Anoop C Nair

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc...
Intune to Restrict NON Patched Windows Devices

Use Intune to Restrict Non-patched Windows Devices from Accessing Email

Let’s discuss using Intune to restrict non-patched Windows devices from accessing EmailSecurity patching, which is vital to every organization. Now, with Intune, you can restrict Windows 10 devices that are not patched with the latest patches from accessing mail. Non-patched devices are risky to the organization.

There are two options to limit Windows devices from connecting to the corporate network. We will see these options in the following sections of the article.

Windows version = Specify the major.minor.build.CU number here. The version number must correspond to the version returned by the winvercommand.

I have uploaded a video tutorial to my YouTube channel. I hope this video will help you set these restrictions on your Intune test tenant.

Subscribe to the YouTube channel

Use Intune to Restrict Non-patched Windows Devices from Accessing Email

I would recommend testing these in a staging environment before implementing them in production. As you are aware, patching is essential in any modern workplace project implementation.

Intune and Windows Update for Business can ensure all the Windows devices managed through Intune are patched promptly.

There is no need for on-prem components like WSUS to patch Windows 10 devices using Intune and Windows Update for Business. Setting the Windows 10 Update rings in Intune will not create security concerns.

Read my previous post, “How to Setup Windows 10 Software Update Policy Rings in Intune Azure Portal,” to learn more about Windows 10 update rings.

How Do You Restrict Non-patched Windows Devices from Enrolling in Intune?

This option is available only for NEW Windows devices that are enrolled in the Intune environment via the MDM channel. It is not available for Intune PC agent-managed devices.

The setting explained in this section won’t apply to already enrolled and non-patched Windows devices.

If you have already enrolled and non-patched Windows devices, you need to check out the compliance policy option mentioned in the section below.

Servicing OptionVersionOS BuildMax/Min
Semi Annual Channel170916299.201Maximum Version
Semi-Annual Channel170315063.877Minimum Version
Use Intune to Restrict Non-patched Windows Devices from Accessing Email – Table 1
Use Intune to Restrict Non-patched Windows Devices from Accessing Email - Fig.1
Use Intune to Restrict Non-patched Windows Devices from Accessing Email – Fig.1

We need to set up Intune enrollment restriction policies to restrict Windows devices from enrolling in Intune. The above table is the best reference for setting up Intune enrollment restriction policies for non-patched Windows devices.

First, we need to decide on your Windows 10 minimum and maximum patch level requirements. More patch-level version details are available at http://aka.ms/win10releasenotes.

In my video, I have selected Windows 10’s minimum patch level of 10.0.15063.877 and maximum patch level of 10.0.16299.201. You can also leave the top patch level blank if you want to support all the latest patched Windows devices. 

I have uploaded a video tutorial to my YouTube channel. This video provides a more detailed explanation of how to set up enrollment restriction policies.

You can read my previous post, “How to Prevent Windows Devices from Enrolling to Intune“. This post provides more details about setting up Intune enrollment policies. This also covers the end-user experience of Windows 10 devices if the device patch level is lower than the “Minimum version”.

For example

I have a Windows 10 device, and it’s a non-patched device. And the patch version of that device is “10.0.15063.250“. In this scenario, Intune will check whether the device is patched with a minimum version of the patch required for the organization, which is 10.0.15063.877.

The current patch level of the Windows 10 device is below the minimum version requirement set in the enrollment restriction policy. Hence the device won’t be allowed to enroll in Intune. Update the patches on that Windows 10 device to register to Intune successfully.

Use Intune to Restrict Non-patched Windows Devices from Accessing Email - Fig.2
Use Intune to Restrict Non-patched Windows Devices from Accessing Email – Fig.2

How Can We Force Users to Install Patches on Windows 10 Devices to Access Emails?

Most end-users are not always happy to install the latest patches and restart their devices on time. But as IT admins, it’s our responsibility to secure the enterprise environment with the latest patches.

Intune can probably help you force users to install patches on their non-patched Windows devices.

We can create a new compliance policy in Intune to set rules and force users to install patches immediately. The policy gives an option to set minimum and maximum patch levels for Windows devices.

When a device does not match the minimum compliance requirement, that device will be flagged as non-compliant.

When you have conditional access associated with compliance policies, the Windows device will lose access to enterprise applications (like mail, SharePoint Online, Skype, etc.) associated with that conditional access policy.

Once users update their Windows version with the latest patches, their devices get access back to mail.

You can create a WINVER command to decide your organisation’s baseline Windows 10 version with a certain patch level. You can also use the following links to get the latest patch versions of Windows 10.

In my scenario, I set up a new compliance policy with a minimum patch level of 10.0.15063.877 and a maximum patch level of 10.0.16299.201.

This will ensure that all Windows 10 devices with access to enterprise applications are patched, and the patch level version will be greater than 10.0.15063.877.

I have uploaded a video tutorial to my YouTube channel. This video provides a more detailed explanation of how to create a new compliance policy for minimum and maximum patch levels supported within your organization.

Navigate to the Azure portal, “Microsoft Azure—Microsoft Intune—Device Compliance—Policies,” and create a new compliance policy called “Restrict Window device depending on patches.”

