Microsoft Endpoint Manager Environment Changes

Chatting with a new customer, and the common need came up, a formal document outlining the needed changes to implement Microsoft Endpoint Manager in a Configuration Manager only environment.  These changes are available on Microsoft’s Docs website, but found through various links and products.   This will be an attempt to centralize and simplify the change request. 

This post will cover the changes for Azure AD, Intune, and Configuration Manager to implement co-management and a cloud management gateway.   If your organization is implementing these solutions, below will be a guide for the Microsoft Endpoint Manage environment changes. 

Azure AD

The Intune application for Mobility (MDM and MAM) will get configured in Azure AD.  This will allow automatic enrollment. Here we limit the scope to our test group based on either an on-premises synchronized security group or an Azure AD security group. 

  1. Sign into https://portal.azure.com
  2. Go to Azure Active Directory
  3. Select Mobility (MDM and MAM)
    Azure AD Mobility MDM & MAM Settings
  4. If this is for production rollout select All. If for a pilot or proof of concept select Some and select to be targeted group(s)
    MDM Enrollment Configuration

Continue reading…

ConfigMgr Client Boot Time Power BI Report

In this installment of the Getting Started with ConfigMgr and Power BI; we create a simple client boot time report.  The ConfigMgr Client Boot Time Power BI Report gives the ability to drill down unique boot time configuration ranging from group policy to event viewer startup times.   

This post is part of a series of posts in my “Getting Started with ConfigMgr and Power BI”

Getting Started with ConfigMgr and Power BI
Core ConfigMgr Queries for Power BI
ConfigMgr Make Model Power BI Report
(this post)

Please considered that I don’t take 100% credit for the below queries.  These are made up from multiple sources in our community.  Without the community this may have not been possible. 

The below sections outline creating the ConfigMgr Client Boot Time Power BI Report.  With attention to the SQL query used for pulling device’s boot configuration.  

ConfigMgr Client Boot Times Power BI
Continue reading…

ConfigMgr Make Model Power BI Report

In this installment of the Getting Started with ConfigMgr and Power BI; we create a simple hardware report.  The ConfigMgr Make Model Power BI Report gives the ability to drill down unique hardware configurations.  Ranging from make and model, BIOS versions, and operating system version.  

This post is part of a series of posts in my “Getting Started with ConfigMgr and Power BI”

Getting Started with ConfigMgr and Power BI
Core ConfigMgr Queries for Power BI
(this post)
ConfigMgr Client Boot Time Power BI Report

Please considered that I don’t take 100% credit for the below queries.  These are made up from multiple sources in our community.  Without the community this may have not been possible. 

The below sections outline creating the ConfigMgr Make Model Power BI Report.  With attention to the SQL query used for pulling device’s hardware information.  

ConfigMgr Make Model Power BI Report

Continue reading…

Core ConfigMgr Queries for Power BI

In this next installment for Getting Started with ConfigMgr and Power BI; we will walk through creating a set of core ConfigMgr queries for Power BI.  We will first pull in in your devices, then your collections, and collection members.  These are the foundation queries for every device query afterwards. 

This post is part of a series of posts in my “Getting Started with ConfigMgr and Power BI”

Getting Started with ConfigMgr and Power BI
(this post)
ConfigMgr Make Model Power BI Report
ConfigMgr Client Boot Time Power BI Report

Please considered that I don’t take 100% credit for the post series queries.  These are made up from multiple sources in our community.  Without the community this may have not been possible. 

Core ConfigMgr Queries for Power BI

Continue reading…

Getting Started with ConfigMgr and Power BI

Welcome to the first series of blogs I plan on doing to help you adopt Power BI into your Configuration Manager (ConfigMgr) environment.  This post will outline getting started with ConfigMgr and Power BI.  Specifically creating your initial template.  We will start by creating Power BI parameters to store your ConfigMgr database server and name.  Finally creating two simple template files, a Direct Query and Import.  

This post is part of a series of posts in my “Getting Started with ConfigMgr and Power BI”

(this post)
Core ConfigMgr Queries for Power BI
ConfigMgr Make Model Power BI Report
ConfigMgr Client Boot Time Power BI Report

Power BI Template

Continue reading…

PowerShell Logging – The Basics

PowerShell Logging will be the best thing you learn.  The biggest topic I get asked for help outside the specific activities I am assigned to is PowerShell.    I will be the first to understand everyone has their own style.  I never judge the style or syntax format.  Besides that, PowerShell logging ALWAYS needs to occur.  If you are not logging, your running blind. PowerShell logging is the one the most powerful features you can learn and implement.  

