Congratulation for the best MS Intune course:) I paid for a few, but those were very lite :) you should add this one to an e-learning platform :) your hard work deserves to be rewarded. This course helps me to plan and implement Intune for my company (1000+ employees world wide). Thanks a lot guys, you rock!
Thank you for the comment. We are happy to keep providing our content free of charge. Putting it behind a pay-wall would prevent many people from seeing it and we believe that it's important for everyone to see the benefits of Intune. Thanks for watching!
14:26 mark - unclear. So are you saying that the devices you don't check, in the "Include" section, won't have access, even if you add them to the "Excluded" section? Doesn't the "Exclude" section platforms make them exempt from the Policy; thus allowing access from the platform selected in that section?
@Sincere Katrina you are so right!!! You are the only other person that I think understands this. Every CA discussion currently treats Conditional Access with traditional Windows security assuming that the default behavior is 'block'. This is not the case. While Microsoft does not want their customers doing 'Block All' policies, it's required in any sort of business. Like Katrina said, if you exclude from policy, they aren't denied access to the app, they are excluded from the policy all together. Not enough of the community are talking about this!
Hey Adam, Just picking up from your conversation in the video, you were discussing that a user was asking in the forum that all his users device were automatically getting added into the intune portal. Was it their Windows Devices? And if it so i believe that unless we manually AAD join the device its not possible right?
Hey Adam and Steve, I have a question regarding the conditional access. So, the scenerio is Admin want the user who are using the Exchange Active Sync to continue using that, but if any user wants to use Outlook, user would require to enroll the device. I have create a CA policy where I have UNCHECKED the exchange active sync client. So the policy should exclude that user who are using EAS. But as soon as the policy gets applied. The user who are using exchange active sync are also getting the prompt to enroll the device. How we can achieve the goal. "Without enrollment user who are using EAS will get access" and user who wish to use Outlook would get a prompt to enroll device.
Thanks for these training sessions - One thing that might improve the play lists though - They are backwards, EG: Start playing from the end of a season and end at the beinning - At least for Season 1 anyway.
Deprecated Feature @7:00 - Conditional Access | Policies are all gone.... It appears they have baseline protection policies that are a legacy experience that is being Deprecated. If your tenant was created on or after October 22nd, 2019, it’s possible you are experiencing the new secure-by-default behavior and already have security defaults enabled in your tenant.
@14:40 you mention about Android devices not getting access, i dont believe this is correct. You would need to create a specific Block policy to prevent Android from accessing the app, leaving it unticked means Android is whitelisted as the CA policy doesnt apply to it (you have configured the policy to apply for everything except Android). Please confirm.
Thank for for another super useful ep. I got a message in the Conditional Access when creating new policy advising Microsoft recommends enabling Security defaults. Can you do a video comparing the security policy with security defaults? Thanks.
All your videos are all fantastic resources. Please keep it coming! Can you guys talk any about iOS native mail app auto config with SSO? We’ve beat our head against the wall for 2 months! Is this done with conditional access and disabling MFA? We’re referring to configuration of this article : docs.microsoft.com/en-us/intune/email-settings-ios
@@affroking if that were the case, the WhatIf would not work since the user is not affected. This is why Microsoft just released the Report-Only mode for CA. Works like a charm. Create the policy, assign it to a group, THEN run the What-If. It will show you what action would be taken if the policy were actually impacting authentication; multifactor, force compliance, etc.
You can search the channel for the topics you need. Here’s the OneDrive video Intune.Training - Episode 6 - Configuring Modern Roaming Profiles with Microsoft Intune ua-cam.com/video/SzyQ9QH333Q/v-deo.html
Congratulation for the best MS Intune course:) I paid for a few, but those were very lite :) you should add this one to an e-learning platform :) your hard work deserves to be rewarded. This course helps me to plan and implement Intune for my company (1000+ employees world wide). Thanks a lot guys, you rock!
Thank you for the comment. We are happy to keep providing our content free of charge. Putting it behind a pay-wall would prevent many people from seeing it and we believe that it's important for everyone to see the benefits of Intune. Thanks for watching!
best content for intune on UA-cam
This series is fantastic! Some audio sync issues in this episode though, but that's alright.
