Microsoft Premier Workshop – EMS + S Technical Workshop

Microsoft Premier Workshop – EMS + S Technical Workshop

The four-day EMS + S Technical Workshop for Spark will provide members of the Spark technical support and delivery team the skills required to understand and successfully configure and support Spark’s EMS customer solution.

The topics included within this Workshop include

  • EMS Introduction
  • Managing client access
  • Defining and managing security & rights management
  • Implementing & applying user templates
  • Working with customer self-service options

In this Workshop, students will learn the tools used in EMS to help define and manage individual customer requirements within Sparks shared customer environment.  This Workshop contains Level 300 content.

Key Features and Benefits 

Each module is designed to provide participants with in-depth expertise, tools and experience in configuring and managing various EMS scenarios.  As an exclusive Spark event students, will be able to deep dive on the Spark solution to define specific customer requirements.  A series of User Scenarios will provide participants with the practical application of the features and functions they learn about.

Technical Highlights 

This Workshop will include the following topics

EMS Pre-Requisites 

  • The Solution
  • Connecting a customer

Intune

  • Mobile device management
  • Controlling conditional access – device and applications
  • Managing compliance rules
  • Applying exemptions
  • Mobile application rules

Rights Management (RMS)

  • Activating RMS
  • Invoking and managing file protection
  • Configuring templates
  • Applying templates
  • User experience

Azure Active Directory Premium (AADP)

  • Identity and access management – Single Sign-On to access cloud apps from Windows, iOS and Android devices
  • Data protection
  • Self-service for employees – password and group management
  • Password resets
  • Group management
  • Customized MyApps portal
  • Integration with On-premises

User Scenarios – practical experience in applying the learning of the Workshop

Advertisements

Enabling/Disabling Fast Startup and Hibernation

Enable Hibernation: powercfg -h on

Enable Fast Startup: REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power” /V HiberbootEnabled /T REG_dWORD /D 1 /F

Disable Hibernation: powercfg -h off

Disable Fast Startup: REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power” /V HiberbootEnabled /T REG_dWORD /D 0 /F

Microsoft Intune was not able to retrieve all the data

Microsoft Intune is setup and you are browsing through the Admin section. You notice the below message on a number of pages:

Microsoft Intune was not able to retrieve all the data

You save and review the log file. The second line reads:

Error occurred while retrieving JWT token, check that current user has an Intune license and try again.

Resolution

You need to assign a Intune A Direct license through the Office365 Admin Center. Ensure you have appropriate Administrative permission in Office 365.

Profit

 

Enable BitLocker on Azure AD Joined windows 10 Device

Windows 10 devices will automatically encrypt the local drive when joining to Azure Active Directory (AAD). The device must be InstantGo capable.

InstantGo (formerly known as Connected Standby) is a very low power state that some devices support. It’s very like your mobile phone, it’s almost switched off but still can receive text messages, e-mails and switch to a different power state when receiving phone calls.

How do you check this?

Open a command prompt, type powercfg /a

Devices that have InstantGo support will return “Network Connected”:

clip_image002

 Where do I find the recovery key?

Users can retrieve their recovery key by going to http://myapps.microsoft.com, select Devices and select the device for which they would like to get the recovery key:

clip_image006

Error Installing Intune Client – 0x80043010

So you have just joined your Windows 10 device to Azure AD with Azure AD Join and the device has auto enrolled into Microsoft Intune (MDM). We done.

Now you want to install the Intune Client to get all those Intune console features you seen and heard about.

Sorry, no go:

Device is registered to be managed by MDM service. Please unregister the device from MDM service before installing Microsoft Intune, 0x80043010

There are two different ways that Intune can manage a Windows 10 system:

  • Enroll it as “mobile device” using the MDM agent built into Windows 10. Use Policy configuration service provider (OMA-DM) Future technology.
  • Install the Intune client agent. All the cool configuration policies you see in the Intune console.

These are mutually exclusive though. Each has its pros and cons. The long term goal is for the built-in MDM agent to be the end-all be-all for managing Windows 10 and it does a good job today but it doesn’t cover everything like Defender management or software updates. The full Intune agent is generally preferred today because it does provide these things but it depends upon your scenario.

MDT 2013 – Windows 10 – KB2267602 Freeze during build

Had this issue during the building of a Windows 10 reference image using build 1607.

