Photo of Jóhannes Geir Kristjánsson

Jóhannes Geir Kristjánsson


Moving away from software center to company portal

The elevator pitch You want to move your apps from configuration manager to Intune, but you need to keep the configuration manager client on your devices for various other reasons that have nothing to do with apps. If you have switched the co-management workload over to intune, the apps in configuration manager will be visible in both software center and company portal, so how do you signal to your users to use the company portal going forward?

Microphone App Permissions

Where is mike? User reports that voice calls in teams no longer worked. The user claimed that he hadn’t changed anything. Leaving us to figure this out ourselves, so we did the usual troubleshooting, trying a new headset, trying to use the browser based teams client. eventually we stumbled upon the culprit, we looked at the microphone settings under the “Security & Privacy” section in the Windows 11 settings app: unmanaged, but the user had manually disabled the microphone permissions for win32 apps the user had some how flipped the switch for “Let desktop apps access your microphone” to off, effectively disabling all microphone access for all win32 based apps on the system (which is why teams app and teams in browser stopped working)

Who Is Logged On, From The System Context

Intro Have you ever deployed a script that needs to be executed in the system context, but you also need to work with something that is currently running in the user context? Obviously you could just loop through all the user profiles on the system, but thats not always a good idea. Lo and behold, you can simply see who is the owner of the explorer.exe process and use that, Obviously this will not work if no one is logged on.

Removing The Built-in Teams App in Windows 11 with Intune

Intro So you’ve started rolling out Windows 11 to your endpoints, and your users got confused and upset over the consumer teams apps that is installed? Understandably you wish to do something about this. (╯°□°)╯︵ ┻━┻ No worries mate, Intune Proactive Remediations to the rescue! The Solution The code below fixes two things. It removes the chat by writing the registry key that disables it the TaskbarMn DWORD controls this Then it simply uninstalls the appx package for the consumer teams app, note that this has no effect on the regular teams app.

Installing The Configuration Manager Client During Autopilot

Hey Siri, Write A Blog Post For Me THE CONTENTS IN THIS POST IS EXPIRED, DO NOT USE THIS ANYMORE This method of installing the Configuration Manager Client during Autopilot is no longer needed Please use the new autopilot into co-management feature. Autopilot into Co-Management Overview Installing the SCCM Client During Autopilot EXPIRED CONTENT BELOW Deploying the Configuration manager client is usually pretty simple. the procedure is well documented. However there are issues if you plan on installing the CM client during Autopilot using the officially suggested methods

Setting Environmental Variables with Intune and proactive remediations

As you may have noticed by now, there doesn’t seem to be any nice built in way to set environmental variables in intune 🙁 The Problem Setting a user environmental variable using powershell is an easy task to accomplish, you basically just run the following: 1 Set-ItemProperty -Path HKCU:\Environment -Name temp -Value "c:\temp\" This works just fine, but won’t take effect until the user either reboots or signs into the device again.

Setting A Default Outlook Signature in Outlook using Intune Proactive Remediations

So you have already figured out how to dynamically generated outlook signatures, but now you want to make sure that people actually use them. but without preventing the use of other signatures your users might have. Well it just so happens that I have a solution for you! No default signature has been set To do all this, we create a new Proactive Remediation in Intune. Add the detection and remediations scripts from below, and set it to run as the user.

Downloading a Device Guard Signing Service version 2 Root Certificate for MSIX

Howdy y’all In this post I will show you how to get the Device Guard Signing Service v2 root certificate. Device Guard Signing Services v1 (DGSS) is being deprecated at the end of December 2020, so we need to migrate to DGSSv2, and it just so happens that the means to download the DGSSv2 root cert is a little bit more complex than the DGSSv1. MSIX crash course While MSIX is generally marketed as a replacement for MSI for developers, there are scenarios that can benefit systems administrators.

Allow OneDrive Syncing on AAD joined Devices

The Problem So I was walking on the beach and noticed that OneDrive wasn’t syncing anymore on my AzureAD joined laptop. I later learned that my endpoint administrator, Adam Gross, had enabled Allow syncing only on computers joined to specific domains in the OneDrive admin portal. which effectively blocked my AzureAD device 🙁 Which resulted in this message on my corporate device Our Legacy AD joined devices were fine, but all of our Azure AD joined devices got the above error.

Setting ACL using Intune Endpoint Analytics Proactive Remediations

Namaste y’all! In todays Siri dictated blog post, I will show you how you can configure access control lists (ACL) for a directory using Intune Proactive remediations. The issue I was facing was that regular users do not have modify permissions to the public desktop on their corporate devices, meaning that the user is unable to remove annoying shortcuts that would get placed there by the various apps they install. While this is hardly a high priority task to solve.

Dynamic Outlook Email Signature Using with Intune Endpoint Analytics Proactive Remediations

Howdy y’all! Since you have already read señor Shackelfords blog post on setting up Endpoint Analytics Proactive remediations, we can skip the intro and dive right in. In this blog post we will be get familiar with a somewhat novel idea that proactive remediation’s can be used for. Which, as the title of this post suggests, is the creation of a dynamic email signature in the form of a .html file using Microsoft Graph.