Windows 10 Toast Notification Script Update: Run ConfigMgr Software Updates directly from the action button

Introduction

It’s here! The new and delicious version of my Windows 10 Toast Notification Script. The script is now being on version 2.0.0.

  • First off, a huge thank you to Chad Brower for his incredible contributions to this new version. Most of the new functionality here, is a direct incorporation of Chad’s work (yet I end up spending 20 hours+ on deciphering and rewriting code, testing functionality, writing blog and updating documentation. I learned a ton!). 🙂

This new version, obviously brings the option to run Software (Feature) Updates directly from the action button in the toast notification, but also removes the need to manually, and outside of the script, to create the custom protocols and scripts (those enabling you, to run anything custom from the toast notification action button).

Find all the nifty details down below.

Read more…

Endpoint Analytics: Locate devices not enrolled with Windows Hello for Business

Introduction

As promised, another use-case and example of Proactive Remediations in the new Endpoint Analytics feature in Microsoft Endpoint Manager (Intune).

In this example, I’m locating all devices, which currently are not making use of Windows Hello for Business, and display its logged on user a Toast Notification to remind them to get started.

If and when any organization is promoting and requiring the use of Windows Hello for Business, you will want to make sure that the users indeed are setting this up – and if not, nag them continuously until done.

Read more…

Apply drivers compressed with WIM during OSD with Configuration Manager

Introduction

Some time last year, I wrote a blog post on how I moved away from traditional driver management with Configuration Manager, into a more ‘modern’ approach using regular packages.

Then a few days ago, I stumbled upon a twitter conversation with some very clever people, mentioning how they compressed some of their deployments of huge application into .zip files. The conversation moved on, and some more clever people mentioned the idea of compressing the binaries with WIM.

That got me intrigued, so I wanted to explore that option on my own. The result is obviously this blog post. 🙂

P.S. For good measures and all: Compressing binaries with WIM to use with ConfigMgr was not my idea nor invention. This is just me exploring, learning and sharing that experience with anyone who’s interested.

Read more…

Windows 10 Toast Notification Script Update: Support for use with Endpoint Analytics Proactive Remediations

Introduction

I accidentally got to spend my entire weekend, toying around and testing the new Endpoint Analytics Proactive Remediations feature in Microsoft Endpoint Manager (Intune).

Long story short is, that Proactive Remediations is capable of running Powershell scripts on a schedule on your Windows 10 devices, similar to what we have done for years with Configuration Manager and scheduled tasks.

So, I needed my Windows 10 Toast Notification Script to work with this delicious new feature – and now it does, hitting a version of 1.8.0. All the details down below.

NOTE: You can’t really tell, but the examples below are indeed generated from using Proactive Remediations. My Toast Notification Script is triggered, if a certain device is not enrolled with Windows Hello for Business. Blog post incoming.  🙂

  • Apologies for the Danish nonsense. I was testing the multi-language portion (in the script) as well, coming from Proactive Remediations 🙂

Read more…

Windows 10 Toast Notification Script Update: Multi-language support and easy switching of images

Introduction

I am back with another update to the Windows 10 Toast Notification Script, now hitting an astonishing and delicious version of 1.7.1. 😀

This version brings multi-language support, everything based on the local culture in Windows 10 of the device running the script, as well as new config options to more easily switch between the used images.

This time a huge thank you goes out to Matt Benninge @matbg, for taking the time to develop code for the multi-language support as well as sending me the pieces for me to incorporate.

Also, the script has finally made its long journey into GitHub. So for future downloads, please go to https://github.com/imabdk/Toast-Notification-Script.

Next update: I’m currently working on incorporating support for feature updates with Configuration Manager, so for those upgrading Windows 10 using this approach, something neat is coming up – I hope. 🙂

Read more…

Deploy RSAT (Remote Server Administration Tools) for Windows 10 v2004 using ConfigMgr and Powershell

Introduction

NOTE: Script has been updated for v20H2 (2009): https://www.imab.dk/deploy-rsat-remote-server-administration-tools-for-windows-10-v20h2-using-configmgr-and-powershell/

I’m a little late to the 2004 party this time around, but nevertheless, I just found time to update my Powershell script, which will enable you to install RSAT for Windows 10 v2004 automatically and unattended.

Windows 10 v2004 was released to MSDN users early in May and to VLSC customers 2 weeks later. True to tradition, I’m showing you how you can leverage my script to install the RSAT features with Configuration Manager.

The script received a minor update, and is now also logging its actions into a local log file in C:\Windows\Install-RSATfeatures.log.

The script has now moved away from TechNet Gallery into my GitHub page: https://github.com/imabdk

Read more…

A first look into the new Antivirus Endpoint security policy experience in Microsoft Endpoint Manager

Introduction

Good news everyone!

Last week, a new Endpoint security policy experience in Microsoft Endpoint Manager was released. Among the new policies, you will find a brand new way of managing your Microsoft Defender Antivirus. This new policy type, offers the long-sought for tri-state configurations consisting of No, Yes and Not-configured, which simplifies things greatly.

I do think these new policies will make management a lot easier. Once all of your configurations eventually has transitioned away from regular device configuration profiles, the general view of security measures taken on your devices within Microsoft Intune, will improve by a lot.

This is not a typical A-Z guide, but rather my first and brief look into the new options. All of this of course, based on my own production environment. Curious? Read on. 🙂

Read more…

Windows 10 Toast Notification Script Update: Run ConfigMgr applications directly from the action button

Introduction

Another update to the Windows 10 Toast Notification Script is a reality. Now being on version 1.6.

The feedback and questions related to the Windows 10 Toast Notification Script keeps coming and that’s amazing!

In my last post and update of the script, I added the option to natively and with help of a custom protocol in Windows, to run task sequences directly from the action button.

Since then, I was asked if the script is able to launch application directly from the action button as well, and sure thing. I just added that capability to the script and the details are explained below.

Read more…

My Always On VPN configuration with Microsoft Intune and Configuration Manager explained

Introduction

This is another post, I have wanted to do for some time now. Always On VPN is not something new, but many organizations are moving away from Direct Access, and Always On VPN seems to be the preferred and logical choice for many – including ours.

Also, I don’t think that the current outbreak of COVID-19 has missed anyone’s attention, which is why working from home and remote via VPN has become highly relevant these days.

This post will not go into details on the infrastructure required in order to setup Always On VPN (Remote Access Server, Network Policy Server, PKI etc.), but rather explain the configurations made on the client with Microsoft Intune and Configuration Manager. I will also elaborate on my experiences, again from the perspective of a production environment.

Finally, a big shout out to Michael Mardahl for always being a tremendous help. Go follow this dude. He’s amazing at what he does. 🙂

Read more…

Securing your endpoints with Microsoft Intune, part 1: Exploit Guard Controlled Folder Access

Introduction

This is the first and initial blog post of an upcoming series, all concerning how one can secure their endpoints using Microsoft Intune.

The posts are meant to serve as titbits, quickly giving the reader an understanding of a specific feature.

The posts are not released in any particular order, and the topics discussed are based on what I’m currently looking into, in my own environment.

Therefore and as usual, this is not a typical and standard walk through, but more a look into how I’m initially taking on the discussed topic. Curios? Read on! 🙂

Read more…