Use Intune to Restrict Non-patched Windows Devices from Accessing Email - Fig.3
Use Intune to Restrict Non-patched Windows Devices from Accessing Email – Fig.3

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

SCCM Status Summerizers and Health Monitoring Details

SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr

Let’s discuss the SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr. SCCM ConfigMgr CB health monitoring is well-connected with SCCM Status Summarizers.

All monitoring solutions, such as custom scripts and SCOM management packs for SCCM, use SCCM Status Summarizers to get the detailed health status of your SCCM infra. This post will provide details on SCCM status summarizers and health monitoring.

I uploaded a video to YouTube that explains “SCCM Site Status Summarizers Health Details WMI class and Data via SQL Tables and Views“. The following link has a script and solution I used back in SMS 2003 SCCM MP Health Check Script and Automatic Mail.

Do you know how to Reset the SCCM CB Critical Site Component Status Summarizer Counter? The previous blog post will help you understand the process.

You may Subscribe to the YouTube channel

What are SCCM Status Summarizers?

The summary class (SMS_SummarizerStatus) within WMI helps you determine the health or status of different aspects of SCCM/ConfigMgr CB Infrastructure.

The SCCM status summarizers get input from status messages, states, and counts. This status gives us a real-time (Almost?) view of the health of

  • SCCM CB sites
  • Site components
  • Packages
  • Applications
  • Deployments
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr - Fig.1
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr – Fig.1

List of SCCM CB Status Summarizers

The current branch version of SCCM/ConfigMgr has four status summarizers. These summarizer classes summarize the status and state message data. The table below provides more details of the SCCM CB status summarizers list.

List of SCCM CB Status Summarizers
Application Deployment Summarizer
Application Statistics Summarizer
Component Status Summarizer
Site System Status Summarizer
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr – Table 1

From the SCCM health check monitoring perspective, the main ones are the SCCM component status summarizer and site system summarizer.

The deployment status of applications, Task Sequences, and packages will be displayed as part of the application deployment summarizer.

The application statistics summarizer helps configure how often application statistics should be updated.

Health Details of SCCM Site via WMI Class

The WMI class “SMS_SummarizerSiteStatus” can help us determine the overall health or status of an SCCM CB site. If the SMS_SummarizerSiteStatus object’s Status property value is “0,” then the SCCM site is healthy.

More details about SMS_SummarizerSiteStatus

The following are other WMI classes that you can refer to for more details about SCCM status summaries.

  • SMS_SUMDeploymentStatistics
  • SMS_SUMDeploymentStatus
  • SMS_SummarizationInterval
  • SMS_SummarizationSettings
  • SMS_SummarizerSiteStatus
  • SMS_SummarizerStatus
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr - Fig.2
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr – Fig.2

The WMI class SMS_SummarizerRootStatus provides different colour indications in the SCCM CB console. SCCM Status Summarizers and Health Monitoring are interlinked.

One example MOF file is given below.

[Description(“This class contains a rollup Green/Yellow/Red status about the current site, and all its child sites. “), dynamic: ToInstance, provider(“ExtnProv”), read, DisplayName(“Summarizer – Root Status”)]
class SMS_SummarizerRootStatus : SMS_BaseClass
{
[Description(“”), key, enumeration(“GREEN(0),YELLOW(1),RED(2)”)] uint32 Status;
[Description(“This method will take the SiteCode and the Component as the input paramters, and return an arrays of strings: the TallyIntervals, and also the default interval.”), static, implemented] sint32 GetTallyIntervals([in, SizeLimit(“3”)] string SiteCode, [in] string ComponentName, [out] string TallyIntervals[], [out] string DefaultInterval);
};

The following WMI query will contain information, warnings, and error messages since Monday. TallyInterval value “00011280001A2000” = Monday.

More details about Tally Interval

  • SELECT Infos, Warnings, Errors
  • FROM SMS_SiteDetailSummarizer
  • WHERE TallyInterval = “00011280001A2000”

Results of the above WMI query

instance of SMS_SiteDetailSummarizer
{
Errors = 129;
Infos = 368;
Warnings = 51;
};

Health Details of SCCM Site via SQL Views

SCCM Status Summarizers and Health Monitoring details will help streamline and fine-tune your SCCM infra’s monitoring efforts. The SCCM site health data is stored in four SQL views.

We can query the following SQL views for more details on the SCCM status summarizer. Component status summarizer lists summary status information for all SCCM components at different intervals.

  • v_ComponentSummarizer = Component Summary
  • v_SiteDetailSummarizer = Overview
  • v_SiteSystemSummarizer = Site System Summary
  • v_SummarizerSiteStatus = Site Server Summary
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr - Fig.3
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr – Fig.3

References

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Install Hotfix KB4057517 of SCCM CB 1710

To Fix 13 Issues Install Hotfix KB4057517 of SCCM CB 1710 Configuration Manager ConfigMgr

SCCM Product Group released the long-awaited rollup hotfix KB4057517 for SCCM CB 1710. You need not download the hotfix KB 40575517 separately; it will be available within your SCCM CB 1710 console.

