Create an SCCM VPN Boundary Type to manage your remote clients

Benoit LecoursSCCM2 Comments

Beginning with SCCM 2006, you can now create a new boundary type. The SCCM VPN Boundary type helps to manage your remote clients. An upgraded SCCM client now sends a location request which includes information about its network configuration. Your management point can determine if the client is on a VPN connection based on this new information. You may want to use the SCCM VPN Boundary to set some options to differ when your clients are on a VPN connection. For example, redirect your VPN client on different site servers, disable Peer download or prefer cloud-based sources. If you’re not … Read More

Create an Intune Device Profile for User Login Restriction

Benoit LecoursSCCM4 Comments

I was asked to restrict domain user access on a Windows 10 device managed by Intune. The computer was configured as a Single-App Kiosk mode so we needed to prevent a user to use CTRL-ALT-DEL and log on the computer using his domain credentials. After searching through the Intune Device restrictions available for Windows 10, I couldn’t find any UI settings for that. I had to use a Custom Profile type for that. (Custom Profiles are also called OMA-URI Settings) This blog post will describe how to Create an Intune Device Profile Restriction User Login to restrict login rights This … Read More

Monitor Desktop Analytics Health using SCCM Report

Benoit LecoursSCCMLeave a Comment

Desktop Analytics is a cloud-based service that integrates with Configuration Manager. Desktop Analytics is now available and replaces Windows Analytics, which retired on January 31, 2020. When you integrate Desktop Analytics with Configuration Manager, it provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows clients. It combines data from your organization with data aggregated from millions of devices connected to Microsoft cloud services. Following are the benefits of Desktop Analytics: Device and software inventory: Inventory of apps and Windows version. Pilot identification: Identify your group pilot for a test deployment before … Read More

How to resolve SCCM CMG Policy Violation Error

Eswar KonetiSCCMLeave a Comment

Cloud management gateway (CMG) is a new chapter in Microsoft Endpoint Manager Configuration Manager (MEMCM). It is getting improved better and better in each version that gets released. If you look at the technical preview build that was released recently (version 2009), it has a remote control feature for CMG connected devices which is very much needed to support the internet-connected devices and there are many other good features in the technical preview build that might ship in the next production build. But that’s a whole other topic. In this blog post, I will describe the SCCM CMG Policy Violation … Read More

Setup Microsoft Intune and manage it in Endpoint Manager

Benoit LecoursSCCMLeave a Comment

In this post, we’ll guide you through the process to setup Microsoft Intune and then using it thought the new Endpoint Manager Portal. But first, let’s start this post by clarifying the various services we’ll talk about in our post. Microsoft Azure is a set of cloud services to help your organization meet your business challenges. This is where you build, manage, and deploy applications on a massive, global network using your favourite tools and frameworks. Microsoft Intune was and is still one of Azure services to manage your devices. The “old” Intune Portal you were accessing in Azure has … Read More

How to fix SCCM Bitlocker prompt for fixed drives

Eswar KonetiSCCMLeave a Comment

This blog post describes how to fix SCCM Bitlocker prompt for fixed drives when integrated the MBAM features with Configuration Manager. Introduction Starting with Configuration Manager 1910 onwards, Bitlocker features that were available in MBAM are now fully integrated into ConfigMgr and allows you to manage the Bitlocker drive encryption (BDE) for your windows clients without requiring any additional tools. From Configuration Manager 2002 onwards, the Bitlocker management feature is no more a pre-release feature. The Bitlocker functionalities that exist in Configuration Manager 1910 onwards, only supports the clients that are on-prem and joined to Active Directory ONLY. You will … Read More

Collect Windows10 Events in log analytic Workspace

Jonathan LefebvreAzure, IntuneLeave a Comment

Windows 10, Azure, and Endpoint Manager offer many different tools to gather and know more about what is going on in your environment. One of those is Log Analytics Workspace. Log Analytics workspace has the ability to collect data from Windows devices such as Events and performance data through the Microsoft monitoring agent. This can centralize Windows events to be analyzed and crunched to identify potential impacts happening to many computers. While the Monitoring agent is free, the data hosted in Log Analytics Workspaces will cost a little per month for great insight. Based on past experience, you can expect … Read More

Monitor SCCM Task Sequence Progress

Benoit LecoursSCCM, WINDOWS 104 Comments

When deploying Windows 10 operating system using SCCM (OSD), you will need to monitor SCCM task sequence progress. This allows us to track task sequence start, end time and most importantly errors (if any). Our post will show 4 different ways to monitor SCCM task sequences. Each of them has its own benefits and drawbacks. Monitor SCCM Task Sequence Using the Console You can view the progress of a task sequence using the SCCM console. This method is simple and easy but permit to see the status of only one machine at the time. If your deployment staff don’t have access … Read More

How to use Endpoint Manager Group Policy analytics

Benoit LecoursSCCMLeave a Comment

Microsoft has released a long-awaited feature for Intune/Endpoint Manager administrators. Yet still, in “Preview”, you can start testing Endpoint Manager Group Policy Analytics now! If you’re not familiar with Endpoint Manager… well it’s the “new” branding for Microsoft Intune, simple as that. This feature lets you analyze your on-prem Group Policy Objects (GPO) and determine your level of modern management support. This tool can also be extremely helpful to resolve conflicts between Group Policy Objects (GPO) and Microsoft Intune policy One of the major struggle when migrating devices to Endpoint Manager. When you import a GPO, Endpoint Manager automatically analyzes … Read More

Renew Apple MDM Push Certificate in Endpoint Manager

Benoit LecoursSCCMLeave a Comment

To enroll and manage iOS/MAC devices into Endpoint Manager, you need to create an Apple MDM Push Certificate. These certificates expire 365 days after you create them and must be renewed manually in the Endpoint Manager portal. You will receive a notification email 30 days before the Apple MDM Push Certificate expires. It’s strongly recommended to renew the certificate before the expiration method. If you don’t renew the certificate in time, you will need to re-enroll all Apple devices. In a lab environment, this can be done easily, but in a production environment with a hundred or thousand devices, this … Read More