcuts – Fig.1

Ctrl + M Sets focus on the main (central) pane. As I showed in the video, you can select each computer using the CTL + M SCCM CB console keyboard shortcut.

As I showed in the video, the left pane selects users, devices, and user collections. Ctrl + T – Sets focus on the navigation pane’s top node. If the focus was already in that pane, the focus is set to the last node you visited.

SCCM Keyboard Shortcuts - Fig.2
SCCM Keyboard Shortcuts – Fig.2
SCCM Keyboard ShortcutPurpose – Use of Shortcuts
Ctrl + MSet the focus on the main (central) pane.
Ctrl + TSet the focus to the top node in the navigation pane. If the focus was already in that pane, the focus is set to the last node you visited.
Ctrl + ISet the focus to the breadcrumb bar, below the ribbon.
Ctrl + LSet the focus to the Search field, when available.
Ctrl + DSet the focus to the details pane, when available.
AltChange the focus in and out of the ribbon.
SCCM Keyboard Shortcuts – Table 2

Set focus to search when the SEARCH option is available. Ctrl + L Sets focus on the Search field when available. I have shown this search in the embedded video. Press the CTL + T keyboard shortcut to focus on search and start searching computers/users/Site servers, etc.

Focus Summary Details pane to Ctrl + D. Sets focus to the details pane when available. Press the ALT button from the keyboard to change focus in and out of the ribbon.

Ctrl + I – Sets focus on the breadcrumb bar below the ribbon. This shortcut will focus on the path, for example, \Assets and Compliance\Overview\Users.

SCCM Keyboard Shortcuts - Fig.3
SCCM Keyboard Shortcuts – Fig.3

CMPivot Console Keyboard Shortcuts

Let’s check the CMPIvot Keyboard shortcuts available to make the SCCM admin’s life easy. The table below shows the CMPivot Console Keyboard Shortcuts.

Keyboard shortcutPurpose
Ctrl + 1Set the focus on the first tab.
Alt + <To back to the address
SCCM Keyboard Shortcuts – Table 3
SCCM Keyboard Shortcuts - Fig.4
SCCM Keyboard Shortcuts – Fig.4

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide 1

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide

Let’s discuss the Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide. How to upload and deploy MSI applications to Windows 10 machines with Intune via Azure console?  MSI application deployment could be one of the most used features in Intune (at least for a couple of years).

This video post will show the step-by-step process of MSI application deployment (Intune LOB application deployment).

NOTE! – Do not include the msiexec command or arguments, such as /i or /x, as they are automatically used. For more information, see Command-Line Options. If the .MSI file needs additional command-line options, consider using Win32 app management.

This post is also an end-to-end guide to creating MSI applications in Intune via the Azure portal. In the following post, “How to Deploy MSI App to Intune MDM Using SCCM CB and Intune“, I already blogged about MSI MDM deployment via the MDM channel. This will include:-

  • Uploading the MSI LOB app to Intune
  • Deployment or Assignment options
  • End-User Experience on Windows 10 machine
  • How to Troubleshooting with event logs and Pending Sync
  • How to get application installation status messages back to the Intune console

How to Deploy MSI LOB App from Intune Azure Console End-to-End Guide

In this video, you will learn how to deploy an MSI Line-of-Business (LOB) application using the Intune Azure Console from start to finish. The guide provides a detailed, step-by-step process covering everything you need.

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide – Video 1

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide – Upload MSI LOB Application to Intune

Uploading the MSI LOB app to Intune is a very straightforward process. Log in to the Azure portal, navigate via Microsoft Intune -> Mobile Apps -> Apps -> + Add button, and select the app type as “Line-of-Business app.” Click on “App package file,” browse to the MSI source file location, and click on the OK button, as you can see in the video here.

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide - Fig.1
Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide – Fig.1

You must complete the “App information” section before you can proceed with uploading the MSI to Intune. There are a couple of mandatory fields. Command-line options are also available in this section. However, as I have experienced, you can also see in the video.

I have not used any silent switch for MSI, but by default, Intune/MDM on Windows 10 will install the app as silent (without any user interaction or input). Click on the ADD button to complete the MSI app creation process in Intune on the Azure portal.

Deployment or Assignment options of MSI Intune LOB application deployment

It would be best to wait until the application is successfully uploaded to Intune before you can create an assignment (or deployment). An assignment is a method that we use to deploy MSI applications to Windows 10 devices. You can deploy applications to Azure AD dynamic user groups or device groups. In this video/scenario, I used the AAD dynamic user group to target the MSI LOB apps.

  • More details are available in the video here. There are different deployment types available in Intune.

Available – The user needs to go into the company portal and trigger the installation.
Not applicable – Won’t get installed
Required – Forcefully get installed without any user interaction
Uninstall – Remove the application from the device
Available with or Without enrollment  – Mobile Application Management (MAM) without MDM enrollment scenarios.

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide - Fig.2
Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide – Fig.2

End-User Experience on Windows 10 machine

Windows 10 machines will get the new application deployment policy once the assigned user is logged into that machine. What is the option to speed up the application deployment to the machines?  You need to sync with Intune services using the following method (manually).

