I was recently working on an assignment to manage windows 10 devices using Microsoft Intune. One of the ask is to Block the write access to the mobile storage devices when the user plugs into the windows device and Allow write access to the removal data drives (thumb drives) if they are bitlocker protected. I started looking into the intune device configuration policy to find the relevant settings. 1. Block the write access to the mobile storage devices on windows device To block write access to mobile storage, I have found 2 settings under the device restriction, in general tab,…
Author: Eswar Koneti
We all know that Microsoft BitLocker Administration and Monitoring (MBAM) is an administrative tool for managing BitLocker Drive Encryption for windows devices that are on-prem domain joined. MBAM mainstream support ended on July 2019 and is currently in extended support until April 2026. To know more about mainstream support and extended support, please read the article https://learn.microsoft.com/en-us/lifecycle/policies/fixed. Considering the support for MBAM, what other alternative tools/products do we have to manage the BitLocker feature? Microsoft has incorporated the MBAM features into Configuration Manager (SCCM) starting in version 1910, since then it has improved a lot with new features and improvements.…
Did you ever had difficulties importing, exporting or migrating the SSRS reports from one Configuration infra to other ConfigMgr infra? If so, how do you migrate reports ? When i work with my customers on the hardware migration of the SCCM and especially the SSRS reports, i always use the tool rather powershell scripts. To get the SSRS Reports from the Configuration Manager , you can either run the SSRS reports,download the reports manually into rdl format and upload to other SSRS report server. This is applicable when you have single digit reports. What if you have large number of…
Azure AD Multi-Factor Authentication (MFA) works by requiring two or more authentication methods for a user to gain access to applications. Multi-factor authenticator in Azure AD can be set using different methods such as Microsoft Authenticator, Phone number, Email etc.One of the easiest MFA methods that doesn't require any user configuration and can be configured in the backend is Phone Number.With phone number as an authentication method, users can choose to receive a text message with a verification code to enter in the sign-in interface or receive a phone call.To read more information about how Azure AD multi-factor authentication works,…
Introduction: As a SCCM Configmgr administrator, one of your key responsibilities is to ensure the health of SCCM clients for tasks like application deployment, software updates, and inventory management. Oftentimes, you may encounter situations where you need to identify computers that haven't contacted the server in a specific number of days or determine the clients with outdated policy requests or communication gaps. This blog post aims to guide you on creating an SSRS report to present this information, allowing for easier troubleshooting and maintenance of SCCM clients. Retrieving Client Activity Information: In the Configuration Manager (ConfigMgr) Console, you have the…
SCCM CMPivot query success but returns no data–account smsdbuser_ReadOnly does not exist
I was recently involved in a task to have the Intune deployments targeted to multiple groups (Pre pilot, pilot, and prod). Each phase has a large set of devices from various regions and they all have different naming conventions too. All the devices are hybrid Azure AD joined. The list of devices from each phase is available (static) but how do we add these devices to the Azure AD security groups? Creating the dynamic Azure AD security groups does work when you want to add the devices with specific criteria such as naming, OS or country, or any other set…
There was recently a discussion on twitter on how the bitlocker encryption is being enforced using intune and what the possible ways to bring the device into compliant state post the bitlocker task is done. Read the conversation here Based on the discussion, I thought I would probably write a blog post on how to handle the situation of device reboot for bitlocker compliance check. This is something that I am using it for quite sometime and thought to share it with public. Microsoft Intune allows the creation of compliance policies for Windows, Android and iOS, and Mac OS with…