I was recently involved in a task to have the Intune deployments targeted to multiple groups (Pre pilot, pilot, and prod). Each phase has a large set of devices from various regions and they all have different naming conventions too. All the devices are hybrid Azure AD joined. The list of devices from each phase is available (static) but how do we add these devices to the Azure AD security groups? Creating the dynamic Azure AD security groups does work when you want to add the devices with specific criteria such as naming, OS or country, or any other set…
Author: Eswar Koneti
There was recently a discussion on twitter on how the bitlocker encryption is being enforced using intune and what the possible ways to bring the device into compliant state post the bitlocker task is done. Read the conversation here Based on the discussion, I thought I would probably write a blog post on how to handle the situation of device reboot for bitlocker compliance check. This is something that I am using it for quite sometime and thought to share it with public. Microsoft Intune allows the creation of compliance policies for Windows, Android and iOS, and Mac OS with…
I was installing the famous SCCM right-click tools from recast software (there are other right-click tools as well) on the freshly installed SCCM site for a customer, the installation of right-click tools went well, the console doesn’t seem to get registered with the right-click tools and there is no option when you right-click on a collection for performing tasks such as adding devices to the collection. I have looked at the XMLstorage extensions folder, there are over 6500+ files that exists. I have closed the console and launched it to see if that helps. the issue persists. I recall that…
Few years ago, I have blogged about the client update scan failure due to GPO’s. https://eskonr.com/2014/10/sccm-configmgr-2012-software-update-scan-error-group-policy-settings-were-overwritten-by-a-higher-authority-error-code-0x87d00692/ Introduction: When the software update point is configured for a site, client computers receive a machine policy that provides the active software update point server name (WSUS) and configures the Specify intranet Microsoft update service location local policy on the client device. The windows update agent retrieves the server name (WSUS) specified in the Set the intranet update service for detecting updates setting, and then connects to this server when it scans for software updates compliance. Problem: I was working on an issue to…
Update: Eval site is now restored with improved user experience and is accessible via Microsoft Evaluation Center .The new improved eval center does not require any sign-in to download the media files. This is quick post on the recent inquiry on various forums such as Twitter, reddit and Microsoft forums about the download of configuration manager build (Evaluation) from the evalcenter. if you try to download the Configuration Manager current branch or technical preview from the evalcenter using https://www.microsoft.com/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview , you will be redirected to https://www.microsoft.com/en-us/download and end up seeing the following screen. Currently, the evaluation center links for downloading of…
Updated: 27-May-2022 Windows Autopilot is a collection of technologies such as Azure AD, Microsoft Intune etc., used to set up and pre-configure new devices, getting them ready for productive use. When working with windows autopilot, there is one common question that keep rising in the forums is, account setup stuck and takes longer time while the device preparation and device setup are completed. If you are doing hybrid AAD joined, you must have experienced this already. If you are doing hybrid azure ad join, please read this article to supercharge the process https://oofhours.com/2020/07/26/supercharge-the-hybrid-azure-ad-join-device-registration-process/ Account setup is the last phase in…
Microsoft recently announced that, Starting April 2022, certificate connectors earlier than version 6.2101.13.0 will be deprecated and will show a status of Error. This status does not affect functionality. Starting June 2022, such connectors will not be able to issue certificates. This includes both the PFX Certificate Connector for Microsoft Intune and Microsoft Intune Connector, which on July 29, 2021 were replaced by the Certificate Connector for Microsoft Intune. Microsoft Intune connector validity is 6 months from the time it is released and after that, the connector is not longer supported and your functionality might be impacted. So it is…
I was approached by a customer who had issues deploying the March 2022 windows 10 cumulative updates. The error code and the screenshot is provided below. The software updates are failed with error code 0x87D00664 (-2016410012). The error code 0x87D00664 translates to ‘Updates handler job was cancelled’. There could be several reasons why the updates are failed. In this blog post, we will see how to troubleshoot the issue based on the information available in the client logs. This is not one-stop solution for every issue that has been reported with the error code 0x87D00664 . Let’s dive into the…