Anoop C Nair

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc...
SCCM SCUP 2017 How to Publish 3rd Party App PatcheMAIN

SCCM SCUP 2017 How to Publish 3rd Party App Patches

Let’s discuss the SCCM SCUP 2017 How to Publish 3rd Party App Patches. I have published a post about installing and configuring the SCUP 2017 preview version.

You can have a look at that post before going through this post. More details SCUP 2017 Preview Installation and Configuration Video Guide

The SCUP installation process is straightforward. Similar to SCCM, the SCUP console has different workspaces. This post will show how to publish third-party app patches using SCCM SCUP 2017.

The first step is to import a third-party Application Catalog to SCUP 2017. The following are out-of-the-box Partner Software Update Catalogs with the SCUP 2017 preview version.

Adobe Acrobat X, Adobe Acrobat 11, Adobe Reader X, Dell Business Client, Dell Server, Fujitsu PRIMERGY, HP Client, and HPE ProLiant.

SCCM Built-in Third-party Software Update Publishing Feature without SCUP – NO Need for SCUP Anymore

This video provides comprehensive details about the SCCM built-in third-party software update publishing feature, eliminating the need for SCUP. SCCM now offers an easy process for publishing third-party software updates directly within its interface without relying on SCUP anymore.

SCCM SCUP 2017 How to Publish 3rd Party App Patches – Video 1

SCCM SCUP 2017 How to Publish 3rd Party App Patches

We must add third-party applications to SCCM SUP products like Abode, Dell, Fujitsu, and HP. To do so, navigate through SCCM Settings, Configure Site Components, Software Update Point, Products, and Adobe Systems. Inc. – Abode Acrobat.

SCCM SCUP 2017 How to Publish 3rd Party App Patches - Fig.1
SCCM SCUP 2017 How to Publish 3rd Party App Patches – Fig.1

SCUP 2017 Publish 3rd Party Apps Updates to SCCM 

We are ready to publish the 3rd part of the app updates to SCCM. Right-click on all the updates from SCUP and publish them to SCCM CB.

Select the Automatic option while deploying the 3rd party app updates to SCCM. The automatic option is available only when SCCM integration is selected in SCUP.

Click Automatic to allow updates. The publisher will query SCCM to determine whether the selected software updates are published with full content or only metadata.

In this mode, software updates are only published when they meet the client request count and package source size thresholds specified on SCCM. Only the software update definition(metadata) is published if neither threshold is met.

Confirmation
1 Updates were selected for publish
1 Updates were published metadata only
SCCM SCUP 2017 How to Publish 3rd Party App Patches – Table 1
SCCM SCUP 2017 How to Publish 3rd Party App Patches ConfigMgr | Configuration Manager Endpoint Manager
SCCM SCUP 2017 How to Publish 3rd Party App Patches – Fig.2

We also need to Sign all software updates with a new publishing certificate when published software updates have not changed but their certificate has changed.

SCCM Software Update Sync after Publishing 3rd Party Apps

SCCM All Software Update Sync to have the newly added Acrobat 11 and other app product updates in the SCCM console.

We have published one new update from the SCUP console, bringing the total number of third-party updates to five. After the SYNC, SCCM should have five Acrobat updates.

SCCM SCUP 2017 How to Publish 3rd Party App Patches - Fig.3
SCCM SCUP 2017 How to Publish 3rd Party App Patches – Fig.3

References

SCCM + SCUP Wiki https://blogs.technet.microsoft.com/jasonlewis/

System Center Updates Publisher June 2017 Preview is now available https://blogs.technet.microsoft.com/enterprisemobility/2017/07/03/system-center-updates-publisher-june-2017-preview-is-now-available/

System Center Updates Publisher https://docs.microsoft.com/en-us/sccm/sum/tools/updates-publisher/ 

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

SCUP 2017 Preview Installation and Configuration Video Guide 1

SCUP 2017 Preview Installation and Configuration Video Guide

Let’s discuss the SCUP 2017 Preview Installation and Configuration Video Guide. Microsoft recently released the preview version of System Center Updates Publisher (SCUP)2017, which adds support for Windows 10 and Windows Server 2016.

SCUP is a stand-alone tool that enables 3rd party applications (non-Microsoft apps) or LOB application developers to manage custom updates.

