How to upgrade the Intune certificate connector

Microsoft recently announced that, Starting April 2022, certificate connectors earlier than version 6.2101.13.0 will be deprecated and will show a status of Error. This status does not affect functionality. Starting June 2022, such connectors will not be able to issue certificates. This includes both the PFX Certificate Connector for Microsoft Intune and Microsoft Intune Connector,…
SCCM Software Update installation failed with error code 0x87D00664

I was approached by a customer who had issues deploying the March 2022 windows 10 cumulative updates. The error code and the screenshot is provided below. The software updates are failed with error code 0x87D00664 (-2016410012). The error code 0x87D00664 translates to ‘Updates handler job was cancelled’. There could be several reasons why the updates…
How to deploy Microsoft Store apps (offline) using Microsoft Endpoint Manager

Microsoft Endpoint Manager (ConfigMgr & Intune) allows us to configure and deploy the Microsoft Store apps. For more information, please read through ConfigMgr  and Intune . In my recent engagement with customer, there is need to deploy Microsoft store app (offline) using Configuration Manager as there is no integration with store for business. Online: This…
SCCM Collections for devices with pending reboot

Long ago, I wrote a blog post on a report for finding the devices with pending reboot, more information is available on https://eskonr.com/2019/01/sccm-report-get-list-of-devices-with-pending-reboot-in-a-collection-with-different-states/ I was recently working on checking the compliance of the devices in SCCM for windows patching and I could see that the software update compliance is not that great due to various…
Powershell script to audit all Azure AD app registrations and notify secret key or certificate expiration

This week, I have another real-time use case about the audit of all azure AD app registrations and notify the application credential (secret key or certificate) near to expiration. Registering an application in Azure AD establishes a trust relationship between your app and the Microsoft identity platform, The application registration can be used to authenticate…
Use PowerShell to audit the Conditional Access Policies and alert via email

Conditional Access in Azure Active Directory needs no introduction. To read more information about Conditional Access, please refer to https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview In my recent assignment, there was an ask to back up the conditional access policies every day and also notify through email for a list of conditional policies that are created or modified in the…
Using filters to restrict security information registration from trusted devices

It has been a while since Microsoft has released the combined registration (security) feature that helps users to register for both MFA and SSPR can register once if the methods in the Azure AD Multi-Factor Authentication and SSPR policies are enabled. For more information about Combined security information registration please read https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined One of the…