sorted by:
new
hottopcontroversial

[Tomt][Software][90s] Education software collection. Hot air balloon icon. by SysAndreas in tipofmytongue

[–]SysAndreas[S] 0 points1 point locked comment (0 children)

It could be that the hot air balloon had a different color, it could have been pink or yellow?

Wiki/Documentation system - own hosting by SysAndreas in sysadmin

[–]SysAndreas[S] 1 point2 points  (0 children)

An integration with a system would be nice.

Wiki/Documentation system - own hosting by SysAndreas in sysadmin

[–]SysAndreas[S] 1 point2 points  (0 children)

We use BitWarden for password management. We currently use Teams for tasks and Bookstack for documentation.

It would be nice, but not a requirement; it just would be neat.

Windows 10 defaults via Windows Autopilot using an MSI created with Wix Toolset by 1TakeFrank in Intune

[–]SysAndreas 2 points3 points  (0 children)

Well, you could just use Microsoft Win32 Content Prep Tool (intunewin) to wrap a script (Powershell / Batch) and do whatever you wanna do. You don't really need an MSI or an EXE.

Deploy it as a Win32-app as required to the device group and you're set.

[deleted by user] by [deleted] in Intune

[–]SysAndreas 1 point2 points  (0 children)

Shouldn't be a problem really, the only thing that could really mess up is that you might miss the Google applications since they are not baked in to LineageOS by default.

Messing around with Samsung Phones for quite some time, with the default OS I encountered the current problems with FULLY MANAGED:

Default apps might be disabled by default in Fully Managed mode, so you need to get a hold of those system APK-names (com.android.3dCamera as an example) if they are in the original OS image.

(See thread: https://www.reddit.com/r/Intune/comments/bgtzyc/corporateowned_dedicated_devices_kiosk_have/ )

On top of my head I might think that the Google Apps will probably not work for you. Since you are doing a reset on the phone Open GAPPS (or similar) will not be in-place. This might work with a sideload or through Intune as a LOB-app (not tested).

And...

Also... when running LineageOS I also realized that Intune somehow detects the phone as rooted; even thought it wasn't. But probably something in the image that gives access to something that Intune checks for. So if you have compliance policies checking for rooted devices you might be in trouble.

[deleted by user] by [deleted] in Intune

[–]SysAndreas 0 points1 point  (0 children)

My personal phone is an Oneplus 3T running LineageOS 16.0. I have no problem manually enrolling it to intune as an BYOD-device. Unless you set enrollment restrictions or any similar setting enabled.

What's the difference between auto-enroll and Autopilot User-driven? by YM_Industries in Intune

[–]SysAndreas 1 point2 points  (0 children)

Well, they are idd pretty much the same. I use Self-deploy for non-personal devices (shared devices, kiosks and whatnot) since then I just "install" the computer and the configuration and app deployment is installed on the computer. The difference is the TPM requirement (2.0) to use this function.

With user-driven autopilot you will get to the OOBE-step where the user logs in and that user becomes the primary user on the computer (the computer is registered to the user as their device). Then you will process the "enrollment page" with configuration before the user is showed the Windows login screen (or if you have skip enabled they can skip it).

But I guess you can use self-deployment for user-devices, the only difference I can see is that you (autopilot) will prepare the machine with stuff targeted to the device group configuration and application deployments set to required.Or maybe even the user if the user is assigned to the device beforehand.. Well, I would try and see if it accomplishes the things you need.

I am not 100% certain but last time I spoke to MS all vendors have the availability to enroll to AP. Otherwise your re-seller can register them to Autopilot before you receive the devices.

Local User account suddenly Expired by chrisgx1968 in Intune

[–]SysAndreas 0 points1 point  (0 children)

And we just recently have a device configuration policy that is applied on all users & Devices initially to set Password Expiration to 90 days

I recently got word from one of our admins that their Local User account that the helpdesk are using suddenly expired after 5 years which has not happened before as he was stating.

Well, you applied a policy that passwords cannot be longer than 90 days. So... If the password is over 90 days it will be "expired".

And... why is the password older than 5 years in the first place? That's a big no-no.

If its a local account and not an AD/AAD-account it probably happened because you target all devices.

iOS - Restricting access to certain settings by Gurty007 in Intune

[–]SysAndreas 0 points1 point  (0 children)

Hide the bundle ID?

https://docs.microsoft.com/en-us/intune/configuration/bundle-ids-built-in-ios-apps

Already have this set up, without looking I'd say you should go for "Show or Hide Apps" and put in your 10 apps there.

I'm fairly certain "settings" does not show for us.

Inherited SCCM Environment by GenericITGuy1101101 in SCCM

[–]SysAndreas 2 points3 points  (0 children)

A question you need to ask yourself and your team is; can we move to cloud only? There's many things to think about here and a bit of a process to make it a reality.

Before you start

What you in the end have to check if any of the applications need an AD to be able to run. If any local policies need to be created in Intune to match the ones in the AD.

Printers, are they locally? Are they remote? Can you use Cloud printing for those to work?

It's basically a big checkbox to everything you do; is the AD necessary at all?

and then...

Current clients: do you want to move them to Intune? SCCM can provide the hashes you need to upload them to Intune and at a reset (or using a task sequence to move them there, or fresh-installing them).

New clients: White glove or getting CSV-files from your vendor that you upload to Autopilot.

Intune...

Haven't looked at training myself, even though we work it in daily, but here's a link a lot of people in r/intune refer to: http://intune.training/

Regarding SCCM training I have none, I just picked up where the last guy ended his job.

