Device Compliance with Configuration Baselines, Configuration Manager version 1910 and Microsoft Intune

Introduction

This must be one of my favorite features of Configuration Manager version 1910: Include custom configuration baselines as part of compliance policy assessment.

For a detailed description of the feature, I suggest you read the What’s new article.

In short, this enables us to assess device compliance based on almost anything and really extends the possibilities.

I will walk through the setup required and give you a quick and easy example on how to use this new awesome feature in a co-management scenario.

Read more…

Updating MEMCM (Microsoft Endpoint Manager Configuration Manager) to version 1910 on Christmas Eve

Introduction

Configuration Manager 1910 went globally available this friday, december 20, so I wanted to stay true to tradition and walk through the upgrade process based on my own environment.

This is usually something I do the very moment it’s possible to opt-in using the early update ring, but this time around the hours usually spent on blogging, are spent on my new born (9 weeks today). 🙂

As usual, this is based on a production environment. This might seem ballsy to do during the holiday season, but I’m confident I will be fine. Also, backup ftw, right? 😀 (NOTE: This particular environment have survived upgrades since SCCM 2012 without ever breaking)

Read more…

Windows 10 Toast Notification Script Update: Retrieve task sequence deadline dynamically from WMI

Introduction

Another neat update to the Windows 10 Toast Notification Script is a reality. Now being on version 1.4.4.

The new version brings a new deadline option, that when enabled, will look in WMI for the specified task sequence package id, and retrieve the deadline of the required deployment dynamically.

This time a thank you goes out to @kevmjohnston for contributing with idea and bits of code. 🙂

What’s new and delicious are mentioned in details below.

Read more…

Co-management with ConfigMgr and Intune and a little something about Microsoft Defender antimalware policies

Introduction

Originally when the Endpoint Protection workload for co-management was introduced with Configuration Manager 1802, this was done without antimalware policies.

That essentially meant that antimalware policies was still being managed solely by Configuration Manager, while a feature like Exploit Guard was managed by Intune.

Now, this has since changed (at the time of writing, I’m not sure when they snug in the addition, but that’s not related to the post anyway) and the workload now includes antimalware policies enabling us to manage all aspects of Microsoft Defender with Microsoft Intune.

So what does that mean, and are there anything specifically you need to be aware of? I believe there is. 🙂

Read more…