Configure Microsoft Teams application settings using PowerShell and Proactive Remediations in Microsoft Endpoint Manager

April 11, 2021April 11, 2021 by Martin Bengtsson

Introduction

Almost a year ago, I wrote a blog post on how to configure Microsoft Teams application settings using Configuration Manager and Powershell. For good measures, find this post in the link below:

Configure Microsoft Teams application settings using Configuration Manager and Powershell – imab.dk

Not too long ago, I started getting some reports on, that Teams is no longer picking up the changes made to the config.json and that Teams is hanging at the loading screen. I initially tried to reproduce, but was unable to.

I decided to invest some more time into the issue, and ended up being able to reproduce and find the cause. In the process of troubleshooting, I decided to try and move this into Proactive Remediations in Microsoft Endpoint Manager as well. The result made up this blog post.

Below a quick illustration of running the solution manually. The detection script detects that Microsoft Teams needs its settings configured, and the configure script carries out the configuration.

Configuring Microsoft Edge and ‘Always allow to open links of this type in the associated app’ using Microsoft Endpoint Manager

March 11, 2021 by Martin Bengtsson

Introduction

This is just a really quick post, describing how you configure Microsoft Edge to always – and without prompting the user – open certain links in their associated application.

This might seem like an odd and out of the ordinary post, but I needed this myself, and failed to find the relevant details described properly anywhere.

The mentioned prompt is something that’s generated when opening links to Teams meetings, or when trying to open Office documents in their respective desktop application.

Prompts which in most cases are irrelevant to the end-users, and by eliminating those, the user-experience is improved by a little. TL:DR down below.

Notify users when their device is running low on disk space using Toast Notifications and Endpoint Analytics Proactive Remediations

February 4, 2021February 3, 2021 by Martin Bengtsson

Introduction

This is a follow up, on the post I did a few weeks ago, on notifying users with devices being low on disk space, using Toast Notifications and Configuration Manager

Find the mentioned post here: Notify users when their device is running low on disk space using Toast Notifications and Configuration Manager

This time, I’m moving all of it, into the Endpoint Analytics Proactive Remediations feature of Microsoft Endpoint Manager Intune. This will actually simplify things a lot, as it removes the need for custom collections, Configuration Items and Baselines.

Move away from Group Policy and set wallpaper and lock screen images with local source files and Microsoft Endpoint Manager Intune

January 29, 2021January 28, 2021 by Martin Bengtsson

Introduction

This is something I currently just have done myself, in our own environment, and while it’s neither super technical nor advanced, then I figured it deserved some attention regardless.

I assume most hybrid (co-managed) environments still look towards Group Policy when doing this, because it’s easy and what we’ve always been doing. I’m regularly asked to change our desktop wallpaper and lock screen images, and when things needs to be done in a hurry, you usually stick to the easy solution.

This time though, I was stubborn and insisted on moving away from Group Policy and do it with Intune. The process made up this short blog post. 🙂

Notify users when their device is running low on disk space using Toast Notifications and Configuration Manager

January 14, 2021January 14, 2021 by Martin Bengtsson

Introduction

This is a specific need, that I just started having myself with my Windows Servicing process. I wanted to notify my users, if their devices are running low on disk space, prior to catching it with the precaching/readiness portion of my Windows as a Service process.

This is then done, with the hope of the users taking the required actions, before I spot the low disk space issues when precaching the Windows 10 upgrade, as this essentially will cause a failure.

My WaaS process explained here: Windows as a Service

So this post will give you the details on how to do that, using my Toast Notification Script and Configuration Manager. This can be achieved with Microsoft Intune as well, using the Proactive Remediations feature. My next blog post will cover that approach. 🙂

Windows as a Service: Sharing my PreCache and In-Place Upgrade Task Sequences – 20H2 edition, part 2

December 17, 2020December 17, 2020 by Martin Bengtsson

Introduction

Yes! It’s true. I’m still leveraging Task Sequences and Configuration Manager to upgrade Windows 10.

I’m also Co-managing my devices and deploy regular updates via Windows Update for Business. Just not feature updates. I fancy the full-control approach, taking the opportunity to update BIOS and drivers while at it. Everything works directly over the Internet via the Cloud Management Gateway. No hard requirements in being on-premises or on VPN.

