SCCM 2012 R2 +Intune Subscription

Similar Messages

• Deploying ipa file via SCCM 2012 R2 / Intune

  Hello Experts,
  We recently set up a Windows Intune Subscription in our Configuration Manager 2012 R2 Environment. The MDM part (Configuration Items) and deploying app store deep links is working without any problems.
  In our company we have a native iOS App which is currently distributed via a website. (Not App Store!). I tried to distribute the app via configuration manager 2012 r2 but the app doesn't show up in the company portal even after a day. I made the following
  steps to distribute the app:
  1. Received the ipa and plist File from the Developer.
  2. Added the application to configuration manager 2012 r2
  3. Deployed the application to my intune user collection (DP: manage.microsoft.com / Purpose: Available) 
  Did i miss any importent step? One thing i can say is that the app is not signed with our APN Certificate which is used in the Intune Subscription. According to our developer this should not be neccessary?!
  Thanks for any advice.

  I redeployed the app and the following entries were in the logs:
  dmpuploader.log:
  Found sync start for replication group CloudDmp~~  $$<SMS_DMP_UPLOADER><04-08-2014 14:53:20.870-120><thread=1268 (0x4F4)>
  StartUpload for replication group CloudDmp last sync version 102489 ...~~  $$<SMS_DMP_UPLOADER><04-08-2014 14:53:20.870-120><thread=1268 (0x4F4)>
  Startload succeeded with transmission ID c3d5cd09-24ab-41ca-882b-16884cee269e~~  $$<SMS_DMP_UPLOADER><04-08-2014 14:53:21.198-120><thread=1268 (0x4F4)>
  Expecting sync data or sync end message, however message type is DRS_SyncPing~~  $$<SMS_DMP_UPLOADER><04-08-2014 14:53:21.697-120><thread=1268 (0x4F4)>
  EndUpload transmission c3d5cd09-24ab-41ca-882b-16884cee269e final data version 102490 succeeded~~  $$<SMS_DMP_UPLOADER><04-08-2014 14:53:21.822-120><thread=1268 (0x4F4)>
  Found sync start for replication group CloudDmp~~  $$<SMS_DMP_UPLOADER><04-08-2014 14:53:21.822-120><thread=1268 (0x4F4)>
  StartUpload for replication group CloudDmp last sync version 102490 ...~~  $$<SMS_DMP_UPLOADER><04-08-2014 14:53:21.822-120><thread=1268 (0x4F4)>
  Startload succeeded with transmission ID fc4037f9-f99a-40a4-bf8a-a827a007228f~~  $$<SMS_DMP_UPLOADER><04-08-2014 14:53:21.947-120><thread=1268 (0x4F4)>
  Expecting sync data or sync end message, however message type is DRS_SyncPing~~  $$<SMS_DMP_UPLOADER><04-08-2014 14:53:22.071-120><thread=1268 (0x4F4)>
  EndUpload transmission fc4037f9-f99a-40a4-bf8a-a827a007228f final data version 102491 succeeded~~  $$<SMS_DMP_UPLOADER><04-08-2014 14:53:22.181-120><thread=1268 (0x4F4)>
  outgoingcontentmanager.log
  Computed hash: FD2EBFDE308A335BCC11B416A5069975CFB36244DA6398871BF284641F720F00  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:17.272-120><thread=8604 (0x219C)>
  Content hash validated for 'Content_25b08807-a83b-4736-ac0e-64e82cbd62bc'.  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:17.288-120><thread=8604 (0x219C)>
  STATMSG: ID=9515 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_OUTGOING_CONTENT_MANAGER" SYS=SERVER.fqdn SITE=P01 PID=5104 TID=8604 GMTDATE=Di Apr 08 12:49:17.288 2014 ISTR0="P01001B7" ISTR1="["Display=\\manage.microsoft.com\"]MSWNET:["SMS_SITE=P01"]\\manage.microsoft.com\"
  ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=2 AID0=400 AVAL0="P01001B7" AID1=404 AVAL1="["Display=\\manage.microsoft.com\"]MSWNET:["SMS_SITE=P01"]\\manage.microsoft.com\"  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014
  14:49:17.288-120><thread=8604 (0x219C)>
  STATMSG: ID=9516 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_OUTGOING_CONTENT_MANAGER" SYS=SERVER.fqdn SITE=P01 PID=5104 TID=8604 GMTDATE=Di Apr 08 12:49:17.288 2014 ISTR0="P01001B7" ISTR1="["Display=\\manage.microsoft.com\"]MSWNET:["SMS_SITE=P01"]\\manage.microsoft.com\"
  ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=2 AID0=400 AVAL0="P01001B7" AID1=404 AVAL1="["Display=\\manage.microsoft.com\"]MSWNET:["SMS_SITE=P01"]\\manage.microsoft.com\"  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014
  14:49:17.288-120><thread=8604 (0x219C)>
  Uploading package P01001B7 from source D:\Program Files\Microsoft Configuration Manager\SMS_OCM_DATACACHE\P01001B7.1.9956.~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:17.397-120><thread=8604 (0x219C)>
  ICM Intializing...~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:17.397-120><thread=8604 (0x219C)>
  Found certificate with thumbprint 5432E7D0D36FAF934364B7E3AFC4BB181FE41185~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:17.412-120><thread=8604 (0x219C)>
  Content source directory is D:\Program Files\Microsoft Configuration Manager\SMS_OCM_DATACACHE\P01001B7.1.9956~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:17.444-120><thread=8604 (0x219C)>
  Creating a software distribution package for SCCM PackageId P01001B7 from location D:\Program Files\Microsoft Configuration Manager\SMS_OCM_DATACACHE\P01001B7.1.9956\Content_25b08807-a83b-4736-ac0e-64e82cbd62bc.1\App.ipa.~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014
  14:49:17.553-120><thread=8604 (0x219C)>
  Phase: AuthoringMetadata started.~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:18.270-120><thread=8604 (0x219C)>
  Preparing files for upload for SCCM PackageId P01001B7, SCCM ApplicationId 283cb33f-177c-4957-9e2c-d376c2311b77, IntuneApplicationId 2c9a7e42-85e4-41a2-8754-ae971be40808~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:19.628-120><thread=8604
  (0x219C)>
  Progress: 100% (phase), 16% (total). ~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:19.643-120><thread=8604 (0x219C)>
  Progress: 100% (phase), 16% (total). ~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:19.659-120><thread=8604 (0x219C)>
  Phase: EncryptingFiles started.~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:19.659-120><thread=8604 (0x219C)>
  Progress: Item type: EncryptedFiles. Completed: 1. Total: 1~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:20.236-120><thread=8604 (0x219C)>
  Progress: 100% (phase), 33% (total). ~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:20.236-120><thread=8604 (0x219C)>
  Files are ready for upload for SCCM PackageId P01001B7. Folder 'C:\Windows\TEMP\SoftwarePublishing\5104_46\12189ee0-304b-494d-b1e2-f45a61200e0b'.~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:20.236-120><thread=8604 (0x219C)>
  Uploading metadata for SCCM PackageId P01001B7, Intune PackageId 2c9a7e42-85e4-41a2-8754-ae971be40808~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:20.252-120><thread=8604 (0x219C)>
  Phase: UploadingMetadata started.~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:20.298-120><thread=8604 (0x219C)>
  Progress: 100% (phase), 50% (total). ~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:20.860-120><thread=8604 (0x219C)>
  Uploading files for SCCM PackageId P01001B7, Intune PackageId 2c9a7e42-85e4-41a2-8754-ae971be40808~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:20.860-120><thread=8604 (0x219C)>
  Phase: UploadingFiles started.~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:20.860-120><thread=8604 (0x219C)>
  Progress: 100% (phase), 66% (total). ~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:43.808-120><thread=8604 (0x219C)>
  Upserting MDMContent table for SCCM PackageId P01001B7.~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:43.871-120><thread=8604 (0x219C)>
  Upload is complete for SCCM PackageId P01001B7~~  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:43.917-120><thread=8604 (0x219C)>
  Successfully processed package ID P01001B7 for MDM distribution point ["Display=\\manage.microsoft.com\"]MSWNET:["SMS_SITE=P01"]\\manage.microsoft.com\.  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:43.917-120><thread=8604 (0x219C)>
  ~Successfully created/updated the package server in the data source.  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:43.933-120><thread=8604 (0x219C)>
  STATMSG: ID=2330 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_OUTGOING_CONTENT_MANAGER" SYS=SERVER.fqdn SITE=P01 PID=5104 TID=8604 GMTDATE=Di Apr 08 12:49:43.949 2014 ISTR0="P01001B7" ISTR1="["Display=\\manage.microsoft.com\"]MSWNET:["SMS_SITE=P01"]\\manage.microsoft.com\"
  ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=2 AID0=400 AVAL0="P01001B7" AID1=404 AVAL1="["Display=\\manage.microsoft.com\"]MSWNET:["SMS_SITE=P01"]\\manage.microsoft.com\"  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014
  14:49:43.949-120><thread=8604 (0x219C)>
  StateTable::CState::Handle - (2330:1 2014-04-08 12:49:43.949+00:00) >> (2331:1 2014-04-03 14:33:42.595+00:00)  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:43.949-120><thread=8604 (0x219C)>
  CStateMsgReporter::DeliverMessages - Queued message: TT=1401 TIDT=0 TID='7F6041B0-3EE2-427F-AB72-B89610A6331C' SID=2330 MUF=0 PCNT=2, P1='P01' P2='2014-04-08 12:49:43.949+00:00' P3='' P4='' P5=''  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:43.949-120><thread=8604
  (0x219C)>
  CStateMsgReporter::DeliverMessages - Created state message file: D:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\1mdiw5qb.SMX   $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:43.995-120><thread=8604
  (0x219C)>
  Successfully send state change notification 7F6041B0-3EE2-427F-AB72-B89610A6331C  $$<SMS_OUTGOING_CONTENT_MANAGER><04-08-2014 14:49:43.995-120><thread=8604 (0x219C)>
  I searched the log file in the company portal for the app name but i couldn't find anything.

