Nick's IT Blog
712 FOLLOWERS
Nicholas Drew is a Professional Technical Consultant with wide ranging skills from large scale Windows 10, 8.1 & 7 Desktop deployments to detailed problem analysis and lateral thinking. He has knowledge on SCCM installation, configuration, upgradation & problem solving. Follow this blog to get articles on SCCM.
Nick's IT Blog
8M ago
Original Post Microsoft Edge for Business FAQ – Microsoft Community Hub
Microsoft Edge for Business, the new, dedicated work experience currently in preview for the Microsoft Edge browser, is planned to be released with Microsoft Edge stable version 116 (scheduled for the week of August 17, 2023). All customers who sign into Edge using Microsoft Entra ID (formerly Azure Active Directory) will automatically be transitioned to Microsoft Edge for Business as part of the release.
What to expect with Microsoft Edge for Business:
Policies, setti ..read more
Nick's IT Blog
8M ago
Problem: Can’t delete ConfigMgr_OfflineImageServicing folder after a failed offline image servicing. Errors in OfflineServicingMgr.log preventing all scheduled offline servicing.
OfflineServicing
Failed to remove previously existing staging folder E:\ConfigMgr_OfflineImageServicing\DCS00120, GLE = 5
Manually deleting the folder from explorer gives errors stating you don’t have administrative permissions, taking ownership of content doesn’t help either.
Solution: Reboot server. Run DISM /cleanup-wim once completed you’ll be able to manually delete the folder.
Source: Can’t De ..read more
Nick's IT Blog
11M ago
Description
The remote services that accept connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1 As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1 and 1.0
Also See
http://www.nessus.org/u?c8ae820d
https://datatracker.ietf.org/doc/html/rfc ..read more
Nick's IT Blog
11M ago
The Office Customization Tool creates the configuration files that are used to deploy Office in large organizations. These configuration files give you more control over an Office installation: you can define which applications and languages are installed, how those applications should be updated, and application preferences. After creating the configuration files, you can use them with the Office Deployment Tool to deploy a customized version of Office ..read more
Nick's IT Blog
2y ago
Detect and remediate Windows Speculative Execution on Windows 10 machines using PowerShell and Proactive Remediation in Intune.
Within Intune there is the option to create remediation task, this is basically a PowerShell script that will run against the machine and exit with a 1 or a 0 if the condition is found.
With the Speculative Execution Check the remediation is to set registry setting to protect the machine.
Extra information can be found at the following Microsoft web page.
Windows Server guidance to protect against speculative execution side-channel vulnerabilities (microsoft.com)
Dete ..read more
Nick's IT Blog
3y ago
Original post Setup MECM Cloud Management Gateway (CMG) (mecmtechie.com)
In this post I will cover the steps to setup MECM Cloud management gateway (CMG).
Cloud Management Gateway:- It provides a simple way to manage the configuration manager clients on the internet. When we deploy the MECM CMG as cloud service in Microsoft Azure, you can manage internet clients without additional infrastructure.
The main Advantage CMG is you don’t need to expose your on-premises infrastructure to the internet.
Components of CMG:-
CMG cloud service – It Azure authenticates and forwards Configuration Manager ..read more
Nick's IT Blog
3y ago
Damien Van Robaeys
In this post I will show you how to use PowerShell and MS Graph to locate an Intune device.
Prerequisites
You will first have to enable location on your device.
You can check it in the notification center as below:
You can enable it by clicking on it.
You can also enable it with PowerShell as below:
$Path = "SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location"# Enable locationNew-ItemProperty -Path "HKLM:\$Path" -Name "Value" -Type String -Value "Allow" -Force# Disable locationNew-ItemProperty -Path "HKLM:\$Path" -Name "Value" -Type ..read more
Nick's IT Blog
3y ago
TanTran Published 05-05-2021 05:54 AM
Ransomware acts with accessing to the files, folders and encrypting them, to respond against it, we need to enable the Windows Defender feature named “Controlled Folder Access” – WDCFA and monitor the Windows Defender Guard Events in Windows Event Viewer. The best way is possibly collecting the related activities by Advanced Hunting features of Microsoft 365 Security or Defender for Endpoint.
Could we search for Event ID by running the advanced hunting query or not?
We will discuss the above topic today.
To View or change the list of prot ..read more
Nick's IT Blog
3y ago
By Wayne Bennett – Sr Program Manager | Microsoft Endpoint Manager – Intune
Using Microsoft Endpoint Manager – Microsoft Intune to set your company’s terms and conditions meets the requirements of many organizations. However, the Azure Active Directory (Azure AD) terms of use feature offers greater functionality— including terms of use in different languages and integration with Conditional Access in the form of grant controls. You can learn more about the differences between the two solutions in this blog post.
Potential to block access to Intune
If you’ve configured the Azure AD terms o ..read more
Nick's IT Blog
3y ago
John Wilcox Microsoft
Original Post – https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-update-for-business-and-the-retirement-of-sac-t/ba-p/339523
Update 7/15/2019: As a reminder to customers on Windows 10, version 1809 using Windows Update for Business with a Branch Readiness Level set to Semi-Annual Channel and a default 0-day deferral, your 60-day one-time built-in deferral period will end on Tuesday, July 23, 2019 and your devices will begin updating to Windows 10, version 1903.
Update 2/28/2019: This change does not affect SAC-T for Office 365 ProPlus customer ..read more