Difference between revisions of "Intune"
Jump to navigation
Jump to search
| (6 intermediate revisions by the same user not shown) | |||
| Line 31: | Line 31: | ||
=Enrollment= | =Enrollment= | ||
| − | =MFA= | + | ==MFA== |
*https://docs.microsoft.com/en-us/intune/multi-factor-authentication | *https://docs.microsoft.com/en-us/intune/multi-factor-authentication | ||
| Line 37: | Line 37: | ||
*https://docs.microsoft.com/en-us/intune/apple-configurator-enroll-ios | *https://docs.microsoft.com/en-us/intune/apple-configurator-enroll-ios | ||
*https://techcommunity.microsoft.com/t5/Intune-Customer-Success/How-To-Enroll-any-iOS-11-or-above-device-using-the-Apple-Device/ba-p/280068 | *https://techcommunity.microsoft.com/t5/Intune-Customer-Success/How-To-Enroll-any-iOS-11-or-above-device-using-the-Apple-Device/ba-p/280068 | ||
| − | |||
==Android== | ==Android== | ||
==Windows== | ==Windows== | ||
| + | ===Status=== | ||
| + | AD Join - Corporate | ||
| + | Workplace Join - BYOD | ||
| + | |||
[https://docs.microsoft.com/en-us/windows/client-management/mdm/mdm-enrollment-of-windows-devices#connecting-your-windows-10-based-device-to-work-using-a-deep-link Deeplink] | [https://docs.microsoft.com/en-us/windows/client-management/mdm/mdm-enrollment-of-windows-devices#connecting-your-windows-10-based-device-to-work-using-a-deep-link Deeplink] | ||
ms-device-enrollment:?mode={mode_name} | ms-device-enrollment:?mode={mode_name} | ||
Example = ms-device-enrollment:?mode=mdm | Example = ms-device-enrollment:?mode=mdm | ||
| + | |||
| + | ===AutoPilot=== | ||
| + | #https://docs.microsoft.com/en-us/intune/enrollment-autopilot | ||
| + | #https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot | ||
| + | #https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo/1.2/DisplayScript | ||
| + | |||
| + | *https://docs.microsoft.com/en-us/windows/client-management/mdm/mdm-enrollment-of-windows-devices | ||
===Troubleshooting=== | ===Troubleshooting=== | ||
| Line 53: | Line 63: | ||
*https://github.com/jchri/ProbeTLSforATS | *https://github.com/jchri/ProbeTLSforATS | ||
*https://social.technet.microsoft.com/Forums/en-US/130f178f-b067-4979-acd7-dc3a4a22e36c/cannot-enroll-a-device-in-mdm-intune-with-standard-domain-user-account?forum=microsoftintuneprod | *https://social.technet.microsoft.com/Forums/en-US/130f178f-b067-4979-acd7-dc3a4a22e36c/cannot-enroll-a-device-in-mdm-intune-with-standard-domain-user-account?forum=microsoftintuneprod | ||
| + | |||
| + | ====Enum Type==== | ||
| + | *https://docs.microsoft.com/en-us/graph/api/resources/intune-shared-deviceenrollmenttype?view=graph-rest-1.0 | ||
| + | *https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/v1.0/resources/intune-devices-deviceenrollmenttype.md | ||
| + | *https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/beta/resources/intune-enrollment-enrollmentstate.md | ||
=Device Compliance= | =Device Compliance= | ||
*https://azureinfohub.azurewebsites.net/contentitems/Details/593295 | *https://azureinfohub.azurewebsites.net/contentitems/Details/593295 | ||
| + | *https://docs.microsoft.com/en-us/intune/compliance-policy-create-android-for-work#encryption | ||
=Remote Tasks= | =Remote Tasks= | ||
| Line 89: | Line 105: | ||
*https://social.technet.microsoft.com/Forums/en-US/c99f5efd-50c5-4a69-b500-261da97011f7/intune-conditional-access-named-locations-trusted-ips-not-working | *https://social.technet.microsoft.com/Forums/en-US/c99f5efd-50c5-4a69-b500-261da97011f7/intune-conditional-access-named-locations-trusted-ips-not-working | ||
*https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition | *https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition | ||
| + | *https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser#conditional-access-for-protected-browsers | ||
==Email settings== | ==Email settings== | ||
| + | *https://docs.microsoft.com/en-us/intune/email-settings-ios | ||
*https://docs.microsoft.com/en-us/intune/email-settings-configure | *https://docs.microsoft.com/en-us/intune/email-settings-configure | ||
