Endpoint Analytics: Locate devices not enrolled with Windows Hello for Business

August 20, 2020August 20, 2020 by Martin Bengtsson

Introduction

As promised, another use-case and example of Proactive Remediations in the new Endpoint Analytics feature in Microsoft Endpoint Manager (Intune).

New to Endpoint Analytics? Then grab a quick peek at following docs: What is Endpoint analytics (preview)?

In this example, I’m locating all devices, which currently are not making use of Windows Hello for Business, and display its logged on user a Toast Notification to remind them to get started.

If and when any organization is promoting and requiring the use of Windows Hello for Business, you will want to make sure that the users indeed are setting this up – and if not, nag them continuously until done.

I have previously done something similar with Configuration Manager: Remind users to enroll into Windows Hello for Business using Toast Notifications and ConfigMgr

Apply drivers compressed with WIM during OSD with Configuration Manager

August 14, 2020August 12, 2020 by Martin Bengtsson

Introduction

Some time last year, I wrote a blog post on how I moved away from traditional driver management with Configuration Manager, into a more ‘modern’ approach using regular packages.

Find this post here: Almost Modern Driver Management with ConfigMgr and Powershell

Then a few days ago, I stumbled upon a twitter conversation with some very clever people, mentioning how they compressed some of their deployments of huge application into .zip files. The conversation moved on, and some more clever people mentioned the idea of compressing the binaries with WIM.

Find the entire twitter conversation here: https://twitter.com/acjuelich/status/1284327742062899200

That got me intrigued, so I wanted to explore that option on my own. The result is obviously this blog post. 🙂

P.S. For good measures and all: Compressing binaries with WIM to use with ConfigMgr was not my idea nor invention. This is just me exploring, learning and sharing that experience with anyone who’s interested.

Windows 10 Toast Notification Script Update: Support for use with Endpoint Analytics Proactive Remediations

July 8, 2020July 5, 2020 by Martin Bengtsson

Introduction

I accidentally got to spend my entire weekend, toying around and testing the new Endpoint Analytics Proactive Remediations feature in Microsoft Endpoint Manager (Intune).

New to Endpoint Analytics? Then grab a quick peek at following docs: What is Endpoint analytics (preview)?

Long story short is, that Proactive Remediations is capable of running Powershell scripts on a schedule on your Windows 10 devices, similar to what we have done for years with Configuration Manager and scheduled tasks.

So, I needed my Windows 10 Toast Notification Script to work with this delicious new feature – and now it does, hitting a version of 1.8.0. All the details down below.

NOTE: You can’t really tell, but the examples below are indeed generated from using Proactive Remediations. My Toast Notification Script is triggered, if a certain device is not enrolled with Windows Hello for Business. Blog post incoming. 🙂

Apologies for the Danish nonsense. I was testing the multi-language portion (in the script) as well, coming from Proactive Remediations 🙂

Windows 10 Toast Notification Script Update: Multi-language support and easy switching of images

July 4, 2020July 3, 2020 by Martin Bengtsson

Introduction

I am back with another update to the Windows 10 Toast Notification Script, now hitting an astonishing and delicious version of 1.7.1. 😀

This version brings multi-language support, everything based on the local culture in Windows 10 of the device running the script, as well as new config options to more easily switch between the used images.

This time a huge thank you goes out to Matt Benninge @matbg, for taking the time to develop code for the multi-language support as well as sending me the pieces for me to incorporate.

Also, the script has finally made its long journey into GitHub. So for future downloads, please go to https://github.com/imabdk/Toast-Notification-Script.

Next update: I’m currently working on incorporating support for feature updates with Configuration Manager, so for those upgrading Windows 10 using this approach, something neat is coming up – I hope. 🙂

How I change the update channels for Microsoft 365 Apps using Configuration Manager

July 3, 2020July 2, 2020 by Martin Bengtsson

Introduction

OK, so this post is admittedly a few weeks overdue, but regardless still relevant. Microsoft has decided, as we know by now, to carry out a name change of the Office 365 ProPlus suite, and rename the product to Microsoft 365 Apps (for Enterprise).

Following this change of name, Microsoft also decided to introduce some new changes to the update channels, which includes new names as well as a brand new update channel: Monthly Enterprise Channel.

