This is a quick blog post on an issue that I recently looked at regarding the client issue with content download from the distribution point. Clients in one specific boundary could not able to download the content from its assigned distribution point. Though the client was healthy, the inventory cycle is up to date but content download from DP having issues. Looking at the client logs, especially the DataTransferService.log which is responsible for tracking the information about the content download from the distribution point. Following the error code from the DataTransferService.log [CCMHTTP] ERROR INFO: StatusCode=503 StatusText= GetDirectoryList_HTTP Error sending DAV…
Author: Eswar Koneti
I was recently working on an assignment to manage windows 10 devices using Microsoft Intune. One of the ask is to Block the write access to the mobile storage devices when the user plugs into the windows device and Allow write access to the removal data drives (thumb drives) if they are bitlocker protected. I started looking into the intune device configuration policy to find the relevant settings. 1. Block the write access to the mobile storage devices on windows device To block write access to mobile storage, I have found 2 settings under the device restriction, in general tab,…
We all know that Microsoft BitLocker Administration and Monitoring (MBAM) is an administrative tool for managing BitLocker Drive Encryption for windows devices that are on-prem domain joined. MBAM mainstream support ended on July 2019 and is currently in extended support until April 2026. To know more about mainstream support and extended support, please read the article https://learn.microsoft.com/en-us/lifecycle/policies/fixed. Considering the support for MBAM, what other alternative tools/products do we have to manage the BitLocker feature? Microsoft has incorporated the MBAM features into Configuration Manager (SCCM) starting in version 1910, since then it has improved a lot with new features and improvements.…
Did you ever had difficulties importing, exporting or migrating the SSRS reports from one Configuration infra to other ConfigMgr infra? If so, how do you migrate reports ? When i work with my customers on the hardware migration of the SCCM and especially the SSRS reports, i always use the tool rather powershell scripts. To get the SSRS Reports from the Configuration Manager , you can either run the SSRS reports,download the reports manually into rdl format and upload to other SSRS report server. This is applicable when you have single digit reports. What if you have large number of…
Azure AD Multi-Factor Authentication (MFA) works by requiring two or more authentication methods for a user to gain access to applications. Multi-factor authenticator in Azure AD can be set using different methods such as Microsoft Authenticator, Phone number, Email etc.One of the easiest MFA methods that doesn't require any user configuration and can be configured in the backend is Phone Number.With phone number as an authentication method, users can choose to receive a text message with a verification code to enter in the sign-in interface or receive a phone call.To read more information about how Azure AD multi-factor authentication works,…
Introduction: As a SCCM Configmgr administrator, one of your key responsibilities is to ensure the health of SCCM clients for tasks like application deployment, software updates, and inventory management. Oftentimes, you may encounter situations where you need to identify computers that haven't contacted the server in a specific number of days or determine the clients with outdated policy requests or communication gaps. This blog post aims to guide you on creating an SSRS report to present this information, allowing for easier troubleshooting and maintenance of SCCM clients. Retrieving Client Activity Information: In the Configuration Manager (ConfigMgr) Console, you have the…
SCCM CMPivot query success but returns no data–account smsdbuser_ReadOnly does not exist
I was recently involved in a task to have the Intune deployments targeted to multiple groups (Pre pilot, pilot, and prod). Each phase has a large set of devices from various regions and they all have different naming conventions too. All the devices are hybrid Azure AD joined. The list of devices from each phase is available (static) but how do we add these devices to the Azure AD security groups? Creating the dynamic Azure AD security groups does work when you want to add the devices with specific criteria such as naming, OS or country, or any other set…