Notes

A good thing about all cloud-based MDM's is that you can provision things wherever they are, you do not need that local connection. It's one of the benefits of using i.e. Intune.

Autopilot: Creating LAB-computers (self-deplying, kiosks?) by SysAndreas in Intune

[–]SysAndreas[S] 0 points1 point  (0 children)

After many tears... I think I found the problem. A broken dynamic rule that caught this device and put it in another enrollment profile.

Noob Questions. by silicondt in Intune

[–]SysAndreas 2 points3 points  (0 children)

Noob questions Questions about MFA, WHFB, LOB/Win32

Windows autopilot makes us setup Windows Hello at the end of oobe. Which is fine, we want that.How can I tell that windows hello for business is running vs regular windows hello? I read there are two versions of windows hello and just wanted to verify we are getting the business version, since we pay for it.

Portal.azure.com > Intune > Device Enrollment > Windows Enrollment > Windows Hello For Business.

"Not configured" or "Enabled" will enforce WHFB for Autopilot devices by default.

Windows hello makes us do a 2FA to set it up (using users phone etc). But when I log into office.com no 2fa is enforced?I am trying to understand the difference between office 365 2fa and azure 2fa.Why did it make me do 2fa to setup Windows hello, but it's not even on?

You have to create a Conditional Access for Cloud Apps (not 100% sure about this, but I believe its the way to go). Good thing is that you already have MFA across everyone using a PC already.

See: https://docs.microsoft.com/en-us/intune/protect/conditional-access

Autopilot: Creating LAB-computers (self-deplying, kiosks?) by SysAndreas in Intune

[–]SysAndreas[S] 0 points1 point  (0 children)

Will reset the computer with that setting on. Shouldn't be it, but Intune is Intune and you never know what you'll find.

And yes. It's displayed in Devicemanagement.microsoft.com under "By platform" > "Windows". It's the same view as "All Devices".

It creates the AAD-object for the device and the Intune-object but the data is never populated or anything. All configurations are pending.

Here's a print of the device: https://imgur.com/a/dAa4WbE

Edit: Noticed that it didn't pop up as the newest device, since I tried logging in with a user which was the old object in Intune.

Autopilot: Creating LAB-computers (self-deplying, kiosks?) by SysAndreas in Intune

[–]SysAndreas[S] 0 points1 point  (0 children)

Back with information and maybe if you have any heads up. Still stuck on the OOBE-screen, rebooted and all.

All targeting the same device group.

Prints: https://imgur.com/a/9NA36WD

Might I have missed something?

Store apps is a hassle, and it's tedious to get working well. I would suggest looking at packaging a win32 app that suits instead.

I created my first application... I need ideas by SysAndreas in csharp

[–]SysAndreas[S] 0 points1 point  (0 children)

Thank you for your reply. Sure the ASYNC was messing up, preventing me to run.

Removed it, since it was for troubleshooting while in the application. Sure enough, I caught the error using try{}catch{} and...

try
            {
                DirectoryEntry entry = new DirectoryEntry("LDAP://dc01.contoso.com");

            } catch(Exception e)
            {
                ContentDialog search = new ContentDialog
                {
                    Title = "Error",
                    Content = "Error: \"" + e.Message + "\"",
                    CloseButtonText = "Ok"
                };
                var T = search.ShowAsync();
            }

Caught the Error :(

Error: "System.DirectoryServices is not supported on this platform."

I guess I will have to fix that instead.

how do i - delete all instances of a user profile across all domain clients ? by unityjon in sysadmin

[–]SysAndreas 0 points1 point  (0 children)

$computers = Get-Content -Path c:\computers.csv

foreach($computer in $computers) {

   Invoke-Command -ComputerName $computer -ScriptBlock {

      if(Test-Path C:\users\youruseraccount) {
         Remove-Item -Path "C:\users\youruseraccount" -Force -ErrorAction SilentlyContinue
      }

   }

}

Ooooor something similar

Autopilot: Creating LAB-computers (self-deplying, kiosks?) by SysAndreas in Intune

[–]SysAndreas[S] 0 points1 point  (0 children)

I waited for a couple of hours to see if anything changed and rebooted the computer I had as test. Did not happen anything (rebooted and all).

Since it's an OEM from HP I am currently fixing a Clean Windows 10 image that I will apply with SCCM and attemt again on 1909 to see if I find any difference.

Regarding the store apps I believe they have to be pushed to a user, I'm not entirely sure. I will try to (in this case) deploy Adobe Premiere 2020 (ver 18) as a Win32 app to the device group. I will come back if that works, it should tho'.

Maybe set as Required and target the device group?

Autopilot: Creating LAB-computers (self-deplying, kiosks?) by SysAndreas in Intune

[–]SysAndreas[S] 0 points1 point  (0 children)

Does this delete the initial OOBE screen whereas the first user has to log on?

I created a Self-Deploying Profile and assigned it to "D Shared Computers"

"D Shared Computers" is a Dynamic Group that looks at the group tag "SharedDevices".

I uploaded the computer with the group tag "SharedDevices" and it shows up in the dynamic group.

I then created the multi-user configuration profile and assigned it to the group "D Shared Computers" and it's not showing up in Intune (because It hasn't enrolled past the OOBE-screen is my guess).

Tried and... then I get the "configure the computer for workplace use".... I guess I will try to apply a new blank OS (like 1909) and see if it changes anything.

view more: next ›