• SCCM 2012 R2 + Intune - Android Enrollment issue

  Hi,
  I have an issue enrolling Android devices in our SCCM 2012 R2 in combination with Windows Intune, ADFS & DirSync.
  All devices except Android enroll just fine, are visible in SCCM, get Apps and policies. When I try to enroll my Android devices (tried multiple types and Android versions) I get
  an error after being redirected to the ADFS login page. I get an error stating the page has either moved, been deleted or is not reachable due to connectivity issues. When logging in on portal.manage.microsoft.com everything, including the redirection, works
  fine.
  All prerequisites are in place, the only thing which I haven't added is the Exchange Connector due to an 2007 backend, but afaik this isn't needed for basic Android enrollment
  and management.
  What I do notice is that the Company Portal for Android is redirected to a different URL for ADFS than, for example, my laptop.
  Laptop URL: https://adfs.contoso.com/adfs/ls/?cbcxt=portal&popupui=1&vv=&username=username%40contoso.com&mkt=&lc=9&wfresh=&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=wa%3Dwsignin1.0%26wreply%3Dhttps%253a%252f%252fmanage.microsoft.com%252fUISecurityTokenService%252fStsLoginRedirect.aspx%26wctx%3Dhttps%253a%252f%252fm.manage.microsoft.com%252f%26cbcxt%3DPortal%26wp%3DHBI_FED%26popupui%3D1%26lc%3D9%26bk%3D1392111237%26LoginOptions%3D3
  Android Device URL:
  Anyone else had these issues? As I can't seem to find anything related about it online.
  Thanks in advance,
  Br David

  Hi Nick,
  I solved this problem by adding the Root and Intermediate certificates to my ADFS proxy server. It seems, though it's is not very well documented, that Android / Chrome have issues with resolving entire certificate chains, and on top of that there are less
  Trusted Root CA's in both Chrome and Android. This is proven by the fact that iOS and WP8 enrollment worked just fine.
  After adding adding the missing Certs on my ADFS proxy server, and rebooting the machine, everything works as intended.
  Let me know if this solved your problem, if not maybe I have another idea for you.
  Br David
  edit: and ofcourse now I see your answer, so it seems you got your problem fixed. Leaving my answer up here just in case.

• Cost of Intune and SCCM 2012 r2 vs SCCM 2012 r2 ICBM

  Is there any research/info on pros and cons of SCCM 2012 using intune for internet clinet management vs SCCM 2012 r2 and ICBM?  Things like cost, supportabiliy, etc.  I have seen intune vs sccm not Intune & SCCM vs SCCM and Internet Client
  Based Management. 
  Cyndy

  Hi,
  I think the reason is that you cannot manage Windows clients using the WIndows Intune Agent and integrate it with SCCM 2012. The integration with Intune and SCCM 2012 is for Mobile Device Management only so there is no possibility to install the Windows
  Intune Agent on a client and then manage it through the SCCM Admin Console.
  THe only scenario where that would work is if you manage a Windows 8.1 with the OMA-DM agent and enroll them in Intune as a mobile device with a limited set of features.
  So ICBM is still the way to go if you need all the features in SCCM or you want one console to rule them all.
  Regards,
  Jörgen  
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Windows Intune, Windows 8.1, SCCM 2012 R2

  Hello,
  I am planning to setup a new infrastructure to manage devices using Intune and SCCM 2012 R2 for one of my customer.
  We plan to have one single site, where in the devices will be imaged with Windows 8.1 and then will be provided to users who roam around the world.
  We like to manage these devices and do:
  1. Inventory
  2. Software Distribution
  3. Software Updates
  4. EndPoint Protection
  5. Reporting
  I have come to learn that:
  1. Add and verify company domain at account.manage.microsoft.com
  2. Add UPN in AD
  3. Run DIR Sync for Users
  4. Configure Intune Subscription
  5. Install Connector
  6. Whats the next step for configuring Windows 8.1?
  My questions:
  1. Is Cloud based Distribution Point required for hosting content. If not, how will the devices download the content and install the app?
  2. Do we need PKI for Windows 8.1 devices(enrollment and management)?
  3. Where should I install Company App Portal?
  4. What are the different ways of enrolling Windows 8.1 device (Workplace & Store)?
  5. Any other info if you can share, really appreciate
  Please advice
  Rajiv

  Hello Nico,
  Thanks for the guidance.
  1. Distribution Point: manage.microsoft.com - whats the disk size/storage available by default. Is it unlimited. As the Intune license is user based. I can have 5 devices enrolled per user. I may have loads of packages/apps.
  5. Your apps need to be signed with certificate that's is trusted by your device : I guess when we import
  an Application in SCCM, it never checks if it has a signed certificate. One would need to ensure that the cert is present.
  Can I install software updates to devices managed using SCCM Intune?
  We are planning to have a single site with a remote DP for building devices with Windows 8.1. Once the device is ready, it will be given to the user. The user will enroll the device and is good to go. I am sure we will be able to embed Company Portal App
  into the build image?
  Thanks
  Raijv

• Wifi profiles SCCM 2012 R2 and Windows Intune

  Hi All,
  A quick question regarding SCCM 2012 R2 and the new Wifi Profiles feature...
  Can anyone confirm if you need windows Intune combined with SCCM 2012 R2 to be able to deploy WIFI profiles to users devices i.e Windows 8.1, IOS and Android platforms?  Microsoft documentation is not clear on this subject.
  Any help would be much appreciated.
  Regards PowerShell90

