In a recent project, I was involved in migrating endpoint workloads from SCCM/ConfigMgr to Microsoft Intune. A key part of this migration was transferring the Windows Update for Business (WUfB) workload to Intune, with the goal of managing Windows updates exclusively through Intune. However, after migrating the WUfB workload to Intune, I noticed that some devices continued to receive patches from SCCM. This discrepancy occurs because you will need to configure and assign update rings in Intune otherwise, SCCM will still manage the Windows update patching. To determine whether a device’s Windows patching is controlled by SCCM or Intune, you…
Author: Eswar Koneti
Two years ago, I wrote an article on how to disable or enable the auto-start feature of the classic Microsoft Teams application on Windows devices using Group Policy (GPO). For more details, please refer to my previous post: How to Disable or Enable Auto-Start of Teams Application Using GPO. With the release of the new Microsoft Teams, many of my blog readers have asked how to disable the auto-start feature for this updated version. Since the methods used for the classic Teams no longer apply, this blog post explores various options for managing auto-start with the new Teams. Managing Auto-Start…
Managing user profiles on shared or newly built Windows devices can be challenging, especially when dealing with stale profiles that haven't been active for a while. This need arises in various scenarios: For customers using Microsoft Intune, there’s a streamlined way to handle this issue. For customers using Microsoft Intune, there’s a streamlined way to handle this issue. If you are not using Intune to manage your endpoints yet (if co-managed, make sure the device configuration workload is moved to Intune), you can still leverage GPO to do the same. Here’s a step-by-step guide to leveraging Intune for automatically deleting…
During a recent Windows 11 migration project for a customer, I encountered some challenges using Intune (WUfB) to upgrade devices. As part of my troubleshooting efforts (collecting the windows device logs), mostly conducted remotely, I encountered an unexpected issue with the traditional Windows Update command-line tool, WUAUCLT.exe, which was no longer effective on Windows 10 and later versions. After looking into the issue, I discovered that WUAUCLT.exe has been replaced by USOClient.exe (Update Session Orchestrator Client). This newer tool serves to force scans, downloads, and installations of updates, essential for effective troubleshooting. For instance, I utilized the command-line switch USOClient.exe…
The term "Chassis Type" refers to the physical form factor or case design of computer hardware. Essentially, it defines the shape, size, and overall configuration of the computer enclosure that houses all internal components. This specification is crucial as it determines the design and compatibility of the components that can be accommodated within the system. Where Chassis Type Information is Stored: On Windows devices, details regarding the chassis type are stored within the WMI class "Win32_SystemEnclosure". For those unfamiliar, WMI (Windows Management Instrumentation) provides a comprehensive infrastructure for managing and querying system data on Windows operating systems. You can deeper…
Exporting entra ID group members (transitivemember) with PowerShell: Recently, while working with Intune deployments, I was asked to extract devices from a specific group into a CSV format. This task seemed straightforward, but the problem arose when attempting to gather all members, including those within nested groups. While the Intune or Entra ID portal offers a convenient option to export members using direct members, bulk operations, and a simple click on "Download members," it falls short when it comes to exporting devices associated with nested groups. This limitation spurred the exploration of alternative methods, leading to the discovery of PowerShell…
Microsoft Configuration Manager (SCCM) remains a cornerstone for IT administrators aiming to streamline patch management and software updates. However, as many sysadmins experience, ensuring high compliance in software update deployments can be challenging, particularly in large environments. Here, we explore strategies to enhance SCCM's capabilities, leveraging advanced tools and automation to address common hurdles. Identifying Common Challenges in SCCM Updates In SCCM deployments, issues such as partial compliance, timing constraints within maintenance windows, and troubleshooting failures are prevalent. These problems often stem from: · Inadequate visibility into endpoint status across the network. · Limited control over the timing and sequence…
In a recent transition from Citrix VDI to AVD (single and multi-session), the AVD devices are being efficiently managed by SCCM and Intune (co-management). As part of routine maintenance, we have implemented a weekly reboot schedule for our AVD devices to ensure optimal performance and security. To achieve this, I created a simple package with a command line (shutdown –r –f –t 300 “Rebooting the device as part of weekly maintenance”) for rebooting the devices weekly. From the time, the weekly reboot job implemented, there were no issues until someone reported to team that AVD device was rebooting daily at…