All about Microsoft Endpoint Manager

Efficiently Identify Co-Managed Devices: Techniques and Tools

Co-management is a feature that allows organizations to manage their devices using both Microsoft Intune and System Center Configuration Manager (ConfigMgr). This enables organizations to take advantage of the latest security features and cloud capabilities, such as conditional access and device compliance policies, while also being able to manage certain client actions without the need…

Investigating SCCM Client Policy Request and Communication Status with a Collection Specific Report

Being as SCCM Configmgr administrator, your primary aspect is to maintain health of your sccm clients for application deployment,software updates,inventory etc. Questions often come up in forums ,email list asking for ,list of computers not contacted the server since X days (25) or how do I know the clients who’s policy request is old or…

Right-click installer tools unable to register correctly with SCCM console

I was installing the famous SCCM right-click tools from recast software (there are other right-click tools as well) on the freshly installed SCCM site for a customer, the installation of right-click tools went well, the console doesn’t seem to get registered with the right-click tools and there is no option when you right-click on a…

Update scan failed due to Group policy settings were overwritten by a higher authority

Few years ago, I have blogged about the client update scan failure due to GPO’s. https://eskonr.com/2014/10/sccm-configmgr-2012-software-update-scan-error-group-policy-settings-were-overwritten-by-a-higher-authority-error-code-0x87d00692/ Introduction: When the software update point is configured for a site, client computers receive a machine policy that provides the active software update point server name (WSUS) and configures the Specify intranet Microsoft update service location local policy on…

Download ConfigMgr builds from the eval center

Update: Eval site is now restored with improved user experience and is accessible via Microsoft Evaluation Center .The new improved eval center does not require any sign-in to download the media files. This is quick post on the recent inquiry on various forums such as Twitter, reddit and Microsoft forums about the download of configuration manager…

SCCM Software Update installation failed with error code 0x87D00664

I was approached by a customer who had issues deploying the March 2022 windows 10 cumulative updates. The error code and the screenshot is provided below. The software updates are failed with error code 0x87D00664 (-2016410012). The error code 0x87D00664 translates to ‘Updates handler job was cancelled’. There could be several reasons why the updates…

How to deploy Microsoft Store apps (offline) using Microsoft Endpoint Manager

Microsoft Endpoint Manager (ConfigMgr & Intune) allows us to configure and deploy the Microsoft Store apps. For more information, please read through ConfigMgr and Intune . In my recent engagement with customer, there is need to deploy Microsoft store app (offline) using Configuration Manager as there is no integration with store for business. Online: This…

SCCM Collections for devices with pending reboot

Posted on February 23, 2022 by Eswar Koneti | 0 Comments

Long ago, I wrote a blog post on a report for finding the devices with pending reboot, more information is available on https://eskonr.com/2019/01/sccm-report-get-list-of-devices-with-pending-reboot-in-a-collection-with-different-states/ I was recently working on checking the compliance of the devices in SCCM for windows patching and I could see that the software update compliance is not that great due to various…

How to Add device to collection using task sequence- troubleshooting

I was recently looking for a solution to add a device to SCCM Collection using the Task sequence. During the search, I have found Trevor has a blog post on this. So before I use the code in the task sequence, I plan to test it on a client device. The full code is given below. You will have to…

Using Powershell to update Azure authentication method – phone number

Posted on October 16, 2022 by Eswar Koneti | 2 Comments | 1,855 Views

Azure AD Multi-Factor Authentication (MFA) works by requiring two or more authentication methods for a user to gain access to applications. Multi-factor authenticator in Azure AD can be set using different methods such as Microsoft Authenticator, Phone number, Email etc. One of the easiest MFA methods that doesn't require any user configuration and can be…

Investigating SCCM Client Policy Request and Communication Status with a Collection Specific Report

Posted on October 15, 2022 by Eswar Koneti | 14 Comments | 12,058 Views

SCCM CMPivot query success but returns no data–account smsdbuser_ReadOnly does not exist

Posted on August 12, 2022 by Eswar Koneti | 0 Comments | 891 Views

SCCM CMPivot query success but returns no data–account smsdbuser_ReadOnly does not exist

Add bulk devices to the Azure AD security groups for Intune deployments

Posted on July 18, 2022 by Eswar Koneti | 0 Comments | 2,178 Views

I was recently involved in a task to have the Intune deployments targeted to multiple groups (Pre pilot, pilot, and prod). Each phase has a large set of devices from various regions and they all have different naming conventions too. All the devices are hybrid Azure AD joined. The list of devices from each phase…

How to manage the bitlocker reboot (toast notification) in intune with device compliance policy

Posted on July 12, 2022 by Eswar Koneti | 3 Comments | 1,607 Views

There was recently a discussion on twitter on how the bitlocker encryption is being enforced using intune and what the possible ways to bring the device into compliant state post the bitlocker task is done. Read the conversation here Based on the discussion, I thought I would probably write a blog post on how to…