CCMEXEC.COM
12 FOLLOWERS
My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone else use on Enterprise Mobility and Windows-related topics.
CCMEXEC.COM
2w ago
With the April Intune release a new feature was released that makes it possible to configure Dell BIOS by deploying a CCTK file using Intune. Intune also has the built-in capability to create a unique BIOS password for each Dell computer and store it in Intune, like LAPS for BIOS passwords. This new policy is applied on the device using the new Dell application that must be installed on the device for the policy to work: Dell Command | Endpoint Configure for Microsoft Intune (DCECMI).
This post will cover:
This post will cover
Prerequisites
Deploy the DCECMI application.
Configuring the pol ..read more
CCMEXEC.COM
2M ago
Shared devices in Intune is something that pop-ups in every project where we move to Intune and Entra Joined devices. When using Intune and available user apps it is enforced by the Company Portal app if you are allowed to install an available app or not based on Primary user of the device. In some scenarios when we push required apps to users they end up on all shared devices as Primary user is only enforced for available apps. This is a huge difference when migrating from Configuration Manager where we have more options. This is important when designing and planning our shared devices strat ..read more
CCMEXEC.COM
3M ago
Got this request based on the PowerShell script I wrote on how to make the “enrolled by” user in Intune member of the local admin group, but instead add the user to the Remote Desktop Users group. Which is really easy to change, but to get this to work in a good way we also need to enable remote desktop access to the device, configure Windows Firewall in a correct and secure way using the domain profile (which was added to Microsoft Entra Joined devices in December 2022).
In our scenario it was developers that wanted to remote control their own computers which could make sense. One requiremen ..read more
CCMEXEC.COM
5M ago
The new Teams client is now a MSIX that we need to deploy. We have a tool for this called teamsbootstrapper.exe which gets new features all the time. The official Microsoft documentation can be found here Bulk deploy the new Microsoft Teams desktop client – Microsoft Teams | Microsoft Learn
Teamsbootstrapper.exe support both online and offline installation of the Teams MSIX file, where online downloads the latest MSIX installer dynamically. We could deploy the MSIX using Intune/Configuration Manager but then we need to update the MSIX file from time to time to not deploy an old version ..read more
CCMEXEC.COM
7M ago
At WPNinjas 2023 in Baden me and my good friend Ronni Pedersen (@ronnipedersen) presented a session “Unleashing the Power of Microsoft Intune Community Tools” where we demoed a lot of amazing Intune Community tools.
Intune community tools are created by the best people in the best community in the world and they often fill feature gaps in Intune and solve challenges admins face in their day-to-day work. They help us all save time and make our lives easier. So if you like a tool, drop the creator a line on X or blog and show your appreciation!!
The following is the list of tools we demoed an ..read more
CCMEXEC.COM
8M ago
Finally time to blog during these busy times, removing Personal Teams in Windows 11 by setting the ConfigureChatAutoInstall registry value to prevent from installing.
The challenge is that the permissions on that registry key, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications is set to TrustedInstaller so it is hard to create the necessary value. There are solutions out there that uses Remediations to uninstall it or use SetACL.exe to set the permissions. That is why we wrote it in PowerShell natively instead, my co-worker Sassan made it look better than mine , it can be downloade ..read more
CCMEXEC.COM
10M ago
Windows 11 Multi-app kiosk is finally here, when writing this it is not released in the cumulative update for Windows 11 22H2 yet. And because of that it is not possible to configure it through Intune or Provisioning packages just yet when I am writing this.
Configuration Methods
More information: Set up a multi-app kiosk on Windows 11 – Configure Windows | Microsoft Learn
Windows 11 22H2 multi app kiosk support is currently part of the “Windows Configuration update May 2023” only available through Windows Update as an optional update. It also contains a lot of other updates for Windows 11 2 ..read more
CCMEXEC.COM
10M ago
Recently Microsoft announced the general availability of a very anticipated feature in Intune:
Manage Windows driver and firmware updates with Microsoft Intune – Microsoft Community Hub
Check out the Microsoft blog post above for information about what it is and how it works.
More details about the feature, its prerequisites and how it works can be found at Microsoft Learn:
Learn about Windows Driver updates policy for Windows 10 Windows 11 devices in Intune | Microsoft Learn
A couple of things to point out that I’ve seen people been asking about:
Windows Drivers needs to be set to Allow In ..read more
CCMEXEC.COM
1y ago
On the 8th of June it is time again! Microsoft Management User Group Sweden – Summer Meetup @ Microsoft Reactor Stockholm. We have the great honor of having some great presenters & MVP’s to join us. Really looking forward to a great day.
We are very grateful for our Sponsor: Recast Software – https://recastsoftware.com
The agenda looks like follows:
Agenda:
0830 – 0900 – Doors Open
0900 – 0945 – Welcome – What is new in Endpoint Management – Stefan Schörling & Jörgen Nilsson
1000 – 1045 – Intune App Factory – Nickolaj Andersen
1100 – 1145 – Recast Sponsor Session
Lunch
1245- 1345 ..read more
CCMEXEC.COM
1y ago
This will be a short post on how to update WinPE boot images with a Cumulative Update as we need to do that now with the release of May 2023 Cumulative Update to address CVE-2023-24932. Spent all day with colleagues to try to test what happens to OS deployment (and AutoPilot) when deploying the mitigation for CV-2023-24932 and re imaging a computer.
There are still a lot of testing left with this update and the mitigations but one thing that is needed is to update the boot images used in Configuration Manager and MDT for example.
Here is a quick script https://github.com/Ccmexec/MEMCM-OSD-Scr ..read more