This fix won’t be visible on the servers if you have not upgraded to the 1710 version of SCCM. From my perspective, this must install a hotfix for SCCM.

This fixes 13 documented issues with the current production version of SCCM. I completed the upgrade on my LAB environment and uploaded it.

One of our posts shows the List of Issues Fixed with SCCM 2403 KB26186448. The update addresses several key issues, enhancing the SCCM’s functionality and reliability.

Subscribe to the YouTube channel for more Videos

Install Fix for SCCM CB 1710 Rollup KB4057517 – Windows Server 2008

HotFix Rollup KB4057517 is available to download for all online and connected SCCM 1710 site servers. HotFix Rollup KB4057517 is downloaded and started the installation process. This is not going to take a long time to install.

To Fix 13 Issues Install Hotfix KB4057517 of SCCM CB 1710 Configuration Manager ConfigMgr – Video 1

I recommend testing the rollup hotfix KB4057517 installation on your pre-prod or staging environment before installing it on production SCCM servers. Read the rollup hotfix KB4057517 release note here.

To Fix 13 Issues Install Hotfix KB4057517 of SCCM CB 1710 Configuration Manager ConfigMgr
Console Version 5.00.8577.1108
Site Version 5.0.8577.1000
To Fix 13 Issues Install Hotfix KB4057517 of SCCM CB 1710 Configuration Manager ConfigMgr – Table 1
To Fix 13 Issues Install Hotfix KB4057517 of SCCM CB 1710 Configuration Manager ConfigMgr - Fig.1
To Fix 13 Issues Install Hotfix KB4057517 of SCCM CB 1710 Configuration Manager ConfigMgr – Fig.1

13 Fixes Included in SCCM CB 1710 in KB4057517

Let’s discuss the 13 Fixes Included in SCCM CB 1710 in KB4057517. The list below helps you see them.

  1. Azure AD Authentication with SCCM MP issue
  2. SCCM clients fall back faster than the time that is a specified issue
  3. Retrying a large single-file download – Office 365 update files
  4. Download failures-Office 365 Application Installation Wizard
  5. Persist content in the client cache related issues
  6. SCCM Client Notification Restart request is processed incorrectly
  7. Decommission-related State message – CO-Management incorrectly
  8. State messages sent by Azure AD users issues
  9. Windows Server 2008 SP2 – SCCM Clients are not upgraded issues
  10. The client restarts the issues process of retrying a TS policy download
  11. Conditional Access Policy Issues for Domain Joined machines
  12. The download of express updates may fail for Windows 10
  13. Office 365 Client Installation wizard-related issues

How to Install Hotfix KB4057517 on SCCM Secondary Servers

I don’t have secondary servers in my lab environment. But I recommend you follow the instructions in the release notes of rollup hotfix KB4057517. After installing this update on a primary site, pre-existing secondary sites must be manually updated.

To update a secondary site in the Configuration Manager console, click Administration, click Site Configuration, click Sites, click Recover Secondary Site, and select the secondary location. The primary site then reinstalls that secondary site by using the updated files.

This reinstallation will not affect the secondary site’s configurations and settings. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.

Please run the following SQL Server command on the site database to check whether the updated version of a secondary site matches that of its primary parent site.

dbo.fnGetSecondarySiteCMUpdateStatus (‘SiteCode_of_secondary_site’)

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr 1

Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr

Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr. Microsoft has released a Microsoft-signed CAB file here to check and monitor Meltdown Spectre Vulnerabilities.

In this post, we will see a video tutorial that explains how to download, Import, and deploy the configuration baseline for Microsoft Security Advisory ADV180002.

I tested the CAB file import process on the SCCM CB 1710 production version. However, I’m not sure whether this will work for the previous version of the SCCM (SCCM 2012 R2) environment.

It may not work as it has the latest OS versions selected as Supported platforms (Server 2016 etc..)

Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr – Video 1

Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr

This Compliance Settings configuration baseline confirms whether Windows 10, Windows 7, Server 2008, Server 2012, and Server 2016 have enabled the protections needed to protect against the Meltdown Spectre Vulnerabilities.

Download the Microsoft signed CAB file

Subscribe YouTube Channel

Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr - Fig.1
Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr – Fig.1

Following are the High-Level Steps

Download the Microsoft Signed CAB file from the TechNet Gallery. Import a configuration Data CAB file to check whether SCCM-managed machines are safe from Meltdown and Spectre.

  1. Check Meltdown CI properties. The PowerShell script is used to confirm whether the systems are vulnerable or not.
  2. Check Spectre CI properties. The PowerShell script is used to confirm whether the system is vulnerable or not.
  3. Check and confirm the baseline properties before deploying it to devices.
  4. Monitor compliance report for Meltdown Spectre Vulnerabilities
NameTypeDevice TypeRevision
CVE-2017-5715-Branch Target InjectionApplicationWindows1
CVE-2017-5754-Rogue Data Cache LoadApplicationWindows1
Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr – Table 1
Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr - Fig.2
Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr – Fig.2

Resources

Microsoft has released a Microsoft-signed CAB file here to check and monitor Meltdown Spectre Vulnerabilities. In this post, we will see a video tutorial that explains how to download, Import, and deploy the configuration baseline for Microsoft Security Advisory ADV180002.

