I’ve deployed a NDES environment integrated with a hybrid Microsoft Intune and Configuration Manager configuration. In this environment certificate deployment to Android and Windows Phone/Mobile is working fine. But for IOS devices it’s not working.
When we dive into this problem we see errors in the CRP.log.
With this error “key usage in CSR 160 and challenge 224 do not match” we know there is something with the certificate template on the CA Server.
I’ve found te solution on the Coretech Blog -> http://blog.coretech.dk/kea/troubleshooting-certificate-deployment-on-ios-devices-with-configmgr-intune/
After changing the Certificate property for the Key Usage Extension the problem was solved. Below the screenshots for the Certificate Template properties.
I’ve received a question how to force an URL to open in the Managed Browser. In the Intune Standalone configuration this is already possible for a while. But it’s also possible with the Intune hybrid configuration with Configuration Manager (SCCM). In this blogpost I will take you through the steps how to do this.
First of all we’ve to create an Application. In the SCCM console go to the Software Library and open Application Management and create an Application.
In the next window select “Web Application” and fill the “Location” with an URL. The format for this is not the normal http://<path to web app> but this must be http-intunemam://<path to web app> (http can also be https ).
After this the application can be created with the defaults.
When the application is created deploy the application to an User Collection. When a Phone is enrolled and the Web Application is available you can install it from the company portal. When opening the Company Portal on the phone it looks like:
Install the Web Application and after this is done the Web Clip is available. For IOS it is available on your main screen. For Android you have to add the Web Widget on your screen to open the Web Applications. On an Android device it looks like:
When open this Web Application there is a message that the app is managed by your company.
When selecting “OK” the webpage will be opened in the Managed Browser.
Opening an Web Application (URL) is possible with Intune Standalone and also with Intune and SCCM in hybrid mode. This is working for Android and for IOS devices. In this short blogpost I’ve taken you through the steps how to do this.
The information about creating a Web Application and force it to the Managed Browser was shared on this Technet Article: https://technet.microsoft.com/en-us/library/mt629356.aspx