I was looking for a hands on video, not just a theoretical knowledge and I must admit that this video has solved the purpose. I am glad that I came across this video
Thank you so much for the upload. This was very easy to understand and your voice is so soothing that it helped me absorb the material much better. Greetings from San Jose California.
As always, you make some great videos. The Demonstrations of how to actually do something in the Admin Centers is fantastic. Its so much more helpful than other videos that simply explain something on a high concept level. I feel better prepared to do an actual job, perform an actual task at work, after seeing your videos. Along those lines... have you considered making one or two videos with Demos on how to be a better technician by... Asking Better or Appropriate Questions, how to use Active Listening, or ways to impress clients or customers at work. Thanks again for the great videos.
@@AndyMaloneMVP Andy, do you have a video explaining how to implement Intune and manage device soup to nuts from the licensing to the actual Management? It's the licensing an Azure AD licensing that's confusing.
Very nice, but confusing as it looked like someone else might be using the mouse and there is a delay between what you say and what you do with clicking the things on the screen.
Hi Andy, I always enjoy your videos and this is no exception. Have you done one about Microsoft Graph API PowerShell? I have been quite shocked by how much the new MS-102 appears to rely on what, for me, is a previously unexplored topic! How do you go about learning something new like this?
Learn.Microsoft.com is the best place. I’m just waiting for the official crossword to be released LOL. Take a look at it as I’m scheduled to teach it soon. Stop
Hi Andy, again awesome video! May I ask if it is possible to manage company iPhones with two SIMs / two phone numbers (one company, one private) in a way, that the employee can freely use the iPhone for private purposes on one side and for company on the other side, ensuring, that there is no data exchange between the private and company sphere. As a company, we would allow the installation of certain APPs while the private sphere is not restricted in any way. Thanks for your help!
Two Sims? Gosh, I’ll be honest I don’t know. I would go onto the Microsoft Tech forum and go to the Intune channel and post a question there. I’m sorry I couldn’t give you a more definite answer.
Hi Andy, very interresting and lot of tips as usual However i have a question regarding for enrollement in intune Last Year I had configured my clients laptop to joined to Azure AD and working fine but at that moment they were not ready to enroll to Intune Now they have decided to implement their laptop to be enrolled to Intune I have setup automatic the MDM/MAM and enable automatic enrollment. Selected all users devices from Azure AD join and registration settings but no devices were populated in all devices in the intune admine center How can i have them enroll in intune Thanking you in advanced Regards Ash
Question - You may have answered this already .... Environment of 50+ O365 Standard licenses .... Can I assign myself the O365 Premium license and manage all the O365 Standard devices ?
I have a question ! why do we have to use two platforms? (i'm a beginner) - Microsoft Entra Admin Center & - Microsoft Intune Admin Center Are they two different platforms, why everything is not directly on Intune?
No, these are all on the Microsoft system. Although, they do use separate portals. Most operations are done in Intune. For more documentation and training, I suggest you visit learn.microsoft.com
Love your training. I have a problem with run as admin for tech support. It always blackout the remote support screen when it asking for the admin user name password. Wonder where to made a change so the tech can just right click to run as admin and be able to enter their elevator admin right.
Thank you for the great explanation, i wanted to ask you if we could pull the data about the active devices in the devices section and connect that to power bi for example, can we do that?
Thanks for great video. At timestamp 5:55 you 'Join this device to Azure Active Directory'. I don't see the option for the user I'm trying to implement. Do you have any solution to this? I also tried with an admin account which also doesn't have the option.
@@AndyMaloneMVP What kind of permissions do I need? I'm trying this with a Microsoft 365 Admin account that has an Intune license. Also thanks for the quick response!
@@AndyMaloneMVP i wonder if reapplying the intune license will enroll the aad joined device into intune. I aad joined a device and had forgot to add the user to automatic enrollment. When adding the user to automatic intune enrollment after the device was already aad joined the device didnt get enrolled into intune. Ill try it out, thank you
@@31qwoz once a device is through the AAD join process it will not auto-enroll. You can only auto-enroll from the out-of-box-experience or via autopilot. You can either rebuild the device, or manually enroll into management from the Settings panel on the device (known as 'enrol only in device management'. If you have lots of devices in this state and those two options aren't acceptable, it may be worth looking at a Provisioning Package (PPKG) to perform the bulk enrollment.
Hi How can we have only white listed devices are given permission to be enrolled and all other devices are blocked. Meaning - I should have initially registered the Serial/IMEI number of the end user device before they enrol their devices in Intune. If the device serial/EMEI number is not registered, they should not be able to enrol their devices. How can I achieve this?
