The Big Bang and how it changed my life as an IT Pro

Maybe a misleading headline for my blog post, as it’s really the opposite message I’m trying to deliver. The Big Bang I’m referring to in the title is the change to a Cloud world from our “good old” on-premises infrastructure. For many organizations the Big Bang still hasn’t happened, not that organizations are not embracing new Cloud opportunities, most just can’t change everything overnight. Starting 5-6 years ago, I heard and read many stories that the “Cloud era” would be the end of life as we know it for IT Pros. Personally, I claim this statement to be false.For this [...]

By | 2017-11-14T16:10:52+00:00 November 14th, 2017|Configuration Manager (SCCM), Security, Windows Client|0 Comments

Manage your Windows 10 devices via PowerShell and Microsoft Intune

A big wish of the community and companies using Microsoft Intune was the ability to manage Windows 10 devices that are managed with Microsoft Intune via PowerShell. Since the MDM channel is not supporting deployment and the execution of PowerShell scripts, Microsoft announced today at Ignite the Microsoft Intune Management Extension. Meet the Microsoft Intune Management Extension The Microsoft Intune Management Extension is an addition to the current Windows 10 MDM capabilities and allows us now to deploy and execute PowerShell scripts. The Microsoft Intune Management Extension is automatically deployed and installed on Azure AD joined devices. The Microsoft Intune [...]

By | 2017-09-26T02:35:29+00:00 September 26th, 2017|Automation, Enterprise Mobility Suite (EMS), Powershell|1 Comment

Set Desktop and Lock Screen wallpaper with Intune in Windows 10

This is a quick blog post to show you can set this fairly easily using Intune. Intune requires you to point to a URL for the wallpaper which at first seems a bit odd, but it actually makes a lot of sense when you have solutions like OneDrive. What am I talking about? Well, find a suitable wallpaper and place it on your Sharepoint OneDrive or Personal OneDrive. Then share the wallpaper and create a public viewing link like so   Next, test the link by pasting the URL into your browser and take a look at the result. It [...]

How to manage Bitlocker on a Azure AD Joined Windows 10 Device managed by Intune.

When joining a computer to AAD either manually or by using a provisioning package, Bitlocker will be enabled automatically if your device has the necessary prerequisites. However in the case that Bitlocker is disabled this is how you enable Bitlocker, save the Bitlocker Key Protector to ADD (also known as the recovery key) and recover the key in the case you need it. So this blog post is both for the end-user and IT-pro I guess. In this scenario we have configured a Device Compliance Policy in Intune where we require Encryption of data storage on devices and sent the [...]

Windows 10: Upgrade the edition with Intune in the new Azure Portal

Most professional PC’s delivered today is delivered with Windows 10 Pro (out of the box) which is a really good Operating System, covering most use-cases. However in the world of BYOD and CYOD (Bring your Own / Choose your Own Device) companies, enterprises, goverments, schools etc. often want to upgrade to either Enterprise or Education since these editions of Windows 10 are more feature rich and has a couple of enhancements compared to Pro. Luckly, changeing the SKU does not involve a reinstallation or an major upgrade of the OS. And from Windows 10 1607 (Anniversary Update) you could go [...]

Windows 10 1703 Creators Update: First impressions

Windows 10 creators update is out and I wanted to create a quick blog of the initial experience installing and enrolling it into one of my Azure Active Directory (AAD) test tenants. The initial installation is more or less the same as before, but we know for a while that Microsoft will improve the OoBE (Out of Box Experience) where it now has a new nicer flow and UI. It’s very interesting to see how Microsoft is investing in these types of features and it tells us (in my opinion) how Microsoft looks at the future of Device/Windows deployment and [...]

The Impact of introducing the Microsoft Enterprise Mobility + Security in the organization

The Impact of introducing the Microsoft Enterprise Mobility + Security in the organization In my work as an advisor and consultant I see organizations adapting to the emerging IT landscape, where user behavior is changing and security risks are increasing. In the midst of this change, I encounter frustrated IT professionals trying to keep up with everything and not having enough time to do so. I encourage my customers to be on top of changes and make sure they stay on top. That message goes beyond IT pros and extends to business owners and managers who can no longer afford [...]

Error enrolling devices into Intune & Configuration Manager 1602

Enrolling devices into Intune and & ConfigMgr is normally straight forward until you run into issues. Below is an example where I received an enrollment error (picture 1), clicking Continue leads me to picture 2. As you can see in picture two the Enrollment Update turns from Warning to Checkmark, but only for about 5 seconds then it goes back to a warning.     Troubleshooting mobile devices is slightly different than traditional desktop troubleshooting. The troubleshooting options depends on the device (Android, iOS or Windows). In this example my device was an Android. You can email the log files [...]

Android OS version not on the requirement list

Managing mobile devices can be different compared to managing traditional computers for many reasons. One of them being the lack of control with operating system versions on the devices. We simply don’t control when Android and iOS devices are being upgraded and as such we don’t control what version users are using. That can be a challenge when you are using requirement rules on your web applications (and other deployment types). In the illustrations below it’s easy to see that we have a bunch of Android 6+ versions and looking at the requirement rules for the web apps you’ll see [...]

Windows WI-FI profiles

Currently working on an Enterprise Mobility project, and thought I should share a little trick. In the project; we are deploying WI-FI profiles to Windows 10 devices. Some WI-FI profiles use SCEP/NDES certificates while others are configured using a pre-shared secret. When working with Windows WI-FI profiles, the only way to add a pre-shared secret to the profile is by creating a custom XML file. An easy way to create the WI-FI profile XML file; is to create the profile on a Windows 10 computer and then export the profile. To do that, use the steps below: To list all [...]

Microsoft EMS News App for Windows 10 and Windows Phone 10

Update: The app has now changed name and is published to the Microsoft store under the name Microsoft EMS Resources An updated blog post is published here: http://blog.ctglobalservices.com/mas/december-11-microsoft-enterprise-mobility-suite-ems-resources-at-your-fingertips/ As an IT-Pro I am used to staying up to date on the latest technology that I am working with. And with On-premises solutions like traditional ConfigMgr implementations, staying up to to date is not too hard with a little bit of effort since new features and updates are not added daily as opposed to what is going on in the Cloud. The cloud is evolving so fast with new features and services added daily [...]

By | 2015-11-11T20:20:28+00:00 November 11th, 2015|Azure, Enterprise Mobility Suite (EMS), Office 365|6 Comments

IT Devconnections Enterprise Mobility and Identity BOF

During the BOF last week @ #ITDevCon i briefly talked about creating a couple of managed apps using PowerShell in ConfigMgr. Below are a few examples, open PowerShell ISE aas administrator and magic happens #Import Module Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") $SiteCode = Get-PSDrive -PSProvider CMSITE Set-Location "$($SiteCode.Name):\" #Create the Word Application New-CMApplication -Name "Word" #To create a iOS deployment type for the application Add-CMDeploymentType -ApplicationName "Word" -AutoIdentifyFromInstallationFile -IosDeepLinkInstaller -DeploymentTypeName "Word iOS" -InstallationFileLocation "https://itunes.apple.com/us/app/microsoft-word/id586447913?mt=8" -ForceForUnknownPublisher $True #Create the OneNote Application New-CMApplication -Name "OneNote" #To create a iOS deployment type for the application Add-CMDeploymentType -ApplicationName "OneNote" -AutoIdentifyFromInstallationFile -IosDeepLinkInstaller -DeploymentTypeName "OneNote iPhone" -InstallationFileLocation "https://itunes.apple.com/us/app/microsoft-onenote-for-iphone/id410395246?mt=8" -ForceForUnknownPublisher [...]

Deploying WIFI profiles with pre-shared secret to Android devices using ConfigMgr

Today I have spend some time creating and deploying WIFI profiles to Android devices and would like to share my experiences. To get started with Android and WiFi profiles I used this TechNet article https://technet.microsoft.com/en-us/library/dn705842.aspx is almost correct, but there a few bugs in the XML example (as I see it, authentication and encryption). To get me all the way I combined the knowledge from the article with information from MSDN https://technet.microsoft.com/en-us/library/dn705842.aspx and finally this super nice Android PSK Generator community tool - http://johnathonb.com/2015/05/intune-android-pre-shared-key-generator/  The Android XML configuration is really easy,just add the WiFI information into the Configurator and click [...]

Windows Phone 8.1 devices keep prompting for sign in to the Company Portal

I have been working on another mobility project the last couple of months. this project started as a hybrid SCCM/Intune project using “old” SCC 2012 R2 platform, a couple of weeks ago we migrated the platform to the latest service pack in order to get all of the new hybrid mobile features in place. The project have support for Android, iOS and Windows phones 8.1 devices. In the beginning the company portal was deployed to the Windows Phones using the Windows Phone trial certificate (not supported, but it works). That part worked as expected for many months, but using the [...]

