Running scripts on Christmas day (and any other day)

My last blog post of this year will also be about a new (pre-release) feature of Configuration Manager, version 1710. This post will be all about the ability to create and run scripts from the Configuration Manager administration console. To be correct, the ability to create and run scripts was added in Configuration Manager, version 1706, and Configuration Manager, version 1710, added the ability to use parameters with those scripts. It completed the functionality.  My Christmas day present for the community is a walkthrough through this functionality and how it runs on the client device. After reading this post you should be able to understand how your script can create the output and how you can find the correct GUIDs to follow the activity on …

Read more

Restarting a computer couldn’t be easier!

This week I’m still staying in the new features of Configuration Manager, version 1710. This time it’s all about how easy it became to restart a client device. Restarting a client device became a right-click action! It simply couldn’t be easier! This opens up a whole new world for managing client devices with a pending restart. In this blog post, I’ll start with a short introduction about restarting a client device, followed by the simple actions to trigger a restart for a client device. I’ll end this post by following the activity through the log files. Introduction Starting with Configuration Manager, version 1710, it’s possible to use the Configuration Manager console to identify client devices that require a restart, and then use a client notification …

Read more

The awesome world of child task sequences

Like last week I’m staying in the world of new features of Configuration Manager, version 1710. This time it’s all about the awesome world of child task sequences. Awesome. To be a bit more specific, the awesome world of child task sequences, which refers to the newly introduced task sequence step Run Task Sequence. This opens up a whole lot of options, from using specific standards throughout all deployments until enabling different administrators from maintaining their own child task sequence. In this post I’ll go through a short introduction about the Run Task Sequence step, followed by the configuration options for the Run Task Sequence step. I’ll end this post with the end result of running a child task sequence, by showing how it’s logged. …

Read more

Super easy customizing Software Center

This week it’s time for a short blog post about customizing Software Center. And not without reason. About two years ago I did a post about setting the company logo in the new Software Center. I received many reactions on that post about why a Microsoft Intune subscription configuration was required to set a company logo in Software Center. I had no answer. Now that time is over! Starting with Configuration Manager, version 1710, it’s super easy to customize Software Center with Client Settings. Including the company logo! In this post I’ll walk through the available configuration options and I’ll show the end-user experience. Including an additional bonus about the Software Center icons. Configuration Starting with Configuration Manager, version 1710, it’s super easy to add …

Read more

Auto-enroll Windows 10 devices using Group Policy

This week is all about creating awareness for the automatic MDM enrollment feature, using ‘Group Policy, that is introduced in Windows 10, version 1709. In some scenarios that might not sounds very interesting. Especially when looking at cloud only scenarios. However, this feature is very interesting in scenarios when organizations want to move to the cloud. Think about co-management. Co-management helps organizations to slowly move their device management capabilities to the cloud, by allowing multiple device management agents on a single device. Microsoft just released co-management in Microsoft Intune and co-management is also available in the latest Technical Preview releases of Configuration Manager. So, imagine a scenario in which a currently Configuration Manager managed device can receive a Group Policy setting to also auto-enroll the …

Read more

MDM Migration Analysis Tool

This week something completely different compared to the last few weeks, maybe even months. This week is all about creating awareness for the MDM Migration Analysis Tool (MMAT). MMAT is created to make the transition to MDM easier. At Ignite it also got some attention and I thought it would be good to add some more attention to it. Even though it already exists for a while. I’ll start this post with an introduction to MMAT, followed by the usage of MMAT. I’ll end this post with example results of MMAT. Introduction to MMAT Before looking at the technical transition to MDM policies, via Microsoft Intune (hybrid or standalone), or any third-party MDM, start with MMAT. MMAT is a tool created by Microsoft to help …

Read more

Conditional access and terms of use

This week more about conditional access. More specifically, the ability to require end-users to consent to a terms of use, which is currently still in preview and was also highlighted during a couple of sessions on Microsoft Ignite. In this post, I’ll provide more information about the terms of use requirement and I’ll show how to configure that requirement. I’ll end this post with the end-user experience. Introduction It’s now possible to require an end-user in a tenant to consent to a terms of use before being granted access to a resource. Something like this was already possible for Microsoft Intune hybrid enrollment and Microsoft Intune standalone enrollment. However, that is Microsoft Intune only. This new requirement can be applied to any configurable Cloud app …

Read more

Conditional access and approved client apps

This week back in conditional access. More specifically, the recently introduced requirement, in the grant control, to Require approved client apps, which is currently still in preview. That requirement feels a bit like MAM CA, but more about that later in this post. In this post, I’ll provide more information about the Require approved client apps requirements and I’ll show how to configure that requirement. I’ll end this post with the end-user experience. Introduction When configuring a conditional access policy, it’s now possible to configure the requirement to grant access only if a connection attempt was made by an approved client app. That’s done by using the Require approved client apps requirement. This requirement could be described as something similar as MAM CA, but with …

Read more

Managing User Account Control settings via Windows 10 MDM

This blog post uses the LocalPoliciesSecurityOptions area of the Policy configuration service provider (CSP), to manage User Account Control (UAC) settings on Windows 10 devices. This area was added in Windows 10, version 1709, which is currently available as Insider Preview build. This week a blog post about managing User Account Control (UAC) settings via Windows 10 MDM. The ability to manage UAC-settings is new in Windows 10 MDM. Windows 10, version 1709, introduces the LocalPoliciesSecurityOptions area in the Policy CSP, which also contains settings to manage UAC. This is the same area, in the Policy CSP, as my last post, but this time a different group of settings. The frequent readers of my blog might recognize some bits and pieces, but that’s simply because …

Read more

Managing local policies security options for accounts via Windows 10 MDM

This blog post uses the LocalPoliciesSecurityOptions area of the Policy configuration service provider (CSP) to manage local policies security options on Windows 10 devices. This area was added in Windows 10, version 1709, which is currently available as Insider Preview build. This week a blog post about managing local policies security options via Windows 10 MDM. More specifically, local policies security options settings related to accounts. For example, to block the usage of Microsoft accounts. I might address the other areas of the local policies security options in later blog posts, but that will be more of the same. The ability to manage local policies security options is something new in Windows 10 MDM. Windows 10, version 1709, introduces the LocalPoliciesSecurityOptions area in the Policy …

Read more