Intune, SCCM, EAS Clarification

Similar Messages

• Intune, SCCM, and the Intune client installer

  Hello,
  Was wondering if there is a way to prevent users from Installing the Windows Intune Client agent?
  Scenario:
  SCCM 2012 R2 with integrated Windows Intune subscription.  I have successfully enrolled an iPad and a Windows 8.1 computer.  I was then able to download and install the Windows Intune Client agent on my Windows 8.1 device which redirected my device
  to being managed by Intune exclusively, and no longer via SCCM.  It also changed my System Center Endpoint Protection to Intune Endpoint protection.  The only way to get it back was to go to the Intune Management Console and retire the device, which
  triggers an uninstall of the Intune client.  The good news is that it restored the previous information for the SCCM/Intune enrollment. However...
  A significant and unfortunate side effect of this is that Endpoint protection was also removed as part of the Intune client uninstall leaving the computer without Anti-malware protection.
  I would like to prevent this from happening for obvious reasons.  In a BYOD scenario the user will have the permissions locally to do this and given its the same subscription for Intune there doesn't appear to be a way to ensure they cannot.  
  Am I missing something simple here?  
  Thanks!

  I guess a couple of data points:
  - Enrolling a Win 8.1 system using OMA-DM for management by ConfigMgr via Intune does not provide additional anti-virus above or beyond the built-in Windows Defender
  - Removing the Intune agent reverts the system back to using Windows Defender the same as it was before Intune was installed
  So, I would say that first, this statement is inaccurate: "leaving the computer without Anti-malware protection". And, also, there's no difference between the two states of pre-Intune agent installation and post-Intune agent uninstallation from an AV perspective.
  As for explicitly preventing the Intune agent installation, obscurity is probably the the only way to go at this point to my knowledge -- simply don't tell folks about it or how to find it.
  Jason | http://blog.configmgrftw.com

• Windows 8.1 MDM through Intune/SCCM

  We've been testing Intune with SCCM for a while now and it does pretty much all we currently need. Our focus has lately been on securing our devices, require PIN, complexity, device encryption. These all work great on iOS, Windows Phone and Android, but
  do not on Windows 8.1.
  Windows 8.1 gets certificates through NDES, VPN profiles, but the settings for UAC, encryption, requiring password, account lockout are not applied. Are these settings even supported on Windows 8.1? I'm having a hard time finding documentation on what exactly
  is supported and how to apply these.

  I'm still struggling with this. One of the questions I have is do I need to install the Company Portal for these settings to take affect?
  You have confused me in this post. I am going to have to guess Windows 8.1 is on a tablet in this case, as you are referring to mobile devices.
  If it is not a mobile device then you dont need to install this on a Windows machine. It is a web page.
  The article linked above talks about compatibility with Windows mobile devices with Windows Intune.
  http://technet.microsoft.com/en-us/library/dn376523.aspx
  It states:
  Windows 8.1 and Windows RT 8.1 (enrolled by Microsoft Intune)
  So I would take the last bit as the device needs to be enrolled through Intune in order to achieve this.
  Have a look at Gerrys blog here:
  http://gerryhampsoncm.blogspot.co.uk/2014/01/mdm-in-sccm-0212-r2-windows-rt.html

• Best Strategy for Managing Laptops in a Mixed InTune / SCCM 2012 World

  We're interested in leveraging Intune to help secure and update our roaming laptop users. We have a group of domain-joined laptops that spend a good deal of time off the company network. We thought we could use Intune to make sure these machines stay updated
  and safe while off the network. I understand that we should make sure the SCCM 2012 client does not get installed on any machine that has the Intune client. Will connecting and logging into our domain cause any issues for these clients that anyone can see?
  Orange County District Attorney

