Troubleshooting Configuration Manager: Parsing client logs using Powershell and Configuration Items

March 1, 2020February 27, 2020 by Martin Bengtsson

Introduction

This particular post and topic, originates from me troubleshooting the Office 365 updating issue, where updating Office 365 through Configuration Manager failed and generated error 80070057.

The issue got some attention on both on reddit as well as on Twitter, as the issue on the affected devices, was breaking the ability to apply subsequent Office 365 updates.

The updates which introduced the said issue was quickly pulled, but some devices obviously managed to install the updates anyway.

So how do we fix that and how do we know which devices that are affected? This specific issue produced a specific error in some of the ConfigMgr Client Side Logs, so I came up with a solution involving Powershell and a Configuration Item.

More on the specific issue detailed here: https://support.microsoft.com/en-us/help/4532996/office-365-version-1910-updates-in-configmgr-do-not-download-or-apply
- Microsoft released a fix for the issue, but the fix only applies to certain Office 365 builds. I’m not sure about the details here, but I had the issue on several builds, outside of the mentioned range of versions.

Windows 10 Toast Notification Script Update: Run ConfigMgr Task Sequences directly from the action button

July 23, 2020February 20, 2020 by Martin Bengtsson

Introduction

A new update to the Windows 10 Toast Notification Script is a reality. Now being on version 1.5.

I’m receiving a lot of feedback and questions related to the Windows 10 Toast Notification Script and that makes me really happy. I’m trying my best to get back to each and everyone.

One question I’m receiving often, is how one is able to run a Task Sequence directly from the action/install button in the actual toast notification. Therefore I figured I’d do everyone good and make it a native option in the script itself.

I have previously covered how one can initiate a reboot, also directly from the action button. This post is available from here: https://www.imab.dk/windows-10-toast-notification-script-update-personal-greeting-and-protocol-based-reboot/

Configuring and managing my Surface Pro X using Windows AutoPilot, Microsoft Intune and Configuration Manager

February 21, 2020February 18, 2020 by Martin Bengtsson

Introduction

This is not a traditional walk through of a specific technical topic. It’s rather a story about setting up my new Surface Pro X device, making it work with AutoPilot, Intune and ConfigMgr in a Hybrid AAD Join deployment.

You don’t per say have to own a Surface Pro X device in order to benefit from the content in this post. However, as the Surface Pro X ships with an ARM processor, it makes for some unique situations and experiences.

During the post, I will deep dive some of the technical aspects of Hybrid AAD joining the device, as this has a lot of moving parts and dependencies in order to work.

Additionally, this process was not completely without obstacles. I’m not sure if these obstacles are working as intended or not, but I failed to get Co-management work loads to work properly, as well as I was seeing weird things happening if applying the Security Baseline for Windows. More on that throughout the post. 🙂

Back to basics: Deploying applications with Custom Global Conditions in Configuration Manager

February 16, 2020February 16, 2020 by Martin Bengtsson

Introduction

This past week I went back to basics with Configuration Manager, as I was working with some applications where I needed the deployments to behave differently based on various factors.

Some may resort to creating individual applications or even packages for each specific need, but there are more clever ways of doing it.

For instance, in this specific case, I had different sets of binaries to be used, varying based on the architecture of Office 365 ProPlus installed. I also wanted something different to happen, whether the installation was happening with a task sequence or not.

So again, this is something a single Application in combination with the proper Global Conditions can cater for. No need to create several Applications or Packages. Curious? Continue reading 🙂

Windows as a Service: Detecting AlwaysOn VPN and LTE connectivity with Powershell and Powershell App Deployment Toolkit

February 15, 2020February 12, 2020 by Martin Bengtsson

Introduction

This post is long overdue and something I originally considered doing when I explained my Windows as a Service process.

The story is, that I allow In-Place Upgrades with Configuration Manager to happen over the Internet and over VPN. While I do allow upgrades over VPN, I still prefer them happening on local network and I certainly doesn’t want them to happen over LTE.