  It not as straight forward as one would hope. I am running the latest version of SCCM 2012 R2 CU2 connected to my Windows Intune subscription. There are a lot of hickups. One is that the direct of management needs to be all or nothing. In other words you
  either need to use Windows Intune solely to manage your devices or SCCM 2012 R2 (via connector). If the later then you must do everything from in SCCM 2012 R2. You cannot hybrid manage your devices as this will screw things up.
  Android for some reason is left out on a lot of features. I would think that MS Devs would work hard on the market share that being Android, not iOS. Any way, accord to some official MS articles Android is supported, but others claim that not all features
  are, these being the important ones like Email and Wi-Fi Profiles. They simply do not work.
  I think MS is heading in the right direction but there is a lot of work that needs to be done before this is a competitive product. I could care less if connects to my SCCM 2012 R2 server or not. Here are few things that I sent o a MS Support Rep today that
  need to be address.
  1. Better response time when updating devices after enrollment (e.g. Name change).
  2. The ability to locked down uninstalling Windows Intune from device.<o:p></o:p>
  3. The ability to locked down certain features in the Windows Intune app on device (e.g. User can reset device with Windows Intune app, rename, etc...).<o:p></o:p>
  4. Ability to rename device in either Windows Intune Admin Portal and/or SCCM 2-12 R2.<o:p></o:p>

• Linking InTune to SCCM 2012 SP1

  Hi, I have a question around what is required to link InTune and to our local SCCM 2012 SP1 server.
  Is it required to sync our Active Directory objects?  What we are hoping to achieve is to simply install the InTune client on our Windows 7/Windows 8 laptops and tablets, then manage updates, antivirus, remote control and inventory data. 
  We don't need the ability to have users self enroll devices, we will be installing the client in the IT department.  We also do not need to provide the ability to users to log in to install applications from a portal.  We just want to manage the
  devices.
  We just want to be able to bring data from the InTune system into our local SCCM database if possible as it ties into our inventory system.
  That being said, I've verified our domain in InTune.  Do I need to sync Active Directory or can I omit this and set up the InTune subscription in SCCM?
  Thanks,
  Travis

  The official answer is
  YES.
  http://technet.microsoft.com/en-us/library/jj884158.aspx#bkmk_preq
  The device apps prompt the user to log in.  If their account isn't present within Azure AD (and therefore InTune), users will not be able to log in.  In reality, i suspect some stuff would work, but with cloud services especially, i'd stick to
  the official support guidance.
  Mike Crowley | MVP
  My Blog --
  Planet Technologies

• SCCM 2012, Intune and Windows OS Support

  I am just trying to confirm what I believe I am reading about Microsoft OS Support for Windows Intune when integrated with SCCM 2012 R2...
  What I believe to be the case:
  Windows RT, Windows RT 8.1, Windows 8.1 all have the ability to enroll via OMA-DM, thus can be managed by SCCM.
  Down-level OS's such as XP SP3, Vista, and Windows 7 require the Intune Client to be installed, thus can only be managed by a standalone Intune subscription?
  Can anyone confirm this?
  Thanks!

  More or less correct.
  Generally, even for Win 8.1 and WinRT, IBCM or DirectAccess are a better choice than OMA-DM as it can only enable management of a limited subset of features. Two important ones cannot be: software updates and endpoint protection.
  As you've seen (based on your other thread), you can still use the Intune subscription that is connected to your ConfigMgr site to manage devices with the Intune client installed. Effectively, there are two halves of the Intune subscription, the full client
  management half and MDM half which can be controlled by Intune or ConfigMgr. Just because the MDM half is controlled by ConfigMgr does not technically preclude you from still utilizing the full client management half. That's not at all saying you should do
  this though, but you certainly could.
  Jason | http://blog.configmgrftw.com

• Remote reset PIN on Mobile Devices - SCCM 2012 R2 w/ Intune

  Hi Forum
  I am wondering if this is possible. Can I reset a PIN on a phone (WP, Android, iOS, etc), mainly concerned with WP8 and WP8.1.
  I know this is possible through Intune standalone. However, Windows Intune is connected to SCCM 2012 R2 as the authority. Can i reset the PIN remotely on these phones? Does this have anything to do with the Intune Extensions, if so which one?
  Thanks in advance
  NN