  I'm glad that it should work in our instance. Our office just bought some Office 365 licenses as well as Intune. We thought Intune could solve our issue of roaming laptops. We just recently came into some laptops that would be our first, out-of-the-office
  work systems that we want to manage. The Microsoft folks are assuring us this is the way to go for this particular instance. We haven't had a need to use IBCM or DirectAccess up to this point. We've run into issues with our County firewall folks that
  won't let us run DirectAccess as we do have a Juniper VPN that takes care of our remote issues. As for IBCM, we'll have to look a bit deeper into that and see if it has better features for us than Intune does. We don't have any mobile management requirements
  in the near future so I'm left wondering why the heck are management even bought the licenses.
  Thanks for the note back on my question.
  Orange County District Attorney

• Troubleshooting InTune, SCCM, and Windows 8.1 Phones

  Howdy...
  I've setup various components but when I use my Windows 8.1 Samsung phone "Workplace Account" feature, the phone gets stuck on "We're looking for your settings...", it will stay on this for 15+mins if I let it.
  What can I do for further troubleshooting?
  Here are my components used:
  InTune Trail Subscription
  Verified to use my public domain via the custom TXT DNS record
  UPN settings configured (UPN = public email format = [email protected])
  Single Sign On into InTune admin console and user portal configured via ADFS
  Logon tests from a PC are successful internally and externally into the admin console and user portal
  Used DirSync on Win2012r2 to sync my AD to the Azure cloud - works fine
  ADFS servers (and DirSync) on 2012r2
  ADFS Web Application Servers on 2012r2
  System Center Configuration Manager has Intune Subscription configured
  System Center Configuration Manager ha the trail certificate, InTunes role installed, and distro.point set to manage.microsoft.com, and trail apps that came with trail certificate
  ...note sure if I've forgotten anything - definitely not the easiest thing to get working!!
  I've also done a packet capture from the firewall - they (firewall company) have ruled out their device as the problem.
  I've been using a few URLs to help,
  this is one of them

  The Microsoft Intune team has confirmed this was an issue.  The temp solution was to disable a checkbox in my ADFS server...  In a few weeks I will call back on my ticket and see if there is a better solution, otherwise this is the only thing I
  could do.
  ADFS Server > ADFS Console > Authentication Policies
  Global Settings > Edit
  Primary Tab > Uncheck "Enable Device Authentication"
  Microsoft Tech Support Comment:
  I am confirming the only known solution, which is a short term workaround being suggested by the PG/engineering, which is to Disable device auth properties check box on ADFS side.
  The long term solution is already well underway and in testing by the Product team and should be released in the upcoming weeks. 
  Public facing documentation for this issue should be available soon but we do not have a specific date.

• Cost of Intune and SCCM 2012 r2 vs SCCM 2012 r2 ICBM

  Is there any research/info on pros and cons of SCCM 2012 using intune for internet clinet management vs SCCM 2012 r2 and ICBM?  Things like cost, supportabiliy, etc.  I have seen intune vs sccm not Intune & SCCM vs SCCM and Internet Client
  Based Management. 
  Cyndy

  Hi,
  I think the reason is that you cannot manage Windows clients using the WIndows Intune Agent and integrate it with SCCM 2012. The integration with Intune and SCCM 2012 is for Mobile Device Management only so there is no possibility to install the Windows
  Intune Agent on a client and then manage it through the SCCM Admin Console.
  THe only scenario where that would work is if you manage a Windows 8.1 with the OMA-DM agent and enroll them in Intune as a mobile device with a limited set of features.
  So ICBM is still the way to go if you need all the features in SCCM or you want one console to rule them all.
  Regards,
  Jörgen  
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Block ActiveSync for non Intune managed devices

  Hi!
  is it possible to block Active Sync for devices, wich are not managed by Intune? (Active Sync Quarataine, wich will auto-allow MDM devices?). It would be great to take a Hand over the byod devices...
  Bye
  André

  Thanks. Unfortunately 2 EAS policies will not work for me, because EAS policies are set on users/mailboxes. This would result in devices not secured by neither Intune nor EAS.
  I believe this is a shortcoming in Exchange/SCCM/Intune. There should be an option where an administrator can define whether EAS or Intune policy is leading.
  Do you know some place to write feedback to the Intune / SCCM development team?
  If you found this post helpful, please “Vote as Helpful”.
  If it answered your question, please “Mark as Answer”.
  Christian Gude | www.itexperience.net

• Managing Android devices with Intune - without Exchange Active Sync

  We don't have on-prem exchange or SCCMS, just Intune & O365, and if we can avoid on-prem exchange that would be preferable.
  In the medium term (3-9 months), I'll need to start managing Android devices through Intune.
  As far as I know, EAS is still required to manage Android devices (as per
  http://technet.microsoft.com/library/hh452635.aspx last updated 11 months ago), and I understand that the fragmented Android landscape makes it difficult.
  Because that page is 11 months old, I'm not sure what the latest plans are.
  This article mentions that a preview of Company Portal is expected in Play store around
  now, but I presume that will still need SCCM/EAS behind the scenes.
  What else might be coming in the next few months?

  You can manage Android through EAS+Office 365 using our service to service connector.  No on-premise hardware is required, it will make a direct connection to your Office 365 account and import your devices and/or apply any mobile policies you want.
  Set up the Service to Service Connector
  Open the Windows Intune administrator console.
  In the workspace shortcuts pane, click Administration.
  In the navigation pane, under Mobile Device Management, expand Microsoft Exchange and then click Set Up Exchange Connection.
  On the Set Up Exchange Connection page, click Set Up Service to Service Connector.
  The Service to Service Connector will automatically configure and synchronize with your Hosted Exchange (Office 365) environment.
  Thanks,
  Jon L. - MSFT - This posting is provided "AS IS" with no warranties and confers no rights.

• Management of PCs enrolled in Intune (follow-up question)

  Ok .. What would be the point, regarding to managing Windows 8(.x) BYO devices, to use the combination Windows Intune/SCCM 2012 instead of Windows Intune stand-alone. It reduces the functionality so much (Quote Jon Lynn: You won't be able to patch,
  update, deploy MSI/EXE installs or install Windows Intune Endpoint Proection on those devices either. You would be able to deploy a limited set of mobile device policies and provide access to modern applications (APPX) to those machines.)  that it
  doesn't weigh up to the 'Single Point of administration'  'feature'.
  Any takers? Or is there no point ...
  Kind regards,
  Jos

  I know this is very old but I’m trying to clean up old posts. Did you ever solve this? If so it would be good if you could post the solution to assist others. If not, at this
  stage, as nobody has answered, I would recommend that you call Intune support if the issue still exists.
  You will find your local Intune support number here
  http://technet.microsoft.com/en-US/jj839713.aspx
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Predefine iOS profile in Windows Intune ?

  Hi,
  When I enroll iOS device in Windows Intune, it installs the company iOS profile.
  Is it possible to set certain configurations to that profile, so that after enrollment is done, all settings would be in place for the iOS device?
  (And if that is possible, are settings the same that are in Intune/SCCM or is it possible to add example Exchange mail settings and so on?)
  I know that I can deploy some settings via Intune/SCCM 2012 after that, but I would like to configurate the profile settings beforehand, is it possible?
  Thank you for your answers!

  Yes, I know this is an old post, but I’m trying to clean them up. Did you solve this problem, if so what was the solution?
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• Not able to sign in to Company Portal app installed from Windows Store