SCUP can be integrated with WSUS and SCCM. This post will provide a video guide for SCUP 2017 preview installation and configuration.

More details about How to Publish 3rd Party Abode Acrobat Patches via SCCM SCUP 2017. The SCUP installation process is straightforward, as you can see in the video embedded in this post. Similar to SCCM, we have different workspaces in the SCUP console.

SCUP 2017 Preview Installation and Configuration Video Guide – Install SCUP 2017 on Server 2016

Those SCUP workspaces are Updates Workspace, Publications Workspace, Rules Workspace, and Catalogs Workspace. You can navigate to “Update Workspace – Overview” and add updated catalogs from partners like Adobe.

SCUP 2017 Preview Installation and Configuration Video Guide - Fig.1
SCUP 2017 Preview Installation and Configuration Video Guide – Fig.1

Import 3rd Party Application Catalog to SCUP 2017

Add partner software updates catalogs allow us to download/Import third-party app catalogs like Adobe Acrobat 11 Updates. This initiates the Acrobat11_Catalog.cab file download. As part of the process, we must also accept the catalog’s security validation from a vendor like Adobe System. 

Several updates are available in a catalog or cab file, like Acrobat11_Catalog.cab. The Adobe Acrobat 11 update catalog has 20 updates available, similar to Acrobat 11.0.18 Update and Acrobat 11.0.20 Update. All these updates are imported to SCUP.

There are options to edit/customize third-party application updates imported into SCUP. The package information tab has all the details about the location from which the actual source file, like AcrobatUpd11001.msp, will be downloaded.

We can also specify the installation command line, etc., for each update. There are several options to customize each update. The following are the main customization options for each update: the package, Information, Optional Info, Prerequisite, Supersedence, Applicability, Installed, etc.

SCUP 2017 Preview Installation and Configuration Video Guide - Fig.2
SCUP 2017 Preview Installation and Configuration Video Guide – Fig.2

SCUP 2017 Integration with SCCM and WSUS

SCUP can be integrated with WSUS and SCCM. One prerequisite for this integration is SCUP and WSUS (+ SCCM) connectivity. This connectivity must publish third-party patch updates to WSUS and then to SCCM.

The SCUP console has a checkbox option to enable publishing updates to an update server (WSUS server). As you explained in the above video, you must create a self-signed certificate for WSUS connectivity. A similar option enables configuration manager (SCCM) integration with SCUP 2017.

SCUP 2017 Preview Installation and Configuration Video Guide - Fig.3
SCUP 2017 Preview Installation and Configuration Video Guide – Fig.3

The configuration options and workspaces have not changed in the SCUP 2017 preview version (compared with previous versions of SCUP). I recommend installing WSUS and the SUP component from the SCCM console before connecting the SCUP with WSUS. 

As you can see in the screenshot above, the test connection succeeded. However, no signing certificate was detected for the update server. You cannot publish content to the update server without registering a signing certificate.

SCUP 2017 Certificate Export and Import Activities

We need to export the WSUS certificate from MMC and import it to the locations mentioned below. We must also add the signing certificate used for publishing to the following certificate stores on the SCUP and WSUS computers: Trusted Publishers and Trusted Root Certificate Authorities.

  • The settings for this connection are not saved until we click OK on the Options dialog box.
  • The WSUS and SCCM connection tests were successful after the certificates were imported to MMC.
  • Now, we are ready to publish the updates to WSUS. Publish the updates to WSUS and SCCM via SCUP.
SCUP 2017 Preview Installation and Configuration Video Guide - Fig.4
SCUP 2017 Preview Installation and Configuration Video Guide – Fig.4

Reference

System Center Updates Publisher June 2017 Preview is now available

System Center Updates Publisher

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc……………

Server 2016 Domain Join Error Code 0x0000267C Windows Server Troubleshooting Issues on Domain Join 2

Server 2016 Domain Join Error Code 0x0000267C Windows Server Troubleshooting Issues on Domain Join

Let’s discuss the Server 2016 Domain Join Error Code 0x0000267C Windows Server Troubleshooting Issues on Domain Join. Editing a host file can be dangerous, and it can be misleading. This is the first lesson of this post.

