Like many, I was very excited that the new Configuration Manager 2006 release included a huge improvement for remote devices by adding a new VPN Boundary type. “Finally! I don’t have to constantly bug my Network Engineers as to which IP pools are being used for which VPN appliances.” Create A New Boundary In the Admin Console, navigate to the Administration Node and open up Hierarchy Configuration and right-click on Boundaries

The Problem So I was walking on the beach and noticed that OneDrive wasn’t syncing anymore on my AzureAD joined laptop. I later learned that my endpoint administrator, Adam Gross, had enabled Allow syncing only on computers joined to specific domains in the OneDrive admin portal. which effectively blocked my AzureAD device 🙁 Which resulted in this message on my corporate device Our Legacy AD joined devices were fine, but all of our Azure AD joined devices got the above error.

Introduction I recently wrote PSCMContentMgmt which provides a simple and effective workflow for managing your MEMCM distribution points. Here are some of the things you can do with it: Query content objects which are distributed to distribution point(s) or distribution point group(s) Compare content objects distributed to distribution point(s) or distribution point group(s) Find content objects in a “distribution failed” state for all or selective distribution points Remove, distribute or redistribute content objects returned by any function to distribution point(s) Find an object in your site by searching on any arbitrary ID (useful when reading logs and want to know what object an ID resolves to) Migrate a distribution point’s content to a new/different distribution point by exporting its content library to prestaged .

The other day, I logged on to a jump server and, while investigating an unrelated issue, I noticed the BG Info background showed the Last Reboot as March 1st, 2020. “That can’t be right,” I thought. “We have weekly maintenance windows to reboot these servers.” As I opened an old stand-by function from my stash (originally posted here: https://gallery.technet.microsoft.com/scriptcenter/Get-RebootHistory-bc804819 in 2015) and ran it, I was a bit annoyed at how SLOW it was.

Months after we issued students and faculty 600+ unmanaged off the shelf laptops (no AD, no Azure AD, no Intune, no ConfigMgr) to get them off and running temporarily during this pandemic, my co-worker and I were tasked with figuring out how to bring these machines under some form of management. We did not have these machines in ConfigMgr or have the hardware hashes uploaded into Intune, so we had some work ahead of us.

The Problem For any new machines ordered from a vendor such as Dell that get enrolled into Autopilot you get the basic device info enrolled but nothing defining that would let it get auto-enrolled into a dynamic group easily. Purchase Order ID is included in every order we receive from Dell however I don’t want to have to add that Purchase Order ID into the dynamic device query every time a new machine gets added.

Namaste y’all! In todays Siri dictated blog post, I will show you how you can configure access control lists (ACL) for a directory using Intune Proactive remediations. The issue I was facing was that regular users do not have modify permissions to the public desktop on their corporate devices, meaning that the user is unable to remove annoying shortcuts that would get placed there by the various apps they install. While this is hardly a high priority task to solve.

Howdy y’all! Since you have already read señor Shackelfords blog post on setting up Endpoint Analytics Proactive remediations, we can skip the intro and dive right in. In this blog post we will be get familiar with a somewhat novel idea that proactive remediation’s can be used for. Which, as the title of this post suggests, is the creation of a dynamic email signature in the form of a .html file using Microsoft Graph.

What is Proactive Remediation? Proactive remediations are a pair of scripts used to detect and remediate a problem on a machine. The first script runs a query on your endpoints that returns an exit code of success or failure. We call this first script the detection script. On a successful exit code it is reported as “Without issue” in the Intune portal and nothing else is executed. On a failed exit code the second script is run which is called a remediation script.

2021-04-27 update: The solution now works over CMG. Please see this post for details. If you haven’t seen my first blog post about modern driver management, the quick summary is that the solution uses packages created with the Driver Automation Tool and the administration service to retrieve information on these packages and identify the most suitable driver package to apply in a task sequence. In this second part, I’ll be discussing the changes and improvements done to the existing solution to also dynamically retrieve and filter and apply BIOS updates.