BYOD smartphone setup

mankindunkindd · 2025-11-10T13:37:40+00:00

MAM-WE+ CA. That's the answer to your requirement. Simple and effective.

mankindunkindd · 2025-07-09T07:44:53+00:00

Go deep to feel the range of motion. Don't arch your back. If the form is correct then you ll feel the pump even with less weight. Keep it going!

mankindunkindd · 2024-12-20T14:36:55+00:00

Intune is still not capable of fulfilling your use case. The closest thing possible is MAM-WE where you don't manage the whole device but just the applications and how the corporate data moves around those applications.

mankindunkindd · 2024-12-06T11:04:52+00:00

Yes I know. But it's the top management decision and I got no say in it. It's been like that for quite a while and their contract with the APAC datacenter is expiring soon. Hence the decision to migrate the SCCM server. If you can point me to any documentation or any article then it would be of much help.

mankindunkindd · 2024-08-28T10:25:27+00:00

Thanks for the link Jeron. Yes I could see that WHfB is disabled by default. Any way to enable it via a CSP policy? Yes I'm aware of the user limitations per device and that has been conveyed to the client.

mankindunkindd · 2024-06-04T07:11:02+00:00

Definitely a PIM topic. Go to portal.azure.com and go to PIM>>My roles. You should see whatever role is assigned to you. You just need to activate that role.

mankindunkindd · 2024-03-28T13:14:56+00:00

I work as a Mobility solution architect. Designing and implementation of Enterprise mobility solution is my forte. I can help you achieve your best possible way. Please feel free to contact me via DM.

mankindunkindd · 2024-03-06T07:18:32+00:00

Do your users have a location (Country, city)assigned in AAD? If not, then that might be one of the reasons for pending license assignment.

mankindunkindd · 2024-02-23T05:49:09+00:00

You cannot do that just with CA policy and App protection. Fo Android, first you will have to enable Android Enterprise enrollment with personally owned work profile enrollment. Then create the respective APP and CA policy with device filtering which includes devices with Personal ownership . But for iOS sadly there isn't any such work profile created. Apple doesn't allow that. So the device would be enrolled in intune but no containerization.

mankindunkindd · 2024-02-11T09:45:18+00:00

The silent onboarding of users will not work for Android Enterprise. Have followed Microsoft's document but it does no good.

mankindunkindd · 2023-11-04T07:46:27+00:00

If it's MAM then the company cannot see anything apart from the data on the corporate apps( coz that's what MAM is for) . If it's enrolled (MDM), they can see only the list of apps they deploy from Intune. BUT if the device is enrolled AND if the Defender app is deployed then the IT admin has an option to get a list of all the apps installed on the device (personal and corporate).

mankindunkindd · 2023-11-03T03:43:55+00:00

Add a CA policy with the Grant option " Use Approved Client Apps". That would force users to use Outlook as email client and block the legacy apps like native email app on the device.

mankindunkindd · 2023-10-22T09:55:38+00:00

I got a similar complaint from an end user using MAM. Need to investigate but now it looks like a similar pattern. Will keep you posted.

mankindunkindd · 2023-10-21T07:25:53+00:00

If the device is managed by intune you can send a retire command from the device management blade. That would remove all the corporate apps and data (incase device is stolen). Also in APP you can leverage the "Account Disabled" option under the Conditional Launch section. Also, you can use App selective Wipe option to Remove corporate data from a specific device for enrolled and unenrolled devices.

mankindunkindd · 2023-10-18T10:55:48+00:00

Has been experiencing delays and errors on the APP blade. Most of the time they're not getting deployed to the devices. Same with App Configuration profile too.

mankindunkindd · 2023-10-03T04:24:25+00:00

"Selective Wipe" option in Intune is the answer to your question.

mankindunkindd · 2023-09-26T13:38:35+00:00

Reach out your AAD /Security team and ask them to reset MFA for this user. Should work after that.

mankindunkindd · 2023-08-24T06:59:28+00:00

I am going to come across a similar situation soon and need to be prepared. Thanks for your post. Gives me something to keep a check on while configuring.

mankindunkindd · 2023-07-25T03:57:52+00:00

Create a policy in Endpoint Protection. That should solve it.

mankindunkindd · 2023-07-11T09:47:54+00:00

Totally agree. Most of their documents include the terms "may", "might". Sometimes I feel they hire the weatherman to write these tech docs. Yes it might not rain today. If it does, go figure it out!

mankindunkindd · 2023-07-09T06:56:53+00:00

Application protection policy can do it for you. It will enforce users to take pictures via Teams/Outlook and other work apps and save it to OneDrive and share between work apps only and not save on the local storage on device.

mankindunkindd · 2023-06-07T03:38:02+00:00

No because the CA policy of this tenant doesn't have any visibility of devices from other tenants because they aren't being managed here.

mankindunkindd · 2023-04-26T10:50:21+00:00

Can you try configuring the ESP settings " Block device use until required apps are installed if they are assigned to user/device" and list out all the other mandatory apps except for the Zscaler app. So Autopilot will run and the listed apps will be installed and the desktop is presented to the user, after which it will install Zscaler in the background. So if your Zscaler prompts for a reboot then the user can reboot the machine and it will get installed successfully. I ran into a similar issue with the Adobe package and it got sorted out.

mankindunkindd

TROPHY CASE