User Profile
PKlapwijk
MVP
Joined 9 years ago
User Widgets
Recent Discussions
SaaS app integration wirh Azure AD (Salesforce)
Hi all, We have integrate Azure Active Directory with Salesforce to provide SSO. User Provisioning is set to automatic. That all works fine. I have some security groups assigned to Salesforce Roles (profile), so when the user is added to group A the account is assigned the corresponding role in Salesforce. Now we have created a few custom Roles (profiles) in Salesforce, but those roles never show up in Azure, so I`m not able to assign a security group a custom Salesforce role. In this old video it is discussed those customer roles are synced to Azure:https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Integrating-Salesforce-with-Azure-AD-How-to-automate-User-Provisioning-22 Anybody any idea how often those groups are synced? Or are they only synced once at setting up the integration? Thanks Peter1.4KViews1like0CommentsAzure Dynamic Group for all Admin accounts
Hi all, I want to create a Dynamic Group in Azure which contains all Admin accounts, so the Global Admins and also the Skype fB Admins, Helpdesk Admins etc. Does anyone know a query to use as Advanced Rule so all Admins are automatically added to the group?1.5KViews0likes0CommentsAzure RMS templates not always applied
Hi all, I`m running a trial to see the possibilities of Azure Information Protection. Everything seems to work fine, I can set the labels I created in Azure IP and the default and custom created RMS templates are applied, most of the time. I`m running a few test clients (Windows 10, same version) with the latest Azure IP client. On one of the clients the label is set (I see the header set), but the RMS template is never applied. When I have a look at the eventviewer is shows Protection After Action: Unprotected. Anybody seen this behaviour before? If I put this in production, there is a chance the RMS template is not applied to High Confidential docs, without the user not noticing it is not applied. I have already did a new installation of Azure IP client. Regards, PeterRe: Win10 Hybrid AD Joined Computers Unable to install apps from Company Portal
tatesethThe recommended way to go for installing LOB apps is win32, even if these are MSI files. Win32 provides more control and better logging. I recommend to at least wrap one MSI into win32 package to test. As far as I know MSI isn`t tracked (anymore) during ESP. The Intune management extension only handles win32 apps and PowerShell scripts, that is probably the reason you don`t see logging.8.2KViews0likes1CommentRe: Win10 Hybrid AD Joined Computers Unable to install apps from Company Portal
tatesethThe Fakepolicy event can be ignored. Don`t know exactly why the event is logged, but MS support confirmed there is no issue when you see the event. When deploying win32 apps have a look at this log file C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log It logs everything related to the app deployments when using win32 app deployment, but also Edge should be logged in this file.8.2KViews0likes3CommentsRe: How to mark a device ownership as "corporate" AUTOMATICALLY when new device enrolls in InTune or DEP
Ali FadaviniaWhat is the process of the registration and enrollment? Because you guys talk about uploading IMEI numbers, but the supplier of the Iphone needs to register devices in Apple Business Manager (by serialnr). No need for you to upload imei numbers in the Intune portal. In short; The supplier does the registration in Apple BM. In ABM you need to make sure ABM is connected to Intune and here you assign the devices to your MDM Server. In Intune you need to have an enrollment profile in-place and make sure the profile is assigned to the device. For a good overview have a look at Robin his articlehttps://www.robinhobo.com/how-to-configure-apple-dep-within-microsoft-intune-and-migrate-existing-dep-devices-from-another-mdm-solution-to-microsoft-intune/48KViews1like4CommentsRe: How to mark a device ownership as "corporate" AUTOMATICALLY when new device enrolls in InTune or DEP
Ali FadaviniaWhen a device is enrolled via DEP/ ABM it should be marked as corporate as the documentation described. At our tenant DEP devices are shown with Ownership Corporate. But to be sure, it`s not only registeringthe devices with Apple ABM, existing devices not to be reset and re-enrolled. If that`s the case, I cannot think of what could cause this.48KViews1like1CommentRe: How to stop users connecting to things with their work account from personal mobile
RippieUKMAM is indeed a good way to go, but you need something to make sure those App protection (MAM) policies are applied to the mobile apps. For example to Outlook mobile when the users opens the mailbox, because that app supports these kind of policies. Most third-party mail apps don`t support these kind of policies. And that`s why CA policies are needed. More on that can be found on my blog posthttps://www.inthecloud247.com/azure-ad-conditional-access-explained-android-and-ios/ If you have any questions, let me know!6.9KViews0likes0Comments