*https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/create-exchange-activesync-profiles | *https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/create-exchange-activesync-profiles | ||
| Line 96: | Line 114: | ||
*https://blogs.technet.microsoft.com/configmgrdogs/2017/10/31/android-7-nougat-removes-remote-password-reset/ | *https://blogs.technet.microsoft.com/configmgrdogs/2017/10/31/android-7-nougat-removes-remote-password-reset/ | ||
*https://social.technet.microsoft.com/Forums/en-US/e21f6ae1-8977-486d-8ab5-88cd1c94385b/office-365-email-profile-push-from-intune-to-ios-device-configuration-for-users-with-mfa?forum=microsoftintuneprod | *https://social.technet.microsoft.com/Forums/en-US/e21f6ae1-8977-486d-8ab5-88cd1c94385b/office-365-email-profile-push-from-intune-to-ios-device-configuration-for-users-with-mfa?forum=microsoftintuneprod | ||
| + | *https://docs.microsoft.com/en-us/intune/exchange-service-connector-configure#set-up-the-service-to-service-connector | ||
==OMA-URI== | ==OMA-URI== | ||
| Line 101: | Line 120: | ||
==Mobile Apps== | ==Mobile Apps== | ||
| + | |||
| + | ===App Protection Exceptions=== | ||
| + | *[https://docs.microsoft.com/en-us/intune/app-protection-policies-exception How to create exceptions to the Intune Mobile Application Management (MAM) data transfer policy] | ||
| + | *[https://support.microsoft.com/en-us/help/4294074/how-to-find-the-bundle-id-for-an-ios-app How to find the bundle ID for an iOS app] | ||
===Troubleshooting=== | ===Troubleshooting=== | ||
| Line 106: | Line 129: | ||
*https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Error-Codes-For-Troubleshooting-App-Installation-Issues/ba-p/280113 | *https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Error-Codes-For-Troubleshooting-App-Installation-Issues/ba-p/280113 | ||
*https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Intune-email-profiles-and-certificates/ba-p/281419 | *https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Intune-email-profiles-and-certificates/ba-p/281419 | ||
| + | *https://docs.microsoft.com/en-us/intune/troubleshoot-company-resource-access-problems | ||
| + | |||
| + | =PowerShell= | ||
| + | *https://github.com/microsoftgraph/powershell-intune-samples | ||
| + | |||
| + | Set-ExecutionPolicy Unrestricted | ||
| + | Set-ExecutionPolicy Restricted | ||
| + | |||
| + | *Install-Module AzureAD | ||
| + | *Install-Module WindowsAutoPilotIntune | ||
| + | *Import-Module WindowsAutoPilotIntune | ||
| + | *Connect-AutopilotIntune (Has been deprecated) Use: Connect-MSGraph | ||
| + | *Get-AutoPilotDevice | ||
| + | |||
| + | =GraphAPI= | ||
| + | *https://developer.microsoft.com/en-us/graph/graph-explorer# | ||
=Development= | =Development= | ||
Latest revision as of 23:53, 31 August 2020
What's New/Blogs
Creating your tenant
Trials
Sign up for trials:
- Intune (30 Days) - https://docs.microsoft.com/en-us/intune/free-trial-sign-up
- EMS (90 Days) - https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-trial
- O365 E3 - https://products.office.com/en-us/business/office-365-enterprise-e3-business-software
Network Requirements
https://docs.microsoft.com/en-us/intune/network-bandwidth-use
Configuring your tenant
Obtaining and installing Apple APN
https://docs.microsoft.com/en-us/intune/apple-mdm-push-certificate-get
- Azure Portal
- Intune Blade
- Manage -> Device Enrollment
- Apple enrollment
- Manage -> Device Enrollment
Mobile Application Management (MAM)
- Intune
- Mobile Apps
- App Protection Policies
Enrollment
MFA
iOS
- https://docs.microsoft.com/en-us/intune/apple-configurator-enroll-ios
- https://techcommunity.microsoft.com/t5/Intune-Customer-Success/How-To-Enroll-any-iOS-11-or-above-device-using-the-Apple-Device/ba-p/280068
Android
Windows
Status
AD Join - Corporate Workplace Join - BYOD
ms-device-enrollment:?mode={mode_name}
Example = ms-device-enrollment:?mode=mdm
AutoPilot
- https://docs.microsoft.com/en-us/intune/enrollment-autopilot
- https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot
- https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo/1.2/DisplayScript
Troubleshooting
- https://blogs.technet.microsoft.com/configmgrdogs/2018/08/09/troubleshooting-windows-10-intune-policy-failures/
- https://social.technet.microsoft.com/Forums/en-US/130f178f-b067-4979-acd7-dc3a4a22e36c/cannot-enroll-a-device-in-mdm-intune-with-standard-domain-user-account?forum=microsoftintuneprod
- https://support.microsoft.com/en-us/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune
- https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Meeting-Apple-s-New-Requirements-for-Application-Transport/ba-p/279944
- https://github.com/jchri/ProbeTLSforATS
- https://social.technet.microsoft.com/Forums/en-US/130f178f-b067-4979-acd7-dc3a4a22e36c/cannot-enroll-a-device-in-mdm-intune-with-standard-domain-user-account?forum=microsoftintuneprod
Enum Type
- https://docs.microsoft.com/en-us/graph/api/resources/intune-shared-deviceenrollmenttype?view=graph-rest-1.0
- https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/v1.0/resources/intune-devices-deviceenrollmenttype.md
- https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/api-reference/beta/resources/intune-enrollment-enrollmentstate.md
Device Compliance
- https://azureinfohub.azurewebsites.net/contentitems/Details/593295
- https://docs.microsoft.com/en-us/intune/compliance-policy-create-android-for-work#encryption
Remote Tasks
- Intune – Passcode Reset and Microsoft PIN Reset Service
- Reset the passcode on Windows devices using Intune
Other
Android Enterprise
Work Profile
Logs
- Event Viewer
- View Menu
- View Analytic and Debug Logs
- Applications and Services Logs
- Microsoft
- Windows
- DeviceManagement-Enterprise-Diagnostics=Provider
- Debug
- Enable Log and preform actions
Audit Logs
Conditional Access
- https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditions#legacy-authentication
- https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
- https://docs.microsoft.com/en-us/intune/conditional-access
- https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition#location-condition-configuration
- https://social.technet.microsoft.com/Forums/en-US/c99f5efd-50c5-4a69-b500-261da97011f7/intune-conditional-access-named-locations-trusted-ips-not-working
- https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
- https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser#conditional-access-for-protected-browsers
Email settings
- https://docs.microsoft.com/en-us/intune/email-settings-ios
- https://docs.microsoft.com/en-us/intune/email-settings-configure
- https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/create-exchange-activesync-profiles
- https://docs.microsoft.com/en-us/intune/exchange-connector-install
- https://blogs.technet.microsoft.com/configmgrdogs/2017/10/31/android-7-nougat-removes-remote-password-reset/
- https://social.technet.microsoft.com/Forums/en-US/e21f6ae1-8977-486d-8ab5-88cd1c94385b/office-365-email-profile-push-from-intune-to-ios-device-configuration-for-users-with-mfa?forum=microsoftintuneprod
- https://docs.microsoft.com/en-us/intune/exchange-service-connector-configure#set-up-the-service-to-service-connector
OMA-URI
Mobile Apps
App Protection Exceptions
- How to create exceptions to the Intune Mobile Application Management (MAM) data transfer policy
- How to find the bundle ID for an iOS app
Troubleshooting
- https://blogs.technet.microsoft.com/microscott/intune-app-installation-reports-explained/
- https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Error-Codes-For-Troubleshooting-App-Installation-Issues/ba-p/280113
- https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Intune-email-profiles-and-certificates/ba-p/281419
- https://docs.microsoft.com/en-us/intune/troubleshoot-company-resource-access-problems
PowerShell
Set-ExecutionPolicy Unrestricted Set-ExecutionPolicy Restricted
- Install-Module AzureAD
- Install-Module WindowsAutoPilotIntune
- Import-Module WindowsAutoPilotIntune
- Connect-AutopilotIntune (Has been deprecated) Use: Connect-MSGraph
- Get-AutoPilotDevice