If you’ve been reading my blog recently, you’ve seen a
lot of posts about MDM and Provisioning Options for Windows 10. Previously we’ve covered:
And in this post we will dig further into the options available to us to deploy a Provisioning Package with the goal of allowing for silent MDM Enrollment and Silent application of a provisioning package!
If you’re an SCCM Administrator you’ve likely heard of InTune and might be wondering when to use it.
In this post, we’ll cover how SCCM and Intune are able to manage Windows 10 full desktop computers (including laptops and Windows tablets like the Surface or Surface book.)
If instead you’re wondering about managing the Surface RT, lol, enjoy your metro cutting board.
Best use for a Surface RT in 2016
To understand where InTune really shines, let’s think of where SCCM works best:
known and defined network infrastructure
well connected end-point devices (less of an issue today)
standardized hardware models
standardized, company owned hardware
Active Directory Domain (all SCCM servers must be domain members)
Managed machines are either domain joined, or need certificates (certs =PKI =Even more infrastructure and configuration)
Wonderfully powerful imaging capabilities
It becomes pretty obvious, SCCM is for the big enterprise, which its also expensive and has some serious requirements.
Now, let’s contrast this to the management story we have from Intune:
No requirement for local hardware or infrastructure
No on premises Active Directory requirement
Works very well with Azure AD
Works great with user owned and heterogeneous devices
Literally zero imaging options
For the rest of this post, I’ll list the big capabilities of an Enterprise Client Management tool and contrast how each of these tools perform at that task, we’ll cover:
On a recent InTune deployment, we had a requirement to force encryption and security on mobile devices and also provision mail profiles as well.
During the pilot, we heard informal reports that a user thought they couldn’t send a photo using their company e-mail after migration, but we found this hard to reproduce.
However, during the production roll-out, we discovered that users were unable to add attachments using their InTune configured mail account.
Note that this was an ConfigMgr w/ InTune deployment, and the affected devices were mostly iOS and Android devices.
How do I fix this?
You control this setting from ConfigMgr, so launch the console.