We will see how to perform the domain join operation for Server 2016 and How to avoid Server 2016 Domain Join Error Code 0x0000267C. I was not able to join the server to the domain.

I tried using the domain’s NetBIOS name to complete FQDN without success. However, I was confident that the DNS server was configured correctly on the newly built server. The troubleshooting and domain join processes are explained in the video here.

The DC server was unreachable from the newly built server because of firewall configurations on the local server. Disabling the firewall on the server resolved the reachability issue.

The Basic Checks We Need to Perform before Joining a Server 2016 to Domain are

  1. Ping DC server with IP
  2. Ping DC server with a short name
  3. Ping DC server with FQDN
  4. Remove the host file entries if there is an entry with the domain name or DC server name.
  5. Check that the required Firewall ports are opened between the member and DC servers.
  6. Check the antivirus software (Symantec/MacAfee) is NOT blocking the communication.

How to Domain Join Server 2016 Error Code 0x0000267C

This video provides a comprehensive guide on resolving the Domain Join error code 0x0000267C on Windows Server 2016. This error typically indicates issues with DNS configuration or network connectivity, which are crucial for successfully joining a server to a domain.

Server 2016 Domain Join Error Code 0x0000267C Windows Server Troubleshooting Issues on Domain Join – Video 1

Server 2016 Domain Join Error Code 0x0000267C Windows Server Troubleshooting Issues on Domain Join

I received the following domain join error on the server 2016 machine. An Active Directory Domain Controller (AD DC) for the domain “Intune.com” could not be contacted. Ensure that the domain name is typed correctly. If the name is correct, click details for troubleshooting information. I made sure that the domain name was correctly entered.

C:\Windows\Debug\dcdiag.txt is the log file that can provide more details when you have any issues with domain join. I checked the DCDIAG.log file, and it gave more information about the domain join issue.

Server 2016 Domain Join Error Code 0x0000267C Windows Server Troubleshooting Issues on Domain Join - Fig.1
Server 2016 Domain Join Error Code 0x0000267C Windows Server Troubleshooting Issues on Domain Join – Fig.1

Domain Join Error Details

Let’s discuss the details of the Domain Join Error. The screenshot below will provide more information to help you understand the issue better. This error typically occurs when there are problems with DNS configuration or network connectivity, which are essential for successfully joining a Windows Server 2016 to a domain.

  • The screenshot will highlight the specific error messages and details that can guide us in troubleshooting and effectively resolving the problem.
An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "intune.com".
The error was: "No DNS servers configured for local system." 
(error code 0x0000267C DNS_ERROR_NO_DNS_SERVERS)
The query was for the SRV record for _ldap._tcp.dc._msdcs.intune.com

Server 2016 Domain Join Error NO DNS SERVER

Resolution

The domain name was correctly mentioned during the server 2016 domain join process. Also, the server can ping the domain and DC. However, when I checked the host file of the local 2016 server, I found some domain name mapping entries. I deleted those entries from the host file.

Also, I checked the IPCONFIG information on the server and noticed that the DNS server IP was not configured. Rather, it was configured as a gateway device IP. I removed the gateway IP and correctly configured the DNS server IP in the IPCONFIG utility.

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

SCCM Console Keyboard Shortcuts_1

SCCM Keyboard Shortcuts

Let’s discuss the SCCM Keyboard Shortcuts. SCCM console shortcuts are handy in some scenarios, like during demos, training sessions, etc. We can just “show off” that we have some handy SCCM CB Console keyboard shortcuts.

This video post will discuss some very useful SCCM Console keyboard shortcuts. How many of you have used MMC keyboard shortcuts with the SCCM 2007 MMC console? Those MMC shortcuts won’t work with SCCM CB versions.

The SCCM CB preview version introduced new keyboard shortcuts, such as CTL + M, CTL + T, etc. I’m not a frequent user of SCCM console keyboard shortcuts, but I think they could be useful at times.

As you can see in the video below, I have not used MOUSE at all to move around the SCCM CB console.

SCCM Keyboard Shortcuts

This video provides a detailed explanation of the SCCM Keyboard Shortcuts Quick Video Guide. It covers a comprehensive range of keyboard shortcuts designed to enhance your efficiency and productivity when using SCCM.

