BitLocker Management, also known previously as Microsoft BitLocker Administration and Monitoring(MBAM), has been around MECM for a little while now. Whether a move from an old stand-alone MBAM server, hosted on a Windows Server 2012 R2 for example, or simply a wish to go the extra mile compared to BitLocker with AD backup, it is still a good idea up to today to implement it. In this blog post, we will configure SCCM MBAM Integration with SCCM with detailed steps. SCCM MBAM Integration Prerequisites For more details on the prerequisites, see Microsoft Docs. Create BitLocker Management in SCCM For more details on Creating the BitLockerment Management policy, see Microsoft Docs Configure the BitLocker management web portals There are 2 portals that can be installed in support of BitLocker Management. Helpdesk Portal, is made for IT folks to request the recovery key after an end-user has an issue and the Self-Service … Read More
Implementing Windows LAPS with Azure AD
First announced at MS Ignite 2022 as Cloud LAPS , the now rebranded Windows LAPS Enables local admin password management for Azure Ad and Hybrid-joined devices to store those passwords in Azure Ad instead of the on-prem AD. This is a big win for remote users that are not connected to the VPN. You can also use Windows LAPS to backup the key to on-prem Active Directory instead of using the GPO, making the old LAPS obsolete. This blog post will only focus on doing the Windows LAPS backup to Azure AD. For more context on LAPS (Local Administrator Password Solution), this was introduced by Microsoft in May 2015 and does just what the name suggests, allows the management of the password of the Local Administrator Account on workstations, allowing all Windows PCs to have their own unique local admin password by storing it in the computer’s Active Directory object. … Read More
Step-by-Step SCCM 2303 Upgrade Guide
Microsoft has released the first SCCM version for 2023. SCCM 2303 has been released on April 11th, 2023. This post is a complete step-by-step SCCM 2303 upgrade guide, meaning that if you want to upgrade your existing SCCM installation to the latest SCCM updates, this post is for you. If you’re looking for a comprehensive SCCM installation guide to building a new server, refer to our blog series which covers it all. You won’t be able to install SCCM 2303 if you are running SCCM 2012. Well, that’s an odd phrase! Thank you current branch naming. SCCM 2303 is a baseline version. This means that if you’re downloading the source from Volume Licensing, SCCM 2303 will be the starting version of your new SCCM site. At the time of this writing, SCCM 2303 is available in the Early update ring. You must run the opt-in script to see it appear in … Read More
Create Adobe Photoshop Intune package for mass deployment
Application packaging in Intune or SCCM is one of the jobs that can frequently create headaches. For many years, Adobe products have been challenging to automate and deploy for MECM/Intune Admins. Whether because of updates, licensing, or unclear instructions, it has always been a challenge for Adobe Creative suite products. I was recently tasked to package Adobe Photoshop with Intune. To my pleasant surprise, Adobe now has a cloud admin console that makes that process a breeze compared to what was done before. In this blog post, we will detail how to generate a source installation for Adobe Photoshop using the Adobe Admin Console and deploy it using Intune. Requirements We will start by downloading the software from the Adobe website. Here are the high-level steps : Create Adobe Photoshop deployment package Abode products need to match the architecture of the OS. 32 Bit applications won’t work on 64-bit Windows … Read More
How to manage Google Chrome with Intune
Google Chrome is one of the most widely used web browsers in the world. It is known for its speed, stability, and a wide variety of extensions that are available for it. As a result, many organizations have adopted Chrome as their default web browser. To manage Chrome on enterprise devices, Intune is a powerful tool that can be used to deploy and manage policies. In this blog post, we will discuss how to manage Google Chrome with Intune. With the increasing popularity of Intune, and the ability to replace Group Policy with Device Configuration, one area needs a bit more work to be managed. Third-party applications that support the GPO model can be used with Intune by importing ADMX from the vendor. It is the case for Google products, especially Google Chrome. We will demonstrate how to manage Google Chrome by importing Google’s admx for a similar approach as … Read More
SCCM Daily Maintenance Tasks
