Microsoft 365 learnings

As a Microsoft Intune expert, I can confidently say that Apple and Microsoft are better together when it comes to managing Apple iOS or macOS devices using Microsoft Intune. What is Microsoft Intune? Microsoft Intune is a powerful solution that can help secure iOS, Android, Windows, and macOS devices. With Intune, you can deploy devices with company-defined security standards, secure corporate data on devices, and improve the user experience by automating apps, configurations, and updates installations, Wi-Fi, VPN, security policies, and enforcing configuration policies. Intune can also help maintain the end-to-end device lifecycle. It is the only solution that can protect Office 365 data on devices using Application Protection Policies with or without device enrollment. What is Apple Business Manager? Apple Business Manager (ABM) is a new portal that integrates Device Enrollment Program (DEP) and Volume Purchase Programs (VPP). ABM can be beneficial in managing company-owne

You have MAM Policies for Managed and Unmanaged Devices, Intune managed devices are receiving MAM policies configured for Unmanaged devices As a rule, if you didn't configure IntuneMAMUPN for each targeted app on the managed device, App protection policy will apply to all devices whether it's managed or unmanaged. In the easy words, the target app will not understand whether it's installed on managed device or unmanaged device. After i deploy a configuration policy towards managed apps to configure the IntuneMAMUPN, issue got resolved. Add caption I have also noticed the profile is not applicable for some of the devices. As confirmed, the pre-request for app configuration policy is: ·          For iOS: the app must be downloaded via Company portal (store app or LOB app) ·          For android: the app must be downloaded via managed Google play store Workaround is to deploy the app as required or re-install from company portal app, app configurat

We have commenced  Intune Hybrid to Intune Standalone migration. We had configured iOS feature configuration - Web Content Filter for Safari browser. However, these settings were removed from the profile due to the undesired impact i.e. Unable to run Safari private mode. However, these settings were not removed from some of the devices. Policies are applied immediately but the Tattoo removal is disabled for the first 7 days of Device migration from Hybrid to Standalone.  e.g. Create a new policy to change wallpaper or Web Content Filter - It will be applied immediately. Untarget an existing policy, it will not be removed from the device until 7 days. After 7 days have passed, if Admin untargets a policy, it will be removed immediately. The intention of the delay is to keep protecting device before the device sign-in and fully managed by new Standalone MDM authority. In nutshell, please ensure policies are thoroughly tested and be mindful that policy changes may take up to 7

The contacts saved in Exchange is considered managed contacts. with iOS 12 onwards managed contacts are not visible from unmanaged Apps. As stated in Apple Article (https://support.apple.com/en-au/HT208749)  iOS 12, you can use MDM to make the following exceptions to this policy: Allow unmanaged apps to access managed contacts Allow managed apps to save contacts to the local Contacts app Microsoft Intune have introduced new feature, but it has pre-requisite to "Viewing corporate documents in unmanaged apps" to write contact to unmanaged app and "Viewing non-corporate documents in corporate apps" to read managed contacts in unmanaged app.  This can be security issue for many organisations. However, you can enable this without changing the parent policy by following trick! Go to iOS restriction settings in Intune, go to 'App Store, Doc Viewing, Gaming controls'. As highlighted above 'Allow managed apps to write contacts