Category Archives: Intune Hybrid

Intune Hyrbid – Setting Edge homepage on Windows 10 machine using configuration baseline

This post will show how to set the Edge browser homepage on a Windows 10 machine enrolled in an Intune Hybrid environment with ConfigMgr 1610. I will create a configuration item, add it to a baseline, and then deploy the baseline to my Intune user collection. For a guide on setting up hyrbrid MDM with ConfigMgr, see Setup hybrid mobile device management (MDM) with System Center Configuration Manager and Microsoft Intune

In the ConfigMgr console, right click Configuration Items and select Create Configuration Item

edge01

Give the configuration item a name, and select Windows 8.1 and Windows 10 under Settings for devices managed without the Configuration Manager client and click Next.

edge02

In the Supported Platforms section, select Windows 10 as the supported platform and click Next.

On the Device Settings section, select Configure additional settings that are not in the default settings groups and select Next.

edge03

In the Additional Settings section, click on Add.

In the Available Settings search bar, search for “home” then select Homepages and click Select.

edge04

I have given the name a rule and given the Homepages value of “nhogarth.net” – you can make this any site you like then click OK.

edge05

Now click Select to select the setting you created.

On the Additional Settings page, click Next.

edge06

Click on Close to close the Completion screen.

Now we will create the Configuration Baseline and add the Configuration Item we created.

edge07

Give the baseline a name, and then click on Add, then Configuration Items.

edge08

Select the Available configuration item, then click on Add then click on OK.

Once the Configuration Item is added to the baseline, click on OK.

Now we will Deploy the baseline to our Intune user group. Right click on the baseline and click on Deploy.

edge09

With the selected configuration baseline (top right), select the Remediate non compliant rules when supported, and select your Intune user collection.

edge10

Now on our enrolled Windows 10 machine, we can check the compliance in the Company Portal to speed things up.

edge11

Now we can see that it has set our Edge browser to use the specified homepage from our Configuration Item.

edge12

Advertisements

Intune Hybrid – Deploy Office 365 click-to-run and enroll Windows 10 computer

This post will cover how to deploy Office 365 click-to-run to an enrolled Windows 10 machine using a Hybrid ConfigMgr 1610 environment with an Intune subscription. I will generate the .msi for Office 365 ProPlus and deploy it using ConfigMgr, enroll a Windows 10 machine, then install Office 365 ProPlus from the Comapany Portal using Click-to-Run.

My hybrid environment is already set up, and PC enrollment is already enabled. For this see https://docs.microsoft.com/en-us/sccm/mdm/understand/hybrid-mobile-device-management

First to create the Office 365 click-to-run msi which we will deploy from ConfigMgr to our Intune user group, download and install “Microsoft Office ProPlus Install Toolkit” from http://officedev.github.io/Office-IT-Pro-Deployment-Scripts/XmlEditor.html

microsoft-office-proplus-install-toolkit

Install it and open it up. I have configured the options to what suits my environment. Have a good look through the options and customize it to your needs.

mdmoffice3651

mdmoffice362

mdmoffice363

You can choose to exclude certain products if you like.

mdmoffice3654

mdmoffice3655

I have enabled updates.

mdmoffice3656

I have set the Display Level to none, and accepted the EULA.

mdmoffice3657

Make sure the install type is MSI and select the file path to output the msi.

mdmoffice3658

Once you click Generate, you will be left with a 2mb msi which we will deploy through ConfigMgr to our Intune user group.

mdmoffice3659

mdmoffice36510

Now we will create the application in the ConfigMgr console

mdmoffice36511

Make sure to specify the type as Windows Installer through MDM (*.msi) and also specify the UNC path to the earlier generated msi.

mdmoffice36512

Click Yes.

mdmoffice36513

Click Next.

mdmoffice36514

Specify the information you would like here such as Name.

mdmoffice36515

I have left all other options as default and clicked Next.

mdmoffice36516

Now we will go to the properties of the application we created and choose to use a logo to display in the Company Portal.

mdmoffice36517

Click on the Application Catalog tab and browse and select an icon you would like to use. I searched the web for an icon for Office 365 and made sure its 250×250 in size or smaller.

mdmoffice36518

Now we will deploy the application to our Intune user group.

mdmoffice36519

mdmoffice36520

Make sure to distribute the msi to the Intune distribution point. Select Add then Distribution Point, then select the manage.microsoft.com distribution point.