You mentioned at around the 17 min mark that you can't manage devices via Intune that are Hybrid Azure AD Joined and that you'd have to use traditional methods (GPO's/SCCM). I'm going through other articles and videos and it conflicts with what you are saying. I have a test machine that is Hybrid AD Joined, and at first glance it does appear that I will be able to apply compliance and configuration polices. Could you elaborate a bit more? Thank you!
You can comanage hybrid devices between in tune and config manager. You need to deploy an agent onto the devices for comanagement. But it’s important to understand that those hybrid devices authenticate to active directory not Azure AD. As I’ve said in the past, you can move users from AD to AAD but I feel that this is looking backwards. There really is no need for PCs to be hybrid anymore. Everything can be done in in tune.
Check the MDM is enabled, also check that the user is licensed, and that your script is correct. For more details visit, learn.Microsoft.com. You can also post questions on the Microsoft tech community which is also really helpful. 👍
Hi! In my organization we're using Intune Plan 1 License, I'm trying to setup users as Standard but they're all have Admin rights, I've checked the account type, deployment profile, but no clue, do we need a different license?
Hi Andy. I dont know how frequently you check these messages. Need your expert response about "can we export all of the Intune Policies applied in one 365 tenant to another?" if yes how?
When you azure join a laptop with a non IT Admin azure login - is that best practice? I want to restrict that user from downloading applications they should not.
I would probably say yes. Remember you can create different profiles for different groups of users. As far as restricting apps of course it’s no problem you can include or exclude specific users from gaining access to applications. Watch out for part two in the series, I’m going to cover apps and also security. Thanks again and all the best 😊 Andy
Yes there is a policy for it. Right now though I’m having dinner and struggling to. Remember exactly where it is. I’m sure it’s a app protection policy
@@AndyMaloneMVP There is only one policy available to protect copies from laptop to USB. I can't find a policy to block USB for both(reading and writing)
@@LPatel-gg7cq for specific settings for these tools, I suggest that you either visit learn.microsoft.com or submit a question to the Microsoft tech community. I wish you the best of luck and thanks for reaching out.
The information you give is great but for the love of it please stop it making that silly swooshing noise every time you change screens. It get using the graphic whilst moving around but we dont need a swoosh to show it. This isnt a 12 year olds powerpoint.
After working with mostly onprem enterprise domains in my career this stuff is a breath of fresh air and the future so learn it!
Thanks Sean I’m delighted to have you onboard
Juist what i needed to get a greater understanding into Microsoft intune... Great Job!
I was looking for a hands on video, not just a theoretical knowledge and I must admit that this video has solved the purpose. I am glad that I came across this video
Glad it helped!
Thank you so much for the upload. This was very easy to understand and your voice is so soothing that it helped me absorb the material much better. Greetings from San Jose California.
Aw thank you most kindly 👍😊
i take the md 102 today thank you for refreshing content
I am new to Azure AD and Intune, thanks for the clear explanation. You earned a huge fan!
Aw how kind, thank you so much and welcome to my channel 👍
An excellent overview of Intune thanks Andy keep up the good work. I am glad I found your channel.
Thank you most kindly 👏👏👏👏
Amazing content Andy, thanks heaps. You're such a great man !
Thanks for the awesome Video. Looks like Azure AD was rebranded to Microsoft Entra ID
I just subscribed to you channel because i love the way you present things.
Many thanks and a warm welcome 👍😊
Just dropping by to say thank you so much for sharing your knowledge about intune. Great work! Looking forward for the next videos...😊
Thank you, most kindly, it should come in the next day or so 👍
As always, you make some great videos. The Demonstrations of how to actually do something in the Admin Centers is fantastic. Its so much more helpful than other videos that simply explain something on a high concept level. I feel better prepared to do an actual job, perform an actual task at work, after seeing your videos. Along those lines... have you considered making one or two videos with Demos on how to be a better technician by... Asking Better or Appropriate Questions, how to use Active Listening, or ways to impress clients or customers at work. Thanks again for the great videos.
Hey that’s a great suggestion. Let me see what I can do😊👍
Another great video Andy, can't wait till the next one. Thanks!
Thanks 🤗👍
Professor, Thanks again. I gotta run for now.
Respectfully, NHG
As always, great! Maybe a demo about LAPS in Intune?
I’m gonna do a dedicated session on it
Very Nice stuff Mr.Andy 🕶🕶🕶
Glad you enjoyed it
Very good stuff Andy!
Thanks for the video., its useful
Outstanding!!!!!
Andy365 thank you. ;) Amazing contents.
Thanks! Continuing education!