Monitor Meltdown Spectre Vulnerabilities with SCCM Configuration Manager ConfigMgr – Video 2

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Intune-SCCM-Free-Virtual-Labs-to-Get-Hands-On-Experience

Intune SCCM Free Virtual Labs to Get Hands On Experience

Let’s discuss the Intune SCCM Free Virtual Labs to Get Hands-On Experience. Acquire the SCCM, Intune, Windows 10, and Azure cloud skills at your own pace. As I mentioned in the “Future of SCCM Admin Jobs” post, these new skills are essential for our job security.

In this post, you will see Free SCCM Virtual Labs by Microsoft. Setup – Free Azure Lab And Azure For Students Lab Setup HTMD Blog (anoopcnair.com).

Microsoft provides free SCCM Virtual Labs to help IT Admins and Developers learn new technologies. The old links to SCCM and Intune TechNet Virtual Labs are NOT working.

This post provides more details about SCCM Intune Windows 10 hands-on lab training. NO LABS are available now. Intune SCCM Certification Learning Exams HTMD Blog (anoopcnair.com)

VideoHow to Use New Microsoft Virtual Labs

Intune SCCM Free Virtual Labs to Get Hands On Experience – Have TechNet Virtual Labs been migrated to the Azure platform?

It seems that the TechNet virtual labs have been migrated to the Azure platform. From the jump host server detail, virtual labs have been migrated to Azure Cloud Apps.

The new virtual LABs platform requires a Remote Desktop Protocol (RDP) client. This will work when you have an RDP client on MacOS machines.

  • jumphostek5ehejhpwq5g.southcentralus.cloudapp.azure.com:3389

However, I couldn’t find any communication or announcement from Microsoft. Two previous posts contain information about SCCM and Intune TechNet virtual labs.

There were 36 hands-on labs available for SCCM and Intune. However, none of these hands-on labs are accessible at the moment. I only saw a Microsoft Excel hands-on lab in the TechNet virtual lab portal.

Intune SCCM Free Virtual Labs to Get Hands On Experience - Fig.1
Intune SCCM Free Virtual Labs to Get Hands On Experience – Fig.1

Microsoft moved TechNet Labs http://technet.microsoft.com/en-us/virtuallabs to a new hosting solution or Azure called Microsoft Self-Paced Labs. More details about Self-paced labs are here –  https://www.microsoft.com/handsonlabs/SelfPacedLabs.

Advantages of Microsoft Self-Paced Hands-on labs

Microsoft technologies are getting changed frequently. The IT pros struggle to get their private labs updated at the same pace as Microsoft is releasing new features.

Microsoft self-paced labs ( Free SCCM Virtual Labs) can help IT Pros get hands-on experience with new technology features. As of 08-Jan-2017, only 289 Self-paced Labs were available.

The migration to Azure CloudApps suits IT admins who want to learn new technologies using an agile method. The new platform does not depend on browsers or OSs.

These SCCM Intune Windows 10 Hands-On Labs training will run on Chrome, Firefox, Safari, Mac-OS, etc. Microsoft Azure, Intune, SCCM, etc., and hands-on labs (Free SCCM Virtual Labs) are readily available for IT pros to get the experience.

Microsoft self-paced hands-on labs enable IT Pros to experience a software product or technology using a cloud-based private virtual environment.

IT Pros or SCCM admins will be given instructions and access to one or more SCCM SQL virtual servers. No additional software or setup is required. We need to complete these instructions within 120 minutes or less.

Enjoy hands-on learning according to your schedule with Microsoft’s free, Self-paced Labs. This will surely help keep your cloud knowledge fresh.

Intune SCCM Free Virtual Labs to Get Hands On Experience - Fig.2

Intune SCCM Free Virtual Labs to Get Hands On Experience – Fig.2

SCCM Intune and Windows 10 Virtual Labs

Following are the links to get access to Hands-on virtual labs. There are only 5 Self-paced Labs for SCCM. As I explained in the video tutorial here, you need to download the RDP file into your machine.

Once the RDP file is downloaded, launch the file to connect to the Jump host server in the Azure cloud. This jump host server will have all the instructions and details to complete the hands-on training activities. These guidelines could vary depending on technology like Intune, SCCM, Azure, or Windows 10.

SCCM Hands-On Labs Training

NOTE—As of 14 May 2019, only two labs are available for SCCM. Start searching with the keyword “Configuration Manager.”

SCCM CO-Management Lab

Getting Started with Co-Management and System Center Configuration Manager and Intune SC00116.

