How to revert "Automatically Hiding Inactive Channels" (globally) ?
Hi, some colleagues reported that they cannot find some channels in Teams anymore. I found this: https://office365itpros.com/2024/07/03/teams-inactive-channels/ And now I am worried becaues I can expierence the same behavior. We have lots of customer teams that get created from a MS Flow following a certain structure (5 general channels for each team). Lots of these channels are hidden now. I already unchecked the button in MS Teams saying: "Clean up channel list" but it seems like this is not reverting it. In some customer teams we have more than 100 channels for existing projects and the general channels such as "Basic Information" for example is at the very bottom and I would need to manually make it visible. This is obviously now acceptable. Does anyone know: Is there a way to globally deactivate that feature via MS Teams Admin and/or Intune to prevent newly registered devices / teams from cleaning up the channel list? Could not find anything so far. How can I revert these changes on existing devices so that it was like it was before (the general channels are on the top again). Thanks!!Deploy Sophos userspecific VPN-configurations
Is there a way to deploy with one app in intune for each user a specific Sophos SSL VPN Configuration. Each configuration is in the users OneDrive und needs to be copied in C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config. The users have no admin rights and can't write inC:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config.How to protect data and secure devices with Intune [App Protection Policy] 📱🔒
Protecting organization's data on mobile devices is crucial for companies. In this video, I'll talk about Microsoft Intune and how you can leverage the capabilities of App Protection Policy to secure your company data on mobile devices. Some scenarios covered include allowing copy/paste between trusted apps, avoiding screenshots and screen recording of organization data, sharing files only between managed apps, adding a PIN to access, and encrypting data. #DataProtection #MobileSecurity #MicrosoftIntune :mobile_phone::locked:
Defender for macOS onboarding issue
I am trying to onboard macOS devices in my organization with Microsoft Defender via Intune, and facing multiple issues with it, the configuration profiles are applied successfully only on few devices, only the first (manually installed) macOS is properly onboarded in Defender, and all of the other ones are complaining about missing license. Could someone answer few questions and maybe give some tips on how can I troubleshoot and resolve this: We haveMicrosoft 365 Business Premium license, and according to Defender documentation this is a sufficient license to use it on any endpoint device. However the error message on macOS devices states that there is a missingMicrosoft Enterprise license. Is there a special license needed or is this just the payload configuration profile issue? The kernel extension and onboarding profiles are generated in the Microsoft Defender Admin Center, however I did noticed that the OrgID in the onboarding profile file does not match my TenantID. Does that mean that those files are premade and I should adjust them to my organization details or it is simply a different ID assigned? The onboarding profile gets successfully applied on all devices however the kernel extension profile fails on almost every device, and the successful applications do not follow any pattern or macOS version. Can't really find any suggestions on the possible root cause of this issue. Did anyone had similar problems with the kext profile? TheMicrosoft Defender Admin Center does provide a installation package PKG file. However according to the Defender documentationI should useMicrosoft Defender for Endpoint (macOS) application that is ready to be applied directly from Intune Management Portal. Which is it? Or maybe both? Thank you in advance for any tips and / or answers 🙂Mobile Application Management for Windows (NEW)
This newly released product is now available in Public Preview, and I'm excited to share my initial impressions. MAM enables users to stay productive on any device while ensuring the security of our data. Mobile Application Management for Windows enables us to; Apply policies to corporate applications on personal devices. No enrollment required, just an Azure AD (or MEID) registration. Place restrictions suchas cut/copy/print and blocking incoming or outgoing data. Integration with the Mobile Threat Defense connector to detect local health threats. Block access or wipe corporate data based on specific conditions. In this blog post, I provide a first look at the configuration and user experience of MAM for Windows. First look at Mobile Application Management for Windows - Myron Helgering's BlogProvision Windows devices from anywhere to support a mobile workforce
In this, our second chapter of the Enabling Remote Work for IT Pros web series, we focus on practical tips to help you effectively provision Windows devices from anywhere. We walk through a variety of strategies, from simple to complex, to help you better understand how to leverage Azure AD Join with Microsoft Intune, or Configuration Manager co-management and task sequences. We then present you with a clear list of the steps you can take now, start soon, or work on in the future. Learn more Here are links to the resources mentioned in this session: Automatic MDM enrollment Using Windows Hello for Business to Access On-Premises Resources Enable Kerberos Managing remote machines with cloud management gateway in Microsoft Endpoint Configuration Manager While not mentioned specifically in this session, here are some additional resources you might find helpful: Microsoft COVID-19 response site Enabling Remote Work Microsoft Endpoint Manager remote work blog Work remotely, stay secure 2 weeks in: what we’ve learned about remote work Frequently asked questions Q: For Hybrid Azure AD join, if we have a line of sight with the domain controller, is the Intune connector required? A: Yes, it’s what gathers an offline domain join blob from your domain controller. Q: Is there a way to define the complete computer name for devices provisioned via Windows Autopilot? A: For Azure AD Join devices, yes, there is a graph API. For Hybrid Azure AD devices, no, there is only the ability to prefix something onto the name. Q: Is there a list of supported VPN clients? A: We don’t have a supported list because we don’t support the configuration of third-party VPN clients. Customers will need to figure out if your VPN works in this scenario. The real question to ask is ‘does your VPN support pre-logon/start before logon auth?’ or some sort of AOVPN. If so, it will work. These are some of the VPN providers we expect to work: Cisco AnyConnect (Win32 client): “Start before Logon” Pulse Secure (Win32 client): “Credential Provider” GlobalProtect (Win32 client): “Pre-logon” Checkpoint (Win32 client): “Auto Connect/Always Connected” Citrix NetScaler (Win32 client): “Always on” SonicWall (Win32 client): “NetExtender on Startup” Note: We do not document or support how you configure your VPN as it is a third-party configuration. Q: Is there a way to get the device enrolled in Windows Autopilot remotely? A: The only way is if it’s currently managed through Intune. You can assign a Windows Autopilot profile with the “Convert devices to Autopilot” option enabled, and the hardware has will be automatically harvested at the next check in. Q: Are there any alternatives to enroll multiple devices, already deployed, besides Windows Autopilot and Bulk enroll using provisioning package files (PPKG)? A: All of the possibilities are documented here: https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods Q: Is there a way to use White Glove deployment with standard applications without pre-assigning the device to a particular user? A: If you target your applications to devices, then you don’t need to. If the apps are assigned to users, then you need to assign a user. Q: Are we able to deploy the provisioning package files through Intune? A: No, this is not currently supported. Feedback We hope you find this session useful. We'd love your feedback and ideas for future sessions so please fill out this short survey. Thank you!