Awesome stuff
Thank you for making this video. As a Microsoft Partner their learning website is confusing as all hell.
You’re welcome and thanks 👍
@@AndyMaloneMVP Andy, do you have a video explaining how to implement Intune and manage device soup to nuts from the licensing to the actual Management? It's the licensing an Azure AD licensing that's confusing.
Thanks a lot!
Nice thank you sir
Thanks.
Very nice, but confusing as it looked like someone else might be using the mouse and there is a delay between what you say and what you do with clicking the things on the screen.
Hi Andy, I always enjoy your videos and this is no exception. Have you done one about Microsoft Graph API PowerShell? I have been quite shocked by how much the new MS-102 appears to rely on what, for me, is a previously unexplored topic! How do you go about learning something new like this?
Learn.Microsoft.com is the best place. I’m just waiting for the official crossword to be released LOL. Take a look at it as I’m scheduled to teach it soon. Stop
Hi Andy, again awesome video! May I ask if it is possible to manage company iPhones with two SIMs / two phone numbers (one company, one private) in a way, that the employee can freely use the iPhone for private purposes on one side and for company on the other side, ensuring, that there is no data exchange between the private and company sphere. As a company, we would allow the installation of certain APPs while the private sphere is not restricted in any way. Thanks for your help!
Two Sims? Gosh, I’ll be honest I don’t know. I would go onto the Microsoft Tech forum and go to the Intune channel and post a question there. I’m sorry I couldn’t give you a more definite answer.
@@AndyMaloneMVP thank you anyway!
Hi Andy,
very interresting and lot of tips as usual
However i have a question regarding for enrollement in intune
Last Year I had configured my clients laptop to joined to Azure AD and working fine but at that moment they were not ready to enroll to Intune
Now they have decided to implement their laptop to be enrolled to Intune
I have setup automatic the MDM/MAM and enable automatic enrollment. Selected all users devices from Azure AD join and registration settings
but no devices were populated in all devices in the intune admine center
How can i have them enroll in intune
Thanking you in advanced
Regards
Ash
disconnect and reconnect :-)
@@AndyMaloneMVP Ok Thanks. i will try that and will let you know.
Nice Explained🙂, Andy do you have any video information about Group Tag and How it works in Intune?
Not yet, but I'll add it to my list for you.
@@AndyMaloneMVP Thanks Andy
Question - You may have answered this already .... Environment of 50+ O365 Standard licenses .... Can I assign myself the O365 Premium license and manage all the O365 Standard devices ?
No
Correction as an admin you don’t need a licence to administer only use. In most cases!!
I have a question ! why do we have to use two platforms? (i'm a beginner)
- Microsoft Entra Admin Center
&
- Microsoft Intune Admin Center
Are they two different platforms, why everything is not directly on Intune?
No, these are all on the Microsoft system. Although, they do use separate portals. Most operations are done in Intune. For more documentation and training, I suggest you visit learn.microsoft.com
@@AndyMaloneMVP Excellent thanks Andy
Please pause and name the portal you switch to before clicking anything on it. Overall training was great
I normally do
Love your training. I have a problem with run as admin for tech support. It always blackout the remote support screen when it asking for the admin user name password. Wonder where to made a change so the tech can just right click to run as admin and be able to enter their elevator admin right.
The remote support feature in in tune carries an additional cost. It’s possible you don’t have the correct license.
So helpful. Just to know, what's the difference of joining to Azure AD or local AD domain? Thank you in advanced.
This will help ua-cam.com/video/GbntYTbXLHc/v-deo.html
Thank you for the great explanation, i wanted to ask you if we could pull the data about the active devices in the devices section and connect that to power bi for example, can we do that?
I would imagine so, but for details, I would check out the documentation on the web
@@AndyMaloneMVP can I ask you what keywords should I search for?
Thanks for great video. At timestamp 5:55 you 'Join this device to Azure Active Directory'. I don't see the option for the user I'm trying to implement. Do you have any solution to this? I also tried with an admin account which also doesn't have the option.
It’s called Entra ID now of course. If you don’t see this option, you either don’t have a license or permissions.
@@AndyMaloneMVP What kind of permissions do I need? I'm trying this with a Microsoft 365 Admin account that has an Intune license. Also thanks for the quick response!
@@jonasyeyeeywhat licence do you have
@@AndyMaloneMVP the license is called "Intune" in the M365 admin center
Excellent! After I joined the device to AZ Director, but I dont have access to Setting anymore ? Any advice?
Probably because the device is now managed in in tune
Great video, do you have a video for enrolling devices into intune for devices that are already AAD joined?