  Not able to sign in to Company Portal app installed from Windows Store .I'm using Workplace joined (Intune + SCCM 2012 R2) Windows 10 Laptop.
  Following is the error which I got while trying to sign in with my Intune trail account
  Any idea much appreciated :)
  --- Exception Details ---
  System.Exception: Authentication failed because response data could not be parsed.
  Stack Trace:
     at Microsoft.Management.Services.SelfServicePortal.DataAccess.Service.IntuneAuthenticationService.<UpdateContextFromAuthenticationResponseAsync>d__c.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
     at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
     at Microsoft.Management.Services.SelfServicePortal.DataAccess.Service.IntuneAuthenticationService.<AuthenticateAsync>d__0.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
     at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
     at Microsoft.Management.Services.SelfServicePortal.ViewModels.ServiceLoginPageViewModel.<AuthenticateAsync>d__b.MoveNext()
  2014-10-30T17:44:27.6437234Z
  VERB MethodEnter
  Common          1800
  c199f6f0-1d13-415a-be16-3ec1a41dcda6
  3-0-0 Microsoft.Management.Services.SelfServicePortal.ViewModels.Common.ApplicationStatusMonitor - CheckMonitoringCapable() Enter
  2014-10-30T17:44:27.6437234Z
  INFO Event
  None         0
  User is not authenticated, monitoring is not capable.
  2014-10-30T17:44:27.6437234Z
  VERB MethodLeave
  Common          1801
  c199f6f0-1d13-415a-be16-3ec1a41dcda6
  3-0-0 Microsoft.Management.Services.SelfServicePortal.ViewModels.Common.ApplicationStatusMonitor - CheckMonitoringCapable() Leave
  2014-10-30T17:44:27.6437234Z
  VERB MethodEnter
  Common          1800
  c199f6f0-1d13-415a-be16-3ec1a41dcda6
  3-0-0 Microsoft.Management.Services.SelfServicePortal.ViewModels.Common.ApplicationStatusMonitor - DelayPolling() Enter
  2014-10-30T17:44:27.6437234Z
  INFO Event
  None         0
  Attempting to delay polling task for '30' seconds.
  2014-10-30T17:44:45.9431915Z
  INFO Event
  Application       611
  c199f6f0-1d13-415a-be16-3ec1a41dcda6
  3-0-0 WebAuthenticationBroker AuthenticateAsync to url: https://go.microsoft.com/fwlink/?LinkID=314087&&appru=ms-app://s-1-15-2-2666988183-1750391847-2906264630-3525785777-2857982319-3063633125-1907478113/&api-version=1.1
  returned result:Success
  2014-10-30T17:44:45.9431915Z
  INFO Event
  Application       611
  c199f6f0-1d13-415a-be16-3ec1a41dcda6
  3-0-0 WebAuthenticationBroker returned result:Success
  2014-10-30T17:44:45.9744572Z
  INFO Event
  Application       208
  c199f6f0-1d13-415a-be16-3ec1a41dcda6
  3-0-0 Authentication failed because response data could not be parsed.
  Exception:
  System.ArgumentException: User agent string ("Mozilla/5.0 (Windows NT 6.4; Win64; x64; Trident/7.0; MSAuthHost/1.0; rv:11.0) like Gecko") does not contain match for Windows version regex pattern ("Windows
  NT (?<Version>6\.2|6\.3)").
  Parameter name: userAgent