SCCM Windows 10 In-place Upgrade Task Sequence

Microsoft 365 Deployment Workshop – OS00203

https://www.microsoft.com/handsonlabs/SelfPacedLabs#keywords=Configuration%20Manager&page=1&sort=Newest https://www.microsoft.com/handsonlabs/SelfPacedLabs#keywords=ConfigMgr&page=1&sort=Newest

Microsoft Intune – Free Virtual Labs

Secure your enterprise data on mobile devices with Microsoft 365 and Microsoft Intune… OS00198

https://www.microsoft.com/handsonlabs/SelfPacedLabs#keywords=Intune&page=1&sort=Newest

Windows 10 – Self-paced Labs – Hands-On Labs Training

Let’s discuss the Windows 10 self-paced Labs hands-on labs training.

https://www.microsoft.com/handsonlabs/SelfPacedLabs#keywords=Windows%2010&page=1&sort=Newest
Intune SCCM Free Virtual Labs to Get Hands On Experience - Fig.3

Intune SCCM Free Virtual Labs to Get Hands On Experience – Fig.3

List of SCCM Intune Windows 10 Hands-On Labs Training

Free SCCM Virtual Labs – Most labs are unavailable, but Microsoft promised to work on this topic to provide more virtual labs.

Intune Hands-On Labs Training

Let’s discuss the Intune Hands-On Labs Training. The list below helps you to show it.

Intune Hands-On Labs Training
Acquire Trial Accounts for Intune Enterprise Mobility Suite (EMS) Lab Series
Configure Conditional Access to Exchange Online
Configure ActiveSync Email Profiles
Configure Mobile Application Management (MAM) Without Enrolling Devices
Configure Mobile Application Management (MAM)
Deploy MSI Applications to Windows 10 Using Intune and Mobile Device Management (MDM)
Configure Multi-Factor Authentication for Mobile Device Management (MDM)
Intune SCCM Free Virtual Labs to Get Hands On Experience – Table 1
  • Microsoft Intune – Acquire Trial Accounts for Intune Enterprise Mobility Suite (EMS) Lab Series
  • Microsoft Intune – Configure Conditional Access to Exchange Online
  • Microsoft Intune – Configure ActiveSync Email Profiles
  • Microsoft Intune – Configure Mobile Application Management (MAM) Without Enrolling Devices
  • Microsoft Intune – Configure Mobile Application Management (MAM)
  • Microsoft Intune – Deploy MSI Applications to Windows 10 Using Intune and Mobile Device Management (MDM)
  • Microsoft Intune – Configure Multi-Factor Authentication for Mobile Device Management (MDM)

Windows 10 Hands-On Labs Training

Let’s discuss the Windows 10 Hands-On Labs Training. The section below helps you to demonstrate it.

Upgrade to Windows 10 with System Center Configuration Manager Microsoft Intune – Deploy MSI Applications to Windows 10 Using Intune and Mobile Device Management (MDM). Upgrade to Windows 10 using the Microsoft Deployment Toolkit or System Center Configuration Manager. Customize the Windows 10 start menu and taskbar during deployment. Troubleshoot device management in Windows 10. Simplify Windows 10 deployment by using provisioning packages Exploring Virtualization on Windows 10 and Windows Server 2016, Upgrade to Windows 10 by using the Microsoft Deployment Toolkit or System Center Configuration Manager Enable and secure a remote workforce by joining Windows 10 to Azure Active Directory Windows 10 and Enterprise Mobility Windows 10 and Enterprise Mobility – Move between Servicing Rings using a Group Policy Object Windows 10 and Enterprise Mobility – Deploying Windows 10 using Microsoft Deployment Toolkit.

SCCM Hands-On Labs Training

Let’s discuss the SCCM Hands-On Labs Training. The screenshot below helps you provide it.

Intune SCCM Free Virtual Labs to Get Hands On Experience - Fig.4
Intune SCCM Free Virtual Labs to Get Hands On Experience – Fig.4
  • Upgrade to Windows 10 with System Center Configuration Manager
  • Manage Office 365 ProPlus with System Center Configuration Manager
  • Upgrade to Windows 10 using the Microsoft Deployment Toolkit or System Center Configuration Manager
  • Upgrade to Windows 10 by using the Microsoft Deployment Toolkit or System Center Configuration Manager
  • Deploying Windows 8.1 with ConfigMgr 2012 R2 and MDT 2013

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

FIX SCCM CB Redist Files Download Issue 2

FIX SCCM CB Redist Files Download Issue

Let’s FIX the SCCM CB Redist Files Download Issue. In this post, you will see how to Fix the SCCM CB Download Issue. In this post, we will see the Fix to SCCM CB Redist Download Issue and the walkthrough of the new features.

In my scenario, REDIST prerequisite files were not downloading. The ConfigMgrSetup.log showed errors related to the REDIST file download. If you have problems downloading redist files, the ConfigMgrSetup.log is the best place to find the issue’s root.

Once the prerequisite files are downloaded, then copy those files to D:\Program Files \Microsoft Configuration Manager\EasySetupPayload\<Update PackageGUID >\Redist folder.

I don’t recommend doing this in your production environment. Robert Marshall’s tip helped me resolve the issue, and I mentioned this in the tweet.

SCCM CB Download Stuck at Redist Step – FIX SCCM CB Redist Files Download Issue

I am having trouble downloading the SCCM CB version in my test lab. I have gone through my previous posts to fix the download issue.

The following post, “CMUpdateReset.exe Tool Fixes SCCM CB Update Download Issue,” provides more details. However, it didn’t work for me this time. I got the following error in the DMPDownloader.log.

