When starting to move workloads to Intune of the first workload to move is Compliance and Endpoint Protection. When moving the Endpoint protection workload the following configurations are moved to Intune instead of MEMCM: Windows Defender Antimalware Windows Defender Application Guard Windows Defender Firewall Windows Defender SmartScreen Windows Encryption Windows Defender Exploit Guard Windows Defender…
Show DP information during OSD using TSBackground
One request that was made many times in the comments of the blog posts on TSBackground which is a remarkable tool from Johan Schrewelius, is to be able to show which DP is being used during OSD. I will try to explain the challenges with displaying DP information using TSBackground and some ways of doing…
Using Install-language during AutoPilot Windows 11 insider
At the session I presented with Michael Niehaus on customizing Windows 11 at MMS 2022 in Minneapolis we talked about the new PowerShell support for installing Language packs and set system language which are included in the Windows 11 Insider build 22257. During the session we got the question if it works together with AutoPilot…
Co-Management and the importance of device token enrollment.
After returning from presenting at MMS 2022 in Minneapolis, my first physical event in 2 1/2 years! A great experience as always! I thought it was time to write a post on how important it is that enrollment using a device token works when using Co-management in MEMCM + MEM. The Configuration Manager client will…
Windows 11 Insider Start Menu layout registry customizations
With Windows 11 Insider release 22059 the new Start Menu options were introduced which I love! I almost never anything in the recommended section on the Start Menu and now we get three alternatives to how much estate that part can take up on the Start Menu.The same as today, more or less space. I…
MEMCM 2203 released with great features
MEMCM 2203 has been released with some great features that I need to write about. Must be one of the releases that includes most the top request features like Escrow BitLocker Recovery Key to MEMCM in a Task Sequence, Dark Mode! and Icons for Task Sequences and packages. Escrow BitLocker Recovery Key to MEMCM in…
MEMCM SQL Query Poor Performance
A few days ago, we experienced performance issues when querying a ConfigMgr DB view. A very simple query: “SELECT Name, MachineID, IsActive, AADDeviceID FROM v_CombinedDeviceResources WHERE CoManaged = ‘1’” could take up to a minute to complete. Since we already knew that “v_CombinedDeviceResources” is the source from where the Device view in the ConfigMgr console…
Intune Configuration Profile for Google Chrome based on STIG
Google Chrome is a very popular browser but as other browsers it needs to be managed as well. One great reference for how to secure and configure Google Chrome is the Security Technical Implementation Guide (STIG) which can be found here:Google Chrome Current Windows Security Technical Implementation Guide (stigviewer.com) I have created a Custom policy…