SCCM Keyboard Shortcuts – Video 1

SCCM Workspace Keyboard ShortcutsSCCM Console Keyboard Shortcuts

Some extra shortcut keys are available for the SCCM CB Preview 1706 version (I’ve shown them in the video and the screen capture below).

  • Assets and ComplianceCtrl+1
  • Software Library – Ctrl+2
  • Monitoring – Ctrl+3
  • Administration – Ctrl+4
SCCM Keyboard shortcutWorkspace
Ctrl + 1Assets and Compliance
Ctrl + 2Software Library
Ctrl + 3Monitoring
Ctrl + 4Administration
SCCM Keyboard Shortcuts – Table 1
SCCM Keyboard Shortcuts - Fig.1
SCCM Keyboard Shortcuts – Fig.1

Ctrl + M Sets focus on the main (central) pane. As I showed in the video, you can select each computer using the CTL + M SCCM CB console keyboard shortcut.

As I showed in the video, the left pane selects users, devices, and user collections. Ctrl + T – Sets focus on the navigation pane’s top node. If the focus was already in that pane, the focus is set to the last node you visited.

SCCM Keyboard Shortcuts - Fig.2
SCCM Keyboard Shortcuts – Fig.2
SCCM Keyboard ShortcutPurpose – Use of Shortcuts
Ctrl + MSet the focus on the main (central) pane.
Ctrl + TSet the focus to the top node in the navigation pane. If the focus was already in that pane, the focus is set to the last node you visited.
Ctrl + ISet the focus to the breadcrumb bar, below the ribbon.
Ctrl + LSet the focus to the Search field, when available.
Ctrl + DSet the focus to the details pane, when available.
AltChange the focus in and out of the ribbon.
SCCM Keyboard Shortcuts – Table 2

Set focus to search when the SEARCH option is available. Ctrl + L Sets focus on the Search field when available. I have shown this search in the embedded video. Press the CTL + T keyboard shortcut to focus on search and start searching computers/users/Site servers, etc.

Focus Summary Details pane to Ctrl + D. Sets focus to the details pane when available. Press the ALT button from the keyboard to change focus in and out of the ribbon.

Ctrl + I – Sets focus on the breadcrumb bar below the ribbon. This shortcut will focus on the path, for example, \Assets and Compliance\Overview\Users.

SCCM Keyboard Shortcuts - Fig.3
SCCM Keyboard Shortcuts – Fig.3

CMPivot Console Keyboard Shortcuts

Let’s check the CMPIvot Keyboard shortcuts available to make the SCCM admin’s life easy. The table below shows the CMPivot Console Keyboard Shortcuts.

Keyboard shortcutPurpose
Ctrl + 1Set the focus on the first tab.
Alt + <To back to the address
SCCM Keyboard Shortcuts – Table 3
SCCM Keyboard Shortcuts - Fig.4
SCCM Keyboard Shortcuts – Fig.4

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

SCCM CB Preview 1706 Upgrade New Capabilities Overview Video 3

SCCM CB Preview 1706 Upgrade New Capabilities Overview Video

Let’s learn SCCM CB Preview 1706 Upgrade New Capabilities Overview Video. The SCCM team released the newest PREVIEW version of SCCM CB 1706. Most of us are waiting for the production release, which I hope will happen sometime next month.

Per my previous experience and analysis, not all newly introduced features were added to the production version. I expect the same thing might happen with the production version of SCCM CB 1706.

I don’t think all the new features introduced in the PREVIEW version of 1706 will make it to the production version of SCCM CB 1706. I’ll provide an SCCM CB Preview Version 1706 Upgrade and New Capabilities Overview Video guide in this post.

Downloading the SCCM CB 1706 preview version and upgrading from it to 1706 is straightforward. A similar process is explained in the following video step-by-step guide, “Step by Step Video Guide SCCM ConfigMgr CB TP 1705 Download and Upgrade.”

SCCM CB Preview 1706 Upgrade New Capabilities Overview Video – SCCM CB Primary Passive Site Server

Site server role high availability – Now, you can create a passive primary server with the SCCM CB 1706 preview version, and this passive primary server will use the same SQL database. The passive SCCM primary server can’t write anything to the DB.

How do you create an SCCM CB Passive Primary server? Go to Administration > Site Configuration > Sites and start the Add Site System Roles Wizard in the console.

