One of the biggest differences there is between supporting an ADD joined Windows devices compared to On-premise is the Domain firewall profile. When a AD joined device are connected to the domain network it switches to a domain firewall profile where we can have management ports open. Administrative shares, WinRM, Remote Registry and much more…
Category: Intune
Installing updates during OSD using PSWindowsUpdate
When we move workloads to Intune in our Co-Management scenarios we lose some features we have been using and need to go back to basic. In this short post we will install updates during OSD using the PSWindowsUpdate module which is great. When we moved the Windows Update workload and uninstalled WSUS we need another…
Logging the Co-management and Defender onboarding process during OSD
When starting to move workloads to Intune of the first workload to move is Compliance and Endpoint Protection. When moving the Endpoint protection workload the following configurations are moved to Intune instead of MEMCM: Windows Defender Antimalware Windows Defender Application Guard Windows Defender Firewall Windows Defender SmartScreen Windows Encryption Windows Defender Exploit Guard Windows Defender…
Using Install-language during AutoPilot Windows 11 insider
At the session I presented with Michael Niehaus on customizing Windows 11 at MMS 2022 in Minneapolis we talked about the new PowerShell support for installing Language packs and set system language which are included in the Windows 11 Insider build 22257. During the session we got the question if it works together with AutoPilot…
Co-Management and the importance of device token enrollment.
After returning from presenting at MMS 2022 in Minneapolis, my first physical event in 2 1/2 years! A great experience as always! I thought it was time to write a post on how important it is that enrollment using a device token works when using Co-management in MEMCM + MEM. The Configuration Manager client will…
Intune Configuration Profile for Google Chrome based on STIG
Google Chrome is a very popular browser but as other browsers it needs to be managed as well. One great reference for how to secure and configure Google Chrome is the Security Technical Implementation Guide (STIG) which can be found here:Google Chrome Current Windows Security Technical Implementation Guide (stigviewer.com) I have created a Custom policy…
Remote help for Intune/MEM
I wrote a post on 4Sysops.com on the new Remote Help feature in Intune/MEM. A great and long awaited feature as we today need to buy a separate product or use Quick Assist which is built in and free but has many limitations (and should be removed from all corporate managed devices). In Configuration Manager…
Troubleshooting Windows 10/11 Enterprise subscription is not valid
Wrote a blog post on how to Troubleshoot Windows 10/11 Subscription based activation over at 4Sysops. The issue we saw show up as Windows 10 Enterprise subscription is not valid as shown below. It turns out the If there is more than one Azure AD account added under “Access work or School”, they will fail…