Troubleshooting unexpected reboots when using Windows Autopilot can be challenging for sure. This post is a quick tip around how the Event ID 2800 in the DeviceManagement-Enterprise-Diagnostics-Provider should be used. During our session on troubleshooting the modern managed device at MMS in Minneapolis we got this question a couple of times, this post will explain…
Category: Configuration Manager
Administrator protection in Windows 11 – First look
Administrator Protection in Windows 11 was announced at Ignite a couple of weeks ago which adds a well needed more secure option than UAC to protect our accounts with Local Administrator permissions. Administrator Protection reminds a bit on how Microsoft Endpoint Privilege Management works with a separate virtual account. Instead of the traditional UAC elevation…
Install New Teams client with PowerShell with or without content
The new Teams client is now a MSIX that we need to deploy. We have a tool for this called teamsbootstrapper.exe which gets new features all the time. The official Microsoft documentation can be found here Bulk deploy the new Microsoft Teams desktop client – Microsoft Teams | Microsoft Learn Teamsbootstrapper.exe support both online and…
PS Script to Update Boot images with CU-CVE-2023-24932
This will be a short post on how to update WinPE boot images with a Cumulative Update as we need to do that now with the release of May 2023 Cumulative Update to address CVE-2023-24932. Spent all day with colleagues to try to test what happens to OS deployment (and AutoPilot) when deploying the mitigation…
Remove built-in apps in Windows 11 22H2 during OSD
I have updated the script I use to uninstall built in apps in Windows 10 and Windows 11. Windows 11 22H2 has some changes when it comes to removing built-in apps. Is uninstalling built-in apps still a thing, yes it is. Teams Personal is one example of a similar app to Teams that causes unnecessary…
Installing updates during OSD using PSWindowsUpdate
When we move workloads to Intune in our Co-Management scenarios we lose some features we have been using and need to go back to basic. In this short post we will install updates during OSD using the PSWindowsUpdate module which is great. When we moved the Windows Update workload and uninstalled WSUS we need another…
Logging the Co-management and Defender onboarding process during OSD
When starting to move workloads to Intune of the first workload to move is Compliance and Endpoint Protection. When moving the Endpoint protection workload the following configurations are moved to Intune instead of MEMCM: Windows Defender Antimalware Windows Defender Application Guard Windows Defender Firewall Windows Defender SmartScreen Windows Encryption Windows Defender Exploit Guard Windows Defender…
Show DP information during OSD using TSBackground
One request that was made many times in the comments of the blog posts on TSBackground which is a remarkable tool from Johan Schrewelius, is to be able to show which DP is being used during OSD. I will try to explain the challenges with displaying DP information using TSBackground and some ways of doing…