    at Microsoft.Management.Services.SelfServicePortal.DataAccess.Service.AuthenticationResponseData.GetWindowsVersion(String userAgent)
    at Microsoft.Management.Services.SelfServicePortal.DataAccess.Service.AuthenticationResponseData..ctor(String responseData)
    at Microsoft.Management.Services.SelfServicePortal.DataAccess.Service.IntuneAuthenticationService.<UpdateContextFromAuthenticationResponseAsync>d__c.MoveNext()
  Response Data:
  wresult=eyJ0eXAiOiJKV1QiLCJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiwieDV0IjoieE42Z05aYlhvYmRRMkhhbl8yT08xTUZ1SHFZIn0.eyJpc3MiOiJ1cm46aW50dW5lOm9hdXRoMjpjMWIwMWVmNS00ZTE3LTRkODMtYTMyMC1jYWZkOTE1YzJmYWUiLCJhdWQiOiJ1cm46aW50dW5lOnNlcnZpY2UiLCJuYmYiOjE0MTQ2OTEwNzksImV4cCI6MTQxNDY5MjI3OSwiVGVuYW50SWQiOiI1ZjZiMDRjOS1lZWZhLTQ4ZDYtYTEyZi02NDNkMDYxZjBhYjkiLCJVc2VySWQiOiJkZDZhNmRiOC0zZjdhLTQwODQtOWZhMS0xOThkNWNhMDkwNWIiLCJMaWNlbnNlIjoiU0NDTSIsIkF1dGhvcml0eSI6IlNDQ00iLCJSb2xlIjoiNmNiYzg0MDMtNjU2Yi00ZjA1LTc4ZDgtMDAwMDAwMDAwMDAxIiwidHlwIjoiVXNlciIsImp0aSI6IjA2YTEwNDgzLWFmM2MtNGIwZS1iNzNjLTU1YTVlZGE2YTI0MSIsIlZlcnNpb24iOiIxLjEiLCJJc3N1ZUluc3RhbmNlIjoiMTAvMzAvMjAxNCA1OjQ0OjM5IFBNIn0.bZmz4BNmW1sg90bmUED-y0gSpR3qFfHpBZz6jf_7pMIEiO-n8TF8aPryDgLE0_pOXBBxjGZj2CjvvCjKE3xtc_RCfQ66f8sPjJDk5nDn87Zqr3nuybcWyr_QJzLAV-wrqBQyZbhiKXjAHByQfovl25EJEljwiYc8gvDAh6mSpOiSNDRo51iycmtFPJVg9SLomONTtrIvNI-c4OksER4smKiuV989EBxA2IUUbuUMpEXArFBtAJMQe4IyDCdVV_c-45i69cVNeIjcc9WkzgUx4wkdMOVXY-TVKGkyW67Iu62dU_3fJhRJ6Cc_ZfSFWby-QB9Vj-1qu3LdtkU4z4LX_Q&tokenCookie=eyJ0eXAiOiJKV1QiLCJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiwieDV0IjoieE42Z05aYlhvYmRRMkhhbl8yT08xTUZ1SHFZIn0.eyJpc3MiOiJ1cm46aW50dW5lOm9hdXRoMjpjMWIwMWVmNS00ZTE3LTRkODMtYTMyMC1jYWZkOTE1YzJmYWUiLCJhdWQiOiJ1cm46aW50dW5lOnNlcnZpY2UiLCJuYmYiOjE0MTQ2OTEwNzksImV4cCI6MTQxNDY5MjI3OSwiVGVuYW50SWQiOiI1ZjZiMDRjOS1lZWZhLTQ4ZDYtYTEyZi02NDNkMDYxZjBhYjkiLCJVc2VySWQiOiJkZDZhNmRiOC0zZjdhLTQwODQtOWZhMS0xOThkNWNhMDkwNWIiLCJMaWNlbnNlIjoiU0NDTSIsIkF1dGhvcml0eSI6IlNDQ00iLCJSb2xlIjoiNmNiYzg0MDMtNjU2Yi00ZjA1LTc4ZDgtMDAwMDAwMDAwMDAxIiwidHlwIjoiVXNlciIsImp0aSI6IjA2YTEwNDgzLWFmM2MtNGIwZS1iNzNjLTU1YTVlZGE2YTI0MSIsIlZlcnNpb24iOiIxLjEiLCJJc3N1ZUluc3RhbmNlIjoiMTAvMzAvMjAxNCA1OjQ0OjM5IFBNIn0.bZmz4BNmW1sg90bmUED-y0gSpR3qFfHpBZz6jf_7pMIEiO-n8TF8aPryDgLE0_pOXBBxjGZj2CjvvCjKE3xtc_RCfQ66f8sPjJDk5nDn87Zqr3nuybcWyr_QJzLAV-wrqBQyZbhiKXjAHByQfovl25EJEljwiYc8gvDAh6mSpOiSNDRo51iycmtFPJVg9SLomONTtrIvNI-c4OksER4smKiuV989EBxA2IUUbuUMpEXArFBtAJMQe4IyDCdVV_c-45i69cVNeIjcc9WkzgUx4wkdMOVXY-TVKGkyW67Iu62dU_3fJhRJ6Cc_ZfSFWby-QB9Vj-1qu3LdtkU4z4LX_Q&userId=dd6a6db8-3f7a-4084-9fa1-198d5ca0905b&tokenExpiry=1196&serviceLocatorUrl=https%3A%2F%2Fmanage.microsoft.com%2FRestUserAuthLocationService%2FRestUserAuthLocationService%2FServiceAddresses&userAgent=Mozilla%2F5.0+%28Windows+NT+6.4%3B+Win64%3B+x64%3B+Trident%2F7.0%3B+MSAuthHost%2F1.0%3B+rv%3A11.0%29+like+Gecko
  2014-10-30T17:44:45.9744572Z
  VERB MethodLeave
  Common          1801
  c199f6f0-1d13-415a-be16-3ec1a41dcda6
  3-0-0 Microsoft.Management.Services.SelfServicePortal.DataAccess.Service.IntuneAuthenticationService - AuthenticateAsync() Leave