You can go to “Settings—Access Work or School—Work or School Account—Info (click on this button)” and click on Sync. This will initiate a Windows 10 machine sync with Intune services, and after a successful sync, the machine will get the latest application policies.

How to Troubleshooting with Event Logs and Pending Sync

Unlike SCCM/ConfigMgr deployments, we don’t have log files to look at the application installation status via the MDM channel on Windows 10 machines. So, it would be best if you relied on the Company portal for troubleshooting the MSI application troubleshooting.

  • As you can see in the following picture, the installation is waiting for “Pending Sync.”
  • As mentioned above, you can immediately initiate a manual sync to kick-start the installation process.
  • Event logs – Windows Logs – Applications are where you can get the status of MSI application installation via MDM or Intune channel on to Windows 10 machine.
Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide - Fig.3
Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide – Fig.3

How to get application installation status messages back to the Intune console

To get the installation status of the MSI LOB apps to Intune on the Azure portal, you need to sync your work or school accounts with Intune services. The installation status will be blank in the Intune blade unless the device is synced with Intune after the application is installed on the Windows 10 machine.

Initiate thSyncnc via “Settings – Access Work or School – Work or School Account – Info (click on this button)” and click on  Sync. Once thSyncnc is completed successfully, you can try to check the Intune Device Install Status in Intune to check the status.

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide - Fig.4
Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide – Fig.4

Reference:- 

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide 2

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide

Let’s learn Hyper-V Backup Step-by-Step Installation Configuration Video Guide Altaro Backup Guide. This post will show the details of the Hyper-V backup step-by-step installation and configuration guide. I have to build a hyper-v server 2016 with three VMs.

This is my new SCCM CB lab, and Altaro VM backup has been installed and configured on that server to take backup of my hyper-v VMs.

A future blog post will cover the restoration process of Hyper-v VMs from Altaro VM Backup. This blog post will cover the installation, configuration, VM backup, backup retention, and VM backup health check.

Recently, Altaro released Altaro VM Backup v7 with vSphere 6.5 and Windows Server 2016 support, concurrency update, and the new Cloud Management Console; more details. They have included other features into the latest Altaro VM backup v7 boot VM from Backup and Augmented Inline Deduplication. The new Unlimited Plus Edition also comes with a new online console.

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide

This version generally provides considerably increased backup concurrency per Hypervisor. With Altaro’s inline deduplication technology, the user can benefit from huge storage space savings and much better backup speeds.

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide - Fig.1
Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide – Fig.1

Step1 – Connecting to Hyper-V and Discovering VMS

Hosts—This is the step where the Hyper-V machines were discovered via Altaro VM backup. I have an SCCM infrastructure setup with this Hyper-V lab, so Altaro was able to find the 3 VMs as part of the STEP 1 discovery.

STEP 2 – Setting up Backup locations for VM backups

Backup Locations—This is where we set up a backup location for each Hyper-V VM. You can provide a network location and external hard disk. Setting up a backup site is easy. Altaro backup automatically discovers the external hard disk or USBs connected to your Hyper-V server. You can drag and drop your VMs to a particular backup location, and that is it!

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide - Fig.2
Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide – Fig.2

Scheduling backup tasks for Hyper-V VMs via Altaro Hyper-V backup is very easy. You can also set up a retention policy for Hyper-V VM backups according to your organizational requirements.

Advanced settings allow you to customize and skip IOS files from Hyper-V VM backups. If your organization requires encryption while backing up VMs, Altaro has an out-of-the-box setting to configure the encryption of VMs.

STEP 3 – Hyper-V VM Backup, Retention Schedules, and Reports

Step 3 is the last stage I will cover in this post. It involves backing up Hyper-V VMs using the Altaro backup solution. When you click on the “+” symbol on the right side of your VM and click on the “Take Backup” button, Altaro will send the instructions to the hypervisor. You can also schedule the Hyper-V VM backups to automate the backup process.

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide - Fig.3
Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide – Fig.3

You can also check and verify the backup that has already been completed. The Schedule Test Drills and Test – Verify Backups options automate the validation of Hyper-V VM backups. Some helpful out-of-box reports will provide details about the Altaro Backup jobs completed.

Retention policies help automate deleting old Hyper-V VM backups on a particular schedule. In my testing, this is very useful for better storage management. Watch the video tutorial to learn more about Altaro services and file systems. Eight Altaro Services are running on the Hyper-V server.

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide - Fig.4
Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide – Fig.4

Conclusion:-

This post covered installation, configuration, VM backup, backup retention, and VM backup health check. In a later post, I will cover the recovery options of the Altaro VM Backup solution in detail. Overall, I had a great user experience with the installation, configuration, and VM backup of Altaro VM Backup. The drag-and-drop options for VMs are my favorite option in Altaro VM backup. Stay tuned for the next post-restore topic.

