Loading...

Intune/Autopilot Free lab: Part 3 - Manage your devices

Reply A+ A-

In this third part about building our free Intune/Autopilot lab, we will how to manage our devices using Intune.

In this post we will see:
- What is the Company portal ?
- How to access to the portal from the Web and from the MS Store
- How to customize the portal
- How to synchronize device with Intune

Company portal
As with SCCM and its Software Center, Intune allows users to access to company content (applications, updates...) from a portal.
This one called Company portal is available both from the Web and Microsoft Store.

Access to the portal from the Web
1. Connect to the following link: https://portal.manage.microsoft.com/
2. Choose your account

3. The portal looks like, as below:

4. Different parts are available. For now we haven't added anything so there is nothing available on the portal We will deploy some applications later.

Access to the portal from MS Store
1. Go to Microsoft Store

2. Type Company portal

3. Click on Get

4. Download starts

5. Click on Launch 

6. The Company portal app looks like as below:


Install the Portal on Android
In this step we will install the company portal to enroll our android device.
1. On your Android go to the Play Store
2. Type company portal
3. Click on Install

4. On the company portal screen, click on Sign in

5. Type your mail then Next, type password
6. Click on Continue

7. Click on Continue

8. Click on Next

9. Click on Enable

10. The portal will configure and enroll the device
Customize the portal
Now we have seen how to access to the Company portal, let's customize it in order to add your own design.
1. Go to Intune
2. Go to Client apps

2. Click on Branding and Customization

3. Customize the portal as you want


4. Click on Save

5. Connect again to the portal and check the new design



Synchronize your device with Intune 
When you deploy a policy, application or something else to your devices from Intune it may not be applied in real time. 
Like on SCCM, when your force policies using the configuration manager action properties part, you can force synhronization between your device and Intune with two ways.

Synchronize from Windows
1. Go to Settings

2. Go to Accounts

3. Go to Access work or school

4. On your account click on Info

5. You can find the latest synchronization. Click on Sync

6. After the synchronization, the new sync time is displayed


Synchronize from the portal
1. Open the Company portal app
2. Go to the Settings part
3. Click on Sync



Action to manage your devices
You can do different actions on your devices from Intune.
Note that some actions depend of the device. For instance there are actions for phone only.
See here how to manage devices. 
See below available actions:

You can access to those actions as below:
1. Go to Intune
2. Go to Devices

3. Go to All Devices

4. Click on a device

5. Actions will be available


Another way is to proceed as below:
1. Click on Azure Active Directory
2. Click on Devices
3. Click on a device
4. Click on Manage
5. Click on a device
6. Actions will be available

Retire
According to the MS Docs website see below what does this action:
The Retire action removes managed app data (where applicable), settings, and email profiles that were assigned by using Intune. The device is removed from Intune management. This happens the next time the device checks in and receives the remote Retire action. The device still shows up in Intune until the device checks in. If you want to remove stale devices immediately, use the Delete action instead.Retire leaves the user's personal data on the device.

See more there
1. See below the device list before the process

2. See below datas and applications before the process

3. Click on Retire

4. Click on Yes

5. A notification is displayed on the user device

6. After the retire process te device is marked as not found

7. After refreshing the page, the device is not available on the portal

8. Restart the device
9. On the device device is being reconfigured

10. You may notice that the lockscreen and background customization from Intune is not applied anymore

11. As you can see below datas and applications are still there

12. If you check in Account part, the device is not part of th company


Wipe
According to the MS Docs website see below what does this action:
By using the Retire or Wipe actions, you can remove devices from Intune that are no longer needed, being repurposed, or missing. Users can also issue a remote command from the Intune Company Portal to devices that are enrolled in Intune.

See more there
1. See below list of device from Intune before the Wipe process

2. Before the process the lockscreen and background are applied

3. See below apps and datas from the device before the Wipe process

4. Click on Wipe
5. Click on Yes and check Retain enrollment state and user account

6.The device restarts automatically

7. The device is being reconfigured

8. The lockscreen and background customization from Intune is not applied anymore

9. Apps have been uninstalled but datas are still there

10. In the Intune portal the device is still present
11. Now let's check if we don't check the case 

12. The device restarts automatically
13. On the Intune portal the device has been removed
13. The device is being reconfigured and the OOBE  part is displayed

14. It will ask for your mail
15. Let's type again the previous user mail
16. Apps and datas have been deleted

Delete
1. See below the list of devices from Intune before the Delete process
2. Click on Delete
3. Click on Yes
4. After the process, the device can not be found anymore on the Intune portal

5. When you restart the computer you can not log on


Remote lock
This action is only for phone devices.
According to the MS Docs website see below what does this action:
The Remote lock device action locks the device. To unlock the device, the device owner enters their passcode. You can remotely lock devices that have a PIN or password set. Devices that don't have a PIN or password can't be remotely locked.