  2014-10-30T17:44:45.9744572Z
  ERR_ Event
  ViewModel        2202
  c199f6f0-1d13-415a-be16-3ec1a41dcda6
  3-0-0 System.Exception: Authentication failed because response data could not be parsed. ---> System.ArgumentException: User agent string ("Mozilla/5.0 (Windows NT 6.4; Win64; x64; Trident/7.0; MSAuthHost/1.0; rv:11.0)
  like Gecko") does not contain match for Windows version regex pattern ("Windows NT (?<Version>6\.2|6\.3)").
  Parameter name: userAgent
    at Microsoft.Management.Services.SelfServicePortal.DataAccess.Service.AuthenticationResponseData.GetWindowsVersion(String userAgent)
    at Microsoft.Management.Services.SelfServicePortal.DataAccess.Service.AuthenticationResponseData..ctor(String responseData)
    at Microsoft.Management.Services.SelfServicePortal.DataAccess.Service.IntuneAuthenticationService.<UpdateContextFromAuthenticationResponseAsync>d__c.MoveNext()
    --- End of inner exception stack trace ---
    at Microsoft.Management.Services.SelfServicePortal.DataAccess.Service.IntuneAuthenticationService.<UpdateContextFromAuthenticationResponseAsync>d__c.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.Management.Services.SelfServicePortal.DataAccess.Service.IntuneAuthenticationService.<AuthenticateAsync>d__0.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.Management.Services.SelfServicePortal.ViewModels.ServiceLoginPageViewModel.<AuthenticateAsync>d__b.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.Management.Services.SelfServicePortal.ViewModels.ServiceLoginPageViewModel.<AuthenticateWithExceptionHandlingAsync>d__6.MoveNext()
  ==========================================================
  2014-10-30T17:44:57.6486693Z VERB
  MethodLeave Common    
       1801 c199f6f0-1d13-415a-be16-3ec1a41dcda6
  3-0-0 Microsoft.Management.Services.SelfServicePortal.ViewModels.Common.ApplicationStatusMonitor - DelayPolling() Leave
  2014-10-30T17:44:57.6486693Z VERB
  MethodEnter Common    
       1800 c199f6f0-1d13-415a-be16-3ec1a41dcda6
  3-0-0 Microsoft.Management.Services.SelfServicePortal.ViewModels.Common.ApplicationStatusMonitor - CheckMonitoringCapable() Enter
  2014-10-30T17:44:57.6486693Z INFO
  Event None
          0 'Microsoft.Management.Services.SelfServicePortal.Common.Portable.DataAccess.IApplicationsRepository' is not registered, monitoring is not capable.
  2014-10-30T17:44:57.6486693Z VERB
  MethodLeave Common    
       1801 c199f6f0-1d13-415a-be16-3ec1a41dcda6
  3-0-0 Microsoft.Management.Services.SelfServicePortal.ViewModels.Common.ApplicationStatusMonitor - CheckMonitoringCapable() Leave
  2014-10-30T17:44:57.6486693Z VERB
  MethodEnter Common    
       1800 c199f6f0-1d13-415a-be16-3ec1a41dcda6
  3-0-0 Microsoft.Management.Services.SelfServicePortal.ViewModels.Common.ApplicationStatusMonitor - DelayPolling() Enter
  2014-10-30T17:44:57.6486693Z INFO
  Event None
          0 Attempting to delay polling task for '30' seconds.
  ==========================================================
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

