Deploy MSI apps through the new Intune Portal

Standard

With Microsoft Intune we can deploy MSI applications to MDM enrolled Windows 10 devices. This functionality is already available within the ‘old’ Microsoft Intune portal. In the early days of the new portal (https://portal.azure.com) it was not possible to add the MSI applications through the new portal. Microsoft has now added this functionality to the new portal. This blogpost shows how you can easily add the application through the new portal. Based on my experience the process is improved and the whole experience is much better than the old portal infrastructure.

Continue reading

Configure Trusted Sites in Internet Explorer Through a MDM Deployed GPO

Standard

With Windows 10 1703 (Creators Update) we now have the possibility to configure settings through a MDM deployed Group Policy Object. In this blogpost I explained how to configure the App-V client with these new capabilities. Within this blogpost you can also find the basics about deploying a GPO through a MDM solution. Since my preffered MDM solution is Microsoft Intune my blogposts will only cover the steps needed to configure these settings through Microsoft Intune. In this blogpost I want to cover the scenario to configure the Trusted Sites on a Windows 10 1703 machine through a MDM deployed GPO.

Continue reading

Configure the App-V client through a MDM Deployed GPO

Standard

In this blogpost, I want to describe how the new MDM Group Policy functionality can be used to configure your Windows 10 workstation. With the Windows 10 Creators Update we’ve the possibility to deploy and apply Group Policy objects through the MDM channel. This means that the policy configuration support in Windows 10 will be expanded to allow access of select Group Policy administrative templates (ADMX-backed policies) for Windows PCs via the Policy configuration service provider (CSP). In this blogpost, I want to use this new functionality to activate and configure the App-V client on a Windows 10 MDM Managed workstation.

Continue reading

AzureAD Conditional Access and RDS Session Hosts

Standard

The last couple of weeks I was thinking about could a RDS environment be used together with Device Based Conditional Access (CA) provided by AzureAD and Microsoft Intune. With AzureAD CA you can configure this based on the user, the device of the user, the application and the risk of the request. This blogpost only covers Device Based Conditional Access. When Conditional Access for Devices is configured the devices either need to be domain joined (AD and AzureAD) or compliant to the configured compliance policies. These policies need to be configured within Microsoft Intune or System Center Configuration Manager. This blogpost will focus specific on the use of RDS 2016 Session Hosts together with Conditional Access.
Continue reading