  Quick thanks first for all the replies.
  WP does not support this feature neither with Intune Standalone nor with ConfigMgr.
  Only iOS & Android support.
  http://scug.be/blogs/nico Twitter: @nsienaert
  Is this right, I thought an update got released for this in Intune Standalone?
  http://blogs.technet.com/b/windowsintune/archive/2014/04/28/availability-of-update-to-windows-intune-for-windows-phone-8-1-and-samsung-knox-standard.aspx?loc=zYFCz&prod=zWIz&tech=zOttechz&prog=zOTprogz&type=zBLz&media=zOTmediaz&country=zUSz
  First paragraph states:
  "...and the ability to remotely lock or reset a device’s PIN."
  Although looking in my console at laptops, EAS managed devices and Intune Managed devices the option does seem to be greyed out???
  The process seems to be the same as I thought for ConfigMgr, so thanks for clarifying.
  Thanks
  NN

• Best Strategy for Managing Laptops in a Mixed InTune / SCCM 2012 World

  We're interested in leveraging Intune to help secure and update our roaming laptop users. We have a group of domain-joined laptops that spend a good deal of time off the company network. We thought we could use Intune to make sure these machines stay updated
  and safe while off the network. I understand that we should make sure the SCCM 2012 client does not get installed on any machine that has the Intune client. Will connecting and logging into our domain cause any issues for these clients that anyone can see?
  Orange County District Attorney

  I'm glad that it should work in our instance. Our office just bought some Office 365 licenses as well as Intune. We thought Intune could solve our issue of roaming laptops. We just recently came into some laptops that would be our first, out-of-the-office
  work systems that we want to manage. The Microsoft folks are assuring us this is the way to go for this particular instance. We haven't had a need to use IBCM or DirectAccess up to this point. We've run into issues with our County firewall folks that
  won't let us run DirectAccess as we do have a Juniper VPN that takes care of our remote issues. As for IBCM, we'll have to look a bit deeper into that and see if it has better features for us than Intune does. We don't have any mobile management requirements
  in the near future so I'm left wondering why the heck are management even bought the licenses.
  Thanks for the note back on my question.
  Orange County District Attorney

• Windows Intune with SCCM 2012 R2.

  Windows Intune with SCCM 2012 R2.
  I am able to download Certificate Signing Request (CSR).
  When I submit CSR file to Apple Push Certificates Portal I get following prompt:
  Do you want to open or save create02fe592d.json (132 bytes) from identity.apple.com?
  I am unable to get the APN Certificate.

  That is a known issue with Internet Explorer and the Apple Website.  If you just go back to the main page where all your certificate are located you can download it from there.
  Jon L. - MSFT - This posting is provided "AS IS" with no warranties and confers no rights.

• Microsoft Intune and SCCM 2012 R2 Integration - Windows 7 clients.

  Hi All,
  This is our scenario I am trying to find out more about Intune integration with SCCM 2012 R2 and what solution is best for us.
  We have a SCCM 2012 R2 instance up and running which services/monitors machines on our internal network. All of these machines are Windows 7 OS. We have laptops that travel frequently and need for these to report back to our SCCM server whilst connected
  via internet connections. Also we have multiple "off domain" machines (ie workgroup machines) which we also need to report back to the same SCCM server.
  I have read a lot about Intune integration with SCCM but it appears to be targetted at MDM not around PC management.
  What would be the best way for us to move forward?
  Thanks in advance.

  Just see my reply in the ConfigMgr forums. 
  Torsten Meringer | http://www.mssccmfaq.de

• Windows 8.1 mobile device management using integrated environment of SCCM 2012 R2 and Windows intune

  Can we avoid the dependency on the Symantec certificate  for enabling windows phone enrollment under Administration->Cloud services -> Windows InTune subscriptions - Windows Phones. My environment will have only windows 8.1 phones.
  Regards
  Leela

  See http://status.manage.microsoft.com/StatusPage/ServiceDashboard. 
  Engineers are investigating a service issue impacting access to portal via mobile devices.
  (Started on 12/30/2014 8:00:00 AM UTC)
  1/8/2015 11:42:49 PM (UTC)
  Current Status: Engineers are continuing to troubleshoot potential issues related to Active Directory Federation Services (ADFS). Engineers have gathered additional traces and logging data for deeper analysis. User Experience: Affected users with Windows Phone,
  iOS, or Android devices are unable to access their company portal and receive repeated prompts to enter credentials. If incorrect credentials are entered, users will receive an error stating that they have entered a bad password. Customer Impact: Engineers
  have received reports that some customers are experiencing this issue. A subset of users are affected by this event. Other users remain unaffected. Incident Start Time: Tuesday, December 30, 2014, at 8:00 AM UTC Next Update by: Tuesday, January 13, 2015, at
  12:00 AM UTC
  Torsten Meringer | http://www.mssccmfaq.de

