Azure AD Premium–Gartner Visionary Rating after only 10 Months

Joe Kuster

Since it’s initial release, I’ve been pretty sold on Azure AD Premium having the most complete vision for Hybrid Identity management, and it’s good to see that I’m not alone Smile

Gartner has released their Magic Quadrant for Identity and Access Management as a Service, Worldwide study and listed Microsoft Azure AD Premium in an incredibly strong position, especially considering the product has only been on the market for around 10 months.

Good job MS, keep it up.

Don’t Panic! Microsoft is changing Intune app deployment for Android

Joe Kuster

Fairly self explanatory, but basically, yes, you’ll need to download the Company Portal to get apps for Android.

In September 2015, the Microsoft Intune Company Portal website will stop supporting app installation and management for Android devices that run versions 4.0 and later. Users that run an affected version must install the Company Portal app from Google Play to browse for, and install apps. Because the Company Portal app does not support Android versions earlier than 4.0, the Company Portal website will continue to provide app browsing and installation capabilities for Android versions 2.X and 3.X.
View this alert in the Microsoft Intune console:{AL=1941276}

April Intune Updates include…

Joe Kuster

Windows Phone gets some love, Android gets Productive, and iOS gets Roaming #EnterpriseMobility

New Intune standalone (cloud only) features that will be made available as part of this update include:

  • Management of Office mobile apps (Word, Excel, and PowerPoint) for Android tablets.
  • Ability to restrict access to Exchange on-premises for Exchange ActiveSync clients on Android devices
  • Ability to create WiFi profiles with pre-shared keys (PSK) for Android devices
  • Ability to resolve certificate chains on Android devices without the need to deploy each intermediate certificate individually
  • Deployment of .appx bundles to Windows Phone 8.1 devices
  • Management of Work Folders app for iOS devices
  • Updated Endpoint Protection agent for managing Windows PCs
  • Ability to manage Windows Defender on Windows 10 PCs running Windows 10 Technical Preview without need for separate Microsoft Intune Endpoint Protection agent to be installed
  • Combined Microsoft Intune Company Portal websites for PCs and mobile devices to provide a more consistent user experience across platforms
  • Added Windows and Windows Phone Company Portal apps to the Microsoft Download Center to provide an additional option for accessing these app downloads
  • Enhanced user interface for overview pages within Intune admin console

User Available .MSI and .EXE Deployments in Intune are Not Showing Up

Joe Kuster

Have you created software deployments as available for your users, but the software isn’t showing up in their Company Portal for Intune? It may be how their PC was joined to Intune. #EnterpriseMobility #EMS

Functionality for available user deployments of .msi and .exe files for Windows 8 / 8.1 depend on the Intune Agent. However, if you have joined a PC via the Company Portal Application instructions, instead of having the full agent, you have joined via an Open Mobile Alliance – Device Management (OMA-DM) method instead of the more fully featured Intune Agent.

So how do you get the agent?

Log into:

Click Add Device in the upper right

2015-04-15 20_07_57-Microsoft Intune_ Home Page

Click Download software 

2015-04-15 20_07_52-Microsoft Intune_ Enroll your computer

Extract the files, making certain that the certificate file is in the same folder as the .exe, then run the executable.


Complete the wizard


Log out and log back into the company portal to see if this has fixed your issue.


Applies to Windows 8, Windows 8.1, Intune, EMS

RemoteApp Built from Azure–No More Massive Uploads

Joe Kuster

Microsoft has finally released a new machine in the virtual machine gallery which streamlines creating a Azure RemoteApp server. The process is mostly the same, just minus the massive upload from on-premises to Azure. The last time I published a new RemoteApp template it was 16 hours of upload for an 80 Gb VM. Glad this is finally fixed! #RemoteApp

Never manually change your Social Media password again with Azure AD automated password roll-over

Joe Kuster

It’s been said that the only way to keep a secret is if you tell no one, including yourself. Building on their existing success with single sign-on for social media, Azure AD now can automatically provide the same convenience of only having to log into your corporate identity while automatically rolling over secure passwords for your corporate social media accounts – usually one of the most vulnerable (and sought after) accounts.

To use it, just assign an application such as Facebook, Twitter or Linked in to a user, selecting the option to provide the credentials for them.


Next choose your frequency of password roll over.


Presto: Two clicks and you’ve enhanced your social media security. The single sign-on capability will automatically update your users access as needed.

Azure AD Premium Now Supports AD Scoping and Attribute Mapping

Joe Kuster

When adding applications to the MyApps portal within Azure AD Premium, you will now notice a new Attributes tab. Under this tap you can modify the Active Directory field mapping to the destination application. Additionally, the new scoping allows for more dynamic filtering without creating numerous AD security groups. Good Job MS, Keep it up! #EMS #EnterpriseMobility



March Feature enhancements for Intune

Joe Kuster

March brings yet another awesome round of updates. This months release includes:

  • Ability to streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP)
  • Ability to restrict access to SharePoint Online and OneDrive for Business based upon device enrollment and compliance policies
  • Management of OneDrive apps for iOS and Android devices
  • Ability to deploy .appx files to Windows Phone 8.1 devices
  • Ability to restrict the number of devices a user can enroll in Intune

EMS for Everyone!

Joe Kuster

Microsoft announced that the licensing model around the Enterprise Mobility Suite is going to be changed on March the first, until now EMS is part of the Enterprise Agreement, but individual components could be purchased ala-carte.

Starting next week, EMS will be part of open license model.

Additionally, Microsoft Action Pack subscribers, along with Silver and Gold competency partners, will receive access to EMS and Azure AD Basic as part of their Internal Use Rights benefits.

More at: