tag:blogger.com,1999:blog-4344063455110164362Fri, 27 Mar 2026 23:23:24 +0000ConfigMgrSCCMIntuneSystem Center 2012Mobile Device ManagementEMSEnterprise Mobility SuiteMDMConfiguration ManagerR2Mobile Application ManagementAzureMAMCurrent BranchWindows 10MEMM365Windows 8 Phones1511Azure Active Directory PremiumCMGCloud Management GatewayMicrosoft Endpoint ManagermacOSSystem CenterAndroidAutoPilotDirect AccessEndpoint ProtectionSCEPiOSImagingWVDWindows 8MBAMMDTADKAzure AD PremiumPowerShellSecuniaSoftware UpdatesWindows Virtual Desktop1EEndpoint ManagerRights ManagmentAppleBitLockerCSILinuxNomadDefenderMSIntuneRMSSQLThird Party patchingWindows 716021610AgentsAzure Active DirectoryCSPCopilotHAADJOn premise MDMSaaSWSfB1909Azure ADBackupCD.LatestCDPCloud Distribution PointConditional AccessDefenderforEndpointEasy SetupEntraFSLogixGlobalSecureAccessMDEMEMCMManagement PointMigrationOSDService Connection PointUpgradeVPPWAIKWMUGWiFi ProfileWindows Defender ATPWoLco-managementcomanagementenrollment1706180318102002APPActivationApple Business ManagerAzure MonitorAzure StorageBaselineBookCloud App DiscoveryCloud PKICloudNativeEAEBFEPAEdgeEndpoint AnalyticsEntraPrivateAccessFileVaultFlexeraIntune suiteLAPSM365 EMacMandatory ProfileMicrosoft365appsNDESOMSOfficePKGPXEPoSHPower BIRecoveryRestoreSecurity CopilotSysprepTelemetryUpgrade ReadinessVPN ProfileWSUSWin32Windows10Windows11Zebraencryptionhybridin place upgradekiosklanguage packmodernsearchGerry Hampson Device Managementhttp://gerryhampsoncm.blogspot.com/noreply@blogger.com (Gerry Hampson)Blogger388125tag:blogger.com,1999:blog-4344063455110164362.post-1515748931978624407Sat, 03 Jan 2026 15:28:00 +00002026-01-03T15:28:56.809+00:00AgentsCopilotIntuneM365This is the third is a series of blog posts about Intune Agents. Intune Agents (also known as Security Copilot agents) are AI-powered assistants, available in the Intune Admin Center, that enhance enterprise security. They automate tasks for endpoint protection, identity management, threat intelligence, and device configuration, and they help IT teams quickly address vulnerabilities, policy http://gerryhampsoncm.blogspot.com/2026/01/my-first-look-at-intune-agents-part3.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-1749341572893893691Wed, 17 Dec 2025 17:50:00 +00002026-01-03T15:32:54.433+00:00AgentsCopilotIntuneM365This is a continuation of the blog post I published last week. In that post I had my first look at Intune Agents and looked more closely at the Change Review Agent. This time I'll be looking at the Device Onboarding Agent. This agent identifies stale devices across Intune and Entra ID, provides actionable insights, and offboards stale devices for you.Some things to know:To run an Agent,http://gerryhampsoncm.blogspot.com/2025/12/my-first-look-at-intune-agents-continued.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-2708290355746438006Sat, 13 Dec 2025 20:39:00 +00002026-01-03T15:31:43.560+00:00AgentsCopilotIntuneM365 ESecurity CopilotUnless you've been sleeping for the past year you'll have heard about Microsoft's Copilot offering. There are different flavours: M365 Copilot, Security Copilot, GitHub Copilot etc. I'm an Intune guy, so I'm mostly interested in Security Copilot. In this blog post I'll discuss how to get started and my first look at the Intune Agents, which are in Public Preview and use Security Copilot under thehttp://gerryhampsoncm.blogspot.com/2025/12/my-first-look-at-intune-agents.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-4637940586553410391Sat, 26 Jul 2025 13:56:00 +00002025-07-26T14:56:36.415+01:00AutoPilotenrollmentEntraIntuneM365I was setting up a new demo tenant for testing this week and I encountered something I hadn't seen before. I had configured an Autopilot solution using deployment profiles but experienced this problem during testing.I could see that my test device had been assigned a profile.This was validated when I saw the Company Branding on the test device.However I received the error:"Something went wrong. http://gerryhampsoncm.blogspot.com/2025/07/autopilot-this-user-is-not-authorized.htmlnoreply@blogger.com (Gerry Hampson)3tag:blogger.com,1999:blog-4344063455110164362.post-3524700444438525957Fri, 18 Apr 2025 16:09:00 +00002025-04-18T17:09:11.605+01:00AppleIntuneiOSmacOSSoftware UpdatesWe've been able to configure software update policies on iOS and macOS devices for a while, right. However this is new and different, released in March 2025 (Service release 2503). "Managed software updates" means something very specific. We can now configure devices to automatically update to the latest OS version using Apple Declarative device management.Declarative device management (DDM) is http://gerryhampsoncm.blogspot.com/2025/04/managed-software-updates-on-apple.htmlnoreply@blogger.com (Gerry Hampson)2tag:blogger.com,1999:blog-4344063455110164362.post-3338476528962044079Sat, 12 Apr 2025 15:35:00 +00002025-04-12T16:43:59.011+01:00CloudNativeIntuneM365In the past year my colleagues and I have helped many customers to prepare their environments for cloud native devices. What is a cloud native device? It's a device where all management is provided by the cloud. In the Microsoft world this means a device which is Entra joined and enrolled in Intune. The key here is the authentication. The device must authenticate with Entra. Entra hybrid http://gerryhampsoncm.blogspot.com/2025/04/on-premises-printing-with-cloud-native.htmlnoreply@blogger.com (Gerry Hampson)7tag:blogger.com,1999:blog-4344063455110164362.post-2599443316297786045Sat, 08 Mar 2025 19:06:00 +00002025-03-08T19:07:46.107+00:00IntuneM365macOSBack to main macOS pageRapid Security Responses (RSR) are a type of software release for iPhone, iPad, and MacOS devices. They deliver important security improvements between major software updates. They can also be used to mitigate some security issues more quickly. Rapid Security Responses are supported for versions starting with iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1.By default, Apple http://gerryhampsoncm.blogspot.com/2025/03/apple-rapid-security-response-and-intune.htmlnoreply@blogger.com (Gerry Hampson)1tag:blogger.com,1999:blog-4344063455110164362.post-3844579048776926106Fri, 07 Feb 2025 12:55:00 +00002025-02-07T13:01:54.104+00:00IntuneM365NDESSCEPI was working with a new customer recently and they pointed out that they were having a problem with NDES. What is NDES? The Network Device Enrollment Service (NDES) is one of the role services of Active Directory Certificate Services (AD CS). NDES acts as a Registration Authority to enable devices running without domain credentials to get certificates from the internal Certificate http://gerryhampsoncm.blogspot.com/2025/02/help-ndes-is-broken.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-2365412035884462632Fri, 20 Sep 2024 18:15:00 +00002024-09-20T19:25:40.929+01:00EPAGlobalSecureAccessIntuneEntra Private Access enables secure access over the Internet to any on-premises application, based on any port or protocol that uses TCP or UDP.I previously published a blog post on my first look at Entra Private Access. In that post I showed how to configure enterprise applications to allow RDP and filesharing to on-premises resources. In this blog post I want to show how I configured http://gerryhampsoncm.blogspot.com/2024/09/entra-private-access-and-exchange-on.htmlnoreply@blogger.com (Gerry Hampson)1tag:blogger.com,1999:blog-4344063455110164362.post-5294528134425466873Thu, 23 May 2024 14:47:00 +00002024-05-23T15:52:47.093+01:00Cloud PKIIntuneIntune suiteM365This is incredible. I have experience with deploying PKI solutions in the past and it can be time-consuming and complex. My customer has a requirement to encrypt email but they have no internal PKI. I wanted to see how this could be achieved with the new Intune Cloud PKI. I was amazed, I was able to configure the entire solution in my lab in less than 15 minutes and now I can concentrate on the http://gerryhampsoncm.blogspot.com/2024/05/secure-email-with-intune-cloud-pki-in.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-1746200813761201222Wed, 27 Mar 2024 17:55:00 +00002024-03-27T17:58:10.267+00:00IntuneM365MacBack to main macOS pageYou can set up Find My on your Mac so you can locate it and protect it if it’s ever lost or stolen. You can also share your location with others. When you add your Mac to Find My, Activation Lock is automatically turned on. After it's enabled, the user's Apple ID and password must be entered before anyone can:Turn off Find My MacErase the deviceReactivate the deviceWhile http://gerryhampsoncm.blogspot.com/2024/03/macos-management-with-intune-activation.