• Windows 8.1 laptop computer not showing in SCCM 2012 devices collection

  Hi,
  I am trying to do a POC on license management from  SCCM 2012. I have configures a SCCM 2012 server and intune subscription also. I have Android, iOS and desktop apps uploaded (.msi). when I enrolled android and ios devices its shows up in SCCM,
  devices collection but do not show in Intune.
  my company portal is nicely coming up on android and iOS tabs. on the other hand company portal showing only Web apps, on a win8.1/7 laptop.
  When I tried to enroll 2 windows 8.1/ 7 laptop (intel x86), they donot show up in SCCM. clients of intune manually installed, endpoint protection of SCCM installed also on both boxes.
  I tried updating membership in SCCM for both know and unknown type, many time and also triggered Deployment of some desktop app, to the win 8.1 laptops. the desktops are showing in Intune All devices -> all computers nicely. But
  not in SCCM2012.
  what did I missed, I tried to add all the logical roles. below is some details what shows up in Intune:
  indranil

  If you installed the Intune agents on the Win 8.1 and Win 7 systems, then they will never show up in ConfigMgr.
  There are basically two parts of Intune -- a Mobile Device Management piece and a Windows management piece. The Intune connector in ConfigMgr takes over the MDM piece and nothing more. When ConfigMgr takes over this MDM piece, as Torsten said, all MDM devices
  enrolled show up in ConfigMgr and not Intune because that's now controlled by ConfigMgr. The Windows management piece remains unchanged and separate though and so those systems will be directly managed by Intune only or ConfigMgr only.
  So you have three options there:
  - Install the ConfigMgr agent and managed using COnfigMgr
  - Install the Intune agent and manage using Intune
  - Enroll the systems using OMA-DM which manages them as if they were devices. This means so you don't get SCEP or Windows Updates or most of the other ConfigMgr functionality. This is only valid for Win 8.1 though.
  Jason | http://blog.configmgrftw.com

• Intune, SCCM, and the Intune client installer

  Hello,
  Was wondering if there is a way to prevent users from Installing the Windows Intune Client agent?
  Scenario:
  SCCM 2012 R2 with integrated Windows Intune subscription.  I have successfully enrolled an iPad and a Windows 8.1 computer.  I was then able to download and install the Windows Intune Client agent on my Windows 8.1 device which redirected my device
  to being managed by Intune exclusively, and no longer via SCCM.  It also changed my System Center Endpoint Protection to Intune Endpoint protection.  The only way to get it back was to go to the Intune Management Console and retire the device, which
  triggers an uninstall of the Intune client.  The good news is that it restored the previous information for the SCCM/Intune enrollment. However...
  A significant and unfortunate side effect of this is that Endpoint protection was also removed as part of the Intune client uninstall leaving the computer without Anti-malware protection.
  I would like to prevent this from happening for obvious reasons.  In a BYOD scenario the user will have the permissions locally to do this and given its the same subscription for Intune there doesn't appear to be a way to ensure they cannot.  
  Am I missing something simple here?  
  Thanks!

  I guess a couple of data points:
  - Enrolling a Win 8.1 system using OMA-DM for management by ConfigMgr via Intune does not provide additional anti-virus above or beyond the built-in Windows Defender
  - Removing the Intune agent reverts the system back to using Windows Defender the same as it was before Intune was installed
  So, I would say that first, this statement is inaccurate: "leaving the computer without Anti-malware protection". And, also, there's no difference between the two states of pre-Intune agent installation and post-Intune agent uninstallation from an AV perspective.
  As for explicitly preventing the Intune agent installation, obscurity is probably the the only way to go at this point to my knowledge -- simply don't tell folks about it or how to find it.
  Jason | http://blog.configmgrftw.com