Windows Autopilot: 6 things you must consider before ordering a Windows 10 device today

Autopilot, one of the hottest buzzwords within Windows 10 management of 2018, if you ask me. And I think you agree. Why? This small piece of technology has changed the way we look at IT. Not because it revolutionizes every aspect of the way you deliver IT into the hands of our users, but it fundamentally changes an important peace making us think about change and transformation along the way as a synergy. And this makes us ask the question - can we transform other pieces of our IT services delivered to our users. Now, I assume you know what [...]

By |2019-01-31T21:54:32+01:00januar 31st, 2019|Uncategorized|2 Comments

Set computer name with Autopilot in Windows 1809

A quick blog post to show you that it is now possible to set computer name of an device going through the Out-of-Box experience enabled with Autopilot in Intune! This is new capabilities in Intune which is only available with Windows 10 RS5 1809. This post assume that you have an autopilot profile and that it is already assigned and in use. If not I recommend looking at the links below to get you started with Autopilot. For more information visits these websites: Overview of Windows Autopilot: https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot Whats new in Autopilot as of 24/9-18: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/New-Windows-Autopilot-capabilities-and-expanded-partner-support/ba-p/260430 Now over to the [...]

Managing and deploying Web links in Android the modern way, a quick tip

Last year I wrote a blog about how the experience of deploying web clips or web links on Android devices looked like and how you were able to force them to be opened in the Intune Managed Browser. If we look back at this experience with the Company Portal Widget and the links, this is not a really nice solution and we don’t want to talk about updating or removing a web link in this scenario. (which is not possible) Yesterday I was at a customer in Denmark discussing this solution, and while discussing this I remembered the new options [...]

By |2017-12-20T21:12:18+01:00december 21st, 2017|Enterprise Mobility Suite (EMS)|Kommentarer lukket til Managing and deploying Web links in Android the modern way, a quick tip

Androids in the Enterprise, a blessing or nightmare? – part 2

In my last blog we looked at managing the legacy Android devices, like mentioned Google is investing in making Android safer and more enterprise ready. Today Google announced the deprecation of the legacy management of Android devices as of Android Q, like explained here in the blog of Chris Baldwin. One of the ways in making Android enterprise ready is by using Android Enterprise AKA Android for Work. Android for Work is available since the beginning of 2015, in Android 5.0 (Lollipop) and higher. What is Android for Work? (Android Enterprise) With Android for Work you are able to completely [...]

By |2017-12-19T20:53:17+01:00december 19th, 2017|Enterprise Mobility Suite (EMS)|3 Comments

Intune: Use PowerShell management extension to enable BitLocker on a modern managed Win10 device

I wrote a blog post back in April on "how to manage BitLocker on a Azure AD Joined Windows 10 Device managed by Intune", where I also wrote a PowerShell script to automate the encryption process for the day that we would get PowerShell support in Intune. Well Microsoft announced in September the Management extension for Intune which basically lets you deploy PowerShell scripts via. Intune to Windows 10 devices. My co-worker Peter Daalmans wrote a great blog post about it right after, where he explained in more detail about the extension. I have a link for that post at [...]

Androids in the Enterprise, a blessing or nightmare? – part 1

Many people who know me know that I am not the fan boy of Android devices. It can be a nightmare when managing those devices, but is that still a valid statement or is it getting better? In this series of blogs, I want to try to get a clear view if Android devices in an Enterprise are a blessing or a nightmare. That there are Android devices connecting to most environments to get access to corporate data is a fact. When looking at Microsoft Intune we can block the ability that Android devices can be enrolled into Intune, but [...]

By |2017-12-01T15:57:46+01:00december 4th, 2017|Enterprise Mobility Suite (EMS), Security|4 Comments

The Big Bang and how it changed my life as an IT Pro

Maybe a misleading headline for my blog post, as it’s really the opposite message I’m trying to deliver. The Big Bang I’m referring to in the title is the change to a Cloud world from our “good old” on-premises infrastructure. For many organizations the Big Bang still hasn’t happened, not that organizations are not embracing new Cloud opportunities, most just can’t change everything overnight. Starting 5-6 years ago, I heard and read many stories that the “Cloud era” would be the end of life as we know it for IT Pros. Personally, I claim this statement to be false.For this [...]

