Patch your Windows 10 media (used with In-Place Upgrades in ConfigMgr) with a new Setup Dynamic Update Package

October 22, 2020 by Martin Bengtsson

Introduction

Patch Tuesday for October 2020 brought the usual and expected updates, but did also bless us with a security update that addresses a vulnerability found in the setup of Windows 10.

Everything about the vulnerability is explained in details here: CVE-2020-16908 | Windows Setup Elevation of Privilege Vulnerability

The article tells us to download the latest refreshed media from VLSC or Visual Studio Subscriptions (formerly MSDN), or download the latest applicable Setup Dynamic Update (DU) package and patch the media ourselves.

Now, as of writing, the official downloads has not been refreshed yet, so I wanted to get rid of the vulnerability and patch my existing media manually. The process I went through made this post.

Comparing Security Baselines in Endpoint Manager using Powershell and Microsoft Graph API

September 28, 2020September 27, 2020 by Martin Bengtsson

Introduction

I just very recently discovered, that a new version of the Security Baseline for Windows 10 was made available in Microsoft Endpoint Manager Intune.

It’s been a while since the last version, more than a year in fact, so it was a pleasant surprise seeing an update on this area.

Security Baselines, and those for Windows 10 in particular, consist of a lot settings. So I wondered what’s changed and started browsing and comparing the various settings via the admin portal.

Then I realized how that’s not very optimal, and began looking for alternatives. I eventually got myself into trying something new, and went on to compare the Security Baselines Profiles using Powershell and the Microsoft Graph. The result of that journey is this post. 🙂

Windows 10 Toast Notification Script Update (Poolside Release): Dynamic Application deadline and custom action scripts updates

September 5, 2020September 4, 2020 by Martin Bengtsson

Introduction

This is just a minor release, with me making some few adjustments and further polishing of the script while being on vacation (hence the poolside reference). 😀

I’ve added the option to retrieve deployment deadline of applications dynamically, as well as reworked some of the custom scripts area.
Everything related to the script, is now located within the user’s profile in AppData\Roaming\ToastNotificationScript.
Custom scripts are moving away from ProgramData into AppData\Roaming\ToastNotificationScript\Scripts.

The script is now on version 2.0.2. Find all the details down below.

Improve your Windows as a Service process: Use Toast Notifications and Powershell App Deployment Toolkit to Upgrade Windows 10

October 14, 2020August 28, 2020 by Martin Bengtsson

Introduction

This is just a brief storytelling on, how you can add more user-friendliness and flexibility to your Windows as a Service process with Configuration Manager.

That be whether you fancy using Task Sequences or Feature Updates, this post will show you how you can wrap the process into an initial Toast Notification, which again sends the end-user into a PowerShell App Deployment Toolkit experience, which again will run either the Task Sequence or the Feature Update automatically.

Carrot on a stick: All the binaries used in these examples, are available for download throughout the post. That goes for PSADT as well as exported ConfigMgr applications.

Windows 10 Toast Notification Script Update: Run ConfigMgr Software Updates directly from the action button

August 24, 2020August 22, 2020 by Martin Bengtsson

Introduction

It’s here! The new and delicious version of my Windows 10 Toast Notification Script. The script is now being on version 2.0.0.

First off, a huge thank you to Chad Brower for his incredible contributions to this new version. Most of the new functionality here, is a direct incorporation of Chad’s work (yet I end up spending 20 hours+ on deciphering and rewriting code, testing functionality, writing blog and updating documentation. I learned a ton!). 🙂

This new version, obviously brings the option to run Software (Feature) Updates directly from the action button in the toast notification, but also removes the need to manually, and outside of the script, to create the custom protocols and scripts (those enabling you, to run anything custom from the toast notification action button).

Find all the nifty details down below.

Endpoint Analytics: Locate devices not enrolled with Windows Hello for Business

August 20, 2020August 20, 2020 by Martin Bengtsson

Introduction

As promised, another use-case and example of Proactive Remediations in the new Endpoint Analytics feature in Microsoft Endpoint Manager (Intune).

New to Endpoint Analytics? Then grab a quick peek at following docs: What is Endpoint analytics (preview)?

In this example, I’m locating all devices, which currently are not making use of Windows Hello for Business, and display its logged on user a Toast Notification to remind them to get started.

If and when any organization is promoting and requiring the use of Windows Hello for Business, you will want to make sure that the users indeed are setting this up – and if not, nag them continuously until done.

I have previously done something similar with Configuration Manager: Remind users to enroll into Windows Hello for Business using Toast Notifications and ConfigMgr

Apply drivers compressed with WIM during OSD with Configuration Manager

August 14, 2020August 12, 2020 by Martin Bengtsson

Introduction

Some time last year, I wrote a blog post on how I moved away from traditional driver management with Configuration Manager, into a more ‘modern’ approach using regular packages.

Find this post here: Almost Modern Driver Management with ConfigMgr and Powershell

Then a few days ago, I stumbled upon a twitter conversation with some very clever people, mentioning how they compressed some of their deployments of huge application into .zip files. The conversation moved on, and some more clever people mentioned the idea of compressing the binaries with WIM.

Find the entire twitter conversation here: https://twitter.com/acjuelich/status/1284327742062899200

That got me intrigued, so I wanted to explore that option on my own. The result is obviously this blog post. 🙂

P.S. For good measures and all: Compressing binaries with WIM to use with ConfigMgr was not my idea nor invention. This is just me exploring, learning and sharing that experience with anyone who’s interested.

Windows 10 Toast Notification Script Update: Support for use with Endpoint Analytics Proactive Remediations

July 8, 2020July 5, 2020 by Martin Bengtsson

Introduction

I accidentally got to spend my entire weekend, toying around and testing the new Endpoint Analytics Proactive Remediations feature in Microsoft Endpoint Manager (Intune).

New to Endpoint Analytics? Then grab a quick peek at following docs: What is Endpoint analytics (preview)?

Long story short is, that Proactive Remediations is capable of running Powershell scripts on a schedule on your Windows 10 devices, similar to what we have done for years with Configuration Manager and scheduled tasks.

So, I needed my Windows 10 Toast Notification Script to work with this delicious new feature – and now it does, hitting a version of 1.8.0. All the details down below.

NOTE: You can’t really tell, but the examples below are indeed generated from using Proactive Remediations. My Toast Notification Script is triggered, if a certain device is not enrolled with Windows Hello for Business. Blog post incoming. 🙂

Apologies for the Danish nonsense. I was testing the multi-language portion (in the script) as well, coming from Proactive Remediations 🙂

Windows 10 Toast Notification Script Update: Multi-language support and easy switching of images

July 4, 2020July 3, 2020 by Martin Bengtsson

Introduction

I am back with another update to the Windows 10 Toast Notification Script, now hitting an astonishing and delicious version of 1.7.1. 😀

This version brings multi-language support, everything based on the local culture in Windows 10 of the device running the script, as well as new config options to more easily switch between the used images.

This time a huge thank you goes out to Matt Benninge @matbg, for taking the time to develop code for the multi-language support as well as sending me the pieces for me to incorporate.

Also, the script has finally made its long journey into GitHub. So for future downloads, please go to https://github.com/imabdk/Toast-Notification-Script.

Next update: I’m currently working on incorporating support for feature updates with Configuration Manager, so for those upgrading Windows 10 using this approach, something neat is coming up – I hope. 🙂

How I change the update channels for Microsoft 365 Apps using Configuration Manager

July 3, 2020July 2, 2020 by Martin Bengtsson

Introduction

OK, so this post is admittedly a few weeks overdue, but regardless still relevant. Microsoft has decided, as we know by now, to carry out a name change of the Office 365 ProPlus suite, and rename the product to Microsoft 365 Apps (for Enterprise).

Following this change of name, Microsoft also decided to introduce some new changes to the update channels, which includes new names as well as a brand new update channel: Monthly Enterprise Channel.

So I figured, all things taken into considerations, that I wanted to go into details on how I’m changing the update channels using Configuration Manager.

This is a somewhat continuation of my previous blog post: Use Powershell to create device collections in Configuration Manager for the new Microsoft 365 Apps update channels

Carrot on a stick: All of the configurations I have made for this setup, I have exported for you to download. No real configuration needed in your end. Just download and import – almost. 😀