So I figured, all things taken into considerations, that I wanted to go into details on how I’m changing the update channels using Configuration Manager.

This is a somewhat continuation of my previous blog post: Use Powershell to create device collections in Configuration Manager for the new Microsoft 365 Apps update channels

Carrot on a stick: All of the configurations I have made for this setup, I have exported for you to download. No real configuration needed in your end. Just download and import – almost. 😀

Deploy RSAT (Remote Server Administration Tools) for Windows 10 v2004 using ConfigMgr and Powershell

November 24, 2020June 8, 2020 by Martin Bengtsson

Introduction

NOTE: Script has been updated for v20H2 (2009): https://www.imab.dk/deploy-rsat-remote-server-administration-tools-for-windows-10-v20h2-using-configmgr-and-powershell/

I’m a little late to the 2004 party this time around, but nevertheless, I just found time to update my Powershell script, which will enable you to install RSAT for Windows 10 v2004 automatically and unattended.

Windows 10 v2004 was released to MSDN users early in May and to VLSC customers 2 weeks later. True to tradition, I’m showing you how you can leverage my script to install the RSAT features with Configuration Manager.

The script received a minor update, and is now also logging its actions into a local log file in C:\Windows\Install-RSATfeatures.log.

The script has now moved away from TechNet Gallery into my GitHub page: https://github.com/imabdk

Use Powershell to create device collections in Configuration Manager for the new Microsoft 365 Apps update channels

May 29, 2020May 28, 2020 by Martin Bengtsson

Introduction

While brewing on another blog post, on how I’m preparing for the changes to update channels for Microsoft 365 Apps (formerly known as Office 365 ProPlus), I figured this post will do its justice as a decent opening post.

You may have collections configured for this already, or maybe you don’t. Either way, they probably need some updating before June 9, 2020, as this is the date where the new update channels will start appearing (with the exception of Monthly Enterprise Channel, which is live as we speak).

Also, I’m going to reference some of these collections in my other and upcoming post, so I might as well get this out there, as an help to get started. 🙂

Configure Microsoft Teams application settings using Configuration Manager and Powershell

May 15, 2020May 14, 2020 by Martin Bengtsson

Introduction

OK, so the story here is, that many organizations – including ourselves – has taken on the use of Microsoft Teams.

This means that management and configuration of application settings, becomes highly relevant and interesting. Microsoft Teams in its current state of the application for Windows, comes with 5 settings which potentially needs to be configured:

Auto-start application
Open application in background
On close, keep the application running
Disable GPU hardware acceleration
Register Teams as the chat app for Office

For this purpose I have created a Powershell script, which can be run with Configuration Manager (explained in this post) as well as Microsoft Intune (and probably other management systems as well).

How to renew Apple MDM Push Certificate in Microsoft Endpoint Manager

May 5, 2020May 4, 2020 by Martin Bengtsson

Introduction

So, it’s that time of the year again. My Apple MDM Push Certificate, which is used with the enrollment of iOS devices in Microsoft Endpoint Manager, is due to expire and needs to be renewed.

I have done posts on this topic previously, but as UI and other things receive changes throughout the years, I figured I would do another and updated one for good measures.

For the curious, this is the exact steps I just went through to renew my Apple MDM Push Certificate, which was due to expire in roughly 12 days.

Uninstall all Zoom applications in a jiffy using Configuration Manager and Powershell

April 8, 2020April 7, 2020 by Martin Bengtsson

Introduction

Long story short, using Zoom these days for video conferencing , meetings, webinars and so on, is quite popular. However, Zoom has also received a lot of critique for being insecure, which has resulted in several articles on the topic.

For your reference, here’s a few of the articles:

The Zoom installation has the ability to be installed in the current user’s profile (consumer download), as well as onto the local machine in programfiles(x86) (enterprise download). This makes for some annoying situations, coming from an enterprise point of view, if and when you are asked to promptly uninstall all Zoom applications again (due to above reasons).

So I put together a Powershell script which can be run as SYSTEM with Configuration Manager. The script will find all installed Zoom applications, whether they are installed locally or in the user’s profile, and uninstall them automatically.