How to use Endpoint Manager Group Policy analytics

Benoit LecoursSCCMLeave a Comment

Microsoft has released a long-awaited feature for Intune/Endpoint Manager administrators. Yet still, in “Preview”, you can start testing Endpoint Manager Group Policy Analytics now! If you’re not familiar with Endpoint Manager… well it’s the “new” branding for Microsoft Intune, simple as that. This feature lets you analyze your on-prem Group Policy Objects (GPO) and determine your level of modern management support. This tool can also be extremely helpful to resolve conflicts between Group Policy Objects (GPO) and Microsoft Intune policy One of the major struggle when migrating devices to Endpoint Manager. When you import a GPO, Endpoint Manager automatically analyzes … Read More

Renew Apple MDM Push Certificate in Endpoint Manager

Benoit LecoursSCCMLeave a Comment

To enroll and manage iOS/MAC devices into Endpoint Manager, you need to create an Apple MDM Push Certificate. These certificates expire 365 days after you create them and must be renewed manually in the Endpoint Manager portal. You will receive a notification email 30 days before the Apple MDM Push Certificate expires. It’s strongly recommended to renew the certificate before the expiration method. If you don’t renew the certificate in time, you will need to re-enroll all Apple devices. In a lab environment, this can be done easily, but in a production environment with a hundred or thousand devices, this … Read More

Step-by-Step SCCM 2006 Upgrade Guide

Benoit LecoursSCCM2 Comments

Microsoft has released a second SCCM version for 2020. SCCM 2006 has been released on August 11th, 2020! (SCCM has a new branding since 1910 – now called Microsoft Endpoint Configuration Manager (MEMCM). This post is a complete step-by-step SCCM 2006 upgrade guide, meaning that if you want to upgrade your existing SCCM/MEMCM installation to the latest SCCM/MEMCM updates, this post is for you. If you’re looking for a comprehensive SCCM installation guide to build a new server, refer to our blog series which covers it all. You won’t be able to install SCCM 2006 if you are running SCCM 2012. … Read More

Block TikTok using Intune device compliance policy and Conditional Access

Benoit LecoursSCCM1 Comment

This blog post will show you how to Block TikTok Microsoft Intune on iOS and Android. This strategy can be used for any app. TikTok was recently caught accessing user clipboard data when running in the background, potentially exposing passwords or other sensitive data. The behaviour was revealed because of a new feature in iOS 14, and it’s unclear how long it had been present in the app. TikTok has since removed the feature, but the privacy scare underscored long-standing privacy concerns over the app, which is owned by China-based ByteDance. The NY Times also reported that TikTok has been under scrutiny … Read More

SCCM Windows 10 2004 Upgrade Deployment

Benoit LecoursSCCMLeave a Comment

Support for Windows 7 ended on January 14, 2020. If you are still using Windows 7, your PC may become more vulnerable to security risks. Microsoft published the Windows 10 2004 feature update (aka Windows 10 May 2020 Update) on VLSC. If you haven’t planned your Windows 7 migration to Windows 10, this post will help prepare your SCCM Server to deploy it. You may also need to deploy Windows 2004 to your Windows 10 computer to stay supported or to benefits from the new features. Before deploying a new Windows 10 feature upgrade, you need to have a good … Read More

The SCCM Dos and Donts – 2020 Edition

Benoit LecoursSCCM4 Comments

We’ve been in the consulting world since SMS 2003 and we’ve seen so much stuff over the years! From the famous task sequence deployed to All system to the “fuck it let’s set our collections to be all incremental to make SCCM faster!”, we’ve seen it all… or have we? This blog post is an informative post on some of the SCCM Dos and Donts that you need to follow when using SCCM/MEMCM. This post is intended to be informative, use it to refresh your skill or simply if you’re starting your SCCM journey and you’re looking to learn something … Read More

How to use SCCM Delivery Optimization

Jonathan LefebvreSCCM1 Comment

SCCM Delivery Optimization

The amount of data that transfers daily on a corporate network is quite important. Once a month, Windows Update has quite an impact on that amount. SCCM along Delivery Optimization can help better manage that crazy amount of GB or even TB of content required to patch all computers. In an earlier post, we covered the topic to use with Intune and Windows Update for business In this post, we will detail how to use SCCM Delivery Optimization to deliver Windows Updates. Requirements Clients must be running Windows 10 ConfigMgr 1910 or higher to get all Network ports 7680 inbound … Read More

How to configure SCCM Software Update point in SSL

Jonathan LefebvreSCCM2 Comments

While the requirements of running SCCM/MEMCM in full SSL may be less required theses days with the Cloud Management Gateway being so effective with remote computers management, running the WSUS – Software Update point in SSL is likely to show up as a requirement whenever doing a security audit of your environment. In this post, we will detail the required steps, from the certificate template creation to the client validation on enabling SSL for WSUS and the SCCM Software Update Point. Requirements Any SCCM version Communication on port 8531 must be open on your Firewall Certificate template Creation The first … Read More

SCCM Powershell collection boundary groups

Jonathan LefebvrePowershell, SCCM1 Comment

With SCCM 2002 that was just released, a small but extremely useful feature is now available in console. It is now possible to view what boundary group a device is connected to! This offers a new opportunity with collections based on Boundary groups, which could mean physical sites or any other meaningful needs in your environment. I’ve created a PowerShell script that automatically creates collections based on all the available boundary groups. Requirements SCCM must be at least version 2002. See our Step-by-step guide upgrade guide here SCCM Powershell collection boundary groups The script can be downloaded on GitHub, since … Read More

SCCM PowerBi Report Server Integration

Benoit LecoursSCCM2 Comments

Beginning with SCCM/MEMCM 2002, it’s possible to Integrate Power BI Report Server to an existing Reporting Point or to a site that doesn’t have a reporting point installed. Doing so will give you the ability to manage your Power Bi Dashboard the same way you manage your SSRS report. All done directly from the console makes it easier to deploy and edit your existing dashboard and to create a new one. This post will describe the complete SCCM PowerBi Report Server Integration process. More specifically, how to Integrate SCCM/MEMCM Reporting point with Power BI Report Server on an SCCM 2002 … Read More