SCCM CB Preview 1706 Upgrade New Capabilities Overview Video - Fig.1
SCCM CB Preview 1706 Upgrade New Capabilities Overview Video – Fig.1

SCCM CB SUP and Boundary Group Improvements

It improved boundary groups for SCCM CB 1706 preview software update points (SUP). Fallback for SUPs now uses a configurable time for fallback to neighbour boundary groups, with a minimum of 120 minutes.

Independent of the fallback configuration, a client who attempts to reach the last software update point is used for 120 minutes. After failing to achieve its original server for two hours, the client switches to a shorter cycle for contacting a new SUP.

Trigger Compliance Notification Alerts from SCCM CB 1706

The device compliance policy has undergone some significant improvements. You can configure a time-ordered sequence of actions applied to devices that are out of compliance. For example, you can notify users of non-compliant devices via e-mail or mark those devices as non-compliant.

This can be done via \Assets and Compliance\Overview\Compliance Settings\Compliance Policies\Compliance Notification Templates.

NameSubjectCompany LogoCompany Name
ACN NotificationACN NotificationYesYes
SCCM CB Preview 1706 Upgrade New Capabilities Overview Video – Table 1
SCCM CB Preview 1706 Upgrade New Capabilities Overview Video - Fig.2
SCCM CB Preview 1706 Upgrade New Capabilities Overview Video – Fig.2

SCCM CB Compliance Policy Options for AAD Registration and Antimalware

Also, I could see the new compliance policies for full SCCM clients, which can be used in conjunction with Conditional Access for Managed PCs. Those compliance policies are Azure Active Directory Registration and Antimalware presence.

SCCM CB Preview 1706 Upgrade New Capabilities Overview Video - Fig.3
SCCM CB Preview 1706 Upgrade New Capabilities Overview Video – Fig.3

Android and iOS Enrollment Restrictions are Available in SCCM CB 1706

Admins can now specify that users can not enroll personal Android or iOS devices in their hybrid environment, limiting enrollment to pre-declared company-owned or DEP-enrolled devices. You can configure this from an Intune subscription under Cloud Services.

New Client settings for Automatically Register the Domain Joined Devices to Azure AD (Default Client Policies)

New client settings to Configuration Manager. You’ll find these in the Cloud Services section. These settings give you the following capabilities: Control which Configuration Manager clients can access a configured cloud management gateway. Automatically register Windows 10 domain-joined SCCM clients with Azure Active Directory.

SCCM CB Preview 1706 Upgrade New Capabilities Overview Video - Fig.4
SCCM CB Preview 1706 Upgrade New Capabilities Overview Video – Fig.4

Other Important Capabilities of SCCM CB 1706 PREVIEW Version

Let’s discuss the Other critical Capabilities of the SCCM CB 1706 PREVIEW version. The list below helps you show the Other critical Capabilities of the SCCM CB 1706 PREVIEW version.

  • Create and Run Scripts – Create and run PowerShell scripts from the SCCM console.
  • Device Health Attestation assessment for compliance policies for conditional access
  • Android for Work application management policy for copy-paste
  • Android and iOS enrollment restrictions
  • New mobile application management policy settings
  • New Windows configuration item settings
  • Cisco (IPsec) support for macOS VPN profiles
  • Support for Entrust certification authorities
  • Configure Windows Update for Business deferral policies
  • Manage Microsoft Surface driver updates
  • PXE network boot support for IPv6
  • Changes to the Azure Services Wizard to support Upgrade Readiness.
  • SCCM console Accessibility improvements
  • Specify a different content location for installing content and uninstalling content
  • Hide task sequence progress
  • Include trust for specific files and folders in a Device Guard policy

Resources

Capabilities in Technical Preview 1706 for SCCM CB

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide 4

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide

Let’s discuss the Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide. How to upload and deploy MSI applications to Windows 10 machines with Intune via Azure console?  MSI application deployment could be one of the most used features in Intune (at least for a couple of years).

This video post will show the step-by-step process of MSI application deployment (Intune LOB application deployment).

NOTE! – Do not include the msiexec command or arguments, such as /i or /x, as they are automatically used. For more information, see Command-Line Options. If the .MSI file needs additional command-line options, consider using Win32 app management.

