Azure AD Application Proxy is a really neat tool for publishing internal applications without exposing your servers to the Internet. If your applications require authentication for users to access them you can get Azure to handle all this for you, and it supports single sign on. Alternatively if you’ve got an old or obscure application that can’t cope with Azure SSO you can configure it to use passthrough authentication, where the internal application remains responsible for this task.
You can use Conditional Access to restrict and secure access to your application, such as enforcing MFA, or only permitting access from specific devices or locations. The way the proxy works does not require you to open any inbound ports through your firewall – the proxy connector simply connects outbound to Azure and all traffic is routed through that connection.
You’ll need Azure AD Premium P1 or P2 for this to work. There’s been some talk of it working on the Office 365 Basic level of Azure AD however it’s not listed as supported, and I’d expect that this may be an educational SKU specific exception case.
Last year I replaced a 3 node VMWare+SAN cluster with a 2 node hyperconverged Hyper-V cluster. I’ve been quite impressed with it so far so thought I’d write how I did it – especially considering I did the bulk of the work through Windows Admin Centre.
Before you decide to sit down and do this, be warned it’s not a quick process. If you’re in any doubt you should probably consult a vendor who has the Microsoft certified hardware and expertise available before putting this into production – if you’re fine with setting up complicated things yourself, or it’s for testing, then you’re welcome to come along for the ride. You’ll no doubt waste countless hours trying to get Windows to play with the disk adapters and get the disks into the right mode for S2D, especially if you’re using older hardware, so I’d set aside at least a full day or two.
If you’ve connected Windows Admin Centre to Azure you’ll find a section called Azure Backup. This will allow you to back up your on-site workloads to Azure using the Microsoft Azure Recovery Services agent. It’s ideal for backing up physical servers or individual virtual machines, however if you’re after backing up all the guests on your Hyper-V host you’re better off looking into Azure Backup Server, which runs on the host rather than the guest.
In this post I’m going to look at configuring and backing up a server through Windows Admin Centre, and then at how to recover the data – both for a partial failure (such as some files being deleted but the server still boots) and a total failure.
Windows Admin Centre is a web based server (and desktop) administration package which, eventually, should replace the majority of the work currently done through MMC consoles and snap-ins. If you’ve ever opened Server Manager on a Windows 2019 machine you’ll have seen the popup telling you to “Go get Windows Admin Centre!”. Whilst it’s not there yet, it is constantly being updated and improved and I find it really useful.
It’s a lot more than just managing a couple of systems – when I set up our hyperconverged Hyper-V cluster I primarily did this from within WAC (post to follow on this if I get chance to write it up) – and it integrates nicely with a lot of Azure services (including any Azure VMs you might have)
If you’re installing something that won’t let you browse for certificates and instead asks for a thumbprint – e.g. Windows Admin Centre – you can get this using either the management console or PowerShell.
In this part of the Intune series of posts I’m looking at getting iPads enrolled and managed, and deploying apps. In my case I’m looking to migrate some iPads from an existing MDM into Intune, so I’m assuming you already have an Apple ID set up to create the push certificates and already have Apple School Manager (or Business Manager) set up.
Universal Print is the new way to cloud print from your devices. It replaces Hybrid Cloud Print and is a lot easier to set up and manage. You’ll need your devices to be connected to Azure AD (either domain joined or hybrid joined, or registered).
It’s included in the following subscriptions:
Microsoft 365 Business Premium
Microsoft 365 Enterprise F3/E3/E5
Windows 10 Enterprise E3/E5
Microsoft 365 Education A3/A5
Windows 10 Education A3/A5
There’s also a stand-alone licence but this requires (but does not include) Azure AD.
Hybrid Cloud Print is a solution to allow users to print to on-premise printers from their devices without needing to be on site or even have VPN connectivity – they just need Internet access. It is however fairly complicated to set up and requires multiple app registrations in Azure, and an Application Proxy server setting up. In this post I go through the steps on how to set it up and print from an Intune managed device.
Hybrid Cloud Print is being replaced with Universal Print, which is a lot easier to set up and manage – no messing with SQLite and it has a portal in Azure, however it’s only currently available in preview to people with specific existing subscriptions. I’ve also gone through setting up Universal Print.
Today I’m going to look at deploying applications to devices managed by Intune. Back in part 1 I looked at enrolling devices, setting up Autopilot, some basic configuration policies and also created a few Azure AD groups containing the devices.
There’s quite a lot of different application types in Intune, covering iOS, Android and Windows devices. As this series is focussed on Windows I’m not going to look at the iOS or Android ones at this time.
This post will go through the steps for installing/deploying the following:
Microsoft Store Apps – primarily Store for Business/Education apps, including linking Intune to the Store for Business/Education, but you can also deploy without setting up the Business/Education store.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.