Managing Microsoft Edge Chromium settings with SCCM (System Center Configuration Manager)

August 15, 2019August 14, 2019 by Martin Bengtsson

Introduction

The new Microsoft Edge Chromium browser is a real treat, and not too long ago this delicious new browser was deemed ready for testing in the enterprise.

Therefore I figured it would make a decent blog post to give some insights on, how you can manage the new settings using SCCM (System Center Configuration Manager).

I have previously shown how you can install Google Chrome extensions also using SCCM. This post is based on the same approach: https://www.imab.dk/forcefully-deploy-the-windows-defender-google-chrome-extension-using-configuration-manager/

Enrollment of co-managed devices based on Azure AD device token with ConfigMgr 1906

August 7, 2019August 6, 2019 by Martin Bengtsson

Introduction

A short and sweet peek into the latest improvement to the enrollment of co-managed devices into Microsoft Intune.

Prior to SCCM 1906 (System Center Configuration Manager), the enrollment into Microsoft Intune required a user to sign in to the device. This has now changed and the device is able to auto-enroll into Microsoft Intune based on its Azure AD device token.

Note: This is not an A-Z guide, so I’m sadly not covering all the basics and requirements around enrollment nor co-management. Instead I’m touching base with some of the interesting parts, based on my own environment, setup and curiosity. 🙂

Updating SCCM (System Center Configuration Manager) Current Branch to version 1906

July 28, 2019July 27, 2019 by Martin Bengtsson

Introduction

Yesterday happened to be one of those #SCCM Fridays. And a big and awesome one indeed. So awesome I had to take a break from my vacation to catch up on the latest and greatest. 🙂

Configuration Manager Current Branch version 1906 was released and as with previous versions, I will walk you through the update process based on my own environment. I do this before touching base with some of the new and delicious features in upcoming posts.

Send messages across your Windows 10 computers with SCCM and Toast Notifications

July 18, 2019 by Martin Bengtsson

Introduction

First off, this is mostly an inspirational post and the script used here is the latest release of my Windows 10 Toast Notification Script.

Secondly, from time to time, I still see people in various forums asking how they can send popup messages to the computers in their environment using SCCM (System Center Configuration Manager).

So I figured it would make a decent and quick blog post, describing how one can do just that using my Windows 10 Toast Notification script.

Getting started with Security Baselines: Moving from Group Policy to Microsoft Intune

July 14, 2019July 12, 2019 by Martin Bengtsson

Introduction

Another delicious feature went GA (General Availability) this week: Security Baselines in Microsoft Intune.

The Security Baselines in Intune is the equivalent to what we have done with Group Policy for some years now, and is basically a set of pre-configured Windows settings, which are recommended for the enterprise by Microsoft.

This post is not a typical A-Z guide, but rather a first look into the feature and what initial experiences I had with moving from Security Baselines with Group Policy to Security Baselines with Intune in a Co-management scenario.

Configure OneDrive Known Folder Move with Administrative Templates in Microsoft Intune

July 10, 2019July 10, 2019 by Martin Bengtsson

Introduction

Short and sweet: Back in May 2019, Administrative Templates in Intune went from preview to General Availability. Back then the feature was released with a list of 277 settings. Not much, huh?

Today this will be extended by additional 2500 settings and among these will be the ability to configure OneDrive Known Folder Move. Exciting!

While the configuration of OneDrive Known Folder Move using Administrative Templates in Intune is pretty easy and straightforward, I figured it deserved a post here as well.

Also, initially when OneDrive Known Folder Move was introduced, I did this post on the topic: https://www.imab.dk/how-to-enable-onedrive-known-folder-move-using-sccm-system-center-configuration-manager/

Enable and disable ConfigMgr client debug logging in a jiffy using Powershell and Run Script

June 25, 2019June 25, 2019 by Martin Bengtsson

Introduction

Debug/verbose logging! A topic which every ConfigMgr admin will have to get familiar with sooner or later. Lazy as one can be, I usually Google the requirements every time I need it, so I figured it was time to make something more permanent and more clever.

There are a billion blog posts on the topic already, but as far as my Google skills serves me, no one is using the run script feature and no one is providing complete scripts for the purpose. So this is me doing that. A complete solution for your copy/paste pleasure 🙂

Intune enrollment, Multi-Factor Authentication and registering Security Information with Conditional Access

June 14, 2019June 14, 2019 by Martin Bengtsson

Introduction

This is a little something on the new option with Conditional Access, where you can specify restrictions for registering the end users security information used with Multi-Factor Authentication.

This is a nifty addition, enabling you to control when and where the security information can be added or changed, making sure it’s not an attacker who’s messing with the details.

In this post i’m trying to put this into the context of enrolling a new device, in this example an iOS device, where MFA is required for enrollment.

If the enrollment is being done by a user who’s without security information (imagine a newly hired employee), the user is initially prompted to register the security information. Now also imagine this being done by an attacker instead. Not good. Therefore it’s desirable to control from where the registering of the security information can be done. Curious? Read on 🙂

Windows 10 Toast Notification Script Update: Personal greeting and protocol based reboot

June 25, 2019June 4, 2019 by Martin Bengtsson

Introduction

Short and sweet. My Windows 10 Toast Notification Script have received a minor update. Now being at version 1.2. The changes mentioned in details below.

Find the original page for the Windows 10 Toast Notification Script here: https://www.imab.dk/windows-10-toast-notification-script/

Upgrade Windows 10 over the Internet with In-Place Upgrade Task Sequences and ConfigMgr

May 26, 2019May 23, 2019 by Martin Bengtsson

Introduction

This is not exactly an A-Z guide on the topic, but rather a story of my experiences with upgrading Windows 10 over the Internet with In-Place Upgrade (IPU) Task Sequence using ConfigMgr and how it works in my environment.

I’m using a Cloud Management Gateway (CMG) with enhanced HTTP as well as initially being connected to the on-premises infrastructure with Always On VPN. The VPN in this scenario is a user-initiated tunnel and thus obviously disconnects once the upgrade restarts the computer. It’s not completely without challenges and I will try to cover those during this post.

Curious? Read on 🙂

Oh yeah, seeing I now allow IPU to happen over the Internet, I also created something in Powershell App Deployment Toolkit which extraordinarily warns the user if the upgrade is being initiated from outside the office network. A preview of that in the end of the post 🙂