This post is also an end-to-end guide to creating MSI applications in Intune via the Azure portal. In the following post, “How to Deploy MSI App to Intune MDM Using SCCM CB and Intune“, I already blogged about MSI MDM deployment via the MDM channel. This will include:-

  • Uploading the MSI LOB app to Intune
  • Deployment or Assignment options
  • End-User Experience on Windows 10 machine
  • How to Troubleshooting with event logs and Pending Sync
  • How to get application installation status messages back to the Intune console

How to Deploy MSI LOB App from Intune Azure Console End-to-End Guide

In this video, you will learn how to deploy an MSI Line-of-Business (LOB) application using the Intune Azure Console from start to finish. The guide provides a detailed, step-by-step process covering everything you need.

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide – Video 1

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide – Upload MSI LOB Application to Intune

Uploading the MSI LOB app to Intune is a very straightforward process. Log in to the Azure portal, navigate via Microsoft Intune -> Mobile Apps -> Apps -> + Add button, and select the app type as “Line-of-Business app.” Click on “App package file,” browse to the MSI source file location, and click on the OK button, as you can see in the video here.

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide - Fig.1
Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide – Fig.1

You must complete the “App information” section before you can proceed with uploading the MSI to Intune. There are a couple of mandatory fields. Command-line options are also available in this section. However, as I have experienced, you can also see in the video.

I have not used any silent switch for MSI, but by default, Intune/MDM on Windows 10 will install the app as silent (without any user interaction or input). Click on the ADD button to complete the MSI app creation process in Intune on the Azure portal.

Deployment or Assignment options of MSI Intune LOB application deployment

It would be best to wait until the application is successfully uploaded to Intune before you can create an assignment (or deployment). An assignment is a method that we use to deploy MSI applications to Windows 10 devices. You can deploy applications to Azure AD dynamic user groups or device groups. In this video/scenario, I used the AAD dynamic user group to target the MSI LOB apps.

  • More details are available in the video here. There are different deployment types available in Intune.

Available – The user needs to go into the company portal and trigger the installation.
Not applicable – Won’t get installed
Required – Forcefully get installed without any user interaction
Uninstall – Remove the application from the device
Available with or Without enrollment  – Mobile Application Management (MAM) without MDM enrollment scenarios.

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide - Fig.2
Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide – Fig.2

End-User Experience on Windows 10 machine

Windows 10 machines will get the new application deployment policy once the assigned user is logged into that machine. What is the option to speed up the application deployment to the machines?  You need to sync with Intune services using the following method (manually).

You can go to “Settings—Access Work or School—Work or School Account—Info (click on this button)” and click on Sync. This will initiate a Windows 10 machine sync with Intune services, and after a successful sync, the machine will get the latest application policies.

How to Troubleshooting with Event Logs and Pending Sync

Unlike SCCM/ConfigMgr deployments, we don’t have log files to look at the application installation status via the MDM channel on Windows 10 machines. So, it would be best if you relied on the Company portal for troubleshooting the MSI application troubleshooting.

  • As you can see in the following picture, the installation is waiting for “Pending Sync.”
  • As mentioned above, you can immediately initiate a manual sync to kick-start the installation process.
  • Event logs – Windows Logs – Applications are where you can get the status of MSI application installation via MDM or Intune channel on to Windows 10 machine.
Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide - Fig.3
Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide – Fig.3

How to get application installation status messages back to the Intune console

To get the installation status of the MSI LOB apps to Intune on the Azure portal, you need to sync your work or school accounts with Intune services. The installation status will be blank in the Intune blade unless the device is synced with Intune after the application is installed on the Windows 10 machine.

Initiate thSyncnc via “Settings – Access Work or School – Work or School Account – Info (click on this button)” and click on  Sync. Once thSyncnc is completed successfully, you can try to check the Intune Device Install Status in Intune to check the status.

Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide - Fig.4
Intune MSI Application Deployment Video Guide Microsoft Endpoint Manager Step-by-Step Guide – Fig.4

Reference:- 

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide 5

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide

Let’s learn Hyper-V Backup Step-by-Step Installation Configuration Video Guide Altaro Backup Guide. This post will show the details of the Hyper-V backup step-by-step installation and configuration guide. I have to build a hyper-v server 2016 with three VMs.