Manage your Windows 10 devices via PowerShell and Microsoft Intune

A big wish of the community and companies using Microsoft Intune was the ability to manage Windows 10 devices that are managed with Microsoft Intune via PowerShell. Since the MDM channel is not supporting deployment and the execution of PowerShell scripts, Microsoft announced today at Ignite the Microsoft Intune Management Extension. Meet the Microsoft Intune Management Extension The Microsoft Intune Management Extension is an addition to the current Windows 10 MDM capabilities and allows us now to deploy and execute PowerShell scripts. The Microsoft Intune Management Extension is automatically deployed and installed on Azure AD joined devices. The Microsoft Intune [...]

Set Desktop and Lock Screen wallpaper with Intune in Windows 10

This is a quick blog post to show you can set this fairly easily using Intune. Intune requires you to point to a URL for the wallpaper which at first seems a bit odd, but it actually makes a lot of sense when you have solutions like OneDrive. What am I talking about? Well, find a suitable wallpaper and place it on your Sharepoint OneDrive or Personal OneDrive. Then share the wallpaper and create a public viewing link like so   Next, test the link by pasting the URL into your browser and take a look at the result. It [...]

How to manage Bitlocker on a Azure AD Joined Windows 10 Device managed by Intune.

When joining a computer to AAD either manually or by using a provisioning package, Bitlocker will be enabled automatically if your device has the necessary prerequisites. However in the case that Bitlocker is disabled this is how you enable Bitlocker, save the Bitlocker Key Protector to ADD (also known as the recovery key) and recover the key in the case you need it. So this blog post is both for the end-user and IT-pro I guess. In this scenario we have configured a Device Compliance Policy in Intune where we require Encryption of data storage on devices and sent the [...]

Windows 10: Upgrade the edition with Intune in the new Azure Portal

Most professional PC’s delivered today is delivered with Windows 10 Pro (out of the box) which is a really good Operating System, covering most use-cases. However in the world of BYOD and CYOD (Bring your Own / Choose your Own Device) companies, enterprises, goverments, schools etc. often want to upgrade to either Enterprise or Education since these editions of Windows 10 are more feature rich and has a couple of enhancements compared to Pro. Luckly, changeing the SKU does not involve a reinstallation or an major upgrade of the OS. And from Windows 10 1607 (Anniversary Update) you could go [...]

Windows 10 1703 Creators Update: First impressions

Windows 10 creators update is out and I wanted to create a quick blog of the initial experience installing and enrolling it into one of my Azure Active Directory (AAD) test tenants. The initial installation is more or less the same as before, but we know for a while that Microsoft will improve the OoBE (Out of Box Experience) where it now has a new nicer flow and UI. It’s very interesting to see how Microsoft is investing in these types of features and it tells us (in my opinion) how Microsoft looks at the future of Device/Windows deployment and [...]

By |2017-04-06T11:47:03+01:00april 6th, 2017|Configuration Manager (SCCM), Enterprise Mobility Suite (EMS), Windows Client|Kommentarer lukket til Windows 10 1703 Creators Update: First impressions

The Impact of introducing the Microsoft Enterprise Mobility + Security in the organization

The Impact of introducing the Microsoft Enterprise Mobility + Security in the organization In my work as an advisor and consultant I see organizations adapting to the emerging IT landscape, where user behavior is changing and security risks are increasing. In the midst of this change, I encounter frustrated IT professionals trying to keep up with everything and not having enough time to do so. I encourage my customers to be on top of changes and make sure they stay on top. That message goes beyond IT pros and extends to business owners and managers who can no longer afford [...]

Error enrolling devices into Intune & Configuration Manager 1602

Enrolling devices into Intune and & ConfigMgr is normally straight forward until you run into issues. Below is an example where I received an enrollment error (picture 1), clicking Continue leads me to picture 2. As you can see in picture two the Enrollment Update turns from Warning to Checkmark, but only for about 5 seconds then it goes back to a warning.     Troubleshooting mobile devices is slightly different than traditional desktop troubleshooting. The troubleshooting options depends on the device (Android, iOS or Windows). In this example my device was an Android. You can email the log files [...]