See more there
This action is not available on Windows.
1. Select your device
2. Click on Remote lock
3. Click on Yes
4. The device will be locked 
5. You will be invited to typed the passcode


Sync
According to the MS Docs website see below what does this action:
The Sync device action forces the selected device to immediately check in with Intune. When a device checks in, it immediately receives any pending actions or policies that have been assigned to it. This feature can help you immediately validate and troubleshoot policies you’ve assigned, without waiting for the next scheduled check-in.

See more there

Reset passcode

This action is only for phone devices.
According to the MS Docs website see below what does this action:
The Retire action removes managed app data (where applicable), settings, and email profiles that were assigned by using Intune. The device is removed from Intune management. This happens the next time the device checks in and receives the remote Retire action. The device still shows up in Intune until the device checks in. If you want to remove stale devices immediately, use the Delete action instead.Retire leaves the user's personal data on the device.

This action is not available on Windows.
See more there
1. Select your device
2. Click on Reset passcode

3. Click on Yes

4. The temporary passcode is 
5. You will be invited to type the code on your phone


Restart
This action will restart remotely the device.
1. Click on Restart

2. Click on Yes

3. On your device a notification will be displayed

4. Then it will be restarted

Fresh start
According to the MS Docs website see below what does this action:
The Retire action removes managed app data (where applicable), settings, and email profiles that were assigned by using Intune. The device is removed from Intune management. This happens the next time the device checks in and receives the remote Retire action. The device still shows up in Intune until the device checks in. If you want to remove stale devices immediately, use the Delete action instead.Retire leaves the user's personal data on the device.

See more there
1. I installed some software and added some files and folder on the user desktop

2. Click on Fresh start

3. Choose to keep or not datas, in my case I check the case, then click on Yes

4. The device will restart automatically
5. The fresh process starts

6. The install windows below appears

7. Log on the computer

8. If we check user desktop, our datas are still there but applications have been uninstalled

9. A file about removed apps has been created on your desktop

10. If we check in Intune, the device is still there

Autopilot reset
According to the MS Docs website see below what does this action:

Windows Autopilot Reset removes personal files, apps, and settings and reapplies a device’s original settings, maintaining its identity connection to Azure AD and its management connection to Intune so that the device is once again ready for use. Windows Autopilot Reset takes the device back to a business-ready state, allowing the next user to sign in and get productive quickly and simply.

See more there
1. Click on Autopilot Reset
2. Click on Yes

3.jjj

Quick scan
This will do a quick scan of the device.
See it below in action.
1. Check the last scan from the device
2. Go on Intune and click on Quick scan

3. Click on Yes

4. See below the end notification

5. Check now the last scan from the device

Full scan
This will do a full scan of the device.
See it below in action.
1. Check the last scan from the device
2. Go on Intune and click on Full scan

3. Click on Yes

4. Check now the last scan from the device

Update Defender
This will update windows defender policies from the device.
See it below in action.
1. Check the last update from the device

2. Go on Intune and click on Update Windows Defender

3. Click on Yes

4. See below the end notification

5. Check now the last update from the device


Remote connnection
This allows you to connect remotely to the device.
Intune uses TeamViewer to do the remote connection.
This can be done in two steps:
1. Initialize the TeamViewer connection
2. Remote connect to the device

Remote connect from Intune
Initialize the TeamViewer connection
1. Click on your device
2. Click on TeamViewer Connector

3. Click on Connect

4. Click on OK

5. Click on Log in to TeamViewer to authorize

6. Type your TeamViewer account

7. The below message will be displayed

8. The status is now Active


Remote connect to a device
1. Click on More

2. Click on New remote assistance session
3. Click on Yes

4. On the device go to the portal app
5. A notification will be displayed in the Flag

6. Click on it to display the below warning
7. Click on the warning
8. Click on Run
9. Click on Yes

10. Click on Allow

Windows Autopilot 4218091055713690708

Enregistrer un commentaire

Accueil item

Award

Learn KQL in one month

Sponsors

You want to support me ?

Mes articles en français

Books in French


Stats