  I just noticed the same. Looking at the following error message it seems to do a version check and based on the results of that check I would think that it's not supported yet.
  System.ArgumentException: User agent string ("Mozilla/5.0 (Windows NT 6.4; Win64; x64; Trident/7.0; MSAuthHost/1.0; rv:11.0) like Gecko") does not contain match for Windows version regex pattern ("Windows NT (?<Version>6\.2|6\.3)").
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Self service software portal

  Hi,
       We are starting to look at Windows Intune and had a question.  If we want to implement the self service software portal, do we need SCCM 2012 installed in our environment?  
  Thanks, Mike

  Windows Intune has two offerings:   Windows Intune Cloud Only and Unified Device Management with Config Manager+Windows Intune.
  The Self Service Portal (either web portal or the Apps) are available on both offerings.  SCCM 2012 is not required.
  However, if you are using Config Manager + Windows Intune SCCM 2012 is required. (Recommend R2 as it has all the new features available like Android Management, VPN/Email Profiles)
  Thanks,
  Jon L. - MSFT - This posting is provided "AS IS" with no warranties and confers no rights.

• Password sync even with AD FS?

  If we implemented AD FS for use with Intune/SCCM and DirSync, does password sync also need to be enabled?
  As I understand DirSync is required for Intune when SCCM is used, even if AD FS is implemented, but what about Password sync?

  No, not if you have ADFS stood up and federation with configured with Azure AD.
  Yes, DirSync must be used to populate Azure AD which Intune in turn uses.
  Ultimately, you are asking about where user's will authenticate against. With ADFS and federation, they will authenticate against your internal AD. Without ADFS and federation, they need to authenticate against Azure AD and so you must use password sync
  so that they can use the same password as they do internally. I guess strictly speaking, you could get away without having password sync enabled, but then how would the users know what password to use?
  Jason | http://blog.configmgrftw.com

• Device Enrollment Manager and Bulk Enrollment with Apple Configurator

  Hello,
  Regarding the Device Enrollment Manager and Bulk Enrollment with Apple Configurator features released with Microsoft Intune in november/december 2014:
  When will these features be available for the Intune hybrid parity? (Intune + SCCM 2012 R2)
  We would really like to utilize the Device Enrollment Manager user account for shared device scenarios and the bulk enrollment feature to deploy multiple IOS devices to classroom iPads but we are "on hold" for now until these features will be released
  for the hybrid parity version of Intune.
  https://technet.microsoft.com/nb-no/library/dn764961.aspx
  https://technet.microsoft.com/nb-no/library/dn764958.aspx

  There is no information available about when new features will be released. Probably this will be available in either a future CU, or vNext. Looking at the possible impact of that change, I would guess vNext.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Clarification needed - Intune and SCCM side by side

  Hi Forum
  I need some clarification on how the Intune and SCCM client will react when on the same workstation. non-integrated.
  Will it refuse install? I know its not ideal, I just need to know.
  Say I managed Endpoint in Intune and Updates in SCCM. Is this even possible?
  Thanks in advance
  NN

  It shouldn't be used like that, either use the hybrid configuration, of Intune integrated with ConfigMgr, or use them stand-alone.
  Also, just for testing purpose, I just tried to install the Intune agent on a machine with the ConfigMgr client installed and the installation failed with an error message stating that the ConfigMgr client should be uninstalled first.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude