Back to basics: How can I fully automate the patching of Windows 10 using SCCM (System Center Configuration Manager)

Introduction

I have been spending some time on the Configuration Manager forums on Technet lately, and questions about Software Updates (among others) frequently pops up. So I thought of creating a series of blog post explaining some of the basics of Configuration Manager or explaining some of the topics I often see being repeated as questions on the forums.

This will be the very first in such series, where I will give an example on how you can use SCCM to fully automate the patching of Windows 10. All of these examples will be based on the latest version of Configuration Manager Current Branch.

Peak at the Automatic Deployment Rule we will be creating and configuring in this example

Read more…

Switch default browser the enterprise way using the Software Center in SCCM (System Center Configuration Manager) and Powershell

Introduction

In this post I will talk about Windows 10, file associations and how you can let the user in an enterprise switch default browser through the Software Center in SCCM (System Center Configuration Manager). All of this is done in an environment where file associations are tightly managed and locked through group policies (as they should be in an enterprise) on computers running Windows 10. Curious on the topic? Read on 🙂

Read more…

Enable Third-Party Software Updates in SCCM (System Center Configuration Manager) Technical Preview 1806

Introduction

System Center Configuration Manager Technical Preview version 1806 was released last week. Among other new cool features following this release, this new TP version comes with the ability to deploy Third-Party Software Updates without using SCUP (System Center Update Publisher).

This is a short walk through on the prerequisites and how to enable and use the new feature in the Technical Preview of System Center Configuration Manager.

Read more…

Microsoft Intune and Conditional Access in a Co-management scenario

Introduction

Last week I gave an example on how to leverage Microsoft Intune and Conditional Access to restrict access to Exchange Online for iOS devices. This week, I’m continuing the use of Microsoft Intune and Conditional Access, and will give an example on how to restrict access to company e-mail if not using a Windows 10 1803 device. All of this based on a computer co-managed with both Microsoft Intune and Configuration Manager.

So basically; no e-mails if not running on the latest and greatest version of Windows 10 on my co-managed device.

Read more…

Restrict access to Exchange Online using Microsoft Intune (and only grant access to company enrolled devices using the Outlook app)

Introduction

Long title, but that’s actually what this post is going to cover; how you can secure the access to company e-mail accounts and only allow access to such, if coming from an enrolled (compliant) Intune device and that device uses the Outlook app.

In this scenario, we only uses iOS devices and of such only allow enrollment of iOS devices, but this can of course be android and Windows as well. Everything in this post is achievable with the use of Microsoft Intune and Conditional Access in Azure. Curious? Read on 🙂

Read more…

How to renew Apple Push Certificate in Microsoft Intune standalone

Introduction

I have previously done a short post on how to renew the Apple Push Certificate when having Intune integrated with Configuration Manager (Hybrid). Since then, I’ve changed the MDM authority to Intune standalone and therefore the procedure changes slightly. Again, this is taken directly from an production environment and my certificate was due to expire in roughly 30 days. For the curious, this is the exact steps I went through to renew our Apple Push Certificate in Microsoft Intune standalone.

Picture of the front page of the Apple Push Certificate portal

Read more…

Install the latest version of Sysinternals Suite tools without any source files using SCCM (System Center Configuration Manager) and Powershell

Introduction

It’s an unusual and kind of off topic subject to me, but it might be useful to someone anyway. At least I think it’s different and creative 🙂

The Sysinternals Suite can be downloaded like any other bunch of tools and distributed with whatever method you prefer (download the latest version here: https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite), but what if you always want the latest and greatest version, but don’t have the interest or resources to keep track of dates and versions? Read on. This is how you always install the latest version using System Center Configuration Manager and a Powershell script.

Read more…

Enable password reset on the login screen of a Hybrid Azure AD joined Windows 10 1803 device

Introduction

More Windows 10 1803! Password reset directly from the login screen of Windows 10 has been possible since Windows 10 1709, but only in a cloud-only scenario. This changed with 1803, and users having a hybrid Azure AD environment, are now able to offer this service to their users as well. (assuming they roll on the latest and greatest Windows 10 version). This guide explains what’s required in a Hybrid environment and how to leverage Configuration Manager to apply the proper configuration on the client.

For this to work, there are a few prerequisites:

  • Windows 10 1803 or newer
  • Password writeback enabled in Azure AD Connect
    • Proper permissions in on-premise AD for the AAD Connect account
  • Password reset enabled in Azure AD
  • Enable password reset on the 1803 clients (in this scenario through ConfigMgr)

Read more…

How can I deploy RSAT (Remote Server Administration Tools) for Windows 10 1803 using SCCM (System Center Configuration Manager)

Introduction

Continuing on the Windows 10 1803 journey from last week. RSAT (Remote Server Administration Tools) is available as well. This is a quick guide on how you can deploy RSAT for Windows 10 1803 using an application in the Software Center of Configuration Manager. RSAT is available for download following this link: https://www.microsoft.com/en-us/download/details.aspx?id=45520

The files available for download includes following. Select the one appropriate for your running OS.

  • WindowsTH-RSAT_WS_1803-x64.msu
  • WindowsTH-RSAT_WS_1803-x86.msu
  • WindowsTH-RSAT_WS2016-x64.msu
  • WindowsTH-RSAT_WS2016-x86.msu

Read more…

How can I in-place upgrade to Windows 10 1803 using Powershell App Deployment Toolkit and SCCM (System Center Configuration Manager)

Introduction

Windows 10 1803 is out (old news I know). Nevertheless, its always a good idea to be ahead and start thinking and planning the upgrade of your environment. Configuration Manager offers a lot of flexibility in terms of servicing plans and the use of task sequences.

Task sequences is the preferred method in our environment, and I thought I’d share how you can deploy the Windows 10 1803 upgrade through the Powershell App Deployment Toolkit, some custom Powershell script and an application in the Configuration Manager Software Center. Curious? Read on. 🙂

Read more…