Modern Device Management

A question on techcommunity prompted me to write this blog post. The question is around how to push a PDF to iOS using Intune and the first thing that came to my mind is Web clip.  For those who don't know a web clip is a URL-based bookmark associated with a policy that when applied on a mobile device, the web clip bookmark is automatically created on the home screen. For iOS there is an app type which can be used for this.  For Android, the process is slightly different, but more on that later. Let's see how one can leverage web clip to push a PDF to an iOS device.  Now as part of the solution, we are really not pushing the PDF file, but a URL link to the PDF file. I feel that the easiest way to host the PDF file for corporate use is to use a Azure blob storage and configuring the relevant permissions. I am not going to cover the steps on how to create a blob storage as the official documentation contains the relevant details, instead just cover the steps of what all is invol

  While working on a device management project, I came across the requirement of MFA during device join using Access work or school method. Nothing out of the ordinary, but it did open a discussion with the customer and one of the talking points was the enablement of MFA itself which prompted me to write this blog post. Multifactor authentication is an integral and important part of Microsoft's Zero Trust security model. The massive increase in mobile devices connecting to corporate resources resulted in evolving of the multifactor authentication system from physical smart cards to a phone-based challenge (phone-factor) and later moving into a more modern experience using the Microsoft Azure Authenticator application. This expanded to enrolling of  devices into a modern management system which checks the health of the device to control access to company resources. As of writing this blog, there are mainly 2 ways to enable MFA for device registration or join to AAD. 1. A tenant wid

If you manage and protect corporate data on end user devices, then you may have come across situations where enterprise applications may need to be given admin's consent before the policies can be applied. Through this blog, I will be demonstrating a simple admin approval workflow that you can implement in your organizational tenant to allow the use of your Azure AD identity and manage the access permissions against your enterprise apps to protect corporate data when being used by various services. For all intend and purposes, I will be using Intune App Protection Policies as an example when a user tries to access corporate data through Adobe Acrobat Reader on their BYOD. Let's start by configuring User consent settings As of writing this blog, currently there are 3 options available for controlling User consent as shown below. Microsoft recommends to allow user consent for verified publishers, but in my opinion, to ensure complete control of such requests, it is best to only a

  I recently encountered an issue while deploying new store apps in a customer's tenant. While there is ample documentation on the new store functionality, I couldn't really find anything specific to my issue and thus it prompted me to write this blog post.  When Microsoft made the announcement that the Microsoft Store for Business and Microsoft Store for Education will be retiring in 2023 and there will be no support for Microsoft Store for Business and Education on Windows 11, it triggered both excitement and concern in the technical community. The new store solution that replaced the existing store functionality is integrated with Intune and has introduced new methods for managing store apps overall. There are key improvements to the most recent Microsoft Store apps functionality over legacy functionality: • One can browse and search for store apps within Intune. • One can install and uninstall with required app deployments. • One can monitor the installation progress