Azure Active Directory now supports shared accounts

One of the feature in Azure Active Directory is the ability to get Single Sign On (SSO) to over 2400 SaaS applications (the number application available in the market place  20141113). Last week the team release a new feature that let you managed so called “shared accounts” in a much better/easier way.

  1. You can now add multiple accounts. For example, a marketing person might need to have access to multiple Twitter accounts
  2. You can assign the application to a group instead of a user

Lets see how this would look like if you would like to add multiple Twitter Accounts.

  1. Sign into the Azure management portal
  2. Under the Active Directory section, select your directory, then select the Applications tab.
  3. Click Add to add the first Twitter app/Account
    image
  4. Select “Add an application from the gallery”
    image
  5. Search for the Twitter app and then click Ok to select it
    image
  6. Click “Assign users
    image
  7. Select Groups and search/look for your group, when you find the one you want to use click Assign
    image
  8. Select “I want to enter the credentials to be shared among all group members
    image
  9. You have now successfully assigned the first account, lets add a second account
  10. Select the Application tab and click Add
    image
  11. Select “Add an application from the gallery”
    image
  12. Search for the Twitter app and then click Ok to select it. Since this is the second Twitter app you now get the option to name the app
    image
  13. Click “Assign users” and repeat the steps 6-8 (except using a new group and another twitter account(
  14. You have now successfully assign two different Twitter accounts to two different groups. Lets see how this looks like for an end user that is a member of both of the groups.
  15. ‘Sign into the My Apps web portal myapps.microsoft.com (or use the native apps for IOS or Android). You will now see both of the Twitter accounts you have permission to use. Not the if you click on them you will be redirected to Twitter without the need to add any password
    image

My Apps app is now available for both IOS and Android

To access user self service feature in Azure Active Directory Premium  the user can use the web portal or the native apps. The first native app Microsoft released was for IOS but last week the team released a Android version for My Apps.

Below you see some print screens of the how they look like on different form factors and for the different platforms.

Web portal

image

Iphone

Iphone

Ipad

Ipad

Samsung Galaxy S4

Samsung GalaxyS4

Nexus 7

Nexus 7

 

Download My Apps from Apple Store

Download My Apps from Google Play

Read more about Azure Active Directory Premium (AADP)

Read more about the EMS Suite where AADP is included

Intune will power the new MDM feature in Office 365

Today at Teched Europe, Microsoft announced a new feature in Office 365 – built-in mobile device management for Office 365. What cool about this is that you will actually be using the Intune backend and if you want to get more feature there will be an easy way to “upgrade” to Intune

To get a better understanding on what will be included in the Office 365 SKUs and what will be included in EMS/Intune, please visit http://blogs.office.com/2014/10/28/introducing-built-mobile-device-management-office-365/ 

To see some of the feature in action, below you have a short video explaining the features.

 

Which hotfixes should I apply to get the most of EMS

Hotfixes includes as we all know fixes to things that doesn’t work as expected but it also sometimes includes improvements and this is why I decided to write this blog post. This list is nothing official, I will list the updates that will/can impact EMS products (stability and improvements)

Note! This post will be updated as soon as I find any new hotfixes. Last update 2014-12-19

System Center 2012 R2 + Intune (also called Intune UDM)

Hotfix

Resolves

Comments

Replace

KB3002291

In Microsoft SystemCenter 2012 R2 Configuration Manager, when a user becomes a cloud-managed user, a settings policy may not target the assignment for the user.

The original fix for this was included in CU2+CU3 but was broken by the installer process (script was overwritten and function reverted back to original state).

The effect of this is that users that are included in an collection will get the “fast download of a polices” but for any users added after applying CU2 or CU3 will not get the policies. 
Note 1 -There is one version of the fix for a CU2 installation and one for CU3.
Note 2 – If you installed the CU2 version and then install CU3 you need to install the CU3 version of this fix
Note 3 – After installing the hotfix, please run the script (that you can copy from the KB), this script will fix all existing deployments

   

KB2990658

Greatly reduces the time that’s required to execute a successful retire or wipe of a Mobile Device Management (MDM) device. These operations now run on the device in a matter of seconds, assuming the device is reachable by Windows Intune.

To apply this hotfix, you must have Cumulative Update 3

(http://support.microsoft.com/kb/2994331/ )

   

KB2994331 (CU3)

A lot of things, please look at KB to see the hole list.

All CU’s are cumulative so all fixes that were in CU1 +CU2 is also included

This update replaces Cumulative Update 2 for System Center 2012 R2 Configuration Manager

(http://support.microsoft.com/kb/2970177/ )

.

Kb2970177 (CU2)

The main improvement in this update is Speed. If you been working with device enrollment you probably noticed that it can take a wile for the device to receive all the profiles/policies you deployed to it.With the CU2 for SCCM 2012 R2 and the May update for the Intune backend, this has been improved a lot.

See http://blog.advisec.com/?p=694 for more information and step by step how to install it

This update replaces Cumulative Update 1

(http://support.microsoft.com/kb/2938441/ )

for System Center 2012 R2 Configuration Manager.

KB2938441

Enrolling an Android device in both Exchange Active Sync (EAS) and Mobile Device Management causes a duplicate device to be created in the Administrator Console.