During the Windows Update Pre-Application Installation the build would stop and progress no further. The update was the Definition Update for Windows Defender – KB2267602 (Definition 1.63…)

Capture2

Looking at the ZTIWIndowsUpdate.log the download did not start and the progress was at 0%.

I have included the update KB######### to allow the Windows 10 1607 build to communicate with the local WSUS server.

I have added the Definition Update to the exclusion list in the customsettings.ini property using WUMU_ExcludeKB as shown below:

WUMU_ExcludeKB001=2267602

After kicking off a new reference build the task sequence continued on with no issues.

Office 365 ProPlus – Configuration XML Editor

Here is the new Office Click-To-Run Configuration XML Editor. It make the configuration and deployment simple and easy.

Administrators can modify the Configuration.xml file to configure installation options for Click-to-Run for Office 365 products using this tool.

The Click-to-Run Configuration.xml file is a necessary component of the Office Deployment Tool. Click-to-Run customizations are performed primarily by starting the Office Deployment Tool and providing a custom Configuration.xml file. The Office Deployment Tool performs the tasks that are specified by using the optional properties in the configuration file.

 

Configuration Manager 2012 adding Custom Security Role – Importing Computers

Great post by John Vintzel (ExEDS GM Account) on adding a cust Security Role into Configuration Manager. By default there is no built-in security role (apart from Full Administrator) to import devices into CM.

Here are the steps required:

  1. Create XML file with the code at the bottom of the page
  2. Navigate to Administration > Security > Security Roles in the CM Console
  3. Select Import Security Role from the ribbon
  4. Browse to the XML, click OK
  5. You will now see a new custom security role ‘Computer Import Manager’

XML Code:

<SMS_Roles>
<SMS_Role CopiedFromID=”SMS00001″ RoleName=”Import Computer Role” RoleDescription=”Add this role to an administrative user. Associate this security role specifically with All Systems.”>
<Operations>
<Operation GrantedOperations=”129″ ObjectTypeID=”1″ />
<Operation GrantedOperations=”524289″ ObjectTypeID=”6″ />
</Operations>
</SMS_Role>
</SMS_Roles>

https://blogs.technet.microsoft.com/inside_osd/2012/04/30/custom-role-based-administration-for-importing-computers/

Configuration Manager 2012 Version and Build Numbers

Configuration Manager 2012 version numbers, build numbers and cumulative updates since the SCCM 2012 RTM release.

Get the version number:

  1. Open the Configuration Manager console
  2. Browse to Administration, Site Configuration then Sites
  3. Right-click on the site and select Properties
  4. The site version and build number are shown
Release Version Build Download Link
SCCM 2012 RTM 5.00.7711.0000 7711 N/A
SCCM 2012 RTM – CU1 5.00.7711.0200 7711 KB2717295
SCCM 2012 RTM – CU2 5.00.7711.0301 7711 KB2780664
SCCM 2012 SP1 5.00.7804.1000 7804 N/A
SCCM 2012 SP1 – CU1 5.00.7804.1202 7804 KB2817245
SCCM 2012 SP1 – CU2 5.00.7804.1300 7804 KB2854009
SCCM 2012 SP1 – CU3 5.00.7804.1400 7804 KB2882125
SCCM 2012 SP1 – CU4 5.00.7804.1500 7804 KB2922875
SCCM 2012 SP1 – CU5 5.00.7804.1600 7804 KB2978017
SCCM 2012 R2 5.00.7958.1000 7958 N/A
SCCM 2012 R2 – CU1 5.00.7958.1203 7958 KB2938441
SCCM 2012 R2 – CU2 5.00.7958.1303 7958 KB2970177
SCCM 2012 R2 – CU3 5.00.7958.1401 7958 KB2994331
SCCM 2012 R2 – CU4 5.00.7958.1501 7958 KB3026739
SCCM 2012 R2 – CU5 5.00.7958.1604 7958 KB3054451
SCCM 2012 R2 SP1 5.00.8239.1000 8239 N/A
SCCM 2012 R2 SP1 – CU1 5.00.8239.1203 8239 KB3074857
SCCM 2012 R2 SP1 – CU2 5.00.8239.1301 8239 KB3100144
SCCM 2012 R2 SP1 – CU3 5.00.8239.1403 8239 KB3135680
SCCM 1511 5.00.8325.1000 8325 N/A
SCCM 1602 5.00.8355.1000 8355 N/A