Here’s a feature that I feel has fallen slightly under the radar hence I thought I would write about it. The ability to send custom notifications to mobile devices is really cool and has a lot of use cases as I’m sure you can image. To be clear, when we refer to custom notifications we are talking about a push notification to an iOS or Android device that is enrolled to Microsoft Intune. This appears in much in the same way as many other mobile apps that you may be used to however does have a dependency on the Company Portal or Intune Portal application being on the device as this is what triggers the notification.

There are two ways in which we can do this. We can push to a group of users/devices or we can push to a single device. Be warned though that the notifications are a one off and do not get stored for re-sending again at a later point in time. That being the case, you may want to keep some sample notification templates outside of Microsoft Endpoint Manager/Intune.

Also worth noting this text from Microsoft…

Intune, as well as the Company Portal app and the Microsoft Intune app, can’t guarantee delivery of a custom notification. Custom notifications might show up after several hours of delay, if at all, so they shouldn’t be used for urgent messages.

https://docs.microsoft.com/en-us/intune/remote-actions/custom-notifications

With that in mind, you might want to use this as a secondary option or for ad-hoc notifications only. In my own testing for example, it didn’t work at all initially. It did eventually work when I prompted company portal to go check the device. This isn’t generally necessary but I wanted to demonstrate my real-world testing. I should also probably add I’m doing this on a train so the signal is a little sketchy in places. Second attempt seemed to work fine though, albeit also travelling on a train (I do that a lot) so your mileage may vary as they say.

To push to a group

To push to a group of users or devices, you must use the tenant administration blade of the Endpoint Manager Administration Center.

I personally find this a pretty odd place to have this option but for the moment at least, this is where it lives. As you can see there are no saved notifications or profiles as with other features in Intune.

We need to input the text we want, the title has a 50 character limit and the body has a 500 character limit. I’m not aware of support for emojis and the like so it’s plain text in here.

We type our notification text, note the Title and Body are both mandatory. Now hit Next.

Here we need to make an assignment in the same way that you would with an app or a configuration profile for example. In my example I used an Android Work Profile device and the user was in that group. So, just to be clear, I assigned this notification to a user – not a device. At the time of writing I haven’t tested targeting a user who has multiple active devices, but my assumption at this stage is that it will hit all (Android and iOS) devices.

Click next to then review and create the notification.

Once you hit create you should see the standard console notification do its thing along the top of the menu bar.

That’s it, you just have to wait. Now remember the get out clause in the Microsoft documentation noted earlier in this post. It’s very much a best efforts service at this point so use it appropriately. Also remember, there’s no concept of information protection or data leakage prevention in here either. There’s a good chance that whatever you enter here will show up on the lock screen, unless of you course you locked this down.

To push to a single device

If you wish to use this for an individual device, you can do this too. It’s a simple as you might imagine and virtually the same procedure as the group based notification.

In the Endpoint Manager Admin Center console, go and find your device under the devices blade. Remember, only Android and iOS and they MUST be MDM enrolled. My example is using Android Work Profile which works fine in theory. To be clear, if you’re using just App Protection (or MAM-WE) that’s not going to work.

Once you’ve found the device, select it and you will see the device info blade. Go click the three dots in the top right and you will see the drop down for Send custom notification. Click that.

Now in the same way as the group push, enter the details you want for the notification and remember the 50/500 character limits.

Then you can simply hit send and you should expect to see the same success notification pop up.

That’s it. From the user side it’s very much the same as a regular push notification from any other app. Note this is coming from the Company Portal or Intune Portal app (depending on what you’re using) so if you have any preventions on push notifications then you need to make sure that’s allowed in the first instance.

These should stay on the lock screen and notifications bar until you dismiss them. I did notice on my test Android device that they disappeared after I restarted the device even though I didn’t acknowledge them. Just something to bear in mind.

So you know, the notifications will also be available to look back on in the Company Portal app in the company notifications section. You can get to this by selecting the flag icon in the app.

You will see the notifications listed in here.

I think that covers it. It’s a nice feature which I’m sure will come in very useful for a number of different things. I hope to see this one develop a little further so we can save notifications and maybe include images too. Time will tell on that one

/Peter