Showing posts with the label iOS

Setup single sign-on to Apple devices apps and websites that use Microsoft Azure AD for authentication

Configuring Microsoft Enterprise SSO Plug-In for Apple Devices: The Microsoft Enterprise SSO plug-in enables users to sign in to apps and websites that rely on Microsoft Azure Active Directory (Azure AD) for authentication, including Microsoft 365, using a single sign-on (SSO) process. This plug-in utilizes the Apple single sign-on app extension framework to minimize the number of authentication prompts that users receive when accessing devices managed by Mobile Device Management (MDM). Additionally, any MDM that facilitates configuring SSO profiles is supported. After configuring the Microsoft Enterprise SSO plug-in, apps that support the Microsoft Authentication Library (MSAL) automatically integrate with it. However, apps that don't support MSAL can also utilize the extension, such as browsers like Safari and apps that use Safari web view APIs. To do so, simply add the application bundle ID or prefix to the extension configuration. For example, you can enable a Microsoft a

Maximising Apple Device Management with Apple Business Manager & Microsoft Intune Integration

As a Microsoft Intune expert, I can confidently say that Apple and Microsoft are better together when it comes to managing Apple iOS or macOS devices using Microsoft Intune. What is Microsoft Intune? Microsoft Intune is a powerful solution that can help secure iOS, Android, Windows, and macOS devices. With Intune, you can deploy devices with company-defined security standards, secure corporate data on devices, and improve the user experience by automating apps, configurations, and updates installations, Wi-Fi, VPN, security policies, and enforcing configuration policies. Intune can also help maintain the end-to-end device lifecycle. It is the only solution that can protect Office 365 data on devices using Application Protection Policies with or without device enrollment. What is Apple Business Manager? Apple Business Manager (ABM) is a new portal that integrates Device Enrollment Program (DEP) and Volume Purchase Programs (VPP). ABM can be beneficial in managing company-owne

Intune managed devices are receiving MAM policies configured for Unmanaged devices

You have MAM Policies for Managed and Unmanaged Devices, Intune managed devices are receiving MAM policies configured for Unmanaged devices As a rule, if you didn't configure IntuneMAMUPN for each targeted app on the managed device, App protection policy will apply to all devices whether it's managed or unmanaged. In the easy words, the target app will not understand whether it's installed on managed device or unmanaged device. After i deploy a configuration policy towards managed apps to configure the IntuneMAMUPN, issue got resolved. Add caption I have also noticed the profile is not applicable for some of the devices. As confirmed, the pre-request for app configuration policy is: ·          For iOS: the app must be downloaded via Company portal (store app or LOB app) ·          For android: the app must be downloaded via managed Google play store Workaround is to deploy the app as required or re-install from company portal app, app configurat

How to enable iOS unmanaged apps to read managed contacts & write unmanaged contacts without compromising security using Microsoft Intune

The contacts saved in Exchange is considered managed contacts. with iOS 12 onwards managed contacts are not visible from unmanaged Apps. As stated in Apple Article (  iOS 12, you can use MDM to make the following exceptions to this policy: Allow unmanaged apps to access managed contacts Allow managed apps to save contacts to the local Contacts app Microsoft Intune have introduced new feature, but it has pre-requisite to "Viewing corporate documents in unmanaged apps" to write contact to unmanaged app and "Viewing non-corporate documents in corporate apps" to read managed contacts in unmanaged app.  This can be security issue for many organisations. However, you can enable this without changing the parent policy by following trick! Go to iOS restriction settings in Intune, go to 'App Store, Doc Viewing, Gaming controls'. As highlighted above 'Allow managed apps to write contacts

Unable to add ipads to Apple DEP/Business Manager

Issue :  Unable to add device to Apple DEP Program Manually using Apple Configurator 2 Error :  Apple Configurator 2 was showing following error message: Provisional Enrollment failed. Network Communication error MCCloudConfigErrorDomain – 0x80EF (33007), The Error screenshot is shown below.  Fix: Connect ipad to wifi or mobile network and restart the enrollment process.

Microsoft Intune Configuration Check List

Make most of Microsoft Intune Check list to make most of Microsoft Intune MDM and MAM features/ In this post, I have cover the Intune MDM and MAM features that can help enterprises to improve user experience and security. I have seen multiple MDM setups where its utilisation becomes limited to email profile deployment and password policies. I hope this checklist will help to enhance the capabilities and make most of the Microsoft Intune/EMS. Please note that this checklist might not complete due to fluid nature of the cloud services, I will keep adding link of the existing resources that might help you to kick start with design, deployment and Testing. I will keep revising this list on frequent basis, please review latest Microsoft Documentation for new Intune features.       ·         Identity o    Configure Azure AD & AD Connect : Required to provision users and assign licenses ·          Device and Application Management o    Intune Standalone vs Intune H