I downloaded the prerequisite files separately using SETUPDL.EXE as I explained in my previous post “Learn How to Download SCCM ConfigMgr CB Prerequisite Files“.

FIX SCCM CB Redist Files Download Issue - Fig.1
FIX SCCM CB Redist Files Download Issue – Fig.1

SCCM Download Issues

I could see that the SCCM 1712 update had been downloaded on the following path: “D: Program FilesMicrosoft Configuration ManagerEasySetupPayload.”

But the status does not change from Downloading to Ready to Install. The fix for the SCCM CB preview 1712 Redist download issue has been explained below.

ERROR: Failed to download redist for 51d629d3-c355-4b80-ad6f-ba44b27f84ed with command /RedistUrl http://go.microsoft.com/fwlink/?LinkID=860262 /LnManifestUrl http://go.microsoft.com/fwlink/?LinkID=860266 /RedistVersion 201712 /NoUI “\\SCCMTP1.INTUNE.COM\EasySetupPayload\51d629d3-c355-4b80-ad6f-ba44b27f84ed\redist” Failed to download redist for 51d629d3-c355-4b80-ad6f-ba44b27f84ed.

FIX SCCM CB Redist Files Download Issue - Fig.2
FIX SCCM CB Redist Files Download Issue – Fig.2

The following are the 5 high-level processes that happen in the background when the SCCM CB updates are downloaded to your server.

5 High-Level Processes that Happen in the Background when the SCCM CB Updates
Process update package
Download the updated package cab file
Extract update package payload
Download redist
Report package as downloaded
FIX SCCM CB Redist Files Download Issue – Table 1

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

SCCM Intune Community Around Me 3

SCCM Intune Community Around Me

As David James mentioned in his tweet, SCCM’s summary of 2017 includes three production releases (SCCM CB 1702, 1706, and 1710).

There have been 12 Tech Preview releases of SCCM CB, hundreds of new features, 14k code check-ins, and bug fixes, and now managing more than 100 million endpoints. In this post, we will learn more about the 2017 SCCM ConfigMgr Intune community around me.

I can see that Microsoft Intune releases new features every week. More details are available in “What’s new in Microsoft Intune.” Also, the Intune community is growing strong worldwide and in India.

During the Bangalore IT Pro event, I learned that 99% of SCCM admins (who attended the event) realized they had to learn Intune, and they started to learn Intune.

Bangalore IT Pro SCCM Community

We recently conducted an in-person event for SCCM/Intune professionals all around India. This event was conducted at the Microsoft office in Bangalore. We had more than 80 SCCM professionals from different parts of India, like Chennai, Hyderabad, Delhi, and Bangalore.

Follow #BITPro Twitter Handler to Join the next events.

Roadmap of a Successful Blog

I started blogging in 2010, and I have more than 900 posts. 2017 was a very successful year for me in sharing my knowledge through my blog.

SCCM Intune Community Around Me - Fig.1
SCCM Intune Community Around Me – Fig.1

I started working on video tutorials for almost all the technical posts. How-to video guides are included for Intune, SCCM, and Windows 10. Thank you all for your great support over the years.

I’m working with other IT Pro colleagues to improve the blog experience and provide more valuable content to the SCCM/Intune community. More news about this will be available in 2018. I’m excited about next year for the SCCM/Intune community.

Subscribe to Anoop’s newsletter through the SUBSCRIBE button on the blog. Like the Facebook page to get updated on new posts of AnoopCNair.com. We have loads of SCCM Intune-related videos on the Facebook page below.

SCCM Facebook Groups – Community

We have a great SCCM professional community available on Facebook. We have more than 11,200 members in this SCCM professional Facebook group. If you want to join the SCCM, Intune, and Desktop Facebook community, please enter them with the following links.

SCCM Intune Community Around Me - Fig.2
SCCM Intune Community Around Me – Fig.2

Subscribe SCCM Intune YouTube Channel

I have a YouTube channel with more than 830 subscribers, 156,360 views, and 160 video tutorials. I started concentrating on my YouTube channel in 2017, and 90% of my subscribers are from 2017. Most of the videos are on SCCM, Intune, and Windows 10.

ConfigMgr SCCM LinkedIn Group

This is one of my old SCCM LinkedIn groups that started in 2010. At that time, Facebook groups were not there and were famous. Several different SCCM groups on LinkedIn, so I created this one for the Indian SCCM community.

We have more than 1900 members in this group. Some of them are still active. We announce Bangalore IT Pro events in this Indian SCCM Professionals LinkedIn group. This is for the people who don’t like Facebook or consider Facebook as a personal social media site.

SCCM Intune Community Around Me - Fig.3
SCCM Intune Community Around Me – Fig.3

WhatsApp SCCM Professional Group

I created a WhatsApp group for SCCM/Intune Professionals back in 2015. This is mainly to avoid people creating different WhatsApp groups in our Facebook SCCM group. I have created an official WhatsApp group for SCCM professionals after many discussions.

We have several admins in that WhatsApp group, and we don’t allow any spam/forwarded messages in that group apart from the Job/Opening of SCCM/Intune professionals. This is to help others get a better opportunity in their SCCM career.