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Microsoft MVP Community Connect India

My Experience of Microsoft MVP Community Connect 2017 India Most Valuable Professional

My Experience of Microsoft MVP Community Connect 2017 India Most Valuable Professional. Last week, I attended Microsoft MVP Community Connect 2017 India in Coorg. Coorg is located on the southern side of India and is also known as “The Scotland of India.”

This is a global event in full swing. Previously, it was called “MVP Open Days.” Last year, it was conducted in Hyderabad. These events are an opportunity for MVP communities to gather together, learn new skills, and celebrate everything being an MVP has to offer.

It was a great experience for me to meet Microsoft leaders. Interacting with community leaders from Microsoft helped me understand the strategies. The best part of the event was getting the chance to interact with fellow MVPs.

Coorg is an excellent place to be around this time of the year. The climate was just superb; it was drizzling. We didn’t have proper mobile network connections, so it was disconnected from the world. But, we had a Wi-Fi connection available, so it was ok for an emergency. Moreover, the resort was very nice in the middle of the forest.

Microsoft MVP Community Connect India 2017

In this video, you will learn all the details about the Microsoft MVP Community Connect India 2017 event. Attendees interacted with Microsoft leaders and fellow MVPs, gaining insights into cloud computing, Azure, and community building.

My Experience of Microsoft MVP Community Connect 2017 India Most Valuable Professional – Video 1

My Experience of Microsoft MVP Community Connect 2017 India Most Valuable Professional

Those interactions and networking will help me understand their point of view about the cloud, Azure, Openness, etc. I learned a lot from each of my fellow MVPs, like how they conduct community events, write blog posts, create video tutorials, etc.

MVP Connect 2017 Coorg My Experience of Microsoft MVP Community Connect 2017 India | Most Valuable Professional
My Experience of Microsoft MVP Community Connect 2017 India | Most Valuable Professional

Microsoft MVP Community Connect 2017 allowed me to learn new things.

  • 1. Different Strokes – Virtual Communication Cues
  • 2. Stories Are Us – Written Communication Cues
  • 3. Improvise and Improve – Spoken (social) Communication Cues

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Differences Between Intune Enrollment Restriction Device Restriction Profile 3

Differences Between Intune Enrollment Restriction Device Restriction Profile

Let’s discuss the Differences Between the Intune Enrollment Restriction and Device Restriction Profile. I was going through one of the TechNet documents and got confused between enrollment restriction policies and device restriction policies. I have posted about both of these policies.

In the post-Intune Create Device Restriction Policy Profiles Deploy Security Policies to Windows 10 Devices, you will learn everything you need to create device restriction policy profiles in Intune and deploy security policies to Windows 10 devices. We will guide you step-by-step through setting up these policies to ensure your devices are secure and comply with your organization’s requirements.

How to Restrict Personal Android Devices from Enrolling into Intune post helps you to provide detailed instructions on restricting personal Android devices from enrolling into Intune using Endpoint Manager (MEM). It covers the steps necessary to configure enrollment restrictions, ensuring that only corporate-owned devices can be enrolled and managed through Intune.

Device restrictions are entirely different from Enrollment restrictions. Both options have different use cases, which will be explained in this post. These two policies are used in modern device management solutions like Intune and Azure AD.

Differences Between Intune Enrollment Restriction Device Restriction ProfileEnrollment Device Platform Restrictions

Intune Device restriction profiles (Enrollment Device Platform Restrictions) are policies similar to GPO from the traditional device management world. Most enterprise organizations use GPO to restrict corporate-owned devices.

These are security policies that need to be applied to devices. Intune Device restriction policies control various mobile device settings and features (iOS, Android, macOS, and Windows 10).

  • MDM – Allow or Block
  • Allow – min/max range
  • Personally owned devices – Allow or Block

Device Type Restriction in Intune

Enrollment device platform restrictions make more sense. Navigate to Devices – Enroll Devices – Enrollment Device Platform Restrictions.

Differences Between Intune Enrollment Restriction Device Restriction Profile - Fig.1
Differences Between Intune Enrollment Restriction Device Restriction Profile – Fig.1

This type of policy could apply to different categories, including security, browser, hardware, and data-sharing settings. For example, you could create a device restriction profile policy that prevents Windows users from sharing the internet or using Cortana, etc.

Intune Device Restriction profiles can be deployed to specific users/devices in AAD groups, whereas Intune Enrolment restriction policies can’t be deployed to specific user/device groups in Azure AD. The following section of this post provides more details.

Intune Device Limit Restrictions

Enrollment is the first part of Mobile Device Management (MDM). Why do we need to enroll a mobile device into Intune? Enrollment is the first step for management. When a device is enrolled in Intune, they have issued an MDM certificate, which that device then uses to communicate with the Intune service.

In several scenarios, we need to block employees from enrolling their devices in the corporate management platform. You want to block devices not secured enough to enroll in Intune, such as personal devices.

Also, we could block devices with lower OS versions. How is this possible from Intune? Difference Between Intune Enrollment Restriction Device Restriction Profile | Configuration Manager ConfigMgr.

Navigate to Microsoft Intune—Enroll Devices—Enrollment device limit restrictions. You will see two Intune enrollment restriction policies.

