CMG with just One Cert

You read it correct! Cloud Management Gateway has evolved and its now easier than ever to deploy one. All you need is a single Web Server Authentication Certificate from a public CA. What changed? Primarily the introduction of a new feature in ConfigMgr 1806 called Enhanced HTTP Site System which replaces the requirement of an…

4

Deploy CCMSetup.exe via Intune

Intune recently added the option to deploy Win32 Apps which allows the ability to directly deploy CCMSetup.exe via Intune. The process is straightforward – Wrap CCMSetup.exe with Intune Win App Util. Add the App to Intune Assign to group.   Wrap CCMSetup.exe with Intune Win App Util Download the Intune-Win32-App-Packaging-Tool Run IntuneWinAppUtil.exe and specify -…

0

Step-by-step: Highly available Site server

The release of ConfigMgr 1806 introduced the concept of high availability of the Site server by adding an additional primary site as passive node. This post takes you through a step by step journey in configuring a highly available Site Server. Here’s a high-level architecture overview of the configuration which depicts a remote SQL AlwaysOn…

5

Inventory Installed Updates missing from QFE Class

In ConfigMgr we have the capability to inventory the QFE [Win32_Quick Fix Engineering] class to query the installed Hotfixes. The challenge here is not all updates are reported in this Class like the Quality Rollups. So how do we capture the missing updates? Here’s a PowerShell query to gather the desired information – For reporting…

0

Step-By-Step: Cloud Management Gateway on ARM

Introduction Starting ConfigMgr 1802 Cloud Management Gateway is NO longer a Pre-release feature and introduced the option of Azure Resource Manager [ARM] deployment. This removes the requirement of the traditional Azure Management Certificate and relies on Azure AD auth. to create the modern resources. Note – The CMG deployment with ARM continues to use the…

8

Using ConfigMgr Co-Management to offload Windows Updates to Intune

This post walks through moving Windows Update workloads to Intune. Co-Management for Windows 10 devices introduced in ConfigMgr 1710 release which enables you to move various workloads from traditional on-premise management to newer modern management capabilities hosted in cloud like Intune. One of the most sought-after requirement by enterprises is patch compliance and keep devices…

0

CMG Tip – Why you shouldn’t disable CMG from the default client setting

If you are planning to use the Default Client Settings from 1706 to disable cloud management gateway which is enabled by default, you should reconsider your decision if you’d like to perform client installation over internet because the client will never receive the custom device settings. Finding If you end up in the above situation,…

0

Windows 10 Compatibility Scan with Configuration Manager

Before deploying Windows 10, it’s a good idea to check the readiness of your existing machines running Windows 7, 8/8.1, Or even Windows 10. In this blog post I will use setup.exe with /compat scanonly switch to check the compatibility without performing the upgrade. The reason for not choosing the Upgrade task sequence for this…

14

Feature Updates for Windows 10 via CMG

In my last blog post, I highlighted the option to install the ConfigMgr client over Internet for Windows 10 AAD joined machine, the next challenge is to perform Windows 10 Servicing to ensure the managed device is running a supported OS. A similar challenge is for Domain-Joined Windows 10 clients who are rarely on the…

0

Client Installation over Internet

System Center Configuration Manager 1706 simplified the capability to install (bootstrap) the client over internet, this blog post walks through two scenarios – AAD joined device – Modern management of Windows 10 devices leveraging Azure. Workgroup device – Servers on DMZ without corporate network access Prerequisites The table below lists the requirements for each scenario…

6