Windows 10

Deploying the ConfigMgr client via Microsoft Intune

by

This week is all about deploying the ConfigMgr client via Microsoft Intune. Like last week, this is also a nice addition in combination with Windows AutoPilot. The idea is to install the ConfigMgr client next to the MDM agent and to create a co-management scenario. The main use case to do something like this is when an organization is making the transition from traditional management to modern management. In that scenario the organization can use co-management to make a phased move to the cloud. For example, use ConfigMgr for patch management and use Microsoft Intune for configurations and compliance. In this post I’ll provide a short introduction to co-management, followed by the prerequisites for the ConfigMgr client installation and the end result. Introduction Starting with …

Read more

Enable Windows Automatic Redeployment from the login screen

by

This week a short post about enabling Windows Automatic Redeployment form the login screen. It’s a follow up on enabling password reset and PIN reset from the login screen, as it enables another feature on the login screen, and a nice addition in combination with Windows AutoPilot. Windows Automatic Redeployment might be a familiar feature, but I couldn’t find much written information about it yet. In this post I’ll provide a brief introduction to Windows Automatic Redeployment, followed by the required configuration and the end-user experience. Introduction Now let’s start with a brief introduction about Windows Automatic Redeployment. Starting with Windows 10, version 1709, administrators can use Windows Automatic Redeployment to quickly remove personal files, apps, and settings, by resetting Windows 10 devices from the …

Read more

Enable password reset from the login screen

by

This week is about something similar as last week. This week is all about the password reset option on the login screen. In other words, the Reset password option. Starting with Windows 10, version 1709, it’s possible to enable the Reset password option from the login screen for Azure AD joined devices. I know that a lot has been written already about this subject, but I have the feeling that this subject needs a place on my blog. My style and more details. In this post I’ll provide a short introduction about Azure AD self-service password reset (SSPR), followed by walking through the required configurations for SSPR and the Reset password option. I’ll end this post by looking at the end-user experience. Introduction Now let’s …

Read more

Enable PIN reset from the login screen

by

This week I’m going for an end-user experience focused blog post. This week is all about the PIN reset option on the login screen. In other words, the I forgot my PIN option. Starting with Windows 10, version 1709, it’s now possible to enable the I forgot my PIN option from the login screen. When using Windows Hello for Business, which can be configured during the Windows enrollment, by using Microsoft Intune, the PIN is the fallback mechanism when it’s not possible to authenticate with biometrics. In other words, the PIN is really important. In this post I’ll provide the required configuration to provide the user with the I forgot my PIN option from the login screen. I’ll do that by assuming that the user …

Read more

Deep dive ingesting third-party ADMX-files

by

A bit more than a week ago I got the suggestion to do a blog post about the ingestion of custom and/or third-party ADMX-files. Not without a reason. The suggestion was triggered by the latest Spectre and Meltdown vulnerabilities and the ability to manage site isolation via policies for Google Chrome. That was enough motivation for me to look into it. In this post I’ll provide an introduction to ingesting ADMX-files, followed by a step-by-step overview of how to ingest custom and/or third-party ADMX-files and how to configure the related settings. As a configuration example I’ll use the manage site isolation setting for Google Chrome. I’ll end this post with showing the configuration result. Introduction Starting with Windows 10, version 1703, it’s possible to ingest …

Read more

Manage Windows AutoPilot via Microsoft Intune

by

This week I’m going through the required steps for configuring Windows AutoPilot. I know that a lot has been written already about this subject, but I have the feeling that this subject needs a place on my blog. Also, the attentive reader might have noticed that I’m specifically using Microsoft Intune in the title of my blog, for the first time in over a year. That’s with a reason. This post is focused on configuring Windows AutoPilot via Microsoft Intune and will show that, at this moment, the Microsoft Store for Business is also required to complete the Microsoft Intune configuration. In this post I’ll provide a short introduction about Windows AutoPilot, followed by walking through the required configurations. I’ll end this post by quickly …

Read more

Using the Intune Management Extension, on a 64-bit platform, for a very happy New Year!

by

Let’s start the New Year with a quick tip about the Intune Management Extension, which is used for running PowerShell scripts, in combination with a 64-bit platform. The Intune Management Extension is 32-bit and will run PowerShell scripts in a 32-bit environment. This is not always the desired behavior. Actually, many activities and/or cmdlets, require a 64-bit environment. In this blog post I’ll provide a simple workaround, to run the PowerShell scripts in a 64-bit environment, and I’ll show the behavior of that simple workaround. The (example) script Now let’s start by looking at that simple workaround. That workaround is actually a simple addition to a script that starts the same script, by using the 64-bit environment of PowerShell. This is achieved by starting with …

Read more

Combining the powers of the Intune Management Extension and Chocolatey

by

A bit more than a week ago the Intune Management Extension was added to Microsoft Intune to facilitate the ability to run PowerShell scripts on Windows 10 devices that are managed via MDM. That addition opens a whole new world for managing Windows 10 devices via MDM. Looking at app deployment specifically, this enables the administrator to look at something like Chocolatey for deploying packages. That would make the app deployment via Microsoft Intune suddenly flexible. In this blog post I’ll start with a little introduction about the Intune Management Extension and Chocolatey, followed by the configuration of a PowerShell script to install Chocolatey packages. I’ll end this post by looking at the end result. Introduction Let’s start with a short introduction about the awesome …

Read more

Auto-enroll Windows 10 devices using Group Policy

by

This week is all about creating awareness for the automatic MDM enrollment feature, using ‘Group Policy, that is introduced in Windows 10, version 1709. In some scenarios that might not sounds very interesting. Especially when looking at cloud only scenarios. However, this feature is very interesting in scenarios when organizations want to move to the cloud. Think about co-management. Co-management helps organizations to slowly move their device management capabilities to the cloud, by allowing multiple device management agents on a single device. Microsoft just released co-management in Microsoft Intune and co-management is also available in the latest Technical Preview releases of Configuration Manager. So, imagine a scenario in which a currently Configuration Manager managed device can receive a Group Policy setting to also auto-enroll the …

Read more

MDM Migration Analysis Tool

by

This week something completely different compared to the last few weeks, maybe even months. This week is all about creating awareness for the MDM Migration Analysis Tool (MMAT). MMAT is created to make the transition to MDM easier. At Ignite it also got some attention and I thought it would be good to add some more attention to it. Even though it already exists for a while. I’ll start this post with an introduction to MMAT, followed by the usage of MMAT. I’ll end this post with example results of MMAT. Introduction to MMAT Before looking at the technical transition to MDM policies, via Microsoft Intune (hybrid or standalone), or any third-party MDM, start with MMAT. MMAT is a tool created by Microsoft to help …

Read more