Showing posts from 2019

The Top 10 reasons to integrate Microsoft Intune with Apple Business Manager (ABM) for Company-owned Apple Devices.

Apple and Microsoft are better together. It is very true when it comes to managing the Apple iOS or macOS devices using Microsoft Intune. What is Microsoft Intune? Microsoft Intune can help to secure iOS, Android, Windows, and macOS devices. The Solution can deploy devices with company-defined security standards; it can help to secure corporate data on devices and improve user experience by automating apps, configuration, updates installation, Wi-Fi, VPN, Security Policies and enforcing configuration policies which can take hours to configure manually.   It can help to maintain end to end device lifecycle. Intune is the only solution which can protect data Office365 data on devices using Application Protection Policies with or without device enrollment. What is Apple Business Manager? Apple Business Manager (ABM) is a new portal integrating Device Enrolment Program (DEP) and Volume Purchase Programs (VPP).   ABM can be beneficial to manage company-owned device procurem

Intune managed devices are receiving MAM policies configured for Unmanaged devices

You have MAM Policies for Managed and Unmanaged Devices, Intune managed devices are receiving MAM policies configured for Unmanaged devices As a rule, if you didn't configure IntuneMAMUPN for each targeted app on the managed device, App protection policy will apply to all devices whether it's managed or unmanaged. In the easy words, the target app will not understand whether it's installed on managed device or unmanaged device. After i deploy a configuration policy towards managed apps to configure the IntuneMAMUPN, issue got resolved. Add caption I have also noticed the profile is not applicable for some of the devices. As confirmed, the pre-request for app configuration policy is: ·          For iOS: the app must be downloaded via Company portal (store app or LOB app) ·          For android: the app must be downloaded via managed Google play store Workaround is to deploy the app as required or re-install from company portal app, app configurat

Intune Hybrid to Standalone Migration - Policy Removal can take 7 days !

We have commenced  Intune Hybrid to Intune Standalone migration. We had configured iOS feature configuration - Web Content Filter for Safari browser. However, these settings were removed from the profile due to the undesired impact i.e. Unable to run Safari private mode. However, these settings were not removed from some of the devices. Policies are applied immediately but the Tattoo removal is disabled for the first 7 days of Device migration from Hybrid to Standalone.  e.g. Create a new policy to change wallpaper or Web Content Filter - It will be applied immediately. Untarget an existing policy, it will not be removed from the device until 7 days. After 7 days have passed, if Admin untargets a policy, it will be removed immediately. The intention of the delay is to keep protecting device before the device sign-in and fully managed by new Standalone MDM authority. In nutshell, please ensure policies are thoroughly tested and be mindful that policy changes may take up to 7

How to enable iOS unmanaged apps to read managed contacts & write unmanaged contacts without compromising security using Microsoft Intune

The contacts saved in Exchange is considered managed contacts. with iOS 12 onwards managed contacts are not visible from unmanaged Apps. As stated in Apple Article (  iOS 12, you can use MDM to make the following exceptions to this policy: Allow unmanaged apps to access managed contacts Allow managed apps to save contacts to the local Contacts app Microsoft Intune have introduced new feature, but it has pre-requisite to "Viewing corporate documents in unmanaged apps" to write contact to unmanaged app and "Viewing non-corporate documents in corporate apps" to read managed contacts in unmanaged app.  This can be security issue for many organisations. However, you can enable this without changing the parent policy by following trick! Go to iOS restriction settings in Intune, go to 'App Store, Doc Viewing, Gaming controls'. As highlighted above 'Allow managed apps to write contacts