BitLocker Management, also known previously as Microsoft BitLocker Administration and Monitoring(MBAM), has been around MECM for a little while now. Whether a move from an old stand-alone MBAM server, hosted on a Windows Server 2012 R2 for example, or simply a wish to go the extra mile compared to BitLocker with AD backup, it is still a good idea up to today to implement it. In this blog post, we will configure SCCM MBAM Integration with SCCM with detailed steps. SCCM MBAM Integration Prerequisites For more details on the prerequisites, see Microsoft Docs. Create BitLocker Management in SCCM For more details on Creating the BitLockerment Management policy, see Microsoft Docs Configure the BitLocker management web portals There are 2 portals that can be installed in support of BitLocker Management. Helpdesk Portal, is made for IT folks to request the recovery key after an end-user has an issue and the Self-Service … Read More
Create Adobe Photoshop Intune package for mass deployment
Application packaging in Intune or SCCM is one of the jobs that can frequently create headaches. For many years, Adobe products have been challenging to automate and deploy for MECM/Intune Admins. Whether because of updates, licensing, or unclear instructions, it has always been a challenge for Adobe Creative suite products. I was recently tasked to package Adobe Photoshop with Intune. To my pleasant surprise, Adobe now has a cloud admin console that makes that process a breeze compared to what was done before. In this blog post, we will detail how to generate a source installation for Adobe Photoshop using the Adobe Admin Console and deploy it using Intune. Requirements We will start by downloading the software from the Adobe website. Here are the high-level steps : Create Adobe Photoshop deployment package Abode products need to match the architecture of the OS. 32 Bit applications won’t work on 64-bit Windows … Read More
How to manage Google Chrome with Intune
Google Chrome is one of the most widely used web browsers in the world. It is known for its speed, stability, and a wide variety of extensions that are available for it. As a result, many organizations have adopted Chrome as their default web browser. To manage Chrome on enterprise devices, Intune is a powerful tool that can be used to deploy and manage policies. In this blog post, we will discuss how to manage Google Chrome with Intune. With the increasing popularity of Intune, and the ability to replace Group Policy with Device Configuration, one area needs a bit more work to be managed. Third-party applications that support the GPO model can be used with Intune by importing ADMX from the vendor. It is the case for Google products, especially Google Chrome. We will demonstrate how to manage Google Chrome by importing Google’s admx for a similar approach as … Read More
Customize Windows Start Menu for SCCM Deployments
The reason to Customize Windows Start Menu is a must for any organization to deploy a standard workstation and remove any unwanted software from it. Sometimes Microsoft makes small changes under the hood and can hardly be tracked unless an issue comes up to flag those changes. The configuration of the Start Menu and Taskbar for Windows 10 has been since the beginning a great challenge for administrators and it doesn’t look that this will change anytime soon. Windows 11 which came out recently share the same mechanism as Windows 10 when it comes to the Start Menu thus, this post can be used for Windows 11. Microsoft added the following note to the start menu layout modification documentation after the 1703 release A simple note, with great implication! Following our previous posts on Windows 10 Customization and how to modify the taskbar configuration, we will detail how to configure … Read More
How to use Microsoft Defender for Endpoint antivirus security with Intune
Microsoft Defender has come a long way since the first few releases to become a leader in all all-things security-related. What was originally a standard antivirus solution has evolved into a full product suite. If you are looking to configure Microsoft Defender(Endpoint protection) with Configuration Manager, see our guide that is available in our shop This post will focus on configuring Microsoft Defender for Endpoint Security Antivirus by using Intune. Prerequisites Windows 10 or Windows 11 Aside from the Intune various licensing option you’ll need to manage your devices, there are no other requirements to use this feature. Create Microsoft Defender for Endpoint antivirus security profiles Connect to the Endpoint portal Browse to Endpoint Security/ Antivirus Click Create Policy. At this point, the Antivirus policies are split into 3 distinct sections. Microsoft Defender Antivirus This will essentially manage the core features. Microsoft Defender Antivirus Exclusions This will be the various … Read More
