android7Bad news for the users that are using Android devices and sometimes forget their passcode. Google is removing the ability for administrators and users to remotely reset the passcode of devices that are based on Android 7.0.

When using earlier versions of Android users could reset their passcode via the Company Portal website and admins could reset the passcodes via the Intune admin console. Is there a workaround for your users besides writing the passcode on the back of the mobile phone?

I think so! 😉 Let’s see…


Read more

1606installedToday Microsoft released the 1606 update for System Center Configuration Manager. If you have ConfigMgr 1511 or 1602 installed in your environment you should be able to see the 1606 update soon in the Updates and Servicing node of your ConfigMgr console.

After 1511 and 1602 Microsoft is again releasing a major update for ConfigMgr, very impressive and a real great accomplishment if you ask me! Already looking forward to the new major update 😉



Read more

BriForumNext week I will be speaking for the third time at BriForum. This time the event will be held at the Seaport Hotel in Boston. At this three day event I will be speaking about how to secure your apps and data with Microsoft Enterprise Mobility +Security and during the second session we will be looking what management options for Windows 10 are the best for you. Really looking forward to be back at BriForum, unfortunately the last one. 🙁

The last one since co-founder Brian Madden announced that he is taking a break after BriForum and leaving the IT industry (for a while) and TechTarget. It’s a pity that I only was able to join BriForum three times, around this event is a real great and active community is in place. A community with not only a focus on Microsoft but also Citrix, VMware and other end user computing, desktop virtualization and enterprise mobility related products. Different views, different focuses but all great minds 🙂

Brian Madden kicks off during the speaker dinner

Brian Madden last year at the speaker dinner in Denver


So the 20th BriForum will be a memorable last edition.. Keep you posted next week, and if you are in Boston be sure to stop by and say hi!

intunemaxDuring the July update of the Intune service some really nice new features will be released. Announced in the what’s new docs for July is the ability to enroll up to 15 devices per user, earlier this was 5 devices. Great for testing and great for people who are living the mobility world to the max 😉 Looking at one of my tenants this is already available.

Intune also adds support for mobile provisioning profile policies for iOS apps, normally a provisioning profile expires after 1 year, this can now be renewed via a policy.

But there is more to come;

Read more

android-compl-00In one of my tenants the new compliance rules for Android arrived last night. So as from now we are able to block users to access corporate data that have Android devices that have enabled USB Debugging, enabled the installation of apps from Unknown Sources and when users have disabled the option “Scan device for security threats”.

If you ask me three of the most wanted compliance enhancements to be able to support Android devices. Let’s have a look at how it works.

Read more

presentatie-aftrapYesterday I had the privilege to speak during the System Center Summer Night – BBQ edition from the System Center User Group Netherlands. During this session I talked about why Microsoft “moved” Configuration Manager to the servicing model, how companies should adopt it and work with it and shared some do’s and don’ts while updating Configuration Manager to for instance Current Branch.

During the session I got some questions about the telemetry data that Microsoft is gathering and using to make ConfigMgr even better :). As promised you find below the link I was referring to:

ca-logoAfter the last blog about conditional access of Outlook Web App and SharePoint Online is forcing that the Managed Browser is used when accessing the service. This last part can be done via Active Directory Federation Service (AD FS). With AD FS you are able to allow or block access based on attributes of the client that is trying to authenticate.

As part of the March update of the Managed Browser the Managed Browser is identifiable as ManagedBrowser via the UserAgent, before March the Managed Browser had a generic UserAgent.

Read more

ca-logoThe last couple of weeks I had the privilege to test a feature that has just has been announced today to be released to Microsoft Intune . Conditional access to Outlook Web App and SharePoint Online web access for mobile devices. (CA for web services like OWA and SharePoint for Windows (mobile and PC) is coming up and still in preview)

So basically when a device is not enrolled and / or not compliant Outlook Web App or SharePoint Online web access cannot be accessed via browsers on those devices. Until now this was a major hole in the conditional access story of Exchange Online and SharePoint Online.

Read more

IntuneToday Microsoft announced what is going to be released as part of the June release of Microsoft Intune. A couple of highlights I would like to mention; this time for instance conditional access for browsers is being added as part of the conditional access experience. More on this very soon (!) HERE and HERE in the next couple of blogs since I had the privilege to test this feature at my customer.

Another great enhancement is the fact that we are finally able to detect if USB Debugging, Unknown Sources are enabled and if Scan device for security threats is disabled on Android devices as part of the compliance policy! Really good news if you ask me to help securing those Android devices. (looking and pushing for this since a long time ago) Read all about it here.

See all other updates in this Doc on the new Doc website.

logos-1Today Microsoft and Lookout announced that Lookout Mobile Threat Protection  is going to be integrated with the Microsoft Enterprise Mobility Suite. With Lookout MTP you are able to identify threads in apps, viruses or apps that are threads themselves on platforms like Android and iOS.

Lookout MTP already has integration with MobileIron and Airwatch which allows for instance administrators to automatically place devices in quarantine when a thread is detected and automatically remove it after the thread has being removed. Which is great! The full feature set of the integration is not publicly available yet but I have already seen a bit and I can tell you that this will be a great addition to secure your devices and data while using the Microsoft Enterprise Mobility Suite.

Read the press release of Lookout and Microsoft here and a blog of Lookout here.

As soon as I have more information that I am allowed to share I will definitely share it here on my blog! Keep you posted!

Besides the good news released at the Citrix Synergy event, Microsoft and Citrix working together in the EMS workspace, the monthly updates for Microsoft Intune are scheduled to be applied soon. This month a lot of new features are being released. Let’s have a quick look at what is coming up!

Read more