mdmoffice36522

mdmoffice36523

Click Next

mdmoffice36524

I am deploying this Appliction as Available so the user can install it from the Company Portal.

mdmoffice36525

mdmoffice36526

Now I will enroll my Windows 10 Pro 1607 machine. The prerequisites are here https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/enroll-hybrid-windows

Click on Start, then Settings.

enrollwin10-01

Select Accounts

enrollwin10-02

Click on Access work or school then click on Connect.

enrollwin10-03

Enter in your details for an account with an Intune license.

enrollwin10-04

enrollwin10-05

enrollwin10-06

enrollwin10-07

Now the device is enrolled. If we take a look in the ConfigMgr console, we can see the Windows 10 machine is enrolled as a mobile device.

enrollwin10-08

I have installed the Company Portal application from the Windows Store. Once opened, I can see the Microsoft Office 365 ProPlus. Click on it, then click on Install.

o365-01

If you load up task manager, you can see the set up files running.

o365-02

After a while you can see the programs in the program list on the Windows 10 machine.

o365-03

Intune Hybrid – Deploy msi to enrolled Windows 10 machine with ConfigMgr

This post will show how to deploy an MSI application to a Windows 10 machine enrolled as a mobile device in a ConfigMgr Current Branch 1610 environment with an Intune subscription. The Windows 10 machine has already been enrolled and has the Company Portal installed. For details on how to configure hybrid MDM and how to enroll devices, see Setup hybrid mobile device management (MDM) with System Center Configuration Manager and Microsoft Intune

Right click Applications, select Create Application.

intunewin10dep1

Make sure to specify the type as Windows Installer through MDM (*.msi) and specify the location of the .msi file. In my example I am using the 32bit 7zip msi.

intunewin10dep2

I have clicked Yes.

intunewin10dep3

intunewin10dep4

I have changed the name and left it as all default information.

intunewin10dep5

intunewin10dep6

intunewin10dep7

Now I will deploy the application as an available application for the user to download and install from the Company Portal. Right click on the application and click Deploy.

intunewin10dep8

I have selected a user collection and clicked Next.

intunewin10dep9

Click on Add then select distribution point, then I will distribute the package to the cloud based intune DP.

intunewin10dep10

I am deploying this as Available in this example and have left all other options as default and clicked Next on each screen.

intunewin10dep11

Now the application is deployed.

intunewin10dep12

In the content status section of the ConfigMgr console, I have made sure that the application has been successfully distributed to the Intune distribution point.

intunewin10dep13

Now on my enrolled Windows 10 (1607) machine I have opened up Company Portal and can see the 7zip application available.

intunewin10dep14

I have clicked on the application and then clicked on Install.

intunewin10dep15

Now 7zip has installed successfully.

intunewin10dep16

Intune Hybrid – Creating compliance setting for iOS device in the ConfigMgr console

In this post, I will be using hybrid Intune with ConfigMgr to create a compliance policy to control the security settings on iOS device, in particular, iPhones. It will also show the user experience on the iPhone. First I will create the Configuration Item for iOS, then I will add the Configuration Item to a Baseline, and then deploy the Baseline to a collection where my Intune enrolled users are located.

I am using ConfigMgr Current Branch 1610 with an Intune subscription and have an iPhone 6 enrolled.

Right click on Configuration Items and select Create Configuration Item

intunecomp1

Give the configuration item a name first, then under Settings for devices without the Configuration Manager client, select iOS and Mac OS X

intunecomp2

I am only using this for iPhones so I have selected iPhone as the platform.

intunecomp3

A list of groups for the device settings are displayed. In this example I have only selected Password. You can select the other groups to view which settings you can control.

intunecomp4

In this example, I have selected the Minimum password length (characters) to be 6. Currently the iPhone has a passcode of 4 characters. I have selected the Number of failed logon attempts before device is wiped to 4. I have also selected Password complexity to be Strong and Number of complex Characters required in password to be 2.

intunecomp5

intunecomp6

Now that the configuration item has been created, it needs to be added to a Baseline.Right click on Configuration Baselines and select Create Configuration Baseline.

intunecomp7

Give the baseline a name and click on Add, then Configuration Items.

intunecomp8

Select the Configuration Item that was created before and click Add.

intunecomp9intunecomp10

Now I will deploy the Baseline. Right click the Baseline and select Deploy.

intunecomp11

The configuration baseline is already selected. I have selected Remediate noncompliant rules when supported. I have also selected a user collection I would like to deploy the baseline to.

