Application packaging in Intune or SCCM is one of the jobs that can frequently create headaches. For many years, Adobe products have been challenging to automate and deploy for MECM/Intune Admins. Whether because of updates, licensing, or unclear instructions, it has always been a challenge for Adobe Creative suite products. I was recently tasked to package Adobe Photoshop with Intune. To my pleasant surprise, Adobe now has a cloud admin console that makes that process a breeze compared to what was done before. In this blog post, we will detail how to generate a source installation for Adobe Photoshop using the Adobe Admin Console and deploy it using Intune. Requirements We will start by downloading the software from the Adobe website. Here are the high-level steps : Create Adobe Photoshop deployment package Abode products need to match the architecture of the OS. 32 Bit applications won’t work on 64-bit Windows … Read More
How to manage Google Chrome with Intune
Google Chrome is one of the most widely used web browsers in the world. It is known for its speed, stability, and a wide variety of extensions that are available for it. As a result, many organizations have adopted Chrome as their default web browser. To manage Chrome on enterprise devices, Intune is a powerful tool that can be used to deploy and manage policies. In this blog post, we will discuss how to manage Google Chrome with Intune. With the increasing popularity of Intune, and the ability to replace Group Policy with Device Configuration, one area needs a bit more work to be managed. Third-party applications that support the GPO model can be used with Intune by importing ADMX from the vendor. It is the case for Google products, especially Google Chrome. We will demonstrate how to manage Google Chrome by importing Google’s admx for a similar approach as … Read More
Deploy Win32 Apps with Intune
Since September 2019, it’s possible to distribute Win32 applications using Microsoft Intune. This was a major show-stopper to go full MDM for Windows 10 devices for many companies and would keep using SCCM/MEMCM to fulfill this duty. In this post, we will detail how to deploy Win32 Apps with Microsoft Intune. We’ll deploy Google Chrome with the MSI installer as an example. Understanding the Basics First, let’s define what’s a Win32 application. Win32 applications are traditional desktop applications that run on Windows operating systems. With the increasing trend towards cloud management, organizations are looking for ways to manage Win32 apps from the cloud, which is where Intune comes in. Microsoft Intune is a cloud-based device management platform that enables organizations to manage devices, apps, and data. With Intune, IT administrators can manage and distribute Win32 applications to Windows 10/11 devices. There are several benefits to deploying Win32 applications with Intune, … Read More
Getting started with Microsoft Intune
If you have been following the SCCM community for the past months, you’ve been hearing a lot about comanagement, cloud management gateway, cloud distribution point, and Intune. You may also hear that SCCM is dying and that Intune is your only path in the near future to manage your company devices. The good news is that SCCM is not dead, in fact, it’s been rolling out new features quarterly in the past 3 years thanks to the new servicing model and the product group is not slowing down. The bad news is that… well, there’s no bad news… but as a sysadmin, you have a steep learning curve if you’ve not been following the “sccm intune modern management” storm from past months. . In this blog post, we will go over the basics to start with Microsoft intune. It supports Windows and a variety of devices. You may wonder why would … Read More
How to enable SCCM Co-Management
With the release of SCCM 1710, one of the key new features is the SCCM Co-Management possibility with Microsoft Intune. Comanagement enables some interesting features like conditional access, remote actions with Intune, and provisioning using AutoPilot. You can decide which feature is managed by which platform (SCCM or Intune). This is great to slowly phase into Intune. There are two main paths to reach to co-management: Windows 10 and later devices managed by Configuration Manager and hybrid Azure AD joined get enrolled into Intune Windows 10 devices that are enrolled in Intune and then install with the Configuration Manager client We will describe how to enable co-management and enroll an SCCM-managed Windows 10 device into Intune. SCCM Co-Management Prerequisites SCCM 1710 or later Azure AD Subscription EMS or Intune license for all users Azure AD automatic enrollment enabled Following our blog post, only configure Azure AD. Do not follow instructions … Read More
Import Windows Devices for AutoPilot in Microsoft Endpoint Manager
Windows Autopilot is a solution designed that allows you to set up and pre-configure Windows devices for your environment using Azure and Endpoint Manager. The goal of Autopilot is to reduce the OS deployment complexity. If done correctly, a user logs to an out-of-box computer, logs on his computer with his ADD user account, and applications and configurations get deployed. All that with minimum infrastructure requirements. If you are new to Autopilot, we have a post that describes every step you need to do to get started. Autopilot has its flaws but it’s improving very fast. One of those flaws was that device importation was made from the Windows Store for Business or the Microsoft Partner Center. Those days are over since you can now import your device directly from Endpoint Manager. Endpoint Manager Autopilot device import Launch Endpoint Manager Select Device / Enroll Devices / Windows enrollment In the Windows Autopilot … Read More
How to use Microsoft Defender for Endpoint antivirus security with Intune
Microsoft Defender has come a long way since the first few releases to become a leader in all all-things security-related. What was originally a standard antivirus solution has evolved into a full product suite. If you are looking to configure Microsoft Defender(Endpoint protection) with Configuration Manager, see our guide that is available in our shop This post will focus on configuring Microsoft Defender for Endpoint Security Antivirus by using Intune. Prerequisites Windows 10 or Windows 11 Aside from the Intune various licensing option you’ll need to manage your devices, there are no other requirements to use this feature. Create Microsoft Defender for Endpoint antivirus security profiles Connect to the Endpoint portal Browse to Endpoint Security/ Antivirus Click Create Policy. At this point, the Antivirus policies are split into 3 distinct sections. Microsoft Defender Antivirus This will essentially manage the core features. Microsoft Defender Antivirus Exclusions This will be the various … Read More
How to fix Azure Update Compliance missing devices
Azure Update Compliance has been around for a few years already. Originally part of Windows Analytics, it’s the only component that lived through the years. It has become more popular with the growing number of devices managed with Windows Update for Business. It is also useful for an environment that manages updates and feature updates with Configuration Manager. In this post, we’ll cover how to make the required change so devices report back to Azure Update Compliance. I recently did a check for a few clients and noticed that the number of devices in Update Compliance was drastically low or even almost empty in some environments. This is because of a change from Microsoft, that was enforced back in January 2022. Since devices were managed prior to May 2021, we need to adjust the configurations to fix Azure Update Compliance missing devices. If you are looking for how to use … Read More
How to use Desktop Analytics for Windows 10 Feature Update
Desktop Analytics is still a recent product and a small beast that require a bit of time and trial and error to get going. The goal of Desktop analytics is to give data to understand your environment prior to mass roll out a new Windows 10 Feature Update. Desktop Analytics isn’t a product to deploy a Windows 10 Feature Update. ConfigMgr remains the master of the actual deployment. In this blog post, we’ll detail real-world scenarios on how to use Desktop Analytics information to help during a Windows 10 Feature update deployment. Desktop Analytics Windows 10 Update Requirements See our previous post on how to setup Desktop Analytics and connect it to your SCCM/ConfigMgr/MEMCM environment prior to reading this post. Select devices to be evaluated by Desktop Analytics Here are a few questions to help determine which devices should be included. Should Windows 7 devices be included? Assuming you are … Read More
Manage Android devices without GMS using Microsoft Endpoint Manager
I was recently helping out a customer who wanted to manage Android mobile devices using Endpoint Manager for users in China. What is different from managing Android mobile devices for users in China and out of China? There is a significant difference and it is due to the services available on an Android mobile device that is required for managing the devices using Microsoft Intune. Microsoft Endpoint Manager provides 2 ways of protecting the mobile devices which are MAM-WE (Application management without enrollment) and Device enrollment (MDM). Following are some of the major differences between MDM vs MAM (app protection policies): MDM (Mobile Device Management) MAM(Mobile Application Management) Enroll devices Publish Apps Provision settings, certs, profiles Configure and update apps Auto install apps Secure corporate data within mobile apps Report and messure device compliance Report app inventory and usage Remove corporate data Remove corporate data Reset device Remote wipe (Corporate … Read More