Intune Enrollment Restriction Policies
Device Type Restrictions
Device Limit Restrictions
Differences Between Intune Enrollment Restriction Device Restriction Profile – Table 1

Device Type restriction is where we can define which platforms, versions, and management types can enroll. So, all other devices are blocked from Intune enrollment.

The only problem with Intune enrollment restrictions I can think of is that device type restrictions in Intune are deployed to “All Users, ” we can’t deploy or assign Intune enrollment restriction policies to “specific user group.” At the moment, the device type restrictions policies are tenant-wide configurations.

Device Limit Restrictions in Intune

Navigate to Enroll Devices – Enrollment Device Limit Restrictions to configure the limitation.

Differences Between Intune Enrollment Restriction Device Restriction Profile - Fig.2
Differences Between Intune Enrollment Restriction Device Restriction Profile – Fig.2

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Setup Android Work Support Step by Step Guide Microsoft Intune 4

How to Setup Android Work Support Step by Step Guide Microsoft Intune

Let’s learn how to Setup Android Work Support Step by Step Guide Microsoft Intune. Google’s strategic approach is to support management only via the Android Work channel, and Microsoft Intune’s strategy is to help Android work. This post will show how to set up Android work support in Intune portal.

Latest Post How To Configure Intune Enrollment Setup For Android Enterprise Device Management – HTMD Blog #2 (howtomanagedevices.com)

I have blogged about enrolling for Android Work Management via Intune: “Intune How to Enroll Android for Work Supported Devices for Management.” The video embedded in the above post explains the process of enabling Android Work support in the Intune Silverlight portal.

As you can see in the embedded video guide attached to this post, we will learn how to unbind or change the Gmail/Google account we used to set up Android work support in the Intune Azure portal. Once the existing Gmail account has been removed, we can use a different Gmail account to configure or set up Android Work support in the Intune Azure console.

How to Unbind Android Work Account from Intune Azure Portal

We must unbind the account from the Intune Azure console to change the Setup Android Work Google account. The Unbind button in Intune Azure removes support for Android Work enrollment and eliminates the relationship between the Android work account Gmail and Intune.

I have seen some delay in unbinding the Gmail account from the Intune blade in the Azure portal. As you can see in the video here, I removed the Gmail account from the Android work setting in the Intune blade in the Azure portal, but it took 2 minutes for these changes to reflect. However, the removal of Android Work was immediately reflected on the Intune Silverlight portal.

How to Setup Android Work Support Step by Step Guide Microsoft Intune - Fig.1
How to Setup Android Work Support Step by Step Guide Microsoft Intune – Fig.1

Setup Android Work Support in Intune Azure Portal

The configuration or setup of Android Work support in the Intune Azure portal is very similar to that in the Silverlight portal. You need to click the Configure button to open a pop-up where you can log in with a new Gmail or Android Work account. The Google configuration wizard will help you set up the connection between Intune and Google APIs like Google Play for Work, Android Work management, etc.

Microsoft Intune
Enrollment
Android for Work Enrollment
How to Setup Android Work Support Step by Step Guide Microsoft Intune – Table 1
How to Setup Android Work Support Step by Step Guide Microsoft Intune - Fig.2
How to Setup Android Work Support Step by Step Guide Microsoft Intune – Fig.2

Setting up Android Work Enrollment & Management via Intune

Android for Work enrollment settings are the same as those in the Intune Silverlight console. In the Intune Azure portal, we have three options for setting up Android work enrollment.

1. Manage all devices as Android – This is opposite to Google’s strategic approach regarding managing the Android devices
2. Manage supported devices as Android for Work—As per my testing, all Android 6.0 and above devices are supported for Android work enrollment and management via Intune. I have a blog post that explains A4W supportability, “Intune Entry Level Low-Cost Device Support for Android for Work Enrollment.” Hence, this is my best bet option for enrollment.
3. Manage supported devices for users only in these groups, such as Android Work. This could be used in the testing or pilot process if your organization doesn’t have a test Intune environment.

How to Setup Android Work Support Step by Step Guide Microsoft Intune - Fig.3
How to Setup Android Work Support Step by Step Guide Microsoft Intune – Fig.3

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune 5

SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune

Discuss the SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune. This Saturday, the Microsoft SCCM team released the latest technical preview.

I blogged about the two exciting features of the SCCM ConfigMgr CB version in the post “SCCM ConfigMgr AAD User Discovery and Client Authentication with Cloud Identities.”

This is not the production version of the SCCM ConfigMgr CB version. You should not install this version of SCCM in a production environment. Technical preview versions of SCCM CB will get released every month.

I recommend that SCCM admins install the TP version of SCCM CB in their lab environment so that they can keep up with the new features that are enabled in every TP release.

Step by Step How to SCCM ConfigMgr CB TP 1705 Download and Upgrade Video Guide

In the video titled “Step by Step How to SCCM ConfigMgr CB TP 1705 Download and Upgrade Video Guide,” you will find a detailed tutorial on downloading and upgrading to the (SCCM) Current Branch Technical Preview 1705. The guide walks you through the entire upgrade process, ensuring a smooth transition from previous versions.

SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune – Video 1

SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune

SCCM CB TP 1705 comes with loads of new features, and I will discuss some of them in detail in upcoming blog posts. In this post, we will discuss how I completed the download and installation of SCCM ConfigMgr CB TP 1705.

SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune - Fig.1
SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune – Fig.1

You can refer to the video here or the embedded at the start of this post. In this post, the download and upgrade of the SCCM ConfigMgr CB TP version have been segregated into SIX parts. As you can see in the picture below, you may need to start the download (Available to Download).

  1. SCCM ConfigMgr CB TP 1705 – Download of the content
  2. SCCM ConfigMgr CB TP 1705 – Available to Install
  3. SCCM ConfigMgr CB TP 1705 – Pre-Requisite checks
  4. SCCM ConfigMgr CB TP 1705 – Installation Process
  5. SCCM ConfigMgr CB TP 1705 – Post Installation Steps
  6. SCCM ConfigMgr CB TP 1705 – Console Upgrades

SCCM ConfigMgr CB TP 1705 – Download of the Content

Download SCCM CB 1705 content from the Microsoft content server. You can check the content download status from the log file called DMPDownloader.log. Also, the content status can be analyzed via Ethernet connection via Task Manager – Performance.

In addition to these, you can check the cab file size from the folder “EasySetupPayload.” The SCCM CB installation video guide explains all of this.

SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune - Fig.2
SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune – Fig.2

SCCM ConfigMgr CB TP 1705 – Available to Install

The following are the high-level steps of SCCM ConfigMgr CB in the console download process. The screenshot below shows the SCCM pack install update. It is in the state of Ready to install.

SCCM ConfigMgr CB TP 1705 – Available to Install
Process update package
Download the updated package cab file
Extract update package payload
Download Redist
Report package as downloaded
SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune – Table 1
SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune - Fig.3
SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune – Fig.3

Once the content download of SCCM ConfigMgr has been completed, we can start the installation process of SCCM CB TP 1705. Right-click on the update and tap on “Install update pack.” This action will initiate an upgrade wizard. You can select some important options as part of this upgrade wizard. Monitor this process via CMUpdate.log and the SCCM CB console.

SCCM ConfigMgr CB TP 1705 – Prerequisite Checks

Before the start of the installation, the upgrade process will carry out prerequisite checks, such as checking the disk space available on the server. It will also include loads of other checks to ensure the upgrade process goes through without any issues.

SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune - Fig.4
SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune – Fig.4

SCCM ConfigMgr CB TP 1705 – Installation Process

Once the necessary pre-checks have been completed, the actual upgrade process will start. CMUpdate.log is your friend in this SCCM ConfigMgr CB TP 1705 upgrade process. Upgrading the ConfigMgr Database is the most important and time-consuming step in this SCCM CB installation process. Installing files is another process that may take a long time to finish, as you see in the video embedded in this video post.

SCCM ConfigMgr CB TP 1705 – Post Installation Steps

The post-installation steps of SCCM CB 1705 are critical; this is where the SCCM Executive service will be installed. SQL-based replication services, SMS hierarchy manager, etc., were installed during this step. SiteComp.log is your best friend in this step to monitor the progress of that installation.SCCM ConfigMgr CB TP 1705 – Console Upgrades.

The SCCM CB TP 1705 console upgrade is the last step of the in-console upgrade process. This is explained in the SCCM video tutorial embedded in this post. The SCCM CB TP 1705 console version is “5.00.8525.100,” and the site Server version is “5.00.8525.100.

SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune - Fig.5
SCCM ConfigMgr CB Download Upgrade Step by Step Guide Configuration Manager Intune – Fig.5

Resources

Update 1705 for Configuration Manager Technical Preview Branch – Available Now!
More detailed Technical details on SCCM CB TP 1705

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices 6

Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices

Let’s discuss how to Create SCEP Certificate Profiles in Intune and Deploy them to Windows 10 Devices. In this post, we will create and deploy an SCEP Certificate to Windows 10 Devices (How to Deploy an SCEP Certificate to Windows Devices).

We must take care of some prerequisites before creating SCEP Certificates in Intune. On-prem infrastructure components must be available before creating SCEP cert profiles in Intune. Related post > Intune SCEP HTTP Errors Troubleshooting Made Easy With Joy – #5 (anoopcnair.com)

NDES setup for SCEP – The NDES connector should be installed on your data center, and the NDES connector should be able to talk to the CA server and use the Azure AD App proxy connector if you are using the Azure app proxy.

I won’t cover the setup of NDEs and the Azure AD App proxy connector. Those two configurations are very complex and well explained in other blogs.

Intune SCEP Certificate Deployment for Windows 10 Devices – SCEP Certificates to Users Devices

Before creating a Windows 10 SCEP Certificate in Intune, you need to create and deploy a certificate chain. The certificate chain includes the Root CA certificate and the Intermediate /Issuing CA certificate. Intune offers three certificate profiles: TRUSTED Certificate, SCEP Certificate, and PKCS Certificate. We are not going to use the PKCS certificate for SCEP profile deployment.

Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices – Video 1

Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices

Deploying SCEP Certificates to Windows 10 Devices will help connect corporate resources like Wi-Fi and VPN profiles. Before making a Windows 10 SCEP Certificate in Intune, you must create and deploy a certificate chain. The certificate chain includes the Root CA and Intermediate /Issuing CA certificates.

Intune offers 3 certificate profiles: TRUSTED Certificate, SCEP Certificate, and PKCS Certificate. We will not use the PKCS certificate for SCEP profile deployment.

Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices - Fig.1
Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices – Fig.1

Intune Create SCEP Certificate Profiles in Endpoint Manager Deploy SCEP profiles to Windows 10 Devices. Following are the high-level tasks for deploying the SCEP Certificate to Windows10 Devices via Intune:-

Create and Deploy iOS Root CA certificate using Intune Azure Portal
Create and Deploy iOS Intermediate/Issuing CA Certificate using Intune Azure Portal
Create and Deploy SCEP Certificate to iOS Devices using Intune Azure Portal.

Create and Deploy Windows 10 Root CA, Windows 10 Intermediate/Issuing CA Certificate Profiles

As the first step, we need to create a Root CA cert profile. To create a Root CA cert, navigate through Microsoft Intune—Device Configuration—Profiles—Create a profile. Select the platform as Windows 10 and the profile type as Trusted Certificate. You must then browse and upload your ROOT CA cert (the Name of the cert = ACN-Enterprise-Root-CA.CER)from your CA server.

We need to select a destination store in the Windows 10 Trusted certificate profile. For the root certificate profile, we must select Computer Certificate store—root. Once the settings are saved, you must deploy the root certificate profile to the required Windows 10 devices.

PlatformProfile type
Windows 8.1 and laterTrusted Certificate
Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices – Table 1
Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices - Fig.2
Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices – Fig.2

We must follow the same process for deploying the Intermediate/Issuing CA certificate profile via Intune. Make sure that you upload the issuing CA cert (Name of cert = ACN-Issuing-CA-PR1.CER) from your CA server.

Another point we need to take care of is the destination store. We need to select the destination store as Computer Certificate Store—Intermediate. Click OK—Create to finish creating the Issuing cert profile.

Deploy Windows 10 Root CA and Intermediate/Issuing CA Certificate Profiles to the same group of Windows 10 devices. We can deploy these profiles using either an AAD user or device group. However, I would prefer to use AAD dynamic device groups wherever possible.

Create and Deploy Windows 10 SCEP Profile via Intune – Intune Create SCEP Certificate Profiles

To create and deploy a SCEP profile on Windows 10 devices, navigate to Microsoft Intune—Device Configuration—Profiles—”Create a profile.” Select the platform as Windows 10 and the profile type as SCEP Certificate.

When you create a SCEP profile for a Windows 10 device, you need to make some specific settings. The load of these configurations can differ between the CA server setup and another on-prem component setup.

Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices - Fig.3
Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices – Fig.3

The certificate validity period is 1 year, which is the industry standard. There are four options for the Key storage provider (KSP): Enrol to trusted platform Module(TPM) KSP if present Software KSP, Enrol to Trusted platform module(TPM), otherwise fail, Enrol to passport, otherwise fail, and Enrol to Software KSP.

In this scenario, I have selected Enrol to Trusted Platform Module(TPM) KSP if the Software KSP is present. We must choose the subject name format value depending on your organizational requirement. In this scenario, I selected a familiar name as an email. The subject alternative name is UPN. Key usage is a digital signature and key encipherment. The key Size value is 2048. If your CA supports the same, the hash algorithm value (SHA-2) should be the latest one.

Another critical point is linking the SCEP profile with the ROOT cert profile you created. If you have not created any ROOT cert and intermediate/issuing CA cert profiles in Intune, it won’t allow you to create an SCEP profile. Extended key usage is another setting, and it should automatically get populated. One example here is “Client Authentication—1.3.6.1.5.5.7.4.3.”

Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices - Fig.4
Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices – Fig.4

Enrollment Settings is the last set of settings for Windows 10 SCEP profiles in Intune. I recommend keeping the certificate renewal threshold at the default value of 20%. SCEP server URLs (e.g., https://acnndes-sccz.msappproxy.net/certsrv/mscep/mscep.dll) are very important. These are the URLs to which Windows 10 devices will go and request SCEP certs.

This should be reachable from the Internet. As I mentioned above, you can use Azure AD app proxy URLs. In this scenario, I will use Azure AD app proxy settings.

SCEP profile cert will be deployed to users’ stores in the format “ACN-Issuing-CA-PR5“.