PowerShell does have some native abilities, “Start-Transcript“, and if that is all you want to understand, that is fine.   But, this post will take you through some basic understandings on capturing your outputs in a format that is readable and standard.  With some tricks in creating some great logic around managing your log.

PowerShell Logging – The Setup

The first step into your new logging endeavors is to understand the ability to call a function to simplify your process. 

For this function to become usable we first must set the variable “$logpath” so the function can understand where it is writing to.   My standard is to log to “%SystemDrive%\Windows\Temp”

# Set log path
$logpath = "$env:SystemDrive\Windows\Temp\mynewlog.log"

# Function to write to log file
function Write-Log
{
	param($msg)
	"$(Get-Date -Format G) : $msg" | Out-File -FilePath $logpath -Append -Force
}

Calling the Function

During your process of creating your script you will want to call the PowerShell logging function to say your going to run a process, log the process file call, its arguments, other module calls, and most important capturing any error output. 

Write-Log "Running:"
Write-Log "setup.exe -S -v/l "$env:SystemDrive\Windows\Temp\Setup.log"

Continue reading…

Configuration Manager (SCCM) Power BI Reporting

I would like to introduce you to the next generation of endpoint reporting we created at Ascent Solutions.  System Center Configuration Manager (SCCM) vNext Reporting with Microsoft Power BI. Microsoft Power BI is the insight engine that your organization needs.  Not with just Configuration Manager reporting, but extending out into your cloud, data center, ITSM, ITAM, and even your security vulnerability scanning appliance. 

Does your organization have a grip on client reporting health, let alone if your getting the latest Windows updates deployed.  These are tough questions to ask new customer’s when we need to properly plan a new roll out.  

This video takes you through some developed possibilities.  These solutions are in constant development. I am adding new insights weekly to these reports. Microsoft’s Power BI give us no limits into your organizational IT makeup, including but, not even close, limited to, Microsoft Operations Management Suite, Azure SQL, Amazon RedShift, Oracle, and MySQL, and etc….

[youtube https://www.youtube.com/watch?v=kJpMZcbu-bw&w=560&h=315]

Continue reading…

Removing Windows 10 Universal Apps

Today’s Windows 10 Deployment Tip will include one of the most demanded help for Windows 10. We will go over how to remove Windows 10 Universal Apps for your production Windows 10 build.

The biggest misconception is that you remove Windows 10 Universal Apps during your build and capture.  These Apps will need to be removed during your Production OSD Build.  This can be easily done by incorporating a Run Command Line / Run PowerShell Script task sequence step that runs the below code / script.

Continue reading…

Windows 10 Deployment Tip – 2016-08-08

With the first Windows 10 Deployment Tip of this series, we will cover the most basic situation.  Building your reference image.  Yes, you have made the investment in Configuration Manager, but the best way to build your Gold image is still with the Microsoft Deployment Toolkit (MDT).

Even if you use MDT in your environment today.  It is recommended to setup a dedicated Deployment Share just for your build and capture.

Continue reading…

SCCM / ConfigMgr Driver Package Best Practice

Overview

This post will outline driver package creation, management, and best practices for System Center Configuration Manager (SCCM / ConfigMgr). The steps outlined in this post will ensure minimal driver management in SCCM, while ensuring the end device receives the proper drivers during imaging.

Staging and Imaging the New Device

The first step in the process is to get the new device able to image with the environment’s gold image.   You will have to note that it may be necessary to inject the network drivers into your Windows Pre-Installation Environment (WinPE) boot image. If the device fails to load the WinPE environment it is either the network or storage drivers are not available.

Pick the below scenario that matches your environment:

  • The Task Sequence deployed to unknown computers and the local administrator password is set
    • Begin imaging the device
  • The Task Sequence deployed to unknown computer but the local administrator password is not enabled
    • Copy the task sequence to enable the local administrator account, deploy the task sequence and start imaging the device
  • No task sequence is deployed to unknown computers but the local administrator password is set
    • Import the device and add it to the proper collection and begin imaging
  • No task sequence is deployed to unknown computers but the local administrator password is not enabled
    • Copy the task sequence, enable the local administrator account, deploy the task sequence, import the device, and begin imaging the device

To import a device into SCCM follow the steps outlined in the below link:
https://technet.microsoft.com/en-us/library/hh397287.aspx#BKMK_AddComputer

If network drivers are in the Operating System media that task sequence will complete successfully.  If the device does not receive a network driver it will fail, and you must logon as the local administrator.

Continue reading…