Android OS version not on the requirement list

Managing mobile devices can be different compared to managing traditional computers for many reasons. One of them being the lack of control with operating system versions on the devices. We simply don’t control when Android and iOS devices are being upgraded and as such we don’t control what version users are using. That can be a challenge when you are using requirement rules on your web applications (and other deployment types). In the illustrations below it’s easy to see that we have a bunch of Android 6+ versions and looking at the requirement rules for the web apps you’ll see [...]

Windows WI-FI profiles

Currently working on an Enterprise Mobility project, and thought I should share a little trick. In the project; we are deploying WI-FI profiles to Windows 10 devices. Some WI-FI profiles use SCEP/NDES certificates while others are configured using a pre-shared secret. When working with Windows WI-FI profiles, the only way to add a pre-shared secret to the profile is by creating a custom XML file. An easy way to create the WI-FI profile XML file; is to create the profile on a Windows 10 computer and then export the profile. To do that, use the steps below: To list all [...]

By |2016-01-10T06:19:40+01:00januar 10th, 2016|Configuration Manager (SCCM), Enterprise Mobility Suite (EMS), General info|Kommentarer lukket til Windows WI-FI profiles

Microsoft EMS News App for Windows 10 and Windows Phone 10

Update: The app has now changed name and is published to the Microsoft store under the name Microsoft EMS Resources An updated blog post is published here: https://blog.ctglobalservices.com/mas/december-11-microsoft-enterprise-mobility-suite-ems-resources-at-your-fingertips/ As an IT-Pro I am used to staying up to date on the latest technology that I am working with. And with On-premises solutions like traditional ConfigMgr implementations, staying up to to date is not too hard with a little bit of effort since new features and updates are not added daily as opposed to what is going on in the Cloud. The cloud is evolving so fast with new features and services added daily [...]

IT Devconnections Enterprise Mobility and Identity BOF

During the BOF last week @ #ITDevCon i briefly talked about creating a couple of managed apps using PowerShell in ConfigMgr. Below are a few examples, open PowerShell ISE aas administrator and magic happens #Import Module Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") $SiteCode = Get-PSDrive -PSProvider CMSITE Set-Location "$($SiteCode.Name):\" #Create the Word Application New-CMApplication -Name "Word" #To create a iOS deployment type for the application Add-CMDeploymentType -ApplicationName "Word" -AutoIdentifyFromInstallationFile -IosDeepLinkInstaller -DeploymentTypeName "Word iOS" -InstallationFileLocation "https://itunes.apple.com/us/app/microsoft-word/id586447913?mt=8" -ForceForUnknownPublisher $True #Create the OneNote Application New-CMApplication -Name "OneNote" #To create a iOS deployment type for the application Add-CMDeploymentType -ApplicationName "OneNote" -AutoIdentifyFromInstallationFile -IosDeepLinkInstaller -DeploymentTypeName "OneNote iPhone" -InstallationFileLocation "https://itunes.apple.com/us/app/microsoft-onenote-for-iphone/id410395246?mt=8" -ForceForUnknownPublisher [...]

By |2015-09-22T23:54:47+01:00september 22nd, 2015|Configuration Manager (SCCM), Enterprise Mobility Suite (EMS), Events|Kommentarer lukket til IT Devconnections Enterprise Mobility and Identity BOF

Deploying WIFI profiles with pre-shared secret to Android devices using ConfigMgr

Today I have spend some time creating and deploying WIFI profiles to Android devices and would like to share my experiences. To get started with Android and WiFi profiles I used this TechNet article https://technet.microsoft.com/en-us/library/dn705842.aspx is almost correct, but there a few bugs in the XML example (as I see it, authentication and encryption). To get me all the way I combined the knowledge from the article with information from MSDN https://technet.microsoft.com/en-us/library/dn705842.aspx and finally this super nice Android PSK Generator community tool - http://johnathonb.com/2015/05/intune-android-pre-shared-key-generator/  The Android XML configuration is really easy,just add the WiFI information into the Configurator and click [...]