This is my new SCCM CB lab, and Altaro VM backup has been installed and configured on that server to take backup of my hyper-v VMs.

A future blog post will cover the restoration process of Hyper-v VMs from Altaro VM Backup. This blog post will cover the installation, configuration, VM backup, backup retention, and VM backup health check.

Recently, Altaro released Altaro VM Backup v7 with vSphere 6.5 and Windows Server 2016 support, concurrency update, and the new Cloud Management Console; more details. They have included other features into the latest Altaro VM backup v7 boot VM from Backup and Augmented Inline Deduplication. The new Unlimited Plus Edition also comes with a new online console.

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide

This version generally provides considerably increased backup concurrency per Hypervisor. With Altaro’s inline deduplication technology, the user can benefit from huge storage space savings and much better backup speeds.

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide - Fig.1
Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide – Fig.1

Step1 – Connecting to Hyper-V and Discovering VMS

Hosts—This is the step where the Hyper-V machines were discovered via Altaro VM backup. I have an SCCM infrastructure setup with this Hyper-V lab, so Altaro was able to find the 3 VMs as part of the STEP 1 discovery.

STEP 2 – Setting up Backup locations for VM backups

Backup Locations—This is where we set up a backup location for each Hyper-V VM. You can provide a network location and external hard disk. Setting up a backup site is easy. Altaro backup automatically discovers the external hard disk or USBs connected to your Hyper-V server. You can drag and drop your VMs to a particular backup location, and that is it!

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide - Fig.2
Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide – Fig.2

Scheduling backup tasks for Hyper-V VMs via Altaro Hyper-V backup is very easy. You can also set up a retention policy for Hyper-V VM backups according to your organizational requirements.

Advanced settings allow you to customize and skip IOS files from Hyper-V VM backups. If your organization requires encryption while backing up VMs, Altaro has an out-of-the-box setting to configure the encryption of VMs.

STEP 3 – Hyper-V VM Backup, Retention Schedules, and Reports

Step 3 is the last stage I will cover in this post. It involves backing up Hyper-V VMs using the Altaro backup solution. When you click on the “+” symbol on the right side of your VM and click on the “Take Backup” button, Altaro will send the instructions to the hypervisor. You can also schedule the Hyper-V VM backups to automate the backup process.

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide - Fig.3
Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide – Fig.3

You can also check and verify the backup that has already been completed. The Schedule Test Drills and Test – Verify Backups options automate the validation of Hyper-V VM backups. Some helpful out-of-box reports will provide details about the Altaro Backup jobs completed.

Retention policies help automate deleting old Hyper-V VM backups on a particular schedule. In my testing, this is very useful for better storage management. Watch the video tutorial to learn more about Altaro services and file systems. Eight Altaro Services are running on the Hyper-V server.

Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide - Fig.4
Hyper-V Backup Step by Step Installation Configuration Video Guide Altaro Backup Guide – Fig.4

Conclusion:-

This post covered installation, configuration, VM backup, backup retention, and VM backup health check. In a later post, I will cover the recovery options of the Altaro VM Backup solution in detail. Overall, I had a great user experience with the installation, configuration, and VM backup of Altaro VM Backup. The drag-and-drop options for VMs are my favorite option in Altaro VM backup. Stay tuned for the next post-restore topic.

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Microsoft MVP Community Connect India

My Experience of Microsoft MVP Community Connect 2017 India Most Valuable Professional

My Experience of Microsoft MVP Community Connect 2017 India Most Valuable Professional. Last week, I attended Microsoft MVP Community Connect 2017 India in Coorg. Coorg is located on the southern side of India and is also known as “The Scotland of India.”

This is a global event in full swing. Previously, it was called “MVP Open Days.” Last year, it was conducted in Hyderabad. These events are an opportunity for MVP communities to gather together, learn new skills, and celebrate everything being an MVP has to offer.

It was a great experience for me to meet Microsoft leaders. Interacting with community leaders from Microsoft helped me understand the strategies. The best part of the event was getting the chance to interact with fellow MVPs.