How to fix Azure Update Compliance missing devices
Azure Update Compliance has been around for a few years already. Originally part of Windows Analytics, it’s the only component that lived through the years. It has become more popular with the growing number of devices managed with Windows Update for Business. It is also useful for an environment that manages updates and feature updates with Configuration Manager. In this post, we’ll cover how to make the required change so devices report back to Azure Update Compliance. I recently did a check for a few clients and noticed that the number of devices in Update Compliance was drastically low or even almost empty in some environments. This is because of a change from Microsoft, that was enforced back in January 2022. Since devices were managed prior to May 2021, we need to adjust the configurations to fix Azure Update Compliance missing devices. If you are looking for how to use … Read More
How to move SCCM Move Content Library to another drive
One of the common mistakes we still see is having SCCM Move Content Library folders on many different drives, most of the time not on purpose. Usually, this will lead to the C drive being full, or the drive where the SQL database sits. This will then cascade into a series of errors all over SCCM. In this post, we will show how to use the SCCM Content Library Transfer tool to move distribution content folders Prerequisites If you are running SCCM latest build, the tool is now build-in the install folder If you are running a version older than Current Branch 1802, you will need to download the SCCM 2012 toolkit Move SCCM Move Content Library Find the drives where there are Distribution Point content folder that shouldn’t be there You can see the Content Library folder location in a registry key: HKLM\Software\Microsoft\SMS\DP\ As stated in the limitation, the Distribution … Read More
How to use SCCM Cloud Management Gateway bulk registration token
One of the less-known benefits of the SCCM Cloud Management Gateway is the ability to install the Configuration Manager client to devices that are not connected locally and manage those devices without ever being on the internal network. For example DMZ servers. To do so, the client must be installed by a command line with an SCCM CMG Bulk Registration Token. In this post, we will show how to use the Bulk Registration Token to enroll DMZ servers to the Cloud Management Gateway. Requirements Configuration Manager version 2002 or higher Supported OS for Config Manager Cloud Management Gateway configured See our post, Setup SCCM Cloud Management Gateway The certificate used for the Cloud Management Gateway must be trusted by the client that will be installed If the certificate is a Public certificate, with a CNAME, then this will be trusted by default If the certificate is generated by a private … Read More
How to use Desktop Analytics for Windows 10 Feature Update
Desktop Analytics is still a recent product and a small beast that require a bit of time and trial and error to get going. The goal of Desktop analytics is to give data to understand your environment prior to mass roll out a new Windows 10 Feature Update. Desktop Analytics isn’t a product to deploy a Windows 10 Feature Update. ConfigMgr remains the master of the actual deployment. In this blog post, we’ll detail real-world scenarios on how to use Desktop Analytics information to help during a Windows 10 Feature update deployment. Desktop Analytics Windows 10 Update Requirements See our previous post on how to setup Desktop Analytics and connect it to your SCCM/ConfigMgr/MEMCM environment prior to reading this post. Select devices to be evaluated by Desktop Analytics Here are a few questions to help determine which devices should be included. Should Windows 7 devices be included? Assuming you are … Read More
Setup SCCM Cloud Management Gateway (SCCM CMG)
The ConfigMgr team is working really hard to make SCCM admins job easier for some of the key components of Modern Management. Starting with SCCM 1806 release, they ease a bit the setup of the SCCM Cloud Management Gateway (CMG). If you are new to the concept of SCCM Cloud Management Gateway, the main advantage is that it doesn’t expose your SCCM servers to the internet. The downside is that it requires an Azure subscription which brings recurring monthly costs. If you’re still unsure which method to use, you can read the Microsoft documentation and see our blog post about internet client management. Make sure that you understand the limitation of using internet clients. We strongly encourage to use the SCCM Cloud Management Gateway if you’ll be managing client on the internet since this feature will evolve with time and the traditional way support should go away. Here the available features … Read More