Windows 10 Toast Notification Script updated to version 1.3

Introduction

As the topic suggests; my Windows 10 Toast Notification Script has been updated to version 1.3 and here’s what’s new and delicious. πŸ˜€

Note: The screenshot below is intentionally in jibberish (danish). This is to illustrate that all text elements now are customizable through the config file.

Read more…

Windows as a Service: Example of fixing Compat Scan errors (A driver is installed that causes stability problems)

Introduction

Sooner or later you will encounter some Compatibility Scan errors with your Windows 10 upgrades.

And if you like me run the Compat Scan prior to the actual Windows 10 upgrade, you will have time to fix these errors before the end-user is aware. Clever, right? πŸ˜€

So this post is an example of such and is based on a really simple approach to fixing an incompatible driver. Curious? Read on πŸ™‚

Read more…

Managing Microsoft Edge Chromium settings with SCCM (System Center Configuration Manager)

Introduction

The new Microsoft Edge Chromium browser is a real treat, and not too long ago this delicious new browser was deemed ready for testing in the enterprise.

Therefore I figured it would make a decent blog post to give some insights on, how you can manage the new settings using SCCM (System Center Configuration Manager).

I have previously shown how you can install Google Chrome extensions also using SCCM. This post is based on the same approach: https://www.imab.dk/forcefully-deploy-the-windows-defender-google-chrome-extension-using-configuration-manager/

Read more…

Enrollment of co-managed devices based on Azure AD device token with ConfigMgr 1906

Introduction

A short and sweet peek into the latest improvement to the enrollment of co-managed devices into Microsoft Intune.

Prior to SCCM 1906 (System Center Configuration Manager), the enrollment into Microsoft Intune required a user to sign in to the device. This has now changed and the device is able to auto-enroll into Microsoft Intune based on its Azure AD device token.

Note: This is not an A-Z guide, so I’m sadly not covering all the basics and requirements around enrollment nor co-management. Instead I’m touching base with some of the interesting parts, based on my own environment, setup and curiosity. πŸ™‚

Read more…

Updating SCCM (System Center Configuration Manager) Current Branch to version 1906

Introduction

Yesterday happened to be one of those #SCCM Fridays. And a big and awesome one indeed. So awesome I had to take a break from my vacation to catch up on the latest and greatest. πŸ™‚

Configuration Manager Current Branch version 1906 was released and as with previous versions, I will walk you through the update process based on my own environment. I do this before touching base with some of the new and delicious features in upcoming posts.

Read more…

Send messages across your Windows 10 computers with SCCM and Toast Notifications

Introduction

First off, this is mostly an inspirational post and the script used here is the latest release of my Windows 10 Toast Notification Script.

Secondly, from time to time, I still see people in various forums asking how they can send popup messages to the computers in their environment using SCCM (System Center Configuration Manager).

So I figured it would make a decent and quick blog post, describing how one can do just that using my Windows 10 Toast Notification script.

Read more…

Getting started with Security Baselines: Moving from Group Policy to Microsoft Intune

Introduction

Another delicious feature went GA (General Availability) this week: Security Baselines in Microsoft Intune.

The Security Baselines in Intune is the equivalent to what we have done with Group PolicyΒ for some years now, and is basically a set of pre-configured Windows settings, which are recommended for the enterprise by Microsoft.

This post is not a typical A-Z guide, but rather a first look into the feature and what initial experiences I had with moving from Security Baselines with Group Policy to Security Baselines with Intune in a Co-management scenario.

Read more…

Configure OneDrive Known Folder Move with Administrative Templates in Microsoft Intune

Introduction

Short and sweet: Back in May 2019, Administrative Templates in Intune went from preview to General Availability. Back then the feature was released with a list of 277 settings. Not much, huh?

Today this will be extended by additional 2500 settings and among these will be the ability to configure OneDrive Known Folder Move.Β Exciting!

While the configuration of OneDrive Known Folder Move using Administrative Templates in Intune is pretty easy and straightforward, I figured it deserved a post here as well.

Also, initially when OneDrive Known Folder Move was introduced, I did this post on the topic: https://www.imab.dk/how-to-enable-onedrive-known-folder-move-using-sccm-system-center-configuration-manager/

Read more…

Enable and disable ConfigMgr client debug logging in a jiffy using Powershell and Run Script

Introduction

Debug/verbose logging! A topic which every ConfigMgr admin will have to get familiar with sooner or later. Lazy as one can be, I usually Google the requirements every time I need it, so I figured it was time to make something more permanent and more clever.

There are a billion blog posts on the topic already, but as far as my Google skills serves me, no one is using the run script feature and no one is providing complete scripts for the purpose. So this is me doing that. A complete solution for your copy/paste pleasure πŸ™‚

Read more…

Intune enrollment, Multi-Factor Authentication and registering Security Information with Conditional Access

Introduction

This is a little something on the new option with Conditional Access, where you can specify restrictions for registering the end users security information used with Multi-Factor Authentication.

This is a nifty addition, enabling you to control when and where the security information can be added or changed, making sure it’s not an attacker who’s messing with the details.

In this post i’m trying to put this into the context of enrolling a new device, in this example an iOS device, where MFA is required for enrollment.

If the enrollment is being done by a user who’s without security information (imagine a newly hired employee), the user is initially prompted to register the security information. Now also imagine this being done by an attacker instead. Not good. Therefore it’s desirable to control from where the registering of the security information can be done. Curious? Read on πŸ™‚

Read more…