End-User Windows 10 Certificate Store Experience Intune Create SCEP Certificate Profiles

SCEP profile will be deployed to Current User\Personal\Certificates = “ACN-Issuing-CA-PR5

Root and Intermediate CA cert will be deployed to Local Computer\Intermediate Certification Authorities\Certificates = ACN-Enterprise-Root-CA.CER and ACN-Issuing-CA-PR1.CER

Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices - Fig.5
Create SCEP Certificate Profiles in Intune Deploy SCEP Profiles to Windows 10 Devices – Fig.5

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Create SCEP Certificate Profiles Deploy SCEP Profiles to iOS Devices using Intune 7

Create SCEP Certificate Profiles Deploy SCEP Profiles to iOS Devices using Intune

Let’s discuss creating SCEP Certificate Profiles and Deploying them to iOS Devices using Intune. Before obtaining an SCEP certificate in Intune, we must consider some prerequisites.

It would be best if you also had on-prem infrastructure components available. NDES connector is supposed to be installed on your Data Center, and the NDES connector should be able to talk to the CA server and Azure AD App proxy connector if you are using the Azure app proxy.

In “Intune SCEP HTTP Errors Troubleshooting Made Easy With Joy – #5,” Joymalya Basu Roy provides a comprehensive guide on diagnosing and resolving HTTP errors encountered during SCEP (Simple Certificate Enrollment Protocol) certificate deployments using Microsoft Intune. The post focuses on various HTTP errors, particularly the HTTP 500 Internal Server Error, and offers detailed steps to effectively identify and troubleshoot these issues.

I won’t cover the setup of NDEs and Azure AD App proxy connectors. Those two configurations are complex and well explained in loads of other blogs. This post will cover how to create and deploy a SCEP Profile for iOS Devices via Intune Blade in the Azure portal.

How to Create and Deploy SCEP Certificate with Intune for iOS Devices

Deployment of SCEP Certificates to iOS devices will help them connect to corporate Wi-Fi and VPN profiles, etc.… You must create and deploy the certificate chain before creating an iOS SCEP Certificate in Intune.

The certificate chain includes the Root CA and Intermediate/Issuing CA certificates. There are 3 certificate profiles available in Intune: the TRUSTED Certificate, the SCEP Certificate, and the PKCS certificate. We are not going to use the PKCS certificate for SCEP profile deployment.

Create SCEP Certificate Profiles Deploy SCEP Profiles to iOS Devices using Intune – Video 1

Introduction – Create SCEP Certificate Profiles Deploy SCEP Profiles to iOS Devices using Intune

Deploying a SCEP Certificate to iOS devices will help them connect to corporate Wi-Fi, VPN profiles, etc. Before creating an iOS SCEP Certificate in Intune, you need to develop and deploy a certificate chain. The certificate chain includes the Root CA and Intermediate/Issuing CA certificates.

There are 3 certificate profiles available in Intune: TRUSTED Certificate, SCEP Certificate, and PKCS certificate. We are not going to use the PKCS certificate for SCEP profile deployment. The following is the high-level task list for deploying SCEP Profile to iOS Devices (Deploy SCEP profiles to iOS Devices).

Create SCEP Certificate Profiles Deploy SCEP Profiles to iOS Devices using Intune
Create and Deploy iOS Root CA certificate using Intune Azure Portal
Or Create and Deploy an iOS Intermediate CA certificate using Intune Azure Portal
Create and Deploy SCEP Certificate to iOS Devices using Intune Azure Portal
Create SCEP Certificate Profiles Deploy SCEP Profiles to iOS Devices using Intune – Table 1
Create SCEP Certificate Profiles Deploy SCEP Profiles to iOS Devices using Intune - Fig.1
Create SCEP Certificate Profiles Deploy SCEP Profiles to iOS Devices using Intune – Fig.1

Create and Deploy iOS Root CA, iOS Intermediate/Issuing CA Certificate Profiles

As the first step, we need to create a Root CA cert profile. To create a Root CA cert, navigate through Microsoft IntuneDevice ConfigurationProfilesCreate a profile (Deploy SCEP profiles to iOS Devices). Select the platform iOS and profile type Trusted Certificate. You must browse and upload your ROOT CA cert (Name of the cert = ACN-Enterprise-Root-CA.CER) from your CA server.

Once settings are saved, you must deploy the root cert profile to the required iOS devices. The exact process must follow for Intermediate/Issuing CA certificate profile deployment via Intune. Intune Create SCEP Certificate Profiles Deploy SCEP profiles to iOS Devices using Intune.

Make sure that you are uploading the issuing CA cert (Name of cert = ACN-Issuing-CA-PR1.CER) from your CA server. The video above explains all these configurations; you can watch them here.

Create and Deploy iOS SCEP Certificate Profile for iOS Devices

To create a SCEP certificate profile, navigate to Microsoft Intune – Device Configuration – Profiles – Create a profile. While making an iOS SCEP Certificate, we must select the Profile type as “SCEP certificate” and the platform as iOS.

The next step is configuring the settings. These settings are critical, and we need to consult with your CA team when you create a SCEP Certificate. Loads of these configurations can differ between the CA server setup and another on-prem component setup (Deploy SCEP profiles to iOS Devices).

The certificate validity period is 1 year, which is the industry standard. The subject name format also depends on your organization’s preference. In this scenario, I selected a familiar name as email and a subject alternative name as UPN. The key usage is a digital signature and critical decipherment. The key Size is 2048.