14:26 mark - unclear. So are you saying that the devices you don't check, in the "Include" section, won't have access, even if you add them to the "Excluded" section? Doesn't the "Exclude" section platforms make them exempt from the Policy; thus allowing access from the platform selected in that section?
@Sincere Katrina you are so right!!! You are the only other person that I think understands this. Every CA discussion currently treats Conditional Access with traditional Windows security assuming that the default behavior is 'block'. This is not the case. While Microsoft does not want their customers doing 'Block All' policies, it's required in any sort of business. Like Katrina said, if you exclude from policy, they aren't denied access to the app, they are excluded from the policy all together. Not enough of the community are talking about this!
Hey Adam,
Just picking up from your conversation in the video, you were discussing that a user was asking in the forum that all his users device were automatically getting added into the intune portal. Was it their Windows Devices? And if it so i believe that unless we manually AAD join the device its not possible right?
Very informative.
Hey Adam and Steve, I have a question regarding the conditional access.
So, the scenerio is Admin want the user who are using the Exchange Active Sync to continue using that, but if any user wants to use Outlook, user would require to enroll the device.
I have create a CA policy where I have UNCHECKED the exchange active sync client. So the policy should exclude that user who are using EAS. But as soon as the policy gets applied. The user who are using exchange active sync are also getting the prompt to enroll the device.
How we can achieve the goal. "Without enrollment user who are using EAS will get access" and user who wish to use Outlook would get a prompt to enroll device.
Godsent channel! Could you dive deeper into Access Controls such as Session Controls?
Thanks for these training sessions - One thing that might improve the play lists though - They are backwards, EG: Start playing from the end of a season and end at the beinning - At least for Season 1 anyway.
Thanks. That’s all Jake’s fault. He’s hoping to fix them soon.
Jake has fixed it now.
@@IntuneTraining Thanks heaps - But mostly, thanks for the content :)
Deprecated Feature @7:00 - Conditional Access | Policies are all gone....
It appears they have baseline protection policies that are a legacy experience that is being Deprecated.
If your tenant was created on or after October 22nd, 2019, it’s possible you are experiencing the new secure-by-default behavior and already have security defaults enabled in your tenant.
@14:40 you mention about Android devices not getting access, i dont believe this is correct. You would need to create a specific Block policy to prevent Android from accessing the app, leaving it unticked means Android is whitelisted as the CA policy doesnt apply to it (you have configured the policy to apply for everything except Android). Please confirm.
I don't seem to have any of the baseline conditional access policies. Is there a way to regenerate those policies?
Thank for for another super useful ep. I got a message in the Conditional Access when creating new policy advising Microsoft recommends enabling Security defaults. Can you do a video comparing the security policy with security defaults? Thanks.
Have u tried integrating gsuite to intune and then apply conditional access on it? Eg. conditional access for gmail
This stuff is truly valuable. Thanks.
All your videos are all fantastic resources. Please keep it coming! Can you guys talk any about iOS native mail app auto config with SSO? We’ve beat our head against the wall for 2 months! Is this done with conditional access and disabling MFA? We’re referring to configuration of this article :
docs.microsoft.com/en-us/intune/email-settings-ios
I am in a similar boat. We are looking to block non-intune compliant devices from getting iOS native mail.
User can have full access to one drive in the office premise. When they access from other networks it should be web only.
its possible in conditional access policy
Can you please make a new updated video regarding this topic :)
Is there a way to run the "What If" scenario without turning on the policy? Seems scary to have to enable it in order to test it...
If you create a policy and don't apply it to anyone it won't be in effect on a user, group or device until it's assigned
@@affroking if that were the case, the WhatIf would not work since the user is not affected. This is why Microsoft just released the Report-Only mode for CA. Works like a charm. Create the policy, assign it to a group, THEN run the What-If. It will show you what action would be taken if the policy were actually impacting authentication; multifactor, force compliance, etc.
Can you guide me to the Episode where you have talked about One drive KFM
You can search the channel for the topics you need. Here’s the OneDrive video
Intune.Training - Episode 6 - Configuring Modern Roaming Profiles with Microsoft Intune ua-cam.com/video/SzyQ9QH333Q/v-deo.html
Worst episode so far. Lip sync out. Nothing worked. Should have been reworked and re-uploaded. Sorry guys. This episode let you down big time.
improve your screen recorder quality man... it's too blury
Unless the audience has any other questions lol