User Profile
PKlapwijk
MVP
Joined 10 years ago
User Widgets
Recent Discussions
SaaS app integration wirh Azure AD (Salesforce)
Hi all, We have integrate Azure Active Directory with Salesforce to provide SSO. User Provisioning is set to automatic. That all works fine. I have some security groups assigned to Salesforce Roles (profile), so when the user is added to group A the account is assigned the corresponding role in Salesforce. Now we have created a few custom Roles (profiles) in Salesforce, but those roles never show up in Azure, so I`m not able to assign a security group a custom Salesforce role. In this old video it is discussed those customer roles are synced to Azure: https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Integrating-Salesforce-with-Azure-AD-How-to-automate-User-Provisioning-22 Anybody any idea how often those groups are synced? Or are they only synced once at setting up the integration? Thanks Peter1.4KViews1like0CommentsAzure Dynamic Group for all Admin accounts
Hi all, I want to create a Dynamic Group in Azure which contains all Admin accounts, so the Global Admins and also the Skype fB Admins, Helpdesk Admins etc. Does anyone know a query to use as Advanced Rule so all Admins are automatically added to the group?1.6KViews0likes0CommentsAzure RMS templates not always applied
Hi all, I`m running a trial to see the possibilities of Azure Information Protection. Everything seems to work fine, I can set the labels I created in Azure IP and the default and custom created RMS templates are applied, most of the time. I`m running a few test clients (Windows 10, same version) with the latest Azure IP client. On one of the clients the label is set (I see the header set), but the RMS template is never applied. When I have a look at the eventviewer is shows Protection After Action: Unprotected. Anybody seen this behaviour before? If I put this in production, there is a chance the RMS template is not applied to High Confidential docs, without the user not noticing it is not applied. I have already did a new installation of Azure IP client. Regards, PeterRe: Win10 Hybrid AD Joined Computers Unable to install apps from Company Portal
tateseth The recommended way to go for installing LOB apps is win32, even if these are MSI files. Win32 provides more control and better logging. I recommend to at least wrap one MSI into win32 package to test. As far as I know MSI isn`t tracked (anymore) during ESP. The Intune management extension only handles win32 apps and PowerShell scripts, that is probably the reason you don`t see logging.8.3KViews0likes1CommentRe: Win10 Hybrid AD Joined Computers Unable to install apps from Company Portal
tateseth The Fakepolicy event can be ignored. Don`t know exactly why the event is logged, but MS support confirmed there is no issue when you see the event. When deploying win32 apps have a look at this log file C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log It logs everything related to the app deployments when using win32 app deployment, but also Edge should be logged in this file.8.4KViews0likes3CommentsRe: How to mark a device ownership as "corporate" AUTOMATICALLY when new device enrolls in InTune or DEP
Ali Fadavinia What is the process of the registration and enrollment? Because you guys talk about uploading IMEI numbers, but the supplier of the Iphone needs to register devices in Apple Business Manager (by serialnr). No need for you to upload imei numbers in the Intune portal. In short; The supplier does the registration in Apple BM. In ABM you need to make sure ABM is connected to Intune and here you assign the devices to your MDM Server. In Intune you need to have an enrollment profile in-place and make sure the profile is assigned to the device. For a good overview have a look at Robin his article https://www.robinhobo.com/how-to-configure-apple-dep-within-microsoft-intune-and-migrate-existing-dep-devices-from-another-mdm-solution-to-microsoft-intune/48KViews1like4CommentsRe: How to mark a device ownership as "corporate" AUTOMATICALLY when new device enrolls in InTune or DEP
Ali Fadavinia When a device is enrolled via DEP/ ABM it should be marked as corporate as the documentation described. At our tenant DEP devices are shown with Ownership Corporate. But to be sure, it`s not only registering the devices with Apple ABM, existing devices not to be reset and re-enrolled. If that`s the case, I cannot think of what could cause this.48KViews1like1CommentRe: How to stop users connecting to things with their work account from personal mobile
RippieUK MAM is indeed a good way to go, but you need something to make sure those App protection (MAM) policies are applied to the mobile apps. For example to Outlook mobile when the users opens the mailbox, because that app supports these kind of policies. Most third-party mail apps don`t support these kind of policies. And that`s why CA policies are needed. More on that can be found on my blog post https://www.inthecloud247.com/azure-ad-conditional-access-explained-android-and-ios/ If you have any questions, let me know!7KViews0likes0Comments
Recent Blog Articles
No content to show