With the release of SCCM 1710, one of the key new features is the SCCM Co-Management possibility with Microsoft Intune. Comanagement enables some interesting features like conditional access, remote actions with Intune, and provisioning using AutoPilot. You can decide which feature is managed by which platform (SCCM or Intune). This is great to slowly phase into Intune. There are two main paths to reach to co-management: Windows 10 and later devices managed by Configuration Manager and hybrid Azure AD joined get enrolled into Intune Windows 10 devices that are enrolled in Intune and then install with the Configuration Manager client We will describe how to enable co-management and enroll an SCCM-managed Windows 10 device into Intune. SCCM Co-Management Prerequisites SCCM 1710 or later Azure AD Subscription EMS or Intune license for all users Azure AD automatic enrollment enabled Following our blog post, only configure Azure AD. Do not follow instructions … Read More
Customize Windows Start Menu for SCCM Deployments
The reason to Customize Windows Start Menu is a must for any organization to deploy a standard workstation and remove any unwanted software from it. Sometimes Microsoft makes small changes under the hood and can hardly be tracked unless an issue comes up to flag those changes. The configuration of the Start Menu and Taskbar for Windows 10 has been since the beginning a great challenge for administrators and it doesn’t look that this will change anytime soon. Windows 11 which came out recently share the same mechanism as Windows 10 when it comes to the Start Menu thus, this post can be used for Windows 11. Microsoft added the following note to the start menu layout modification documentation after the 1703 release A simple note, with great implication! Following our previous posts on Windows 10 Customization and how to modify the taskbar configuration, we will detail how to configure … Read More
Create 148 Operational SCCM Collections using this Powershell Script
Using Powershell you can do many things in SCCM. Over the years, in many SCCM consulting projects we got involved in, we get the same question: “Can you create SCCM collections for Servers, Laptops, Workstations, Windows 10…”. Back in 2015, I started to build an SCCM collection PowerShell script to create SCCM operational collections which we create just after an SCCM installation. With time, I added more and more collections to the script. Fast forward to today, the script now contains 148 collections and has been downloaded more than 75 000 times making this PowerShell script my most downloaded contribution to the community. This set of collections usually covers 95% of the initial client needs. All you need to do is to run the SCCM collection PowerShell script on your SCCM server and wait. In about 5 minutes, you’ll end up having 148 collections in an Operational folder. The collections are set to … Read More
Identify Windows 10 and Windows 11 Build Numbers using SCCM / MEMCM
In an enterprise, it’s important to track your Windows 10 and Windows 11 Build Numbers. New build releases add new features, quality updates, and bug fixes. You may also need to identify the Windows version in a migration project or to plan your patch management deployments. This blog post will show you how to identify your Windows 11 build version and how to manage this information in SCCM / MEMCM. Windows 11 Version Naming and Revision Windows 10 version name is pretty simple: The first two (2) numbers are the release year. (Ex: 2022) The last two (2) characters are : The first half of the year – H1 The second part of the year – H2 For example, Windows 11 22H1 would mean that it was released in 2022 in the first half of the year. Where it gets more complicated is the Windows 11 revision or build number which is different … Read More
Step-by-Step SCCM 2207 Upgrade Guide
Microsoft has released the second SCCM version for 2022. SCCM 2207 has been released on April 8th, 2022. This post is a complete step-by-step SCCM 2207 upgrade guide, meaning that if you want to upgrade your existing SCCM/MEMCM installation to the latest SCCM/MEMCM updates, this post is for you. If you’re looking for a comprehensive SCCM installation guide to building a new server, refer to our blog series which covers it all. You won’t be able to install SCCM 2207 if you are running SCCM 2012. Well, that’s an odd phrase! Thank you current branch naming. SCCM 2207 is not a baseline version. This means that if you’re downloading the source from Volume Licensing, SCCM 2203 will be the starting version of your new SCCM site and you’ll need to apply SCCM 2207 on top of it. At the time of this writing, SCCM 2207 is available in the Early update … Read More
SCCM Remove Computer from Collection after OSD
This post is a step-by-step guide on how to remove computers from the collection after OSD. If you’re using specific collections for your OSD deployments you certainly know that the collections are not emptied automatically. After a couple of weeks, you’ll end up with a collection full of systems. The bad news is that there’s nothing built-in in the product, the good news is that our friend PowerShell can do this dirty job. To run the script : The imported module needs to be trusted The script must run in x86 mode The computer account must have proper permission (SCCM and DCOM) SCCM Remove Collection OSD – Permission You need to add your primary site computer account as a “Full Administrator” in SCCM You need to add the “System” account “Remote Access” right in DCOM permission Launch “dcomcnfg.exe” Navigate to Component Services / Computer / My Computers (Right-Click) / Properties … Read More
SCCM Console Access Denied problem
As an SCCM administrator, you use the SCCM console to access your primary site. Some of you may use the console locally on the SCCM server and some use the console on remote machines. Recently a customer ask for help because of an SCCM Console Access Denied problem. The SCCM console was working fine before and it was also working on another machine with the same user. I eventually found the solution and decided to document the whole troubleshooting process to fix SCCM Console Access Denied in this blog post. Step 1 – Troubleshooting on affected machine For any remote console troubleshooting issues, start with reading the SmsAdminUI.log file located on the client. This log file is located: C:\Program Files (x86)\Microsoft Endpoint Manager\AdminConsole\ AdminUILog In my example, you can see the error: Insufficient privilege to connect, error: Access is Denied. (Exception from HRRESULT: 0x80070005 (E_ACCESSDENIED)) Step 2- Understand the needed … Read More
SCCM CMPivot Query Examples
SCCM CMPivot has been introduced in SCCM 1806 and it’s making its way to being a pretty useful addition. If you are not familiar with this new feature, you can read about it in our previous post which describes how to use it. The goal of this post is to give you a list of SCCM CMPivot Query Examples. From there you can get creative to create more complex CMPivot queries. When we began using CMPivot, we were a bit lost. We are pretty comfortable with various programming languages but CMPivot uses the Kusto Query language. data flow model for the tabular expression statement which was new for us. The official Microsoft documentation states : The typical structure of a tabular expression statement is a composition of client entities and tabular data operators (such as filters and projections). The composition is represented by the pipe character (|), giving the statement a … Read More
SCCM Office 2021 Deployment guide
This blog post will describe how to Deploy Office 2021 using SCCM (using Click-to-run version). Beginning in Office 2019, Office client applications will no longer be available in MSI format. You can download an ISO on your volume licensing download center or use the Office Deployment Tool. We suggest using the Office deployment tool to have the latest available version. If you’re still confused about the differences between Office 2021 vs Office 365: Office 365 is a subscription that comes with premium apps like Word, Excel, PowerPoint, OneNote, Outlook, Publisher, and Access (Publisher and Access available on PC only). The apps can be installed on multiple devices, including PCs, Macs, iPads, iPhones, Android tablets, and Android phones. With a subscription, you get the latest versions of the apps and automatically receive updates when they happen. Office 2021 is a one-time purchase that comes with classic apps like Word, Excel, and PowerPoint for … Read More
Import Windows Devices for AutoPilot in Microsoft Endpoint Manager
Windows Autopilot is a solution designed that allows you to set up and pre-configure Windows devices for your environment using Azure and Endpoint Manager. The goal of Autopilot is to reduce the OS deployment complexity. If done correctly, a user logs to an out-of-box computer, logs on his computer with his ADD user account, and applications and configurations get deployed. All that with minimum infrastructure requirements. If you are new to Autopilot, we have a post that describes every step you need to do to get started. Autopilot has its flaws but it’s improving very fast. One of those flaws was that device importation was made from the Windows Store for Business or the Microsoft Partner Center. Those days are over since you can now import your device directly from Endpoint Manager. Endpoint Manager Autopilot device import Launch Endpoint Manager Select Device / Enroll Devices / Windows enrollment In the Windows Autopilot … Read More