PXE boot your way into Windows AutoPilot and Windows 10 Shared PC

Introduction

This is a continuation of my previous post on Windows AutoPilot for existing devices. This time covering a similar scenario, where I’m PXE booting an existing device (known or unknown to ConfigMgr) into a Windows 10 Shared PC with Windows AutoPilot and Microsoft Intune

Now, the scenario might have many similarities compared to last week, but nevertheless there’s a real purpose with the crazyness. This is about getting started with Windows AutoPilot and giving you inspiration on how to do that. In my environment, it’s a whole lot easier to make the switch into AutoPilot for non-user devices (I bet I’m not alone on this one). That be devices which are shared between users in public spaces and kiosk devices in particular.

Also, devices in this category are quite often not brand new and might even be old repurposed user-devices (hence we cannot ask our reseller to add them into AutoPilot prior to delivery and thus we have to do it ourselves) 🙂

A peek into the AutoPilot Deployment Profiles in my environment

Read more…

Install RSAT (Remote Server Administration Tools) for Windows 10 v1809 using Microsoft Intune

Introduction

I don’t know if this will have many uses, but I did a similar post on how to deploy RSAT for Windows 10 v1809 using SCCM (System Center Configuration Manager) back in October when 1809 was initially released. As most people know by now, RSAT is no longer a separate downloadable add on to Windows, but something which is included as “Features on Demand” in the OS itself.

For your convenience, find my previous post here: https://www.imab.dk/deploy-rsat-remote-server-administration-tools-for-windows-10-v1809-using-sccm-system-center-configuration-manager/)

What if you don’t have SCCM and instead are fancying Microsoft Intune for software deployments? You might even run SCCM and Microsoft Intune Co-Management and like to do stuff differently and experimenting like I do? Then this post will be for you 🙂

Company Portal displaying my RSAT 1809 Win32 app (Sorry for the obscure language (Danish). Company portal insists on being in Danish on my computer)

Read more…

Azure AD Application Proxy, Single Sign-On and Conditional Access

Introduction

As the topic suggests, the following post will be about the Azure AD Application Proxy feature – a feature within Azure Active Directory. I haven’t blogged specifically about this feature before, but I do think it deserves a mention here as well.

I will go into details on how to provide secure remote access to an internal IIS website, and give an example on how to add single sign-on to that experience while protecting everything with Conditional Access.

This post will be followed up with a continuation, where everything will be put to use on a mobile device with a Microsoft Intune managed Edge browser. Curious? Read on and stay tuned 🙂

The end result where an internal IIS is reachable from www

Read more…

How to automatically join Windows AutoPilot devices to On-Premises AD (Hybrid Azure AD Join)

Introduction

Good news everyone! The feature was introduced at Ignite earlier this year and now it’s finally here. Windows AutoPilot now allows you to join your Windows 10 v1809 devices to your on-premises Active Directory (Hybrid Azure AD Join). All the magic lies in a new Intune connector for Active Directory. Sounds exciting, right? This will be everything you need to know, on how to get started with this new amazing feature.

The new Intune Connector for Active Directory (Preview)

Read more…

Remove built-in apps for Windows 10 using SCCM and Microsoft Store for Business

Introduction

Removing the built-in apps in Windows 10 is often a hot topic and in same regard, it’s often discussed if and how they are removed. There are several excellent Powershell scripts for the same purpose made by the community, and they possibly satisfy most needs already.

But maybe you don’t fancy maintaining a Powershell script and maybe you don’t want to deal with specific apps coming back after an in-place upgrade. Or perhaps you just want an alternative. Then this might be of interest. This is solely based on using Microsoft Store for Business integrated with SCCM (System Center Configuration Manager), to uninstall some of the unwanted built-in apps in Windows 10 (and keep them uninstalled shall they ever return)

Some of the apps I tend to remove and keep removed using this method 🙂

Read more…

Deploy the SCCM Client using Microsoft Intune and the Cloud Management Gateway (CMG without PKI certificates)

Introduction

Last week I blogged about how to get properly started with Windows AutoPilot. This week I’m continuing on the topic, and going into details on how you can deploy the SCCM (System Center Configuration Manager) client as a part of the Windows AutoPilot enrollment and thus achieve Co-management with SCCM and Microsoft Intune.

I have previously blogged a lot about Co-management. Focus here has been enrolling devices already managed by SCCM into Intune MDM.

This post is the opposite. This time we are deploying a device through Windows AutoPilot, enrolling it into Microsoft Intune and then deploying the SCCM client through the Cloud Management Gateway. Sounds interesting? Read on 🙂

  • Find all my Co-management posts here: https://www.imab.dk/category/co-mgmt/
    • My post about setting up the Cloud Management Gateway without PKI certificates is especially of interest if pursuing Co-management

Read more…

How to get properly started with Windows AutoPilot: Everything you initially need to know!

Introduction

It’s time for me to take on a new topic on the blog. I have been experimenting, working and blogging a lot about SCCM, Intune and Co-management, but never really touched base with Windows AutoPilot. Time is due and this will be the first in a series of posts about Windows AutoPilot and how to eventually reach Co-management with SCCM and Microsoft Intune through Windows AutoPilot.

First things first though. This post will give you everything you need to know on how to properly get started with Windows AutoPilot. Curious? Read on 🙂

A peek into my AutoPilot devices in my test tenant 🙂

Read more…

Deploy Outlook for iOS with a Managed Exchange Account using Microsoft Intune

Introduction

More good news! Microsoft Intune now provides us with an even easier way to pre-configure an e-mail account for Outlook on iOS (and android). This is done with the use of an App Configuration Policy and the additions to the configuration designer when configuring the Outlook app. Let’s walk through the process.

A peek into the Microsoft 365 device management portal

Read more…

Block access to company resources if running an out-of-date iOS version using Microsoft Intune and Conditional Access

Introduction

Do you need a simple, but yet effective way of forcing people into updating iOS on their company enrolled Apple devices? Simply block access to company resources if iOS is not up to date. Here is how you can do that using Microsoft Intune and Conditional Access in Microsoft Azure.

Peek into Microsoft Intune and the device compliance policies

Read more…

Enable UE-V (User Experience Virtualization) during OSD with SCCM and use OneDrive as storage path

Introduction

UE-V is not something new, but when combined with OneDrive Known Folder Move, Enterprise State Roaming in Azure and OneDrive as the storage path for UE-V, you will find yourself with a very solid solution ensuring roaming of end users data and settings.

I have previously shown you how you can enable OneDrive KFM with SCCM. This time, I’m going to show you how you can enable UE-V during OSD with Configuration Manager, and how you make sure those settings are stored in OneDrive. I hope you can see the pattern here: No on-premise file share for UE-V settings – everything stored in the users OneDrive.

A peek at the UE-V configuration when OneDrive is set as storage path

Read more…