Windows Phone 8.1 devices keep prompting for sign in to the Company Portal

I have been working on another mobility project the last couple of months. this project started as a hybrid SCCM/Intune project using “old” SCC 2012 R2 platform, a couple of weeks ago we migrated the platform to the latest service pack in order to get all of the new hybrid mobile features in place. The project have support for Android, iOS and Windows phones 8.1 devices. In the beginning the company portal was deployed to the Windows Phones using the Windows Phone trial certificate (not supported, but it works). That part worked as expected for many months, but using the [...]

By |2015-07-01T10:47:13+01:00juli 1st, 2015|Configuration Manager (SCCM), Enterprise Mobility Suite (EMS), General info|Kommentarer lukket til Windows Phone 8.1 devices keep prompting for sign in to the Company Portal

Slides and links from my Welcome to your new life as an Enterprise Client Hybrid Management expert session @NIC 2015

Thanks for attending my Hybrid Management session @NIC 2015. Slide deck Deploy wifi profiles with shared secret - https://blog.ctglobalservices.com/kea/deploying-wpa-2-personal-wifi-profiles-using-configmgr-intune/ Change device ownership in configmgr - https://blog.ctglobalservices.com/kaj/change-device-ownership-in-configuration-manager-with-powershell/ Intune Extensions fail to install - https://blog.ctglobalservices.com/kea/intune-extensions-will-not-install/ and http://scug.be/sccm/2014/02/11/cm12-extensions-for-windows-intune-resources-and-gotchas/ Device based vs User based policies - https://blog.ctglobalservices.com/kea/device-based-vs-user-based-mdm-policies-in-configmgr-2012-r2/ Troubleshooting iOS certificate deployments - https://blog.ctglobalservices.com/kea/troubleshooting-certificate-deployment-on-ios-devices-with-configmgr-intune/ Deny Apps on Windows Phone - http://scug.be/nico/2014/05/22/deny-windows-phone-apps-with-configuration-manager-intune/

By |2015-02-14T15:06:32+01:00februar 14th, 2015|Configuration Manager (SCCM)|Kommentarer lukket til Slides and links from my Welcome to your new life as an Enterprise Client Hybrid Management expert session @NIC 2015

Deploying WPA-2 personal WIFI profiles using ConfigMgr & Intune

For hybrid environments (that being ConfigMgr integrated with Microsoft Intune), it’s not possible to deploy a WIFI profile using a pre-shared secret in the UI. This will however not prevent you from creating and deploying WPA-2 Personal security WIFI profiles in the console. You will just be deploying the WIFI profile without the WIFI password.  Windows Phone 8.1 will re-apply the same profile over and over again When users receive the WIFI profile all they have to do is add the password and they will have WIFI connection. This works great for Android and iOS, but not for Windows Phone [...]

By |2015-01-28T14:28:20+01:00januar 28th, 2015|Configuration Manager (SCCM)|4 Comments

Intune Extensions will not install

It’s a common issue, but still worth mentioning. Being a Full Administrator is NOT the same as having full control of all features in the ConfigMgr console. An example is enabling new Intune Extensions like the one released in late December. As usual you are prompted when new Extensions are available. In this example I’m logged in as Full Administrator and trying to enable the extension in the Administration workspace. All looks good, right until the point where I accept the License Terms, And boom! I do not have the required permissions even though I’m a Full Administrator! Rule #7 [...]

By |2015-01-02T10:36:21+01:00januar 2nd, 2015|Configuration Manager (SCCM)|Kommentarer lukket til Intune Extensions will not install

Managing WIFI certificates for iOS devices with ConfigMgr MDM

This will be the last Christmas blog post from Coretech in 2014. A huge thanks to all of you who followed our Christmas blogs in December. @Coretech we wish you and your loved ones a Merry Christmas and a Happy New Year – We look forward to service you again in 2015 with knowledge, inspiration and best practices on Microsoft technologies One of the many need features offered by ConfigMgr & Intune is the ability to deploy certificates and WIFI profiles. Both are essential when implementing a MDM/BYOD strategy. Creating the required SCEP certificate for iOS As mentioned in a [...]

By |2014-12-23T14:09:31+01:00december 23rd, 2014|Configuration Manager (SCCM), General info|3 Comments