Managing AppLocker on Windows 10 via OMA-DM

A while ago I did a blog post about managing Windows Defender of Windows 10 via OMA-DM. During that specific post I showed how to use OMA-DM, via Microsoft Intune standalone and hybrid, to configure Windows Defender. In this post I’ll do something similar for AppLocker. However, I have to admit that it was a bit more challenging for AppLocker. The main difference is that Windows 10 includes many different separate policy settings for Windows Defender, but provides a separate configuration service provider (CSP) for AppLocker. During this post I’ll show how to create the required AppLocker XML, what the AppLocker XML looks like, what the AppLocker CSP looks like and how to combine the AppLocker XML and the AppLocker CSP. I’ll end this post …

Read moreManaging AppLocker on Windows 10 via OMA-DM

Certificate profile deployment failed with the error ‘22004: Unsupported certificate configuration’

This week a short blog post about an issue that I ran into, and tweeted about, the other week. Due to the strange error message I thought it would definitely be blog worthy. The error description was 22004: Unsupported certificate configuration. However, the actual issue did not come close to what the description would imply. This post will provide a brief overview of the scenario, the issue and the solution. Scenario Let’s start with a brief overview of the scenario. The environment contains Active Directory Federation Services (AD FS) and Web Application Proxy (WAP) for providing single sign-on (SSO) to the cloud services of Office 365 and Microsoft Intune. Microsoft Intune is used in a hybrid configuration with ConfigMgr and is fully configured to deploy …

Read moreCertificate profile deployment failed with the error ‘22004: Unsupported certificate configuration’

Custom Terms and Conditions

This week I’m back in ConfigMgr and I’m back with custom Terms and Conditions. A few months ago I did my latest post about custom Terms and Conditions. That post was completely focused on Microsoft Intune standalone. Starting with ConfigMgr 1511 it’s now also possible to deploy custom Terms and Conditions through Microsoft Intune hybrid. Custom Terms and Conditions can be deployed to end-users to explain how device enrollment, access to work resources, and using the Company Portal affects them and their devices. End-users must accept the custom Terms and Conditions before they can use the Company Portal to enroll and access their company data. In this post I’ll show how to create, deploy, update and monitor custom Terms and Conditions in Microsoft Intune hybrid. …

Read moreCustom Terms and Conditions