I have previously shared my precache and in-place upgrade task sequences. A lot have happened since then, and I wanted to take the opportunity to share my updated approach in details.

I’m covering each and every step, just like I did in my previous blog posts. Some steps are exactly the same, but in order to fully supersede the old posts, I’m covering everything in details here.

Now, I can’t go over explaining my WaaS process without mentioning THE OSD experts Gary Blok, Mike Terrill. They are tirelessly sharing their approach as well. If you are looking for a WaaS solution on steroids, I suggest you head over to garytown.com and miketerrill.net for inspiration.

If you are looking for something less advanced, then you are at the right place. With that being said, some of the stuff I do, is done with inspiration from what Gary is sharing at garytown.com – just without the steroids. 😛

And yes! The task sequence will be available for download in the very end of the post!

Let’s get to it. 🙂

Part 1: Windows as a Service: Sharing my PreCache and In-Place Upgrade Task Sequences – 20H2 edition, part 1

Setting up Microsoft Tunnel Gateway with Microsoft Endpoint Manager and Linux VM(s) in Azure

December 5, 2020December 4, 2020 by Martin Bengtsson

Introduction

I typically blog about topics, that I’m currently addressing in my own daily work, and this time is no different.

Covid-19 surely has a saying on this particular topic as well, and empowering our users to do more, working securely from home and remote, is key.

In that regard, we needed a simple VPN solution for our iOS devices, and while making my way through the setup and configuration of Microsoft Tunnel Gateway, I decided it was worth blogging as well.

This post will walk you through everything you need know, in order to successfully setup Microsoft Tunnel Gateway as a proof of concept.

This includes:

Creating the VM(s) in Azure
Assigning static public IP
Hardening of the inbound traffic
Configuring public DNS record
SSH’ing to the Linux server
Installing Docker on Linux
Setting up configuration in Microsoft Endpoint Manager
Installing Microsoft Tunnel on Linux
- Copying down TLS certificate to Linux
Deploying VPN profile in Microsoft Endpoint Manager
Verifying connection to VPN on iOS is successful

Windows as a Service: Sharing my PreCache and In-Place Upgrade Task Sequences – 20H2 edition, part 1

December 17, 2020November 25, 2020 by Martin Bengtsson

Introduction

Yes! It’s true. I’m still leveraging Task Sequences and Configuration Manager to upgrade Windows 10.

I have previously shared my precache and in-place upgrade task sequences. A lot have happened since then, and I wanted to take the opportunity to share my updated approach in details.

And yes! The task sequence will be available for download in the very end of the post!

Let’s get to it. 🙂

Part 2: Windows as a Service: Sharing my PreCache and In-Place Upgrade Task Sequences – 20H2 edition, part 2

Windows 10 Toast Notification Script Update: Second action button and built-in prevention from disabling toast notifications

November 17, 2020November 16, 2020 by Martin Bengtsson

Introduction

A new version of the Windows 10 Toast Notification Script is here. The script is now being on version 2.1.0.

This version brings the option to add a second action button to the toast notification (displayed in the illustration below), as well as a built-in functionality to prevent users from disabling toast notifications in Windows 10 altogether.

A second action button is useful in many scenarios. One being with a Windows 10 upgrade, where you, besides the actual upgrade, also have some additional information for the user. In this example, Install Now will launch the actual upgrade, while Learn More will open a specific web page in the browser.

Prevention from disabling toast notifications is stolen with pride from Trevor Jones, and is incorporated into my script. More details down below. 🙂

Deploy RSAT (Remote Server Administration Tools) for Windows 10 v20H2 using ConfigMgr and PowerShell

November 10, 2020November 10, 2020 by Martin Bengtsson

Introduction

This is becoming quite the tradition, and based on the count of views of my previous posts, a popular one indeed. 🙂

I’m a man of traditions, so I’m sticking true to that, and therefore updated my PowerShell script which will enable you to install RSAT for Windows 10 v20H2 automatically and unattended.

The script received some minor changes, and is now also capable of temporarily disabling WSUS, and re-enabling it again post installation.

Over the years and since I created the first script, I have received a lot of comments saying, that if a device is configured to use WSUS, installation of Features on Demand may fail if certain configuration is not in place. So this is another attempt to have the most success with the use of my script.