   

   

   

   

   

Windows Server 2012 R2 WAP Server role

Hotfix

Resolves

Comments

Replace

KB3011135

Large URI request in Web Application Proxy fails in Windows Server 2012 R2

For more information on how to use WAP in front of a NDES server see Pieter Wigleven blog http://aka.ms/ndes3. Note that this is still a “privat” fix and you need to call support to get it (no cost). This hotfix is now included in the December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

 

   

 
 

Windows Server 2008 R2 CA Server role

Hotfix

Resolves

Comments

Replace

KB2483564

Renewal request for an SCEP certificate fails in Windows Server 2008 R2 if the certificate is managed by using NDES

This update is only needed if you want to implement certificate deployment with SCEP and your CA is running on Windows Server 2008R2

If it is possible, I would recommend to upgrade to a newer server OS

CU2 for SCCM 2012 R2 is now released–Does it improve/impact Intune customers?

The CU2 update for System Center Configuration Manager 2012 R2 was just release. As with all CU’s, they include both fixes and improvements. With this blog post I want to highlight the things that are included in CU2 and will improve/impact Intune customers.

If you read the Kb2970177 you will se the following:

Mobile device management / Intune
  • Policies that apply to devices that are used together with Windows Intune may take 10 minutes or more to apply. Additionally, policies that are created before enrollment may not appear on the new device.
  • The Policy Request and Management Point fields for mobile devices may be missing from the Client Activity Details tab on the summary page for a given device.

Except for the two bug fixes it also includes one other major thing and that’s – Speed. If you been working with device enrollment you probably noticed that it can take a wile for the device to receive all the profiles/policies you deployed to it.With the CU2 for SCCM 2012 R2 and the May update for the Intune backend, this has been improved a lot.

So, if you use User Collection targeted Polices and Profiles they will be delivered to the User’s devices immediately after enrolling the devices.

The start benefit from this feature, install SCCM 2012 R2 CU 2 and test to enroll. Below you see a demonstration on the steps and the result.

  1. Install SCCM 2012 CU2

  2. Verify that your profiles/policy’s is deployed to a user collection

  3. Enroll a device and validate that the profiles/policy’s is deployed immediately

Important links from the videos:

Update 1 – If you have an existing SCEP profile you need to “manually” update it so it can be deployed during enrollment. Easiest way is to open the profile and just change the name or any other “cosmetic” change will also work. This will add a new revision on the profile and it will now work. Note that all SCEP profiles added after you applied CU2 is not affected by this issue

Windows Intune + Samsung KNOX = True

Last week Samsung announced that Samsung KNOX will support Windows Intune. Except for this, they also announced that they will add “Workplace Join” functionality into the Samsung Androids devices so the will be able to workplace join an Active Directory (this can be done on IOS and Windows 8.x today).

This is very good news for all Windows Intune customers that uses Samsung Android devices, really looking forward to the update

Read the full Samsung Press Release

What’s new in the Jan/Feb 2014 Intune update

The Jan/Feb 2014 update to Windows Intune has now been out for a couple of weeks. This was the first  update that was released through the SCCM “Extensions for Windows Intune”

image

So what did the update actually include:

  • Ability for the administrator to configure email profiles, which can automatically configure (IOS and WP8) the device with the appropriate email server information and related policies, as well as the ability to remove the profile along with the email itself via a remote wipe if needed (Only IOS).
  • Support for new configuration settings in iOS 7, including the "Managed open in" capability to protect corporate data by controlling which apps and accounts are used to open documents and attachments, and disabling the fingerprint unlock feature.
  • Ability for the administrator to remotely lock the device if it is lost or stolen, and reset the password if the user forgets it (as of now, this this feature only exist in the Intune standalone cloud service).

If you would like to see a good demo of some of the new features, please look at the interview on Channel9 with Martin Booth

http://channel9.msdn.com/Shows/Edge/Edge-Show-90-System-Center-Configuration-Manager-and-Windows-Intune-and-Managing-iOS-What-s-New-

Updated version of the Support Tool for Windows Intune Trial Management of Window Phone 8 is now avalable

Today a revision to the Support Tool for Windows Intune Trial Management of Window Phone 8 has been released. This tool facilitates Microsoft System Center 2012 Configuration Manager admins and Windows Intune standalone admins to try out Windows Phone 8 enrollment and software distribution scenarios during the Trial period.

The new revisions include:

· The new Windows Intune Company Portal for Windows Phone 8 released on Oct 18.

· A bug fix to address the ‘UBound’ error in the vbscript. [This script is needed only for Configuration Manager and not Intune standalone]

Download Support Tool for Windows Intune Trial Management of Window Phone 8

Windows Intune Company Portals now available for Windows, IOS and Android

Company Portal Downloads

Company Portal

URL

Installation Method

Windows Intune Company Portal

Windows 8.x (x86/x64 and RT)

Windows Store

http://apps.microsoft.com/windows/en-us/app/company-portal/4b1dff1a-e76f-4fdd-a993-9c59048c3768

Microsoft Download Center

http://www.microsoft.com/downloads/details.aspx?FamilyID=08a4f9d8-9c4d-4667-8bb2-fe8bbcbe694a

Direct User Installation

 

 

 

IT Deployment

System Center Configuration Manager Company Portal

Windows 8.x

(x86/x64 only)

Microsoft Download Center Only

http://www.microsoft.com/downloads/details.aspx?FamilyID=da9f6820-d399-4847-b3d7-aacf5cbf75c7

IT Deployment

Windows Intune Company Portal for Windows Phone 8

Microsoft Download Center Only

http://www.microsoft.com/en-us/download/details.aspx?id=36060

IT Deployment

Windows Intune Company Portal for iOS

App Store

https://itunes.apple.com/us/app/windows-intune-company-portal/id719171358?mt=8

Direct User Installation

 

Windows Intune Company Portal for Android

Google Play

https://play.google.com/store/apps/details?id=com.microsoft.windowsintune.companyportal

Direct User Installation