Modern Device Management

Source: Microsoft When Universal Print was announced in private preview for macOS platform at Ignite 2023 , cross platform support for print management in the cloud became a reality. With the feature being moved into public preview  recently, it showcased Microsoft's commitment to lower the barrier of entry to cloud computing and digital transformation. What is Universal Print and how does it work for macOS? Universal Print is a cloud-based printing solution that uses built-in cloud printers, built-in legacy printers, and runs entirely in Microsoft Azure. When Universal Print is deployed with Universal Print-compatible printers, it doesn't require any additional on-premises infrastructure. Just like other Azure connectors, Universal Print connector is installed on a host device as part of the configuration. In case of macOS, the Universal Print functionality is possible after installing the Universal Print app. This can either be installed administratively or manually by the e...

Let me start by saying that at the time of writing this blog, there is no official Microsoft Visio application for macOS devices. So does that mean macOS users cannot use Visio at all? Luckily, there is a way. Microsoft has a web\browser version of Visio that is light weight that doesn't require any installation and can be used on multiple OS platforms, including macOS. The web version has the url Visio.office.com . Now, there are multiple ways of making the web url available to end users on macOS. If you are using Intune to manage the macOS devices, then you can use Web clips to achieve this very task. It aligns with managed apps framework and easy to manage. A quick word on Web clips - As per the conventional definition, a web clip is nothing but a a web app which normally functions as a client-server application. The server provides the web app, which includes the UI, content, and functionality. Intune supports a variety of app types, including web apps and in case of macOS, Int...

When it comes to managing devices using Intune, organization can either enroll using MDM (Mobile Device Management) and\or MAM (Mobile Application Management). Normally, most organizations go for MDM for managing corporate devices and MAM for managing BYO devices. In case of MDM, enrollments involving manufacturer and OS version, as shown below - But how do you this in MAM? Well the answer lies in the A pp P rotection P olicy (APP). Conditional launch settings validate aspects of the app and device prior to allowing the user to access work or school account data, or if necessary, remove the work or school account data. APP consists of many conditional launch parameters and I am going to cover 2 scenarios for Android and iOS OS platforms. APP Conditional Launch using Manufacturer Let's say an organization wants to restrict MAM enrollments against Samsung BYO devices only. This can be achieved by configuring the Device Manufacturer(s) setting under Conditional launch as shown below ...

  I recently implemented MDE for Android Work profile devices for a customer and as part of the requirements, the customer wanted to extend Defender management to Personal profile to meet their data protection IT security policies. In this blog, I explore the configuration and cover specifics involving data protection and privacy controls for personal profile in Android Enterprise. Defender for Endpoint for mobile devices has been around for sometime now. I had covered the details of MDE onboarding for Android devices back in 2022 and it still holds up. While organizations can leverage the MAM scenario to onboard personal devices on MDE, it doesn't cover all the device management capabilities as compared to enrollment into an MDM solution like Intune. To address both data protection and end user privacy requirements of an organization, the Defender management under work profile can also be extended to personal profile. This way organizations can collect the necessary information t...