Slides and links from my Welcome to your new life as an Enterprise Client Hybrid Management expert session @NIC 2015

Thanks for attending my Hybrid Management session @NIC 2015. Slide deck Deploy wifi profiles with shared secret - http://blog.ctglobalservices.com/kea/deploying-wpa-2-personal-wifi-profiles-using-configmgr-intune/ Change device ownership in configmgr - http://blog.ctglobalservices.com/kaj/change-device-ownership-in-configuration-manager-with-powershell/ Intune Extensions fail to install - http://blog.ctglobalservices.com/kea/intune-extensions-will-not-install/ and http://scug.be/sccm/2014/02/11/cm12-extensions-for-windows-intune-resources-and-gotchas/ Device based vs User based policies - http://blog.ctglobalservices.com/kea/device-based-vs-user-based-mdm-policies-in-configmgr-2012-r2/ Troubleshooting iOS certificate deployments - http://blog.ctglobalservices.com/kea/troubleshooting-certificate-deployment-on-ios-devices-with-configmgr-intune/ Deny Apps on Windows Phone - http://scug.be/nico/2014/05/22/deny-windows-phone-apps-with-configuration-manager-intune/

By | 2015-02-14T15:06:32+00:00 February 14th, 2015|Configuration Manager (SCCM)|0 Comments

Deploying WPA-2 personal WIFI profiles using ConfigMgr & Intune

For hybrid environments (that being ConfigMgr integrated with Microsoft Intune), it’s not possible to deploy a WIFI profile using a pre-shared secret in the UI. This will however not prevent you from creating and deploying WPA-2 Personal security WIFI profiles in the console. You will just be deploying the WIFI profile without the WIFI password.  Windows Phone 8.1 will re-apply the same profile over and over again When users receive the WIFI profile all they have to do is add the password and they will have WIFI connection. This works great for Android and iOS, but not for Windows Phone [...]

By | 2015-01-28T14:28:20+00:00 January 28th, 2015|Configuration Manager (SCCM)|4 Comments

Intune Extensions will not install

It’s a common issue, but still worth mentioning. Being a Full Administrator is NOT the same as having full control of all features in the ConfigMgr console. An example is enabling new Intune Extensions like the one released in late December. As usual you are prompted when new Extensions are available. In this example I’m logged in as Full Administrator and trying to enable the extension in the Administration workspace. All looks good, right until the point where I accept the License Terms, And boom! I do not have the required permissions even though I’m a Full Administrator! Rule #7 [...]

By | 2015-01-02T10:36:21+00:00 January 2nd, 2015|Configuration Manager (SCCM)|0 Comments

Managing WIFI certificates for iOS devices with ConfigMgr MDM

This will be the last Christmas blog post from Coretech in 2014. A huge thanks to all of you who followed our Christmas blogs in December. @Coretech we wish you and your loved ones a Merry Christmas and a Happy New Year – We look forward to service you again in 2015 with knowledge, inspiration and best practices on Microsoft technologies One of the many need features offered by ConfigMgr & Intune is the ability to deploy certificates and WIFI profiles. Both are essential when implementing a MDM/BYOD strategy. Creating the required SCEP certificate for iOS As mentioned in a [...]

By | 2014-12-23T14:09:31+00:00 December 23rd, 2014|Configuration Manager (SCCM), General info|3 Comments

Device based vs User based MDM policies in ConfigMgr 2012 R2

With ConfigMgr and Intune you have long been able to manage devices like Android, iOS and Windows with mail profiles, security settings, Wi-Fi profiles and VPN profiles. Deployment of those profiles has undergone a fundamental change with the release of ConfigMgr R2 and CU3. To understand those changes you first to understand how policies were deployed in the past. Back in the old days “prior to R2 CU3” On the ConfigMgr side, even if you deployed policies to a user it would always be deployed to the device. What happened in the background the policy generated would not be generated [...]

By | 2014-11-26T15:02:42+00:00 November 26th, 2014|Configuration Manager (SCCM)|1 Comment

Dealing with Jailbroken/Roted devices in ConfigMgr 2012 R2 & Intune

As you enroll a mobile device into Intune/ConfigMgr 2012 R2, inventory data will automatically be uploaded to the ConfigMgr database. One of the data being collected is the Jailbroken/rooted condition. In the below example the device is being detected as a jailbroken device. One of the many benefits of using Intune as the MDM solution is the integration with System Center 2012 R2 Configuration Manager. Once data is in the database we can use the entire ConfigMgr engine to manage the device. MDM devices in ConfigMgr can be managed using the Application Model and the Compliance Management feature. Especially the [...]

By | 2014-04-10T10:18:04+00:00 April 10th, 2014|Configuration Manager (SCCM), General info|0 Comments