While browsing the
new Microsoft 365 Device Management portal I noticed the following option:
“Guided scenarios (preview)”. From the What’s
new in Intune page it seems that this functionality was released in the
release of October 14th 2019.
Disclaimer: This post is written on Oktober 29th 2019 and reflects the state of this functionality at this point in time.
So, what’s a guided
scenario, you might ask, Microsoft explains it as following: “A guided scenario is an end-to-end experience in
Intune where you can tackle a big task, in a single workflow. Assemble
policies, apps, assignments, and other management objects into a reusable
collection that you can deploy as many times as you want.”
Technically, Guided scenario’s provide a way to create a policy set based on a scenario, something I already blogged about here: “So what are policy sets?“
Intune at my customers I rarely encounter green field implementations where
computers and mobile devices are newly delivered and no data needs to be
restored on the device. Most of the time, the devices are already in use and we
need to figure out some strategy to deal with the data from the device, before
we re-install the device and bring it under management.
For iOS devices I
recently did some testing about the possiblities of restoring iTunes backup to
devices which are re-enrolled into Intune, therefore receiving a Management
Starting with the Intune
release from October 14th 2019, Microsoft made available a new
functionality called “Policy Sets”.
Even though there a now (at time of writing this article) still in
preview, they are a very welcome addition to the Intune options available.
In my blog article series on Conditional Access Demystied I mentioned that Conditional Access can be used to route sessions toward Microsoft Cloud App Security (MCAS). In this article I will go into more detail on what MCAS is, and how to setup Conditional Access App Control.
Disclaimer: This article discusses the full option MCAS product, there are some other flavors providing partial functionality like Office 365 Cloud App Security and Cloud App Discovery (CAD). For information about licensing, see the Microsoft Cloud App Security licensing datasheet.
TL;DR; – When reinstalling Windows on a Surface Pro 6 and it fails, make sure that you “temporarely” disable the ” Enable boot configuration lock” option and try again.
At one of my
customers we are using MDT to install Surface Pro 6 devices in order to make
sure that the latest version of Windows 10 is available when starting the Out
of the Box Experience (OOBE).
While testing this solution, we experienced some machines starting to fail to install Windows 10, where MDT would exit with the following error code: Litetouch deployment failed, Return Code = -2147467259 0x80004005
In Q1 2017 Microsoft
released the Pass Through Authentication (PTA) functionality as part of Azure
AD connect. With the release of Azure Active Directory (Azure AD) Pass-through
Authentication allowed for your users to sign in to both on-premises and cloud-based
applications using the same passwords without the need to implement a Active
Directory Federation Services (ADFS) environment.
With this options we
now have the following authentication options available when setting up a hyrid
When you want to integrate other products into your Conditional Access
environment you can use “Custom controls” to include products from
other vendors into your Conditional Access conditions. If a custom control is
used the browser is redirected to the external service, performs any required
authentication or validation activities, and is then redirected back to Azure
Active Directory. If the user was successfully authenticated or validated, the
user continues in the Conditional Access flow. More information and some
samples can be found here: Azure AD + 3rd party MFA = Azure AD Custom Controls
– https://blogs.technet.microsoft.com/cbernier/2017/10/16/azure-ad-3rd-party-mfa-azure-ad-custom-controls/. This feature is still in preview
but very promising for 3rd party vendors who want to integrate with Conditional
each conditional access policy created, we will create an exclusion group, so
that we can deal with exceptions in our environment. These exception groups
will be setup with Access review functionality (if available) to make sure that
the membership of these groups are evaluated on a regular basis.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.