intunecomp12

This iPhone had a 4 digit passcode originally. The configuration item I configured said the iPhone needs a 6 character passcode length. Because the iPhone is not compliant, a Passcode Requirement prompt is on the iPhone giving the user 60 minutes to configure the new passcode. Once the user presses continue, the user is forced to set a 6 character passcode with 2 special characters.

intunecomp13intunecomp14

Intune Hybrid with ConfigMgr – Deploying required app to iOS from App Store

This post will show how to deploy a required application to an iPhone (or iOS device) from the App Store (Microsoft Excel) and also create a Mobile Application Management (MAM) Policy as Microsoft Excel requires it. My environment below is ConfigMgr Current Branch 1610 with an Intune subscription.

In the ConfigMgr console, go into Software Library, right click Applications and select Create Application

iosapp1

Select the type App Package for iOS from App Store. Paste the link of the app from the App Store. In this example, I have pasted the link for Microsoft Excel. You can browse the other apps from https://itunes.apple.com and get the link  and paste it in. Click Next.

iosapp2

iosapp3

You can add the required information here and click Next.

iosapp4

Click Next

iosapp5

iosapp6

Now we will create our MAM (mobile application management) policy for Microsoft Excel, as it is required before we deploy the application. Right click on Application Management Policies and select Create Application Management Policies.

iosapp7

Select the platform as iOS.

iosapp8

I have left the options as default.

iosapp9

iosapp10

Now we can deploy our Microsoft Excel application we created before. Select the Application, right click and select Deploy.

iosapp11

I will be deploying it to my Intune Users collection

iosapp12

In my example, I am deploying it as Required. Alternatively you can deploy it as Available and then download it from the Company Portal app.

iosapp13

All other options have been left as default. Now on the Application Management section I have selected the MAM policy I created before. If you didn’t create this MAM policy then you will not be able to proceed (For Microsoft Excel anyway)

iosapp14

Now I am going to initiate a Send Sync Request to my iPhone.

iosapp15

Once the iPhone receives the policy, because it was a required application I deployed, the iPhone is presented with this screen. Microsoft Excel will begin to install.

intuneapp16

Intune Hybrid MDM – Remote Wipe iPhone

This post will show how you can use ConfigMgr (I am using ConfigMgr Current Branch 1610) with an Intune subscription (hybrid MDM) to completely wipe an iPhone if it has been lost or stolen. When doing a full wipe, it will restore the iPhone to its factory settings (removing all company and user data).

In the ConfigMgr console, select the device and right click and select Remote Device Actions, then select Retire/Wipe

iphonewipe1

The warning below will be displayed where you can either do a selective wipe, or a full wipe. In my example, I will be doing a full wipe.

iphonewipe2

Another warning is displayed

iphonewipe3

I will send a sync request from the console to save time (new feature in ConfigMgr Current Brach 1610)

iphonewipe4

Once the iPhone has received the sync request, you can see it is now doing a full factory restore, removing all company and user data.

iphonewipe5   iphonewipe6

 

 

Intune Hybrid MDM – Reset iPhone Passcode from ConfigMgr console

When an iPhone is enrolled with Intune (or other devices such as iOS/Android/Windows Phone 8 and Windows Phone 8.1) using Hybrid MDM, ConfigMgr provides the ability to be able to reset the passcode. This is very helpful if a user has forgotten their passcode.

This post will show how to clear the iPhone passcode using ConfigMgr Current Branch 1610 with an Intune subscription. When clearing the passcode on an iOS device, the passcode is actually cleared. A temporary passcode is not created.

Select the iPhone in the ConfigMgr console and right click, select Remote Device Actions, then select Reset Passcode.

iphonepasscode1

The following warning will be displayed

iphonepasscode2

One of the nice new features in ConfigMgr Current Branch 1610 in a hybrid deployment is the ability to request a policy sync for a device enrolled with Intune rather than having to do it from the Company Portal. 

Right click on the device, select Remote Device Actions, then select Send Sync Request

iphonepasscode3

You see that the Passcode Reset state is set to Pending.

iphonepasscode4

Once the passcode has been reset, you can see that the reset state is Succeeded.

iphonepasscode5

From the iPhone now, previously if there was a passcode set, the passcode is now removed. On my device, I would usually need the passcode to unlock the device. Now I can unlock the device without a passcode and set a new passcode.