  • Join #2 SCCM Professional GRP HERE

Happy New Year and Best Wishes for 2018

We already crossed the maximum limit of a WhatsApp group (#1 SCCM Professional GRP – 256 members). After many thoughts, discussions, and market analysis, we decided to create another WhatsApp group (#2 SCCM Professional GRP ), and we already have more than 100 members.

SCCM Intune Community Around Me - Fig.4
SCCM Intune Community Around Me – Fig.4

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Download Install Configure MDT 8450 SCCM Configuration Manager ConfigMgr 4

Download Install Configure MDT 8450 SCCM Configuration Manager ConfigMgr

Let’s discuss how to Download, Install, and Configure MDT 8450 SCCM Configuration Manager ConfigMgr. I downloaded Microsoft DeploymentToolkit_x64.MSI and installed it on the SCCM CB lab environment. MDT 8450 is available in 32—and 64-bit versions. 

This version (build 6.3.8450.1000) of the Microsoft Deployment Toolkit requires a Windows 10 ADK build. This post will show you how to Download, Install, and Configure MDT 8450.

Microsoft Deployment Toolkit (MDT) is formerly Business Desktop Deployment (BDD). MDT is an application that provides network deployment capabilities for Microsoft Windows operating systems.

In this post, you will find all the details on how to Download and Install and Configure MDT 8450 SCCM Configuration Manager ConfigMgr. MDT is a free tool for automating Windows and Windows Server operating system deployment.

If you have an SCCM environment, you can integrate SCCM with MDT to provide enhanced features (UDI and ZTI) to your OS deployment process.

More Videos – Subscribe to the YouTube channel

Download Install Configure MDT 8450 SCCM Configuration Manager ConfigMgr

You can download the latest version of Microsoft Deployment Toolkit (MDT). This version (build 6.3.8450.1000) requires the Windows 10 1709 ADK build.

Download Install Configure MDT 8450 SCCM Configuration Manager ConfigMgr - Fig.1
Download Install Configure MDT 8450 SCCM Configuration Manager ConfigMgr – Fig.1

What is Microsoft Deployment Toolkit (MDT)?

The Microsoft Deployment Toolkit (MDT) is a free tool for automating Windows and Windows Server operating system deployment, leveraging the Windows Assessment and Deployment Kit (ADK) for Windows 10.

Download Install Configure MDT 8450 SCCM Configuration Manager ConfigMgr - Fig.2
Download Install Configure MDT 8450 SCCM Configuration Manager ConfigMgr – Fig.2

The following information is copied from the MDT deployment Workbench. The Microsoft Deployment Toolkit (MDT) provides a unified collection of tools, processes, and guidance for automating desktop and server deployments.

In addition to reducing deployment time and standardizing desktop and server images, MDT offers improved security and ongoing configuration management.

MDT supports deploying Windows 10 through Windows 7 and the associated server and embedded operating systems.

Features such as Windows 10 in-place upgrade, flexible driver management, optimized user interface workflow, and Windows PowerShell scripting can simplify deployment and simplify your job. Deploy faster and easier with MDT.

For example, if your organization doesn’t have an SCCM infra to perform OS deployments, you can use MDT.

Download Install Configure MDT 8450 SCCM Configuration Manager ConfigMgr - Fig.3
Download Install Configure MDT 8450 SCCM Configuration Manager ConfigMgr – Fig.3

MDT Requirements and Prerequisites

Following are the supported OS to install the latest version of MDT. It can be installed on the client’s OS versions of Windows. Other Requirements of MDT are Windows ADK for Windows 10, version 1709 or later, which is required for all deployment scenarios.

MDT Requirements and Prerequisites
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Download Install Configure MDT 8450 SCCM Configuration Manager ConfigMgr – Table 1

SCCM version 1710 or later is required for zero-touch installation (ZTI) and user-driven installation (UDI) scenarios. 

When using ZTI and/or UDI, you can add the MDT SQL database to any version of SCCM with SQL Technology; if you are using LTI, you must use a separately licensed SQL Server product to host your MDT SQL database.

Download Install Configure MDT 8450 SCCM Configuration Manager ConfigMgr - Fig.4
Download Install Configure MDT 8450 SCCM Configuration Manager ConfigMgr – Fig.4

Installation, Configuration, and Integration of the Latest Version of MDT 8450

More details are available in the video guide below.

Download Install Configure MDT 8450 SCCM Configuration Manager ConfigMgr – Video 1

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Video Guide Windows Server 2016 Backup Solution from Veeam 5

Video Guide Windows Server 2016 Backup Solution from Veeam

Let’s discuss the Video Guide Windows Server 2016 Backup Solution from Veeam. Veeam offers a backup and restore solution for Microsoft Windows devices.

Veeam Agent for Microsoft Windows can take servers, desktops, and laptop backups. Previously, this solution was known as “Veeam Endpoint Backup“.

This post will show a Video Guide on Veeam’s Windows Server 2016 Backup Solution. The next three posts will cover Veeam’s Windows endpoint backup solution.

