Windows Intune Features and Policies for Samsung KNOX

Microsoft and Samsung have announced a partnership whereby Samsung KNOX devices can be managed by Windows Intune using both Direct Management and Exchange ActiveSync.  ​Windows Intune now supports direct configuration of Samsung KNOX devices.  This feature allows IT administrators to manage Samsung KNOX mobile devices via the Windows Intune administration console.  Samsung KNOX devices are designed to be used in high security environments.

 

Here are the list of Windows Intune policies which are available today for managing Samsung KNOX devices:

Group
Policy
Security / Password Require a password to unlock mobile devices
Security / Password Password quality
Security / Password Minimum password length
Security / Password Number of repeated sign-in failures to allow before the device is wiped
Security / Password Minutes of inactivity before screen turns off
Security / Password Password expiration (days)
Security / Password Remember password history –> Prevent reuse of previous passwords
Security / Encryption Require encryption on mobile device
Device Capabilities / Hardware Allow camera

 

If you are looking for assistance managing your corporate owned or personally owned mobile devices, please contact Kloud Solutions using the following URL:

http://www.kloud.com.au/contact-us/

Bulk Enroll iOS and Android Devices With Windows Intune vNext

​The current version of Windows Intune is designed for managing devices for knowledge workers.  Knowledge workers generally own more than one device.  Moreover, they rarely share their device with another user.  Knowledge workers want a mobile device which is customized according to their personal preferences.

By contrast, task workers generally do NOT own their own devices.  They use devices which their employer provides.  These devices are typically designed to be used for a specific purpose.  A common examples of a task worker device would be a handheld scanner for a package delivery service.  Task worker devices are also very common in retail stores.  Task workers share a single device across multiple users, often according to a shift schedule.  The concept of a task worker who “owns” a device does not really exist in this scenario.  This creates a challenge when enrolling devices with Windows Intune.  Which user should enrol a device to be managed when it is shared across multiple users who have different user accounts?  How can you target a user-based MDM policy against a managed device with multiple users?

The next version of Windows Intune addresses this scenario with a new feature called bulk enrolment.  This new feature allows an Intune Administrator to enrol task workers devices, set policies, and install applications based on the device, rather than the user.  A single Intune service account can enrol Android and iOS devices instead of having separate user IDs for each device.  For iOS, Intune will support Apple’s Device Enrolment Program to enable bulk enrolment.

If you are looking for assistance managing your corporate owned or personally owned mobile devices, please contact Kloud Solutions using the following URL:

http://www.kloud.com.au/contact-us/

Windows Intune vNext Coming Q2/Q3 2014

Here is a summary list of features for the next version of Windows Intune which Microsoft has indicated will release in Q2/Q3 2014:

Flexible Deployment

  • Full MDM parity in Windows Intune standalone
    • Email/Wi-Fi Profiles, VPN and Certificates
  • Bulk IT enrolment of devices and device targeting
  • Cloud-only scalability

Device Configuration Management

  • Windows Phone Enterprise Feature Pack support
  • Application Whitelist/Blacklist
  • Customizable IT Terms of Use
  • Start Screen in Windows 8.1
  • Windows Azure AD Premium Integration in Company Portal 

Email Configuration and Protection

  • Access to email only if device is managed

Safety

  • Family Safety in Windows 8.1
  • URL Filtering 

Device Data Protection

  • Application restriction policies for iOS
  • Enterprise Wipe of Email (iOS) and access controls via certs
  • TPM cert enrolment
  • MFA support for Intune enrolment

New Windows Intune MDM Features for iOS and Android

The January 2014 release of ODS includes a number of new features to extend and enhance the MDM capabilities of the service. ODS uses a direct management method to manage iOS and Android devices. There is no longer a requirement to have an Exchange Server or Exchange ActiveSync. iOS and Android devices can be managed via the ODS cloud service with no on-premises infrastructure required.

Here are some of the ODS features available for iOS and Android device management:

•Retire or remotely wipe a device that is lost or stolen
•Remotely lock a device
•Remotely reset the passcode
•Detect if a device has been jail broken
•Proactive alerting to identify problems with the health of the device
•Hardware inventory
•Enforce policies and settings for:
◦password management
◦encryption
◦malware
◦device security
◦documents and data
◦email
◦web browser
◦apps
◦gaming
◦device hardware
◦cellular
◦voice assistant

If you are looking for a way to manage and secure iOS and Android devices in your home or office, please contact Kloud Solutions using the following URL:

http://www.kloud.com.au/contact-us/

Windows Intune Agent Update Coming April 23rd, 2014

Windows Intune will be releasing an update to the anti-malware agent beginning on 23/4/2014. The service regularly releases anti-malware platform updates to guarantee consistency in protection, performance, robustness, and usability in a malware landscape that is constantly changing.

Since this is an agent update, computers may have to be restarted after the update is applied; in most cases however, a reboot is not required.