Configuration Manager 2012 R2 Service Pack 1 & Microsoft Intune Enhancements

With the release of Configuration Manager 2012 R2 SP1, Microsoft have rolled up some of the Intune Extension functionality and introduced more of the Intune capabilities into the Hybrid management solution.

Most of the highly used features are now there, including one I regularly get asked about, remote lock and passcode reset!

 From the "What's New" notes:

• You can now manage Windows 10 and Windows 10 mobile devices that are enrolled with Microsoft Intune. All existing Intune features for managing Windows 8.1 and Windows Phone 8.1 devices will work for Windows 10 and Windows 10 Mobile.

• For System Center 2012 R2 Configuration Manager only: The following Extensions for Microsoft Intune that were released for System Center 2012 R2 Configuration Manager have been integrated into System Center 2012 R2 Configuration Manager SP1. If you previously installed any of these extensions, they will no longer be displayed in the Extensions for Microsoft Intune node of the Configuration Manager console.
• iOS 7 and iOS 8 Security Settings Extension
• Enterprise Mode Internet Explorer Extension
• Windows Phone 8.1 Extension
• Conditional Access Extension
• Email Profiles Extension

• You can deploy iOS apps that are free of charge from the app store. You can deploy this installer type as a required install to make it mandatory on managed devices, or deploy it as available to let users download it from the app store.

• New mobile device configuration item settings for Samsung KNOX devices.  This adds the same capabilities for Samsung KNOX device to Configuration Manager that exist in Intune, with the exception of kiosk mode.

• Conditional access to Exchange On-premises for mobile devices. Only devices that are enrolled with Intune and compliant with device policy are allowed to access Exchange email.

• Conditional access to Exchange Online and SharePoint Online for mobile devices. Only devices that are enrolled with Intune and compliant with device policy are allowed to access Exchange email, or access SharePoint Online files from OneDrive for Business. This feature also introduces new reports that help you identify devices that will be blocked.

• You can now manage iOS devices purchased through Apple’s Device Enrollment program. This allows for over-the-air management of corporate-owned iOS mobile devices.

• You can now remote lock, or reset the passcode on iOS, Android, or Windows Phone 8 and later devices from the Configuration Manager console.

• Mobile application management (MAM) policies let you modify the functionality of compatible apps that you deploy to help bring them into line with your company compliance and security policies. For example, you can restrict cut, copy and paste operations within a managed app, or configure an app to open all web links inside a managed browser.

• For System Center 2012 R2 Configuration Manager only: You can now associate apps to a VPN connection on devices that run iOS 7 and later. These apps will open the VPN connection when they are launched.
  
  Additionally, VPN profiles now support Android 4.0 and later versions.

• Windows Phone 8.1 devices can be enrolled and managed without first uploading a Symantec certificate and a signed Company Portal app. You still have to have a Symantec certificate to side load your own software, but you can send applications that are a link to a store, or a web app to Windows Phone devices using the Company Portal.

• Custom settings are used in a mobile device configuration item and let you deploy settings to iOS devices that are not selectable from the cmshort console. You create settings in the Apple Configurator Tool, import these settings into the configuration item, then deploy these to the required devices.

• Kiosk mode allows you to lock a managed iOS mobile device to only allow certain features to work. For example, you can allow a device to only run one managed app that you specify, or you can disable the volume buttons on a device. These settings might be used for a demonstration model of a device, or a device that is dedicated to performing only one function, such as a point of sale device.

• You can provision personal information exchange (.pfx) files to user’s devices including Windows 10, iOS, and Android devices. Devices can use PFX files to support encrypted data exchange.

• System Center Endpoint Protection can be used to manage endpoint protection on Windows 10 technical preview devices with Windows Defender. The endpoint protection agent is included in Windows 10 and does not need to be deployed. Be sure to include malware definitions for Windows Defender in updates for managed devices.

• For System Center 2012 R2 Configuration Manager only: App compliance policies let you create a list of compliant or noncompliant apps in your organization. For Windows Phone 8.1 devices, apps can be blocked from being installed or launched.
  
  For iOS and Android apps, you can use reports to find users and devices with noncompliant apps.

• For System Center 2012 R2 Configuration Manager only: Configuration Manager email profiles now support Android Samsung KNOX 4.0 and later.

You can find the full "What's New" notes for SP1 here: https://technet.microsoft.com/en-us/library/mt131422.aspx