Under the post-Veeam Backup for the O365 v4 Community Version Upgrade Guide, you will find all the details of Veeam Backup for the O365 v4 Community Version. Veeam released the latest version of Veeam Backup for Microsoft Office 365 with many enhancements.

  1. Windows 10 backup and recovery Software from Veeam
  2. Video Guide Windows Server 2016 Backup Solution from Veeam

Video Guide Windows Server 2016 File & Volume Recovery Solution from Veeam

Veeam has a free backup and restore solution for Microsoft Windows devices. Veeam Agent for Microsoft Windows can take backups of servers, desktops and laptops. Previously, this solution was known as “Veeam Endpoint Backup“.

Video Guide Windows Server 2016 Backup Solution from Veeam – Video 1

Video Guide Windows Server 2016 Backup Solution from Veeam

Veeam Vanguard is a community program by Veeam, and I’m honoured and privileged to be part of this exciting tech community.

Video Guide Windows Server 2016 Backup Solution from Veeam
Installation of Veeam Agent on Microsoft Windows Server 2016
Create Recovery Media
Taking Backup of Server 2016 as per schedule
Video Guide Windows Server 2016 Backup Solution from Veeam – Table 1
Video Guide Windows Server 2016 Backup Solution from Veeam - Fig.1
Video Guide Windows Server 2016 Backup Solution from Veeam – Fig.1

Install Veeam Agent for Windows on Server 2016

Veeam Agent for Microsoft Windows is a data protection and disaster recovery solution for physical and virtual machines. It can protect different types of computers and devices, including desktops, laptops, and tablets. The solution can be installed on any computer that runs the following OS.

  • Microsoft Windows 7 SP1 or later
  • Microsoft Windows 2008 R2 SP1 or later
Video Guide Windows Server 2016 Backup Solution from Veeam - Fig.2
Video Guide Windows Server 2016 Backup Solution from Veeam – Fig.2

The installation of the Veeam Agent for Windows is straightforward. It will automatically take care of installing prerequisites like SQL Express, etc. After the installation, you will be able to see.

  • Veeam Agent for Microsoft Windows Service
  • Veeam Agent Tray
  • SQL Server 2012 Express LocalDB

How to Create Recovery Media for Server 2016

Once the Veeam Agent for Windows is installed, the first step is to create a Veeam Recovery media. Veeam Agent for Microsoft Windows lets us create a Veeam Recovery Media, which is nothing but a recovery image of your computer.

You can boot your computer or server with recovery media, fix the OS system errors on your server 2016, or restore data from the backup. Microsoft Windows RE (Recovery Environment) automatically reboots after 72 hours of continuous use. All data that has not been saved before reboot will be lost.

Video Guide Windows Server 2016 Backup Solution from Veeam - Fig.3
Video Guide Windows Server 2016 Backup Solution from Veeam – Fig.3

You can launch the recovery media creation wizard from the Veeam Agent for the Windows home page. As the video tutorial shows, media creation is straightforward.

It took nearly 9 minutes to create a recovery media on my server 2016. The wizard will prompt you to format the USB during the media creation. At the high level, the following are the tasks.

  • Mounting Recovery Environment Image
  • Copy Veeam Recovery Environment files
  • Adding .NET framework
  • Adding system drivers
  • Copying boot files
  • Unmounting Recovery Image
  • Preparing USB disk
  • Copying data to USB disk
  • Recovery media has been created

Take Full Backup of Server 2016 using Veeam Agent for Windows

Veeam Agent for Windows offers three backup modes: “Entire computer,” “Volume-level backup,” and “File-Level backup.” Veeam Agent for Windows servers supports five backup options listed below.

  • Removable storage device
  • Local computer drive
  • Network shared folder
  • A Veeam backup server manages the backup repository
  • Cloud repository managed by a Veeam Cloud Connect service provider
Video Guide Windows Server 2016 Backup Solution from Veeam - Fig.4
Video Guide Windows Server 2016 Backup Solution from Veeam – Fig.4

“Configure backup” is the Veeam agent’s option to start configuring and scheduling the backup for the Windows server. The recommended option in the Veeam Agent for Windows is backing up your entire server. This helps with fast recovery on any level.

I selected the Entire Computer backup option for my server 2016. I used the external hard disk (local storage) to back up the server in 2016. This is my Hyper-V server in my lab. The video tutorial here provides more details. The following are the tasks that I could see.

  • Initializing
  • Preparing for backup
  • Creating VSS snapshot
  • Calculating digests
  • Getting a list of local users
  • System Reserved (disk 0) (500.0 MB) 42.0 MB read at 42 MB/s
  • (C:)(49.0 GB)42.4 GB read at 74 MB/s
  • Local Disk (E:) (188.5 GB) 37.4 GB read at 84 MB/s
  • Saving GuestMembers.xml
  • Finalizing
  • Truncating transaction logs
  • Truncating SQL server transaction logs
  • Processing finished
Video Guide Windows Server 2016 Backup Solution from Veeam - Fig.5
Video Guide Windows Server 2016 Backup Solution from Veeam – Fig.5

Resources

Veeam Agent for Microsoft Windows – User Guide

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.