CCMEXEC.COM – System Center blog

CCMEXEC.COM – by Jörgen Nilsson

Browsing Posts tagged Intune

I have the great honor to present two session at the Microsoft TechX in Stockholm 15-18 February 2016!

TechX is a four day event(in Swedish), focusing on Azure 15-16 and Office 365 17-18, I am really looking forward to it!

My session are:

“Future of client management with Intune/Configuration Manager Hybrid” Where we will focus on all the new features in Intune and how it links to Configuration Manager CB

“Windows 10 + EMS = True” together with my colleague Anders Olsson, Which will focus on what EMS brings to Windows 10 and why they are a match made in heaven (or Redmond?!)

There are a lot more sessions as well so I hope to see you all there!


One very common request when implementing Intune is to distribute a Wi-Fi profile with WPA2 and a preshared password. This is currently not possible either with Intune standalone or with Intune integrated with Configuration Manager 2012 using the UI. I have already written a post on how to create a custom iSO profile using Apple Configurator and deploy it using Intune standalone here:

In this post I will use the same custom profile I used in the post above but distribute it using Configuration Manager 2012 R2 SP1 instead as deploying a custom iOS profile is a new feature.

In the Configuration Manager 2012 R2 Sp1 console do the the following:

1. Create a new Configuration Item, specify that it is a Mobile Device configuration item you want to create.

2. Select iOS Custom Profile as the settings group.


3. Enter a name for the profile note that it will be visible to the end-users, and the import the .xml file created as described in my earlier blog post, note that the SSID name in that .xml file is “Office1″CustomIOS3

4. Select which platforms the setting should be applied to, as it is only applicable on iOS devices there is no point in selecting anything else.


5. Then the Configuration Item itself is finished and ready to be added to a Configuration baseline.


6. Next step is to create a Configuration baseline so we can deploy the Wi-Fi policy to our devices. Select Create a new Configuration Baseline give it a name and add the Configuration Item we created earlier by clicking the Add button and selecting Configuration Item. Note that you can add more than one Configuration Item if you are deploying multiple settings to a group of devices it could be smart move to add them to the same baseline.


7. The next step is to deploy the Configuration Baseline, here we can select to generate an alert if a certain percentage fails to apply the policy and it is also here we select which collection we should deploy the Configuration Baseline to as well.


Then we are done and ready to test it, we can verify it easily one the iOS device by looking in the Management Profile and look for the Wi-Fi network we deployed.

The Enterprise Mobility Suite is the new Black(EMS) is the new black!

In the new world with modern devices being used more and more in daily work, managing them or actually what it all is about managing the information that is on them and providing secure access to the information they are to be able to consume. EMS is a bundling of three cloud services that together represents the bundle Enterprise Mobility Suite. The three services are:

  • Microsoft Azure Active Directory Premium
  • Windows Intune
  • Microsoft Azure Rights Management

Here is an introduction EMS that is a great place to start.

Some of us has been using or at least have evaluated Windows Intune for a while now to manage our clients or modern devices with i, Azure AD is new has a lot of cool features. In this post I would like to focus on the Coolest if you ask me and probably least adopted technology as it has been around for a long time Microsoft Azure Rights Management.

OK, so Azure Rights Management has not been around for a long time but the technology it build upon has been around for more that ten years. The reason why it is not implemented that frequently is of course that it requires a lot of work to classify data and now what data to protect. But in our Mobile first and cloud first world I would really like to stress that this is the most important feature for me at least. What is most important, it is of course the data itself.

Many times when I have demoed, or made presentations on Windows Intune as a mobile device management solution, I have been asked “how do I protect my data?” The answer has been ADRMS, now that these are bundled together I truly believe this will take customers view on Device Management solutions to a new level.

If you haven’t looked at ADRMS before I really suggest that you do. It is a really cool feature that extends the protection of you sensitive information beyond your own managed devices.

Here is a session from a colleague of mine from TechX in Sweden which is pretty cool (in Swedish though):

More information on EMS can be found here: