With the release of SCCM 1710, one of the key new features is the SCCM Co-Management possibility with Microsoft Intune. Comanagement enables some interesting features like conditional access, remote actions with Intune, and provisioning using AutoPilot. You can decide which feature is managed by which platform (SCCM or Intune). This is great to slowly phase into Intune. There are two main paths to reach to co-management: Windows 10 and later devices managed by Configuration Manager and hybrid Azure AD joined get enrolled into Intune Windows 10 devices that are enrolled in Intune and then install with the Configuration Manager client We will describe how to enable co-management and enroll an SCCM-managed Windows 10 device into Intune. SCCM Co-Management Prerequisites SCCM 1710 or later Azure AD Subscription EMS or Intune license for all users Azure AD automatic enrollment enabled Following our blog post, only configure Azure AD. Do not follow instructions … Read More
How to fix Azure Update Compliance missing devices
Azure Update Compliance has been around for a few years already. Originally part of Windows Analytics, it’s the only component that lived through the years. It has become more popular with the growing number of devices managed with Windows Update for Business. It is also useful for an environment that manages updates and feature updates with Configuration Manager. In this post, we’ll cover how to make the required change so devices report back to Azure Update Compliance. I recently did a check for a few clients and noticed that the number of devices in Update Compliance was drastically low or even almost empty in some environments. This is because of a change from Microsoft, that was enforced back in January 2022. Since devices were managed prior to May 2021, we need to adjust the configurations to fix Azure Update Compliance missing devices. If you are looking for how to use … Read More
How to send SetupDiag Result in your SCCM Inventory during a Windows 10 Feature Update
Windows 10 Feature updates can be tricky for many reasons. Fellow SC Dudes, Adam Gross, created a free and easy-to-implement solution to help debug and track down Feature Update logs. This solution will describe how to send SetupDiag Result in your SCCM Inventory during a Windows 10 Feature Update. Along with our previous post to track down Windows 10 Feature Update hard blocks, will greatly ease Windows 10 Servicing. Windows 10 SetupDiag SCCM Inventory Benefits Centralized log for any on-prem Feature Update attempt SetupDiag details stored in Hardware Inventory, which can be monitored by SQL query/reports and PowerBI While we recommend sticking to Feature Update to deliver new Windows 10 builds, this solution will work the exact same if a Task Sequence is used to do an upgrade. In this post, we’ll detail how to implement the Windows 10 Feature Update script to include it in your SCCM Inventory. This … Read More
Troubleshoot Windows 10 Update hard block
Windows 10 Feature Updates can be tricky to troubleshoot. The trick is to find relevant information about what’s causing the Windows 10 Feature Update to fail. In a previous post, we covered the Windows 10 Feature update error 0XC1900208. This is still accurate and possible that it happens for a Feature Update to Windows 10 20h2. We followed the instruction in the blog post to find what’s preventing the Feature Update to run. We start to test the Feature Updates from Windows 10 1809 to 20h2 at a client site. Our previous post was not helping, since running Setup.exe manually returned a restart error. We restarted the machine without success. This was not the problem. In this blog post, we’ll describe how to troubleshoot Windows 10 Update hard blocks using various methods. Troubleshoot Windows 10 Update hard block The first place to look is in the Windows Panther folder: Browse … Read More
Monitor SCCM Task Sequence Progress
When deploying Windows 10 operating system using SCCM (OSD), you will need to monitor SCCM task sequence progress. This allows us to track task sequence start, end time and most importantly errors (if any). Our post will show 4 different ways to monitor SCCM task sequences. Each of them has its own benefits and drawbacks. Monitor SCCM Task Sequence Using the Console You can view the progress of a task sequence using the SCCM console. This method is simple and easy but permit to see the status of only one machine at the time. If your deployment staff don’t have access to the console or view deployment status, this option is not for you. Open the SCCM Console Go to Monitoring / Deployments Search and right-click the deployment linked to your Windows 10 task sequence On the menu, select View Status In the Deployment Status screen, select the In Progress tab for a running … Read More
How to configure Delivery Optimization with Intune
Microsoft has been hard at work to optimize content delivery since the release of Windows 10 and Office 365. While not perfect at the beginning, the offer is now really great and offer many supported methods to ease the huge content that needs to be distributed month after month. Delivery Optimization is a key component included in Windows 10 since the beginning and recently added to Office 365. Combining Delivery Optimization Intune with Windows update for business will greatly help content download from the Internet. In this post, we will provide details to configure Delivery Optimization for Windows 10 and Office 365, by using Microsoft Intune. This post is part of a series on Windows Autopilot that will be published in the following weeks. In the next posts, we will cover the following subjects : Getting started with Windows Autopilot | Step-by-step guide How to deploy Win32 Applications in Microsoft … Read More
How to migrate Windows Analytics to Azure Portal
Microsoft has announced a while ago that the OMS Portal, used for Windows Analytics, was being deprecated in favour of Azure’s Log Analytics. In order to keep access to Windows Analytics intact for all your users, a “migration” must be done prior to January 15, 2019. A warning is currently displayed when you log on the to-be-deprecated OMS portal. In this post, we will detail how to migrate Windows Analytics from the OMS Portal to Azure’s Log Analytics. Azure Windows Analytics migration Log on the Azure Portal Browse to Log Analytics. This should be empty if you don’t have Global admin rights and had rights to the OMS portal You must use a Global admin account. Looking at the rights of the OMS workspace for Windows Analytics, users or groups should have either ReadOnly, Contributor or Owner role assigned. Those roles are OMS’ roles, not Azure roles. Rights need to be modified to one of the following Azure Roles. Microsoft recommends … Read More
Automatic Windows 10 PC Enrollment in Microsoft Intune or SCCM
The process of enrolling your Windows 10 computers in Intune should be as simple as possible for your users. If you’re using Azure Active Directory in your organization, the enrollment process can be made automatically when a user joins it’s device to AAD. It couldn’t be simpler. The process is the same rather for Intune Standalone or Hybrid mode (integrated with SCCM) Windows 10 Intune Automatic Enrollment Prerequisites CNAME DNS Entry created on your domain for automatic name resolution A valid Intune Tenant (Standalone or SCCM Integrated) Azure Active Directory Premium enabled For this post, we’ll be using a Windows 10 1703 device but the process is the same for Windows 10 1607 and slightly different for older versions but is supported. CNAME DNS Follow our Intune Preparation post for the steps to create CNAME entry. The Azure portal let you test your configuration Open the Azure Portal Go to Intune / Device Enrollment / Windows … Read More
How to Configure SCCM Delivery Optimization Task Sequence
Windows 10 brings a new feature to optimize network performance when it comes to Windows Update. This feature is called Delivery Optimization. Delivery Optimization is a cloud-based service that allows computers on the same network to share updates files to prevent reaching out to Windows Update directly or to a remote WSUS. Windows 10 clients must have access to the internet to be able to leverage Delivery Optimization to establish a peer-to-peer connection to another Windows 10 computer. This blog post will describe how to configure SCCM Delivery Optimization Task sequence. With that said, Delivery Optimization as the potential of doing the opposite of what it was designed for. By default, the Download mode is configured in LAN Mode. This means that every computer going on the internet through a single IP address like many businesses do will be considered in the same LAN network. This means a remote office could be considered local, then … Read More
How to use the Windows 10 Security baseline
Microsoft has been releasing Security baseline since the Windows XP days. Windows 10 is no exception to this, except now there’s a new release of security baseline following each major build of Windows 10. The concept of the Security Baseline is to provide Microsoft guidance for IT administrators on how to secure the operating system, by using GPOs, in the following areas : Computer security User security Internet Explorer BitLocker Credential Guard Windows Defender Antivirus Domain Security Implementing the security baseline in GPOs is not a complex or long task. The challenge that the security baseline provide is that it will expose areas of the environment that are not secure. This means that to follow all Microsoft security guidelines, it would be required to fix many other systems outside of Windows 10 to achieve this. In this post, we will describe what is the Security baseline, how to use them … Read More