Hi, I'm not really sure what you're asking for. Are you looking for a telecom solution provider to show you Intune and help you deploy it? Or are you a telecom services provider and want to see more about the features we're offering in the Intune on Azure portal preview?
Hi Andrew, check out this new feature we released for April
Does that get you want you wanted?
hi, we just released an Intune update where we provide in-console reporting for MAM without enrollment. I don't know if this gets us any closer to what you want, but thought you might be interested.
@Michael, thanks, yes, I agree, I"ll merge it.
OK, I'll leave this here. As we've already said, we're moving to the new Azure portal, so expect that reporting will also change a lot in the new console.
I asked Karthika, the author of the topic referenced below. She said:
"I don’t think there is a way to get a list of users who do not have a policy, which may be what this customer is looking for.
But you can search for a user and get their status as explained in the detailed view section of the topic. I just tested this specifically, and if you the user you search for does not have a policy the status will say “ This user is not targeted for any app policies”. So I can call this out where we talk about the status, that should help at least if a customer wants to know if an end-user has policy or not."
@Jack: Do you think that would help?
BTW, the link below changed when we moved all the docs off of TechNet to our new doc library.
Hi, we recently announced the new offering, Intune for Education.
I've created a new category and moved this from the MDM category.
Hi, Andrew, what would you think about splitting this into two - one for Azure admin console, and one for the Graph API (I know you said PowerShell, but it's gotta come from Graph first).
The Azure console is still in "preview' mode, so yeah, there are going to be some things that don't work. We figured it was better to give you something to see where we're going.
The PMs involved have been talking about how best to give you a way to disable the “remove device” action. They think rather than focusing on platform enrollment types (iOS, Android, Windows), they could allow you to disable based on corporate vs personal ownership. I said I’d ask if that would work for you. :-)
Would that get you want you need?
I'm not sure what you're asking for - do you mean the user shouldn't be able to uninstall the Company Portal from the device, or the user shouldn't be able to sign out of the Company Portal, or something else?
Hm, is this the same as this suggestion?
@Manfred, we're interested - but the major focus on creating a better user experience is moving to the Azure portal. We have a lot of user experience things to prioritize. And, well, having only 8 votes from 4 supporters doesn't exactly move this to the top of the stack . . .
@Jan, are you talking about the Admin console in the web browser, or the company portal that the users run on their apps? I think you're talking about the admin console.
@Sheena, there's not currently a way to do this, but this item will stay in UserVoice and we'll see what traction it gets. There are also other items dealing with device naming you may want to search for to see if you want to vote for them. As for the corp/personal ownership, here's a doc topic. https://docs.microsoft.com/en-us/intune/deploy-use/manage-corporate-owned-devices
Also, I highly recommend checking out our TechNet forums: https://social.technet.microsoft.com/Forums/en-US/home?forum=microsoftintuneprod
We have many people from the community there asking and answering questions. Many of our MVPs show up there to help people find what they need.
@Sheena, I happen to know the answer to this one, though typically these forums aren't the best for Q&A type stuff. The name the user sets in the company portal is just a "nickname" to make it easier for the user to distinguish between multiple devices displayed in the portal. It doesn't actually rename the device.
I will change your title to read "renaming the device in the company portal should rename it in the Intune console", to reflect the request the behavior I think you want. If that's not right, let me know.
@Lijins, can you give us some specifics? What purpose isn't being served?
@Scott, I'm not sure if you're asking for support or for a behavior to change. Can you clarify?
Hi, Matthew, I have answers for the first two:
1. Is a jailbroken or rooted device that is listed as rooted/jailbroken on the Microsoft inTune, (however is not rooted when using CPU Z and confirming from the supplier) a security risk to the companies personal documents or not?
[ANSWER] Any device marked as rooted by Intune is one that we consider to be a device on which there is risk to corporate data.
2. What is the criteria that the inTune software uses to flag or make a device be listed as rooted or jailbroken. For example, my Samsung device is not listed as a rooted device but the Rugged Tablet (HR933) is, so what is the differentiating factor that makes one rooted and the other one not rooted?
[ANSWER] Intune implements a custom heuristic for root detection based on several common factors. We do not share this criteria externally except under exceptional circumstances.
I don't understand your question for #3.
@Masahiko, how much RAM does the Win10 device have? I know there was an issue we saw where if the device had less than 4 GB of RAM and you tried to wipe it, the behavior was wonky, and it turned out to be a Windows thing. Don't know if it's related, but that's the first thing that popped in my brain.
OK, seems clear that people still mean this suggestion for the PC client, not the MDM client, so setting the status to Noted.
You can manage software updates (feature and quality) for Windows 10 devices managed by MDM using Windows Update for Business. And you can do peer downloading. Here are the docs for that.
What’s keeping you using the PC client? Is it the operating system or are there still feature gaps you can’t live without on MDM?
@Aaron, nothing more at this time.
Windows 10 will provide support for managed browser – check out this presentation from Ignite :-)
@Andy, the Enterprise Data Protection policies that will provide similar functionality to what we have on iOS and Android are coming in Windows, but currently just available in the Windows Insiders builds. If you have Configuration Manager 1605 Tech Preview, you can create EDP policies. The EDP policies will let you block browsers from accessing corporate resources. To find out how to configure enterprise data protection policies please read the following article https://technet.microsoft.com/itpro/windows/keep-secure/create-edp-policy-using-intune
If you need to block browser access completely, you’d have to do that with an AppLocker rule.
Hi, Phillip, I’m sorry to hear it’s taking so long to get it running. You’re talking about a lot of issues here, and I’m not clear which are configuration issues where a support call could help and which are specific suggestions for improvement. For example, on the last issue, I don’t know if there’s something wrong and you need support to look into why there are no devices in the report, or you want to file a suggestion to decrease the time it take to run the report. So I’m not sure what I can do to help. :-(
Hi, Phillip, I'm sorry it's been so frustrating. If you can give me some case numbers I can have someone look into it.
We have this idea already for a content locker – https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/9564453-push-encrypted-content-to-device – do you want the encryption or are you asking for just plain file push?
OK, so I won't merge this into the secure content locker. Though I think that's more likely to happen since we know there's a need for it, and we may as well do both.
Does the file have to reside on the device in an offline capacity? I'm wondering if you could render the file on SharePoint and then create a web link to the file.
I’m not sure where in the UI you are. You should be able to attach a picture to the post and show me what label you’re talking about. If you could give the repro steps, starting from the very beginning of what you’re trying to do, that will give me the context I need.
Hi, James, I've read through the reply several times and I'm still not quite grokking what you're doing, what you expect to happen, and what is actually happening. Is it that the Win10 home can't do what you are expecting? Windows 10 Home does support very limited MDM capabilities. Intune is able to manage Windows 10 Home. Many of the CSPs (configuration service providers) are disabled on Home version, and if Intune tries to push these to Home devices, these CSPs will fail. This is by design. Could that be the root of it?
The PM for this told me:
“Unfortunately there is not yet a supported scenario to move from being a syndication customer to a non-syndication customer without the creation of a new Microsoft Online Services tenant domain name. If your syndication partner has already is already underway with the move to cloud solution subscriptions, you can reach out to them to see if they can transfer your current services to the new tenant domain name.”
Hi, Berry, Are these corporate or personal devices you're talking about? If it's a personal device, we can't just go throwing things on there without the user's permission. The operating system make us make them opt in for management. If it's a corporate device, and you can do the bulk enrollment thing, then you have a lot more control.