Feature Updates for Windows 10 via CMG

In my last blog post, I highlighted the option to install the ConfigMgr client over Internet for Windows 10 AAD joined machine, the next challenge is to perform Windows 10 Servicing to ensure the managed device is running a supported OS. A similar challenge is for Domain-Joined Windows 10 clients who are rarely on the…


OneDrive for Business Admin Tool

Update: I’ve also added some new features, detailed in https://blogs.technet.microsoft.com/undocumentedfeatures/2017/10/16/recovering-from-crypto-or-ransomware-attacks-with-the-onedrive-for-business-admin-tool/. While updating a script I wrote to remove the “Shared with Everyone” folder in OneDrive for business, it dawned on me that there are a number of bulk management tasks for OneDrive that are not easy to do, that we don’t have specific guidance on,…


Support Tip: Known issue in macOS Conditional Access Preview

Intune and Azure AD recently released the public preview for macOS Conditional Access (CA) which extends the way we can help secure resources in the cloud and now on Macs. Administrators can now restrict access to Intune-managed macOS devices using device-based conditional access according to their organization’s security guidelines. However, we have a known issue…


WMI Queries: ReturnValue vs uValue (and some Remote Registry)

This blog is updated at https://ciberesponce.com   Interestingly, when querying a registry setting in Windows via WMI, through PowerShell, it isn’t as straight forward as previously thought. When developing the Audit Policy settings tool, which uses WMI through PowerShell explicitly to avoid dependencies on Windows Remote Management (WinRM) or even the Remote Registry service, we hit…


Inspire Japan 2017 福岡・大阪・名古屋・札幌 セッション情報公開!是非ご参加ください!【8/23公開】

  Inspire Japan 2017福岡、大阪、名古屋、札幌でのセッション内容が公開されました! 4都市では、今年度よりパートナー企業および、ユーザー企業を対象とし、日本のパートナー様&ユーザー企業のデジタル トランスフォーメーションをご支援するイベントにいたします。 本年度の戦略や皆様のビジネス展開を強力にご支援する各種施策やプログラムに加え、開催地ごとに特色のあるコンテンツや、各地域における最適なビジネス展開のヒントをお届けします。   ▼ ぜひお客様をお誘いあわせの上ご参加ください!!(参加登録無料) マイクロソフトの最新テクノロジや戦略、デモンストレーション等、貴社のお客様に直接ご覧いただくチャンスです!この機会をぜひ皆様のビジネス拡大にお役立てください。


PFX certificates issued using the Intune Certificate Connector: Fix your Intune Migration Configuration Issues

During the migration process, we identified a few dozen accounts that would have problems with certificate hashes after being migrated. We put those accounts on hold and came up with a fix for the issue, but before the fix can take effect, all PFX policies have to be regenerated. You can regenerate the policy yourself,…


High CPU/High Memory in WSUS following Update Tuesdays

Updated 10/11/2017 – updated hotfix information. Recently, we’ve seen an increase in the number of high CPU/High Memory usage problems with WSUS, including WSUS in a System Center Configuration Manager environment – these have mostly corresponded with Update Tuesdays. Microsoft support has determined that the issue is driven primarily by the Windows 10 1607 updates, for…


ATA Auditing (AuditPol, Advanced Audit Settings Enforcement, Lightweight Gateway Service discovery)

This blog is updated at https://ciberesponce.com   NOTE: This blog and code was updated to include a new targeting feature so only 1 domain/child-domain can be targeted for assessment.  This will still discover all DCs in the Forest, however, only the DCs in the targeted domain will be assessed.   Advanced Threat Analytics (ATA) v1.8 added…


Intune policy deployed to EAS-based device groups: Fix your Intune Migration Configuration Issues

Important: This guide is intended to explain how a migration blocker occurs, and how to remove the blocking issue. The guide is not intended to provide guidance on how to redesign your grouping/targeting to achieve functionality caused by the blocking issues. We suggest you thoroughly review your grouping/targeting strategy before making any changes. Devices that…


Advanced AAD Connect Permissions Configuration

Updated with additional requirements and scenarios, 2017-10-26. I recently worked with a customer that needed assistance in configuring the additional permissions required for AAD Connect delegation.  After chasing down an incredible number of prerequisite information, I decided it would be more helpful to my customer to put together a tool that would help them configure…