Microsoft System Center Configuration Manager (SCCM) is a powerful tool for managing large-scale enterprise systems. It is essential for IT administrators to perform regular maintenance tasks in order to ensure that SCCM is functioning optimally and to prevent any potential issues from arising. In this blog post, we will discuss the daily maintenance tasks that should be performed in order to keep SCCM running smoothly. Check overall site server health and hardware performance The first step in SCCM’s daily maintenance tasks is to check the health of the SCCM site server itself. We suggest starting by simply looking at the overall resource consumption in the Task Manager. If your IIS Worker Process is using all CPU, we suggest that you read our post about Software update maintenance best practice Verify all disk-free space and ensure that there’s enough free space left. Here are the main things to check which consume … Read More
Deploy Win32 Apps with Intune
Since September 2019, it’s possible to distribute Win32 applications using Microsoft Intune. This was a major show-stopper to go full MDM for Windows 10 devices for many companies and would keep using SCCM/MEMCM to fulfill this duty. In this post, we will detail how to deploy Win32 Apps with Microsoft Intune. We’ll deploy Google Chrome with the MSI installer as an example. Understanding the Basics First, let’s define what’s a Win32 application. Win32 applications are traditional desktop applications that run on Windows operating systems. With the increasing trend towards cloud management, organizations are looking for ways to manage Win32 apps from the cloud, which is where Intune comes in. Microsoft Intune is a cloud-based device management platform that enables organizations to manage devices, apps, and data. With Intune, IT administrators can manage and distribute Win32 applications to Windows 10/11 devices. There are several benefits to deploying Win32 applications with Intune, … Read More
SCCM Best Practices (Tips and Tricks)
There’s no such thing as SCCM Best Practice. Every company, every IT department, and every computer configuration is unique. That being said we are doing numerous SCCM assessments these days, looking at various SCCM setups and configurations. Here’s our compiled list of settings, configurations, and tricks we can give you to make your SCCM configuration better. Central Administration Site (CAS) The most obvious SCCM Best Practice: Don’t use a CAS. You’ll see this advice everywhere… and it’s true. Don’t use it. Just don’t. When the Central Administration Site was introduced back in SCCM 2012 SP1 there was no concept of a preferred site system. If you had to manage thousands of clients in a remote site/region and a secondary site was not an option, the installation of numerous Primary sites was needed (so was the CAS). But now that new client management options were introduced in the later SCCM version, … Read More
SCCM Collections Management Tips, Scripts and Tools
Creating and managing collections in SCCM is a basic and daily task. Over the years, we’ve seen too much infrastructure with a lack of collection maintenance. It can become a burden when you have a hundred or thousand of them and never cleaned them up. In this blog post, we’ll give you SCCM Collections Management Tips along with useful scripts and tools to help you become a collection master. You may wonder why you should care about this? Collections in Configuration Manager is a resources-intensive task, and some best practices need to be followed. The SCCM product group has understood that and released many improvements and features in their latest release to ease collection management. We’ve compiled the latest management changes and tools available related to collections. This blog post is also available in a video format SCCM 2010 Collection Features SCCM 2010 (November 2020) has introduced 3 new important features for collections … Read More
Getting started with Microsoft Intune
If you have been following the SCCM community for the past months, you’ve been hearing a lot about comanagement, cloud management gateway, cloud distribution point, and Intune. You may also hear that SCCM is dying and that Intune is your only path in the near future to manage your company devices. The good news is that SCCM is not dead, in fact, it’s been rolling out new features quarterly in the past 3 years thanks to the new servicing model and the product group is not slowing down. The bad news is that… well, there’s no bad news… but as a sysadmin, you have a steep learning curve if you’ve not been following the “sccm intune modern management” storm from past months. . In this blog post, we will go over the basics to start with Microsoft intune. It supports Windows and a variety of devices. You may wonder why would … Read More