Updated Configuration Baseline and Hardware Inventory for Windows Phone 8.1

Microsoft has started with releasing the GDR2 update for Windows Phone 8.1. The good thing from a management perspective is that this update contains new management features. There are seven new additions to the PolicyManager configuration service provider (CSP). As I created the Windows Phone 8.1 configuration baseline and the Windows Phone 8.1 hardware inventory extension, I’ve updated both of them with these latest additions. This blog post will describe the newly added settings and a reminder about the download locations. Note: Another new feature that comes with the GDR2 update is bulk enrollment. Even though it’s not part of this post, I thought it’s definitely worth mentioning. For more information see the Windows Phone 8.1 MDM Protocol document. New settings The newly added settings …

Read more

Installing the Microsoft Intune client directly after a task sequence

This blog post will be about a bit strange scenario, it will be about deploying a device via a task sequence of ConfigMgr and ending up with the Microsoft Intune client. There are some cases in which the customer elects to manage some devices through Microsoft Intune, instead of ConfigMgr, but still wants to deploy the operating system via ConfigMgr. In those cases creativity is required to get the Microsoft Intune client installed. The ConfigMgr client and the Microsoft Intune client can’t coexist on one device and it’s not possible to remove the ConfigMgr client during the task sequence (without breaking the task sequence).  That’s were the SMSTSPostAction task sequence variable comes in place. This variable can be used to trigger an (unmonitored) action after …

Read more

Key configurations steps for implementing the ability to deploy certificate profiles with ConfigMgr 2012

This blog post is about key configuration steps, which are often forgotten, for implementing the ability to deploy certificate profiles with ConfigMgr 2012. By key configuration steps, I’m talking about the key configurations of every component used for creating the ability to deploy certificate profiles. That means Internet Information Services (IIS), Network Device Enrollment Service (NDES), the Certificate Registration Point site system role, the Configuration Manager Policy Module and even Web Application Proxy (WAP). To understand these steps, knowledge of certificates, IIS and ConfigMgr is required, because it’s not a step-by-step configuration guide. Good step-by-step information can be found in the More information section of this blog. Internet Information Services The first component I would like to mention is probably the most known component, which …

Read more

Permissions required to use Retire/Wipe in ConfigMgr 2012

The idea of this blog post is similar to my blog posts about the permissions required to use Edit Primary Users/Devices and my blog post about the permissions required to use Resultant Client Settings that I both did a couple of months ago. The difference this time is that the permissions, for using the Retire/Wipe option, are not that weird, but it might be good to know what the results will be of providing an administrative user with the required permissions. Also, I’ve seen some questions around the web lately regarding the possibilities to differentiate in the permissions for using the Retire/Wipe option. In the results of this blog post I’ll provide some information about the impact of these required permissions. Introduction In this blog …

Read more

Uninstall the Microsoft Intune client via PowerShell

This post will be a short and quick follow-up on my post earlier this week about uninstalling the Microsoft Intune client. The second method I mentioned in that post was about using the ProvisioningUtil.exe. Personally I think the actions mentioned in that method are too many manual actions, so I created a small PowerShell script with two functions to do exactly the same. In this post I’ll go through the two functions, and how they come together, in three steps. >> The complete script is available via download here on the TechNet Galleries! << Step 1: Get the ServiceId The first step is that I need to get the service ID for the uninstall command line. The following function goes through the registry path that …

Read more

Uninstall the Microsoft Intune client

This blog post will be relatively short, but will address a common “issue” with the Microsoft Intune client and that’s the uninstall of the client. I know it’s been addressed already in a couple of blogs, but that seems to be all outdated information. Sometimes even an old batch file with all “hard-coded” MSI GUIDs is mentioned, well that’s definitely outdated by now. In my opinion there are only two real methods to uninstall the Microsoft Intune client. The first one is via the Microsoft Intune administration console and the second one is via the ProvisioningUtil.exe on the client machine. In this blog post I’ll go through both methods. Method 1 – Microsoft Intune administration console The first method is, by far, the easiest. This …

Read more

Windows 10 device enrollment

Updated May 21, 2015: Yesterday Microsoft released a new technical preview build of Windows 10 (build 10122). Within this build the look-and-feel of the enrollment process changed. I’ve updated the enrollment process to reflect these changes. After the release of Windows 10 Technical Preview 2 (build 9926) I knew my next blog post would include Windows 10. So far I’m really liking the new start menu, the search, the notifications, the settings and I could go on like that for a while. Blogging about these subjects wouldn’t add something new as it’s already be done by many over the last week. Even the deployments of Windows 10 via MDT and/ or ConfigMgr are already done and covered in blogs. That’s why I looked further, to …

Read more

Custom terms and conditions for using the Company Portal of Microsoft Intune

Updated September 8, 2015: Since the August 2015 update of Microsoft Intune the creation and deployment of custom Terms and Conditions has changed. An update blog post can be found here: https://www.petervanderwoude.nl/post/multiple-custom-terms-and-conditions-for-device-enrollment-and-company-access/ And we’re back in the cloud, back in Microsoft Intune. One of the things customers like to do is customize, as the standards are often to generic. The nice thing with the Company Portal is that it’s already possible to customize things like the text, logo and colors via both Microsoft Intune standalone and Microsoft Intune hybrid (integrated with ConfigMgr). To add-on to that, it’s now also possible to create custom Terms and Conditions, via Microsoft Intune standalone, and in this blog post I’ll show how easy this can be done. The nice …

Read more

Verify the role-based administration model via PowerShell

Let’s switch back to pure ConfigMgr and PowerShell this week. It will be a relatively short blog post, but in this post I’ll go through WMI and show how to get the right information about the role-based administration model. I know that this information is also available through the console, but what if I want to verify the configured role-based administration model. In that case I don’t want to go through the console, in that case I want to automate it. That way I can schedule it every now and then. SMS_Admin To get the information that I’m looking for I have to look at the SMS_Admin class in WMI. This class represents all the different administrative users. The first step is quite easy and …

Read more

Windows Phone 8.1 Kiosk mode: Inside AssignedAccessXml

Let’s start my first blog post of this new year with a nice story about a XML that can be used to configure a Windows Phone 8.1 device in a kiosk mode. This XML can be applied on a Windows Phone 8.1 device via OMA-URI settings. As it’s now possible to configure OMA-URI via Microsoft Intune and via Microsoft Intune integrated with ConfigMgr 2012, the information in the post is applicable to both scenario’s. I have to admit that it’s not as simple to configure as kiosk mode for an iOS device, or an Andriod device (via Microsoft Intune), but it does provide a lot more options to configure. In this blog post I will go through the different required elements of the XML and …

Read more