Intune: Require non-biometric PIN after a specified timeout

With the latest update to Intune, it is now possible to requiring a non-biometric PIN after an specified timeout, which improve the security for Mobile Application Management (MAM) enabled apps.

This settings affect users who rely on Touch ID (iOS), Face ID (iOS), Android Biometric, or other future biometric authentication methods to access their MAM-enabled applications.

These settings enable Intune admins to have more granular control over user access, eliminating cases where a device with multiple fingerprints or other biometric access methods can reveal corporate data to an incorrect user.

To enable the new feature, go to the Microsoft 365 Device Management portal -> Client apps -> App protection policies -> Create policy OR Change an existing policy -> Settings -> Access requirements

pininsted

Intune: Email profiles and certificates

The Intune Support Team has just announced that they will ship a new feature to Intune, so that you can remove email profiles and certificates from users that aren’t targeted by an email configuration profile.

We’ve heard feedback from you that you’ve wanted the ability to remove email and certificates from devices when you remove a user from being targeted by one of those profiles in Intune.  That functionality is shipping this month!  In the past, certificates and email profiles would remain on the device, even though you’d removed the user from being targeted.

Read more on Microsoft Intune Support Team Blog

How to deploy Win32 apps with Intune

It’s now possible to deploy Win32 apps til Windows 10 with Intune. I have put this guide together to show you how to deploy win32 apps.

How to

First you need to wrap the Win32 app with Microsoft Intune Win32 App Packaging Tool. The packaging tool converts the installation files into a .intunewin format

  • Download the Microsoft Intune Win32 App Packaging Tool
  • Create a folder that contains the app installation files
  • Now create an installation file that contains the installation commands, in the same folder as the app installation file
  • Run IntuneWinAppUtil.exe from an elevated command prompt and type in the requested information
  • When the wrapping is done you’ll see a Done!!! message and the .intunewin app installation file, are created in the provided folder

win32-1

Now its time to and the file to Intune

  • Sign-in to the Microsoft 365 Device Management portal and then go to Client apps -> Apps
  • Click Add
  • Select Windows app (Win32) – preview in App type and Select file in App package file
  • Browse to and upload your .intunewin app installation file
  • Provide Name, Description and Publisher in App information
  • Provide Install command and Uninstall command in Program
  • Provide Operating system architecture and Minimum operating system in Requirements
  • Select Detection rules and provide the required information for the Intune management agent which scan for the installed software
  • I my test I used Manually configure detection rules and Added these information;
    • Rule type = File
    • Path = C:\Program Files\wow32
    • File or folder = wow32.exe
    • Detection method = File or folder exists
    • Associated with a 32-bit app on 64-bit clients = No
  • Finally click Add to add the app to Intune

Apply Autopilot profile to enrolled Windows 10 devices in Intune

With the lastest update to Intune, you can now apply an Autopilot profile to enrolled Windows 10 devices that have not already been registered for Autopilot.

How to

Open the Microsoft 365 Device Management portal -> Device enrollment -> Windows enrollment
Select Deployment Profiles
Now either select Create profile or select an existing deployment profile -> Properties
Change Convert all targeted devices to Autopilot to Yes

autopilot

Allow up to 48 hours for the registration to be processed. When a device is unenrolled and reset, Autopilot will provision it.