How to enable Co-Management in SCCM 1902

Adam GrossSCCM3 Comments

It’s been over a year since our initial post about enabling Co-Management. Several improvements have been made so it’s worth revisiting the Co-Management SCCM 1902 topic. Co-Management SCCM 1902 Prerequisites Azure Subscription Azure Active Directory Premium Microsoft Intune subscription OR Enterprise Mobility + Security (EMS) subscription Client computer using Hybrid Azure AD Joined (domain + AAD joined) using Azure AD Connect. Enable SCCM 1902 Co-Management Navigate to Administration / Cloud Services / Co-Management and select Configure Co-Management Click Sign In to enter your Intune credentials. After signing in, click Next. Configure Automatic enrollment in Intune. Select None or Pilot at this time. You can … Read More

How to Install and Configure Azure AD Connect

Adam GrossSCCMLeave a Comment

If you have an existing on-premises Active Directory infrastructure and plan to use SCCM Co-Management, you will need Azure AD Connect. This post will cover installing Azure AD Connect and configuring Hybrid Azure AD Join and Seamless Single Sign-On using Password Hash Sync. There are many additional options that are covered in the Microsoft Docs. This post assumes you already have an Azure Active Directory tenant and have added your custom domain to Azure AD. Where to Get Azure AD Connect Log into your Azure AD Tenant by going to Click Azure Active Directory Select Azure AD Connect Click … Read More

Identify SCCM CMG Clients using console, collection and report

Benoit LecoursSCCM1 Comment

In a recent project, I was asked to install an SCCM Cloud Management Gateway The CMG provides a simple way to manage SCCM clients on the internet. Once the installation was made and working, I was asked to identify the number of machines that were connecting to the SCCM CMG. Hopefully, there’s a couple of ways to identify your CMG clients. This blog post will describe the different way to identify your CMG client and we are also providing a free SCCM CMG report at the end of this post. Method 1 – From the Monitoring Pane The first method … Read More

Migrate Office 365 Architecture from 32-bits to 64-bits using SCCM

Benoit LecoursSCCM2 Comments

In the past, if you had a computer with Office 365 32-bit version and wanted to migrate to the Office 365 64-bit version, you needed to uninstall the existing 32-bit version before installing the 64-bit version. Now, the Office Deployment Tool and its configuration files support a new attribute: MigrateArch. When set to True, the Office 365 installation will be migrated to the architecture specified in the OfficeClientEdition attribute. Another great feature is that MigrateArch, will preserve all the installed products, languages and other deployment settings. If desired you can also make changes to the installed products and languages. In … Read More

Use Powershell to generate certificates for your lab

Thomas LarsenPowershell, SCCM1 Comment

Certificates are becoming more and more important and are used almost everywhere and many solutions need a certificate to even start up. In production, you should have a healthy PKI solution up and running, but in your lab environment or if you just want to quickly test things without involving your company’s PKI-guy you can use PowerShell to quickly spin up certificates. Here’s how to use Powershell to generate certificates in your lab : Create a Root CA First we’ll create our root certificate. Copy the Thumbprint of your newly generated root cert into notepad ,you’ll need it later. This … Read More

Enable SCCM Distribution Point Maintenance Mode

Benoit LecoursSCCMLeave a Comment

SCCM Distribution point maintenance mode is a new feature available in SCCM 1902. Following Microsoft documentation, you can enable maintenance mode when you’re installing software updates, or making hardware changes to the server. During maintenance mode the SCCM distribution point can/can’t: The site doesn’t distribute any content to it Management points don’t return the location of this distribution point to clients The distribution point properties are read-only. For example, you can’t change the certificate or add boundary groups When you update the site, a distribution point in maintenance mode still updates Any scheduled task, like content validation, still runs on … Read More

SCCM 1902 Step-by-Step Upgrade Guide

Benoit LecoursSCCM22 Comments

 Microsoft has released the first SCCM version for 2019. Microsoft still uses the same standard naming versions. You can begin upgrading your SCCM Current Branch environment to the latest 1902 release. If you want to install the latest updates, this post is a complete step-by-step SCCM 1902 upgrade guide. If you’re looking for a comprehensive SCCM installation guide, see our blog series which covers it all. You won’t be able to install SCCM 1902 if you are running SCCM 2012, but 1902 this is the new baseline version. This means that if you’re downloading the source from Volume Licensing, 1902 … Read More

Monitor and identify SCCM Maintenance Windows

Benoit LecoursSCCM1 Comment

During a recent SCCM Assessment, I encountered a customer having hundreds of Maintenance Windows. I had to identify which collection and which devices were assigned those SCCM Maintenance Windows. SCCM has only 1 built-in report for Maintenance Windows monitoring (Maintenance windows available to a specified client). This report lists all maintenance windows that are applicable to a specified client. This is fine but what if I need to have the maintenance window on multiple clients or collections? It would also be nice to have a list of all collection on which there’s maintenance window applied. Free SCCM Maintenance Windows Report … Read More

Deploy Windows Server 2019 using SCCM Task Sequence

Stephane FaubertSCCM5 Comments

In this post, we will deploy the recently released Windows 2019 with SCCM 1810. We will describe how to create a SCCM Windows 2019 deployment task sequence and deploy it to your servers. If you are already deploying Windows 10 in your environment, or even Windows Server 2016, chances are that you won’t need to change anything in your environment. This task sequence will help you deploy a “vanilla” Windows Server 2019 Standard edition using the default Install.wim from the Windows 2019 media. This means that you’ll end up with a basic Windows 2019 with the SCCM client and nothing else. You will be able to edit … Read More

Block Apple Facetime Built-in App with Microsoft Intune

Nicolas PilonApp Protection Policies, Intune, SCCMLeave a Comment

Block Apple Facetime Intune

A new bug was discovered with Apple’s Facetime app that gives the caller the ability to listen to the other device and even watch the video without approving the call. This vulnerability is not giving access to corporate data or personal information, but have more consequences on personal level. Even though Apple temporarily kill the switch of the service and seems to have solved the problem via a future software update, there are some actions that can be made if you want to avoid trouble. You can manually turn off the Facetime app with iOS and MacOS. But, can we … Read More