Create your own Software Deployment Repository with Azure and Intune

04/09/201819/09/2018 Martin Wüthrich Software Deployment

As you might know, within Intune you can only install applications on devices, if they are coming as an MSI. If you want to deploy anything else, this blog might be helpful for you.
Let me talk about the requirements:

Azure Subscription for Storage

Intune Subscription (obviously)

This blog will provide the information how you can achieve this, and at the end, you will get a sample implementation from my LAB.

Yes, that’s it. Now let us start creating the Azure Storage, and how you can access it. Go to the Azure portal, and open the storage accounts section. You can use the classic storage account as well, but I would recommend the newer ones:

Continue reading →

Azure Active Directory – Alert if a specific user is logged on

17/07/2018 Martin Wüthrich Azure AD, Office365

If you want to get an email Alert, if a specific Account is used for Login within Azure Active Directory, you will currently be required to use Cloud App Security. The feature Cloud App Security is included within the Enterprise Mobility & Security Suite E5 (EMS E5; source).

Continue reading →

Office 365 – Content Search and eDiscovery

17/07/201817/07/2018 Martin Wüthrich Office365

Today I would shed some light on the two options “Content Search” and “eDiscovery” from the Security and Compliance center of Office 365. You can reach the security and compliance center through the following URL:

Office 365 – Security & Compliance Center

The first questions that may raise up, what is content search and eDiscovery, and what is the difference of those two options.
With content search, you can search all the content that is actually available, regarding existent policies (given example: Exchange Hold). Content search may help you in various occasions, where it may not be required to use eDiscovery. For legal documentation the eDiscovery should be used, where you also can specify Mailboxes, SharePoint Locations and OneDrive for Business to set hold policies on them.

The next question might be: Who has access to those features by Default?

It depends… Continue reading →

SCCM – Configure a pointer record for your Cloud Management Gateway

02/07/2018 Martin Wüthrich ConfigMgr, EMM, SCCM, Software Deployment

Lets assume you want to set a pointer record (PTR) for your System Center Configuration Manager Cloud Management Gateway (CMG).

First of all, you will need to install the “Azure PowerShell Service Management module”, and Login to your Tenant. This process is documented on the Microsoft Website:
Installing the Azure PowerShell Service Management module

When this is done, you may want to change the subscription, in my case it was necessary. To do so, simply show all of your subscriptions with “Get-AzureSubscription” and select the appropriate subscription with “Select-AzureSubscirtion” afterwards:

When you have selected the correct subscription, you can list the Azure Services with “Get-AzureService”.
With the following command, you can set the Pointer record for your CMG:
Set-AzureService -ServiceName "YOURSERVICENAME" -ReverseDnsFqdn "HOSEBECMG01.hosebei.ch."

Intune – NDES Enrollment

31/03/2018 Martin Wüthrich ConfigMgr

I recently changed my Intune Subscription from SCCM Hybrid to Intune Standalone. Within this change, I face an issue with the NDES, respectively the SCEP, enrollment for the certificates.
After I have configured the SCEP profile within Intune, my Windows 10 Clients show th following error Message within the eventlog:

A security error occurred 0x80072f8f (WinHttp: 12175 ERROR_WINHTTP_SECURE_FAILURE)
Continue reading →

Azure AD Connect – Configure the “Enable-ADSyncExportDeletionThreshold” wisely

19/02/201821/01/2019 Martin Wüthrich Active Directory, Azure AD, Office365

Today would shed some light on the cmdlet “Enable-ADSyncExportDeletionThreshold” which comes with the Azure AD Connect. If you are using Azure AD Connect to synchronize your On-Premise Active Directory to Azure Active Directory, Azure AD Connect will never execute a batch of more than 500 objects to delete. You can check the current value by using “Get-ADSyncExportDeletionThreshold”:

Continue reading →

Azure AD – Change from ADFS to pass-through Authentication

26/01/201829/01/2018 Martin Wüthrich Active Directory, ADFS, Azure AD, Office365

Since pass-through Authentication is GA and the major limitations are gone, I decided to change my Azure AD authentication against my local AD from ADFS to pass-through provided with Azure AD Connect.
For those who are not that familiar with the concept of pass-through authentication, on this Microsoft Article “How it works”, you will find all the information. The picture below is from this article as well.

Continue reading →

Windows 10 – Remove Windows.old Folder

06/11/2017 Martin Wüthrich Operating System Deployment, Updates Management, Windows 10

Long time no see, huh? Now I’m back with a new post about removing the Windows.old folder after a feature Upgrade.
Recently I seen this on twitter, a commented it with: Why don’t you let the automation from Windows 10 let it do. But since then, I was in a project, where the removal of this folder was required, and within the Upgrade Task Sequence. I thought, this is easy, starting the Scheduled Task should do the job…
Continue reading →

Windows 10 1703 – Remove Universal Windows Platform (UWP) Apps

27/08/201706/11/2017 Martin Wüthrich Application Management, Operating System Deployment, Packaging, Windows 10

DON’T Do THIS! Use AppLocker instead! Do not remove any apps from the image

Hi reader,

I would like to share my script to remove windows universal apps, which I have tried to make it simple as possible.
First let me explain, that there seems to exist two different types of Apps which reside within the Windows 10 Image. You can list them with Get-AppxPackage and Get-AppxProvisionedPackage (you need Administrator permission to do so):

Continue reading →

ConfigMgr – My Guide for a SCCM driven Windows 10 Installation

17/07/201705/08/2017 Martin Wüthrich ConfigMgr, Operating System Deployment, SCCM, Setup, WDS, Windows 10

In this blog I would like to give an overview of my Windows 10 Installation, since this has changed a lot to previous versions of Windows.
This blog will cover the following topics:

Windows 10 Image Customization
Windows 10 Unattended File
Windows 10 Language Pack (MUI) Integration
Optional: Windows 10 with .Net feature

The blog is based on Windows 10 1703:

Continue reading →