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-7213396211052433434Tue, 19 Mar 2024 23:34:00 +00002024-03-19T23:34:24.024+00:00IntuneM365macOS Back to main macOS pageNext up we'll talk about Gatekeeper. By default, Gatekeeper helps to ensure that all macOS installed software has been signed by the App Store or signed by a registered developer and notarized by Apple. It verifies that the software is free of known malicious content and hasn’t been altered.We'll start with a macOS configuration profile. Navigate to Devices > macOS >http://gerryhampsoncm.blogspot.com/2024/03/macos-management-with-intune-gatekeeper.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-2148436944611763313Fri, 08 Mar 2024 10:05:00 +00002024-05-22T13:23:52.825+01:00EntraEntraPrivateAccessGlobalSecureAccessIntuneM365Flexible work arrangements and accelerating digital transformation have changed the way we need to secure access. Organizations need an easier, more agile approach to protecting access to all applications and resources. Traditional network security approaches like VPNs don’t scale to these modern demands, they don’t give end users a good experience, and they grant excessive access to the entire http://gerryhampsoncm.blogspot.com/2024/03/first-look-at-microsoft-entra-private.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-4934523819040418915Tue, 14 Nov 2023 12:51:00 +00002023-11-14T12:51:41.504+00:00IntuneM365macOSBack to main macOS pageCompliance policies in Intune define the rules and settings that users and devices must meet to be compliant. They include actions that apply to devices that are noncompliant. Compliance policies can be combined with Conditional Access, which can then block users and devices that don't meet the rules.First I want to figure out what configurations I can make in my compliancehttp://gerryhampsoncm.blogspot.com/2023/11/macos-management-with-intune-compliance.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-3614574349540800886Tue, 14 Nov 2023 12:11:00 +00002023-11-14T12:11:14.707+00:00IntuneM365macOSPKGBack to main macOS pagePKG files are compressed installer files that are used to install macOS applications. Intune can deploy these apps to managed macOS devices where the file is smaller than 2GB. The Microsoft Intune management agent for macOS is also required.The PKG file for Google Chrome can be downloaded from hereSelect Apps > macOS apps > Add. Under the Other app types, select http://gerryhampsoncm.blogspot.com/2023/11/macos-management-with-intune-pkg-apps.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-1944367099697275782Tue, 14 Nov 2023 11:55:00 +00002023-11-14T12:01:49.045+00:00EdgeIntuneM365macOSBack to main macOS pageOne of the available Intune app types for macOS is Microsoft Edge version 77 and later. To help keep Edge more secure and up to date, the app comes with Microsoft AutoUpdate (MAU), more about this in a later blog post.Select Apps > macOS apps > AddSelect Microsoft Edge, version 77 and later for macOSEdit app details as required and click Next.Select the Stable channelhttp://gerryhampsoncm.blogspot.com/2023/11/macos-management-with-intune-microsoft_14.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-681766065217818279Tue, 14 Nov 2023 11:39:00 +00002023-11-14T11:39:54.981+00:00IntuneM365macOSMicrosoft365appsOfficeBack to main macOS pageIntune makes it very easy for you to assign Microsoft 365 apps to macOS devices. By using this app type, you can install Word, Excel, PowerPoint, Outlook, OneNote, and Teams. To help keep the apps more secure and up to date, the apps come with Microsoft AutoUpdate (MAU), more about this in a later blog post.Select Apps > macOS apps > AddSelect Microsoft 365 app for http://gerryhampsoncm.blogspot.com/2023/11/macos-management-with-intune-microsoft.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-2581724813510069453Tue, 14 Nov 2023 06:48:00 +00002023-11-14T06:48:46.653+00:00encryptionFileVaultIntunemacOSBack to main macOS pageFileVault is full-disk encryption that is included with macOS. With Intune you can deploy policies that configure FileVault, and then manage recovery keys on devices that run macOS 10.13 or later. There are two methods of configuring FileVault policies with Intune.Option 1: Endpoint Security > Disk encryptionOption 2: Device configuration profile for endpoint http://gerryhampsoncm.blogspot.com/2023/11/macos-management-with-intune-filevault.