I use Powershell App Deployment Toolkit to initiate the Windows 10 In-Place Upgrade Task Sequence, and I wanted to add more user-friendliness to the experience, by notifying the end-user about possible VPN and LTE connections.

Note #1: LTE connectivity can be prevented altogether in the Client Settings, but I’m not doing that for various reasons. 🙂

Note #2: I do precache everything prior to making the upgrade available. Therefore download of binaries should be limited to zero, though the connection to the site server is still needed, as well as connection to the domain (depending on what you are doing throughout your task sequence).

More WaaS posts: https://www.imab.dk/windows-as-a-service/

How I deploy, configure and set the new Microsoft Edge as default browser using Microsoft Intune and Configuration Manager

February 17, 2020January 24, 2020 by Martin Bengtsson

Introduction

Unless you have been hiding under a rock lately, you should be aware that the new Microsoft Edge browser happened and was released in the first stable release on January 15.

All very exciting and delicious, and we who have been testing with Dev and Beta versions across our enterprises, have been waiting eagerly to be able to offer the one browser to rule them all (hopefully).

So this is a little something on how I have chosen to deploy, configure and set the new Microsoft Edge as default browser, using a combination of both Microsoft Intune and Configuration Manager.

Device Compliance with Configuration Baselines, Configuration Manager version 1910 and Microsoft Intune

January 4, 2020January 3, 2020 by Martin Bengtsson

Introduction

This must be one of my favorite features of Configuration Manager version 1910: Include custom configuration baselines as part of compliance policy assessment.

For a detailed description of the feature, I suggest you read the What’s new article.

In short, this enables us to assess device compliance based on almost anything and really extends the possibilities.

I will walk through the setup required and give you a quick and easy example on how to use this new awesome feature in a co-management scenario.

Updating MEMCM (Microsoft Endpoint Manager Configuration Manager) to version 1910 on Christmas Eve

December 25, 2019December 24, 2019 by Martin Bengtsson

Introduction

Configuration Manager 1910 went globally available this friday, december 20, so I wanted to stay true to tradition and walk through the upgrade process based on my own environment.

This is usually something I do the very moment it’s possible to opt-in using the early update ring, but this time around the hours usually spent on blogging, are spent on my new born (9 weeks today). 🙂

As usual, this is based on a production environment. This might seem ballsy to do during the holiday season, but I’m confident I will be fine. Also, backup ftw, right? 😀 (NOTE: This particular environment have survived upgrades since SCCM 2012 without ever breaking)

Windows 10 Toast Notification Script Update: Retrieve task sequence deadline dynamically from WMI

July 23, 2020December 17, 2019 by Martin Bengtsson

Introduction

Another neat update to the Windows 10 Toast Notification Script is a reality. Now being on version 1.4.4.

The new version brings a new deadline option, that when enabled, will look in WMI for the specified task sequence package id, and retrieve the deadline of the required deployment dynamically.

This time a thank you goes out to @kevmjohnston for contributing with idea and bits of code. 🙂

What’s new and delicious are mentioned in details below.

Find the original page for the Windows 10 Toast Notification Script here: https://www.imab.dk/windows-10-toast-notification-script/

Co-management with ConfigMgr and Intune and a little something about Microsoft Defender antimalware policies

November 14, 2019November 12, 2019 by Martin Bengtsson

Introduction

Originally when the Endpoint Protection workload for co-management was introduced with Configuration Manager 1802, this was done without antimalware policies.

That essentially meant that antimalware policies was still being managed solely by Configuration Manager, while a feature like Exploit Guard was managed by Intune.

Now, this has since changed (at the time of writing, I’m not sure when they snug in the addition, but that’s not related to the post anyway) and the workload now includes antimalware policies enabling us to manage all aspects of Microsoft Defender with Microsoft Intune.

So what does that mean, and are there anything specifically you need to be aware of? I believe there is. 🙂