Another critical point is linking the SCEP Certificate with the ROOT cert profile you created. If you have not earned any ROOT certification in Intune, you won’t be able to develop an SCEP Certificate. Extended key usage is another setting, and it should automatically get populated.

One example here is Client Authentication – 1.3.6.1.5.5.7.4.3. Intune Create SCEP Certificate Profiles Deploy SCEP profiles to iOS Devices using Intune.

Create SCEP Certificate Profiles Deploy SCEP Profiles to iOS Devices using Intune - Fig.2
Create SCEP Certificate Profiles Deploy SCEP Profiles to iOS Devices using Intune – Fig.2

Enrollment Settings is the last set of settings for iOS SCEP profiles in Intune. I recommend keeping the renewal threshold of certificates as the default value of 20%. SCEP server URLs are critical. These are the URLs to which iOS devices will request SCEP certifications.

So, this should be reachable from the Internet. As mentioned above, you can use Azure AD App proxy URLs here (e.g., https://acnndes-sccz.msappproxy.net/certsrv/mscep/mscep.dll ). In this scenario, I will use Azure AD App proxy settings. All these configuration details are explained in the video here.

SCEP certificate will be in the following format: “ACN-Issuing-CA-PR5“.

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His primary focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Learn How to Create and Deploy Security Policies for Android Devices using Intune 8

Learn How to Create and Deploy Security Policies for Android Devices using Intune

Let’s learn how to Create and Deploy Security Policies for Android Devices using Intune. Android for Work Device Restriction Policies Deployment is the Security Policy for Android Devices. Security policies are important to secure the corporate data and applications on those devices.

In this post, we will explain how to create and deploy security policies for Android devices using the Intune blade in the Azure portal. These security policies help protect your devices and data.

Additionally, we will cover Intune compliance policies, which are crucial for ensuring your Android devices meet your organization’s security standards. Follow along to learn the steps for setting up both types of policies to enhance the security of your Android devices.

I have a post about setting up compliance policies for Android devices “How to Plan and Design Intune Compliance Policy for Android Devices“. Latest post – How To Configure Intune Enrollment Setup For Android Enterprise Device Management.

Learn How to Create and Deploy Security Policies for Android Devices using Intune

You can create the Intune device restriction policy for Android for Work from Microsoft Intune – Device Configuration profiles – Create New Profile. I selected Android for Work as the platform, and the platform selection is very important.

Also, it would help if you had to select the profile type while creating an Intune Configuration Restriction policy. In my scenario, it’s the Device restriction policy, which is named the Android Restriction policy, as seen in the video.

PlatformProfile Type
Android for WorkDevice Restrictions
Learn How to Create and Deploy Security Policies for Android Devices using Intune – Table 1
Learn How to Create and Deploy Security Policies for Android Devices using Intune - Fig.1
Learn How to Create and Deploy Security Policies for Android Devices using Intune – Fig.1

There are two categories for configuring device restriction settings for Android: Work profile settings and Device password. Again, I won’t suggest setting up a device password policy as part of the configuration policy when you have a compliance policy setting for the Device password.

Data sharing between work and personal profile settings specify whether work profiles can share data with apps in the personal profile. Microsoft Intune recommended that the value of this setting is to prevent any sharing across boundaries.

We can block the Work profile notifications while the device is locked. Default app permission is another Android for the Work security setting. I don’t recommend configuring the password settings as part of Intune configuration policies. Password settings should be part of compliance policies for Android for Work devices.

Learn How to Create and Deploy Security Policies for Android Devices using Intune - Fig.2
Learn How to Create and Deploy Security Policies for Android Devices using Intune – Fig.2

Deploy Security Policy for Android Devices

Deploying the Android for Work device restriction policy is straightforward. However, it’s essential to consider some of the points before deploying the security policy for Android devices. After setting up the policy, click on the assignment and select the AAD User/Device group.

Click on the Save button, ton and you are done. The best-recommended way is to assign policies to the Azure AD dynamic device group for Android devices. However, the AAD device groups are still in preview; we may be better off using user group deploy device restriction policies for Android devices.

One thing to remember is that you can’t apply Android device platform policies to Android for Work devices. You should instead use Android for Work device platform policies for A4W. The EXCLUDE option is another helpful option while deploying device restriction policies in Intune.

This is useful when excluding devices or users from these security policies.

Learn How to Create and Deploy Security Policies for Android Devices using Intune - Fig.3
Learn How to Create and Deploy Security Policies for Android Devices using Intune – Fig.3

User Experience of Security Policy for Android Devices

The user experience of Android for Work devices can vary depending on the manufacturer of the devices. As mentioned in the previous post, Samsung and Nexus are the best-experienced devices I have tested.

But I would admit the user experience of Android for Work is far better than that of an Android device! As Android devices have different variants, it’s better to ensure that all the security policies for the Android device experience are excellent for all manufacturers.

Learn How to Create and Deploy Security Policies for Android Devices using Intune – Video 1

Resources

Intune SCEP HTTP Errors Troubleshooting Made Easy With Joy

How To Configure Intune Enrollment Setup For Android Enterprise Device Management

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His primary focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.