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-7921611345737378738Tue, 14 Nov 2023 06:17:00 +00002023-11-14T06:17:31.862+00:00IntuneM365macOSSoftware UpdatesBack to main macOS pageThis blog post is about the traditional way to deploy software updates to macOS devices. I'll discuss declarative software updates in a later post. With declarative updates you can be selective about the update that you want to deploy.Anyway, back to the job at hand, software updates. You can use Microsoft Intune to manage software updates for macOS devices that are http://gerryhampsoncm.blogspot.com/2023/11/macos-management-with-intune-software.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-3479707818892328057Thu, 09 Nov 2023 17:43:00 +00002023-11-15T12:15:11.236+00:00IntuneM365macOSBack to main macOS pageDMG files are macOS disk image files. They are containers for apps in macOS. You open them, drag the app to your Applications folder, and then eject them, instead of the traditional installation. There are a couple of rules when deploying DMG apps with Intune.The maximum app size is 2GB.The Intune management agent for macOS must be installed. This will be installed before http://gerryhampsoncm.blogspot.com/2023/11/macos-management-with-intune-dmg-apps.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-9050550005591063680Thu, 09 Nov 2023 17:43:00 +00002023-11-09T17:51:38.530+00:00IntuneM365macOSBack to main macOS pageThe Microsoft Intune management agent enables advanced device management capabilities that aren't supported by the native macOS operating system. It is the equivalent to the Microsoft Intune Management Extension for Windows (codename Sidecar), which adds support for Win32 app and script deployment.The Intune management agent:is a prerequisites before a macOS DMG app is http://gerryhampsoncm.blogspot.com/2023/11/macos-management-with-intune-agent-for.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-261803645704690829Thu, 09 Nov 2023 17:43:00 +00002023-11-09T17:51:07.401+00:00IntuneM365macOSBack to main macOS pageNow that all the prerequisites have been verified you can enrol a macOS device. First ensure that there are no restrictions preventing that. Navigate to Devices > Enrol devices > Enrolment device platform restrictions. Verify that personally owned macOS is allowed.There are a number of device enrollment scenarios for macOS.User-owned (BYOD) - allows users to http://gerryhampsoncm.blogspot.com/2023/11/macos-management-with-intune-enrol.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-4293000546714298076Thu, 09 Nov 2023 17:42:00 +00002025-03-08T19:10:05.778+00:00IntuneM365macOSRecently I had the opportunity to deploy an Intune solution for macOS management for one of my customers. I configured everything in my lab first and tested using my trusty MacBook Air (Monterey 12.6.1). I'm finally getting around to blog about the experience. I'll use this page as a landing page and add links to the content as I go.PrerequisitesEnrollmentSoftware updatesFileVault http://gerryhampsoncm.blogspot.com/2023/11/management-of-macos-devices-using-intune.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-7493786366875591449Thu, 09 Nov 2023 17:42:00 +00002023-11-09T17:50:38.528+00:00IntuneM365macOSBack to main macOS pageThere are some prerequisites before you can manage your macOS devices with Intune, but not many, and you have probably satisfied them already. Here goes:Devices, users and licenses:macOS 11.0 and later devices are supported.Your users must exist in Azure AD. They can be cloud only but many organizations use Entra ID Connect to synchronize users from Active Directory. That'shttp://gerryhampsoncm.blogspot.com/2023/11/macos-management-with-intune.htmlnoreply@blogger.com (Gerry Hampson)0tag:blogger.com,1999:blog-4344063455110164362.post-9032313938702376277Mon, 16 Oct 2023 14:23:00 +00002023-10-16T15:23:28.410+01:00APPIntuneM365MAMMSIntuneA customer asked me about this last week so I decided to test it. What happens when an unenrolled BYOD device is lost or stolen but is protected by Intune App Protection Policies? Can the corporate data be wiped? He was specifically talking about Android and iOS devices. The answer is yes. That can be achieved using the Selective Wipe feature of Intune, which will wipe corporate data from Intune http://gerryhampsoncm.blogspot.com/2023/10/wipe-corporate-data-from-non-enrolled.htmlnoreply@blogger.com (Gerry Hampson)0