presentatie-aftrapYesterday I had the privilege to speak during the System Center Summer Night – BBQ edition from the System Center User Group Netherlands. During this session I talked about why Microsoft “moved” Configuration Manager to the servicing model, how companies should adopt it and work with it and shared some do’s and don’ts while updating Configuration Manager to for instance Current Branch.

During the session I got some questions about the telemetry data that Microsoft is gathering and using to make ConfigMgr even better :). As promised you find below the link I was referring to:

ca-logoAfter the last blog about conditional access of Outlook Web App and SharePoint Online is forcing that the Managed Browser is used when accessing the service. This last part can be done via Active Directory Federation Service (AD FS). With AD FS you are able to allow or block access based on attributes of the client that is trying to authenticate.

As part of the March update of the Managed Browser the Managed Browser is identifiable as ManagedBrowser via the UserAgent, before March the Managed Browser had a generic UserAgent.

Read more

ca-logoThe last couple of weeks I had the privilege to test a feature that has just has been announced today to be released to Microsoft Intune . Conditional access to Outlook Web App and SharePoint Online web access for mobile devices. (CA for web services like OWA and SharePoint for Windows (mobile and PC) is coming up and still in preview)

So basically when a device is not enrolled and / or not compliant Outlook Web App or SharePoint Online web access cannot be accessed via browsers on those devices. Until now this was a major hole in the conditional access story of Exchange Online and SharePoint Online.

Read more

IntuneToday Microsoft announced what is going to be released as part of the June release of Microsoft Intune. A couple of highlights I would like to mention; this time for instance conditional access for browsers is being added as part of the conditional access experience. More on this very soon (!) HERE and HERE in the next couple of blogs since I had the privilege to test this feature at my customer.

Another great enhancement is the fact that we are finally able to detect if USB Debugging, Unknown Sources are enabled and if Scan device for security threats is disabled on Android devices as part of the compliance policy! Really good news if you ask me to help securing those Android devices. (looking and pushing for this since a long time ago)

See all other updates in this Doc on the new Doc website.

logos-1Today Microsoft and Lookout announced that Lookout Mobile Threat Protection  is going to be integrated with the Microsoft Enterprise Mobility Suite. With Lookout MTP you are able to identify threads in apps, viruses or apps that are threads themselves on platforms like Android and iOS.

Lookout MTP already has integration with MobileIron and Airwatch which allows for instance administrators to automatically place devices in quarantine when a thread is detected and automatically remove it after the thread has being removed. Which is great! The full feature set of the integration is not publicly available yet but I have already seen a bit and I can tell you that this will be a great addition to secure your devices and data while using the Microsoft Enterprise Mobility Suite.

Read the press release of Lookout and Microsoft here and a blog of Lookout here.

As soon as I have more information that I am allowed to share I will definitely share it here on my blog! Keep you posted!

Besides the good news released at the Citrix Synergy event, Microsoft and Citrix working together in the EMS workspace, the monthly updates for Microsoft Intune are scheduled to be applied soon. This month a lot of new features are being released. Let’s have a quick look at what is coming up!

Read more

msemsbook-ver1The last year my buddy Kent Agerlund and me have been working on a brand new book about the Microsoft Enterprise Mobility Suite.

After hard work we were able to finally present our new book at the Midwest Management Summit earlier this week! So proud to be able to hold my third book finally in the hand 🙂

Luckily we were able to give away books to the attendees of the EMS Hands On Labs and several other attendees of the conference! I hope you will all like the book and that it helps you to successfully implement a standalone or hybrid EMS environment..


Read more

mms2016-01After a couple of weeks moving homes and finishing Kent Agerlund and my book, time for a quick blog about the Midwest Management Summit. In only 10 days from now I will speaking and attending the Midwest Management Summit in the Mall Of America in Minneapolis. For the third year in a row I will be speaking at this great community driven three day conference.

On May the 16th (a day after my birthday) I will be presenting together with fellow Enterprise Mobility MVP John Marcum at the  Taming BYOD with EMS, ConfigMgr & Intune – Hands On Labs 4 hour pre conference session. During this four hour session we talk about the Microsoft Enterprise Mobility Suite stand alone and run through labs that cover the EMS Hybrid scenario with System Center Configuration Manager Current Branch. The session is sold out already.

My second session will be together with Chris Nackers, together with Chris I will be talking about  Use Microsoft EMS to Protect your Mobile Data and Mobile Apps , a session full of Mobile Application Management, Enterprise Data Protection and Mobile Information Management with Microsoft Intune, Azure Active Directory Premium and Azure Rights Management Services. If you are at MMS, be sure to join us!

During MMS Kent Agerlund and me will release our newest book about the Microsoft Enterprise Mobility Suite. More on this next week!


Every quarter Microsoft awards community leaders around the world with the Microsoft Most Valuable Professional (MVP) Award. Every first of April I am up for renewal, yesterday I received the (most wanted) email that I have received the Microsoft MVP Award for the fifth time in a row. So cool and honored that I have received this award again and that I am part of the Enterprise Mobility (Configuration Manager / Microsoft Intune / Microsoft Enterprise Mobility Suite) community! Thanks to all of you that visit my blog, attending my sessions around the world and providing me from feedback, without you this wasn’t even possible!


resetpasscode01Last night my Microsoft Intune tenants were upgraded to version Some nice new features came along with the upgrade / were announced.

Let’s see what new features are part of the update. While checking the tenants for the announced features not everything is switched on, yet.

Read more

IntuneExciting times in the Microsoft Enterprise Mobility Suite space! Microsoft switched the support for Conditional Access for Skype for Business on. Earlier this year the MAM enabled Skype for Business Apps were released so as from now we have a complete story around securing Skype for Business on mobile devices.

Conditional Access for Skype for Business is available for Intune standalone and Intune connected to Configuration Manager (hybrid).

Read more