Microsoft Premier Workshop – EMS + S Technical Workshop
The four-day EMS + S Technical Workshop for Spark will provide members of the Spark technical support and delivery team the skills required to understand and successfully configure and support Spark’s EMS customer solution.
The topics included within this Workshop include
- EMS Introduction
- Managing client access
- Defining and managing security & rights management
- Implementing & applying user templates
- Working with customer self-service options
In this Workshop, students will learn the tools used in EMS to help define and manage individual customer requirements within Sparks shared customer environment. This Workshop contains Level 300 content.
Key Features and Benefits
Each module is designed to provide participants with in-depth expertise, tools and experience in configuring and managing various EMS scenarios. As an exclusive Spark event students, will be able to deep dive on the Spark solution to define specific customer requirements. A series of User Scenarios will provide participants with the practical application of the features and functions they learn about.
This Workshop will include the following topics
- The Solution
- Connecting a customer
- Mobile device management
- Controlling conditional access – device and applications
- Managing compliance rules
- Applying exemptions
- Mobile application rules
Rights Management (RMS)
- Activating RMS
- Invoking and managing file protection
- Configuring templates
- Applying templates
- User experience
Azure Active Directory Premium (AADP)
- Identity and access management – Single Sign-On to access cloud apps from Windows, iOS and Android devices
- Data protection
- Self-service for employees – password and group management
- Password resets
- Group management
- Customized MyApps portal
- Integration with On-premises
User Scenarios – practical experience in applying the learning of the Workshop
Enable Hibernation: powercfg -h on
Enable Fast Startup: REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power” /V HiberbootEnabled /T REG_dWORD /D 1 /F
Disable Hibernation: powercfg -h off
Disable Fast Startup: REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power” /V HiberbootEnabled /T REG_dWORD /D 0 /F
Microsoft Intune is setup and you are browsing through the Admin section. You notice the below message on a number of pages:
Microsoft Intune was not able to retrieve all the data
You save and review the log file. The second line reads:
Error occurred while retrieving JWT token, check that current user has an Intune license and try again.
You need to assign a Intune A Direct license through the Office365 Admin Center. Ensure you have appropriate Administrative permission in Office 365.
Windows 10 devices will automatically encrypt the local drive when joining to Azure Active Directory (AAD). The device must be InstantGo capable.
InstantGo (formerly known as Connected Standby) is a very low power state that some devices support. It’s very like your mobile phone, it’s almost switched off but still can receive text messages, e-mails and switch to a different power state when receiving phone calls.
How do you check this?
Open a command prompt, type powercfg /a
Devices that have InstantGo support will return “Network Connected”:
Where do I find the recovery key?
Users can retrieve their recovery key by going to http://myapps.microsoft.com, select Devices and select the device for which they would like to get the recovery key:
So you have just joined your Windows 10 device to Azure AD with Azure AD Join and the device has auto enrolled into Microsoft Intune (MDM). We done.
Now you want to install the Intune Client to get all those Intune console features you seen and heard about.
Sorry, no go:
Device is registered to be managed by MDM service. Please unregister the device from MDM service before installing Microsoft Intune, 0x80043010
There are two different ways that Intune can manage a Windows 10 system:
- Enroll it as “mobile device” using the MDM agent built into Windows 10. Use Policy configuration service provider (OMA-DM) Future technology.
- Install the Intune client agent. All the cool configuration policies you see in the Intune console.
These are mutually exclusive though. Each has its pros and cons. The long term goal is for the built-in MDM agent to be the end-all be-all for managing Windows 10 and it does a good job today but it doesn’t cover everything like Defender management or software updates. The full Intune agent is generally preferred today because it does provide these things but it depends upon your scenario.
Had this issue during the building of a Windows 10 reference image using build 1607.
During the Windows Update Pre-Application Installation the build would stop and progress no further. The update was the Definition Update for Windows Defender – KB2267602 (Definition 1.63…)
Looking at the ZTIWIndowsUpdate.log the download did not start and the progress was at 0%.
I have included the update KB######### to allow the Windows 10 1607 build to communicate with the local WSUS server.
I have added the Definition Update to the exclusion list in the customsettings.ini property using WUMU_ExcludeKB as shown below:
After kicking off a new reference build the task sequence continued on with no issues.
Here is the new Office Click-To-Run Configuration XML Editor. It make the configuration and deployment simple and easy.
Administrators can modify the Configuration.xml file to configure installation options for Click-to-Run for Office 365 products using this tool.
The Click-to-Run Configuration.xml file is a necessary component of the Office Deployment Tool. Click-to-Run customizations are performed primarily by starting the Office Deployment Tool and providing a custom Configuration.xml file. The Office Deployment Tool performs the tasks that are specified by using the optional properties in the configuration file.
Great post by John Vintzel (ExEDS GM Account) on adding a cust Security Role into Configuration Manager. By default there is no built-in security role (apart from Full Administrator) to import devices into CM.
Here are the steps required:
- Create XML file with the code at the bottom of the page
- Navigate to Administration > Security > Security Roles in the CM Console
- Select Import Security Role from the ribbon
- Browse to the XML, click OK
- You will now see a new custom security role ‘Computer Import Manager’
<SMS_Role CopiedFromID=”SMS00001″ RoleName=”Import Computer Role” RoleDescription=”Add this role to an administrative user. Associate this security role specifically with All Systems.”>
<Operation GrantedOperations=”129″ ObjectTypeID=”1″ />
<Operation GrantedOperations=”524289″ ObjectTypeID=”6″ />
Configuration Manager 2012 version numbers, build numbers and cumulative updates since the SCCM 2012 RTM release.
Get the version number:
- Open the Configuration Manager console
- Browse to Administration, Site Configuration then Sites
- Right-click on the site and select Properties
- The site version and build number are shown
|SCCM 2012 RTM
|SCCM 2012 RTM – CU1
|SCCM 2012 RTM – CU2
|SCCM 2012 SP1
|SCCM 2012 SP1 – CU1
|SCCM 2012 SP1 – CU2
|SCCM 2012 SP1 – CU3
|SCCM 2012 SP1 – CU4
|SCCM 2012 SP1 – CU5
|SCCM 2012 R2
|SCCM 2012 R2 – CU1
|SCCM 2012 R2 – CU2
|SCCM 2012 R2 – CU3
|SCCM 2012 R2 – CU4
|SCCM 2012 R2 – CU5
|SCCM 2012 R2 SP1
|SCCM 2012 R2 SP1 – CU1
|SCCM 2012 R2 SP1 – CU2
|SCCM 2012 R2 SP1 – CU3
Need to get into the Samsung recovery partition on your new TabPro S?
Easy, holding down the F4 key and power on the device. Sorted.