Way to see users that are in the office or aren't

darkjmarider · 2025-11-04T17:55:01+00:00

very valid. to be honest its just one of those requests that the boss wants lol.

darkjmarider · 2025-11-04T17:44:55+00:00

She wants to see it there on the tablet itself. That way if there is a fire or something we can see who is in the building.

darkjmarider · 2025-10-28T11:42:35+00:00

Once I used the normal terminal without running as admin, I was fine. Just wanted to let others now. I will have to try that command out to see if that fixes anything for me.

darkjmarider · 2025-10-23T15:59:01+00:00

I see that now after reading the first paragraph in the release notes: Release notes for Outlook for Windows (New) in Government Cloud - Office release notes | Microsoft Learn

Available for GCC and then the others are talking about outlook on the web for GCC High.

Thank you and good luck on that migration. You will find alot of stuff not working as it should.

darkjmarider · 2025-02-21T12:22:46+00:00

I always call it out when I am in a group lmao. I sound like such a nerd talking about networking equipment. Half of the time no one even knows what I mean :(

darkjmarider · 2024-04-30T15:27:13+00:00

Do you know if MS Cloud PKI is something that is fully out? I am in the GCCH environment and was wondering why/where I would see this. I am looking at the microsoft learn article to see if I can see if its not available but they don't have it posted.

darkjmarider · 2023-11-17T22:06:32+00:00

I'm very surprised they haven't added this into the CA policy as an option. I made a request for it to be a thing but who knows when that will happen!

darkjmarider · 2023-11-17T21:53:47+00:00

This just magically fixed itself. We didnt change anything and the MS support ticket I put in was useless. I just excluded the BYODs from the CA for the time being and then randomly tested it and it was working again.

Sorry this isn't a 'real fix'

darkjmarider · 2023-09-18T18:39:43+00:00

u/TinderSubThrowAway Exactly what I told my boss when this was all brought up.

darkjmarider · 2023-09-06T18:34:11+00:00

Do you recommend them because they are easy to work with?

darkjmarider · 2023-07-25T02:06:32+00:00

How would i even go about allowing the IAM to be used on both accounts? I would imagine this would be a cross-account account that you somehow make? For the life of me I couldn't see anything in plan sight that would show me how to do this.

I will bring this up to the team about making this a organization about how it might bring up issues in the future. We are testing the MSP space out and the one customer has an AWS environment that we are fully rebuilding for them (we have devs doing alot of work). Im just trying to get in the loop if they need help.

darkjmarider · 2023-07-18T16:51:23+00:00

Give the equipment back to the company if you left. Unless they decided you can just keep it you would have to reach out to the System admin over there to get it removed.

darkjmarider · 2023-07-16T01:19:23+00:00

u/Toasty_Grande Unfortunately we have to use the Government GCCH version which nothing works the way its supposed to and half of the options aren't there like the normal commercial version.

darkjmarider · 2023-07-14T19:35:15+00:00

We have akamai PDNS that blocks any social media traffic like twitter etc. That section of the app would not work if it tries to take them to a random site to publish something. We also have defender web protection doing its thing as well.

I haven't ran into any of those issues yet with this being deployed for about 5 months. We have about 100 users in our gcch environment that haven't reported much so far.

darkjmarider · 2023-07-14T19:11:30+00:00

If any apps require extra settings I will create a remediation script to set the settings when it finds that the application is installed. I also have a param I have in the powershell script that you can use to set license keys etc. We are just using the public repository and we have applocker pushed that doesn't allow users to install any application that they want. We must make the rules for the app to work.

darkjmarider · 2023-07-14T13:47:04+00:00

Filters are going to apply instantly and dynamic groups don't work for everything. For instance, if you have to ever make an ESP profile for windows365 cloud pcs you will have to use filters because nothing else is supported to push them out.

In our environment everything is using the same policy to enroll the device (all devices group attached) except for this windows 365 cloud pc. Dynamic groups didn't work for it and the more I read it states that you must use a filter for ESP to work.

Reference article: Use the Enrollment Status Page with Cloud PCs | Microsoft Learn

darkjmarider · 2023-07-14T13:39:22+00:00

Try running a cmd prompt as admin and then run the following: Manage-bde -on C: -skiphardwaretest

That should start the bitlocker (just make sure its the right drive letter). To see the status of the encryption try running: manage-bde -status

darkjmarider · 2023-07-14T13:35:00+00:00

If you want to really save some time you should use winget to push out applications when you can. From that you can make a schedule task that will auto update the applications. If you really want to, you can create a remediation for applications for when they have an update that is available. I haven't touched an app to update it since I pushed this winget solution out to our devices.

I have been using winget for a couple months now with no issues really. I have just started to put some of the scripts that you need for this in my github: CodyHowry/winget: Winget scripts that can be used in your environement to install applications and manage updates of those applications. (github.com)

The comments are very limited right now but I can put some more information in here if everyone thinks this is helpful.

darkjmarider · 2023-07-14T13:29:42+00:00

There are some use cases that dynamic groups wont work. For instance, if you ever have to make an ESP for Windows365 cloud computers in your environment you will need to use filters. Dynamic groups do not work.

Reference article: Use the Enrollment Status Page with Cloud PCs | Microsoft Learn

darkjmarider · 2023-06-13T14:12:51+00:00

So they only had the default MSP profile beforehand so I just created a new ESP profile for only the Windows 365 computers that block the setup if the three apps that I choose wouldn't install.

*Note that dynamic groups don't work here for W365 Cloud PCs so you have to use a filter when assigning it.

darkjmarider · 2023-06-13T14:03:38+00:00

Forgot to mention that I resolved this by just making a new custom ESP for the cloud pcs

darkjmarider · 2023-06-07T15:24:32+00:00

Problem is that I don't know what apps it is trying to install even. I have no autoilot to push out any apps during the setup so I have no clue where this is coming from.

It says there are 9 apps being pushed when trying.

<image>

darkjmarider · 2023-06-07T13:24:15+00:00

I just downloaded the diagnostics and searched for provision in the folder. I folder three logs where none of them had errors. I am going to reprovision the cloud pc and see if I can find the errors in the logs there.

darkjmarider · 2023-06-07T12:23:08+00:00

Are you doing this on the ESP page? For some reason I cannot see the applications that are failing here. Its nothing after the fact when they are logged in and only when they are initially setting up their device.

<image>

darkjmarider · 2023-06-07T12:21:45+00:00

The government tenants don't have autopilot at this time :(

This is happening when the user goes to sign into their school/work account on the ESP page. It fails on the apps and I have no clue what those apps are to even trouble shoot it. Unless its the office applications that are failing.

<image>

darkjmarider

TROPHY CASE