Windows 10 Toast Notification Script Update: Run ConfigMgr applications directly from the action button

Introduction

Another update to the Windows 10 Toast Notification Script is a reality. Now being on version 1.6.

The feedback and questions related to the Windows 10 Toast Notification Script keeps coming and that’s amazing!

In my last post and update of the script, I added the option to natively and with help of a custom protocol in Windows, to run task sequences directly from the action button.

Since then, I was asked if the script is able to launch application directly from the action button as well, and sure thing. I just added that capability to the script and the details are explained below.

Read more…

My Always On VPN configuration with Microsoft Intune and Configuration Manager explained

Introduction

This is another post, I have wanted to do for some time now. Always On VPN is not something new, but many organizations are moving away from Direct Access, and Always On VPN seems to be the preferred and logical choice for many – including ours.

Also, I don’t think that the current outbreak of COVID-19 has missed anyone’s attention, which is why working from home and remote via VPN has become highly relevant these days.

This post will not go into details on the infrastructure required in order to setup Always On VPN (Remote Access Server, Network Policy Server, PKI etc.), but rather explain the configurations made on the client with Microsoft Intune and Configuration Manager. I will also elaborate on my experiences, again from the perspective of a production environment.

Finally, a big shout out to Michael Mardahl for always being a tremendous help. Go follow this dude. He’s amazing at what he does. 🙂

Read more…

Troubleshooting Configuration Manager: Parsing client logs using Powershell and Configuration Items

Introduction

This particular post and topic, originates from me troubleshooting the Office 365 updating issue, where updating Office 365 through Configuration Manager failed and generated error 80070057.

The issue got some attention on both on reddit as well as on Twitter, as the issue on the affected devices, was breaking the ability to apply subsequent Office 365 updates.

The updates which introduced the said issue was quickly pulled, but some devices obviously managed to install the updates anyway.

So how do we fix that and how do we know which devices that are affected? This specific issue produced a specific error in some of the ConfigMgr Client Side Logs, so I came up with a solution involving Powershell and a Configuration Item.

Read more…

Windows 10 Toast Notification Script Update: Run ConfigMgr Task Sequences directly from the action button

Introduction

A new update to the Windows 10 Toast Notification Script is a reality. Now being on version 1.5.

I’m receiving a lot of feedback and questions related to the Windows 10 Toast Notification Script and that makes me really happy. I’m trying my best to get back to each and everyone.

One question I’m receiving often, is how one is able to run a Task Sequence directly from the action/install button in the actual toast notification. Therefore I figured I’d do everyone good and make it a native option in the script itself.

I have previously covered how one can initiate a reboot, also directly from the action button. This post is available from here: https://www.imab.dk/windows-10-toast-notification-script-update-personal-greeting-and-protocol-based-reboot/

Read more…

Windows as a Service: Detecting AlwaysOn VPN and LTE connectivity with Powershell and Powershell App Deployment Toolkit

Introduction

This post is long overdue and something I originally considered doing when I explained my Windows as a Service process.

The story is, that I allow In-Place Upgrades with Configuration Manager to happen over the Internet and over VPN. While I do allow upgrades over VPN, I still prefer them happening on local network and I certainly doesn’t want them to happen over LTE.

I use Powershell App Deployment Toolkit to initiate the Windows 10 In-Place Upgrade Task Sequence, and I wanted to add more user-friendliness to the experience, by notifying the end-user about possible VPN and LTE connections.

Note #1: LTE connectivity can be prevented altogether in the Client Settings, but I’m not doing that for various reasons. 🙂

Note #2: I do precache everything prior to making the upgrade available. Therefore download of binaries should be limited to zero, though the connection to the site server is still needed, as well as connection to the domain (depending on what you are doing throughout your task sequence).

Read more…

Require TLS with Exchange Online and a custom made NDR (Non-Delivery Report) with Powershell, Azure Automation and Conditional Access

Introduction

First things first: This is not a typical topic on this blog, but I do find it highly relevant to share regardless.

The main story here is, that if you want to comply with GDPR and other regulations, you might end up in a situation where you need to require TLS for outgoing e-mails. This is something that’s easily achievable by configuring the proper transport rules in Exchange Online, but what if the recipient doesn’t support receiving e-mails encrypted with TLS in transit? In that situation, the e-mail typically bounce back after 24 hours of retrying (At the time of writing, this timer is not configurable in Exchange Online) .

24 hours is a long time to wait for the Non-Delivery Report, especially for my industry which is the legal vertical, so I had to come up with something else.

Powershell and Azure Automation to the rescue (and also a little something on how to protect the accounts used with Conditional Access).

OBS: Apologies if there are more clever solutions out there to cater for this. I haven’t been able to find any, but I’m sharing regardless, as the use of this easily can be transferred to other needs. 🙂

Read more…

Windows 10 Toast Notification Script Update: Retrieve task sequence deadline dynamically from WMI

Introduction

Another neat update to the Windows 10 Toast Notification Script is a reality. Now being on version 1.4.4.

The new version brings a new deadline option, that when enabled, will look in WMI for the specified task sequence package id, and retrieve the deadline of the required deployment dynamically.

This time a thank you goes out to @kevmjohnston for contributing with idea and bits of code. 🙂

What’s new and delicious are mentioned in details below.

Read more…

Script Update: Automatically remind users to update iOS with e-mails and custom notifications using Microsoft Intune Powershell SDK

Introduction

If you already use or intend to use my script, which reminds users to update iOS with e-mails and custom notification, you will want to use the updated script. 🙂

I obviously put the script to use in production, and quickly realized that the script also picks up obsolete devices. This is not ideal, as you might end up in a situation where a user is reminded by e-mail, to update a device which is obsolete and no longer in use.

So the script has been updated to cater for this situation, and now only picks up devices which has been syncing with Microsoft Intune within the last 2 days.

Read more…

Automatically remind users to update iOS with e-mails and custom notifications using Microsoft Intune Powershell SDK

Introduction

**Minor update**: https://www.imab.dk/script-update-automatically-remind-users-to-update-ios-with-e-mails-and-custom-notifications-using-microsoft-intune-powershell-sdk/

Long title! It could have been even longer, but I struggled to squeeze in that the e-mail also is sent over Office 365 and the entire deliciousness is running on a schedule with Azure Automation. 🙂

The story here is, that iOS is getting updates quite frequently, and a lot of enterprises (including myself), are managing those iOS devices as private BYOD devices enrolled through the Company Portal. As of such, keeping the devices up to date is the end-user’s responsibility and something that’s often forgotten and neglected.

So what if we could send those devices and users a kind reminder automatically, both as a custom notification directly on the device, but also as an e-mail? Microsoft Intune Powershell SDK to the rescue!

Read more…

Deploy RSAT (Remote Server Administration Tools) for Windows 10 v1909 using ConfigMgr and Powershell

Introduction

Windows 10 v1909 was released to MSDN users last week, and true to tradition, I’m updating my Powershell script, enabling you to install RSAT for Windows 10 1909 automatically and unattended.

I received quite some feedback on my 1903 script, and thanks to that I made some improvements to the 1909 edition. That includes:

  • Added test for pending reboots. If reboot is pending, RSAT features might not install successfully
  • Added test for configuration of WSUS by Group Policy
    • If WSUS is configured by Group Policy, history shows that additional settings might be needed for some environments

Read more…