You just watched it. The first demo was an AAD join without ntune. The second was where I assigned an Intune licence. You don’t need to rejoin AAD 😊
@@AndyMaloneMVP i wonder if reapplying the intune license will enroll the aad joined device into intune. I aad joined a device and had forgot to add the user to automatic enrollment. When adding the user to automatic intune enrollment after the device was already aad joined the device didnt get enrolled into intune. Ill try it out, thank you
@@31qwoz once a device is through the AAD join process it will not auto-enroll. You can only auto-enroll from the out-of-box-experience or via autopilot.
You can either rebuild the device, or manually enroll into management from the Settings panel on the device (known as 'enrol only in device management'. If you have lots of devices in this state and those two options aren't acceptable, it may be worth looking at a Provisioning Package (PPKG) to perform the bulk enrollment.
@@DeanEllerbyMVP that's great information. Thank you, I'll try it out
Hi Andy can I know your contact number or email?
Hi
How can we have only white listed devices are given permission to be enrolled and all other devices are blocked. Meaning - I should have initially registered the Serial/IMEI number of the end user device before they enrol their devices in Intune. If the device serial/EMEI number is not registered, they should not be able to enrol their devices. How can I achieve this?
Dynamic rules are the answer here. For example, only! These devices
wonderful and its the future , but does not give single login to chrome
Weird, I have had no problems with Chrome. Of course I’m using a Mac, so I don’t know if it makes any difference.
You mentioned at around the 17 min mark that you can't manage devices via Intune that are Hybrid Azure AD Joined and that you'd have to use traditional methods (GPO's/SCCM). I'm going through other articles and videos and it conflicts with what you are saying. I have a test machine that is Hybrid AD Joined, and at first glance it does appear that I will be able to apply compliance and configuration polices. Could you elaborate a bit more? Thank you!
You can comanage hybrid devices between in tune and config manager. You need to deploy an agent onto the devices for comanagement. But it’s important to understand that those hybrid devices authenticate to active directory not Azure AD. As I’ve said in the past, you can move users from AD to AAD but I feel that this is looking backwards. There really is no need for PCs to be hybrid anymore. Everything can be done in in tune.
By moble devices do you mean phones, tablets and such or laptops too
Correct?
Your video is great, but I'm getting an error message when I try to upload a device. Can you offer advice.
Check the MDM is enabled, also check that the user is licensed, and that your script is correct. For more details visit, learn.Microsoft.com. You can also post questions on the Microsoft tech community which is also really helpful. 👍
I am expecting short about windows LAPS from you buddy
It’s on my list
Hi! In my organization we're using Intune Plan 1 License, I'm trying to setup users as Standard but they're all have Admin rights, I've checked the account type, deployment profile, but no clue, do we need a different license?
No, just remove them. Check out the service descriptions for more details.
We have E3 license. Do we need E5 and Mobility license for Intune/MDM?
Yes you will need EM&S. there is also an E3 version or you can add on Mobility separately.
won't an E3 license be sufficient?
No You need either an Intune or EM&S licence.
Hi Andy. I dont know how frequently you check these messages. Need your expert response about "can we export all of the Intune Policies applied in one 365 tenant to another?" if yes how?
You know that’s a very good question and something that I might take a look at in a future session. I’m not sure but I’ll investigate for you. 👍
When you azure join a laptop with a non IT Admin azure login - is that best practice? I want to restrict that user from downloading applications they should not.
I would probably say yes. Remember you can create different profiles for different groups of users. As far as restricting apps of course it’s no problem you can include or exclude specific users from gaining access to applications. Watch out for part two in the series, I’m going to cover apps and also security. Thanks again and all the best 😊 Andy
Good video, but the sound between the video is loud .
How i can block USB storage device using Intune?
Yes there is a policy for it. Right now though I’m having dinner and struggling to. Remember exactly where it is. I’m sure it’s a app protection policy
@@AndyMaloneMVP There is only one policy available to protect copies from laptop to USB. I can't find a policy to block USB for both(reading and writing)
@@LPatel-gg7cq for specific settings for these tools, I suggest that you either visit learn.microsoft.com or submit a question to the Microsoft tech community. I wish you the best of luck and thanks for reaching out.
Pretty cool
Not even Microsoft MVPs are using Windows anymore.
I’m a cloud, MVP
AVD with Intune😢😢😢
oh man..., you pushed advertising to the maximum! :) 👎
The information you give is great but for the love of it please stop it making that silly swooshing noise every time you change screens. It get using the graphic whilst moving around but we dont need a swoosh to show it. This isnt a 12 year olds powerpoint.
Hehe 😜 haven’t used that for ages🤣