Coorg is an excellent place to be around this time of the year. The climate was just superb; it was drizzling. We didn’t have proper mobile network connections, so it was disconnected from the world. But, we had a Wi-Fi connection available, so it was ok for an emergency. Moreover, the resort was very nice in the middle of the forest.

Microsoft MVP Community Connect India 2017

In this video, you will learn all the details about the Microsoft MVP Community Connect India 2017 event. Attendees interacted with Microsoft leaders and fellow MVPs, gaining insights into cloud computing, Azure, and community building.

My Experience of Microsoft MVP Community Connect 2017 India Most Valuable Professional – Video 1

My Experience of Microsoft MVP Community Connect 2017 India Most Valuable Professional

Those interactions and networking will help me understand their point of view about the cloud, Azure, Openness, etc. I learned a lot from each of my fellow MVPs, like how they conduct community events, write blog posts, create video tutorials, etc.

MVP Connect 2017 Coorg My Experience of Microsoft MVP Community Connect 2017 India | Most Valuable Professional
My Experience of Microsoft MVP Community Connect 2017 India | Most Valuable Professional

Microsoft MVP Community Connect 2017 allowed me to learn new things.

  • 1. Different Strokes – Virtual Communication Cues
  • 2. Stories Are Us – Written Communication Cues
  • 3. Improvise and Improve – Spoken (social) Communication Cues

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Differences Between Intune Enrollment Restriction Device Restriction Profile 6

Differences Between Intune Enrollment Restriction Device Restriction Profile

Let’s discuss the Differences Between the Intune Enrollment Restriction and Device Restriction Profile. I was going through one of the TechNet documents and got confused between enrollment restriction policies and device restriction policies. I have posted about both of these policies.

In the post-Intune Create Device Restriction Policy Profiles Deploy Security Policies to Windows 10 Devices, you will learn everything you need to create device restriction policy profiles in Intune and deploy security policies to Windows 10 devices. We will guide you step-by-step through setting up these policies to ensure your devices are secure and comply with your organization’s requirements.

How to Restrict Personal Android Devices from Enrolling into Intune post helps you to provide detailed instructions on restricting personal Android devices from enrolling into Intune using Endpoint Manager (MEM). It covers the steps necessary to configure enrollment restrictions, ensuring that only corporate-owned devices can be enrolled and managed through Intune.

Device restrictions are entirely different from Enrollment restrictions. Both options have different use cases, which will be explained in this post. These two policies are used in modern device management solutions like Intune and Azure AD.

Differences Between Intune Enrollment Restriction Device Restriction ProfileEnrollment Device Platform Restrictions

Intune Device restriction profiles (Enrollment Device Platform Restrictions) are policies similar to GPO from the traditional device management world. Most enterprise organizations use GPO to restrict corporate-owned devices.

These are security policies that need to be applied to devices. Intune Device restriction policies control various mobile device settings and features (iOS, Android, macOS, and Windows 10).

  • MDM – Allow or Block
  • Allow – min/max range
  • Personally owned devices – Allow or Block

Device Type Restriction in Intune

Enrollment device platform restrictions make more sense. Navigate to Devices – Enroll Devices – Enrollment Device Platform Restrictions.

Differences Between Intune Enrollment Restriction Device Restriction Profile - Fig.1
Differences Between Intune Enrollment Restriction Device Restriction Profile – Fig.1

This type of policy could apply to different categories, including security, browser, hardware, and data-sharing settings. For example, you could create a device restriction profile policy that prevents Windows users from sharing the internet or using Cortana, etc.

Intune Device Restriction profiles can be deployed to specific users/devices in AAD groups, whereas Intune Enrolment restriction policies can’t be deployed to specific user/device groups in Azure AD. The following section of this post provides more details.

Intune Device Limit Restrictions

Enrollment is the first part of Mobile Device Management (MDM). Why do we need to enroll a mobile device into Intune? Enrollment is the first step for management. When a device is enrolled in Intune, they have issued an MDM certificate, which that device then uses to communicate with the Intune service.

In several scenarios, we need to block employees from enrolling their devices in the corporate management platform. You want to block devices not secured enough to enroll in Intune, such as personal devices.

Also, we could block devices with lower OS versions. How is this possible from Intune? Difference Between Intune Enrollment Restriction Device Restriction Profile | Configuration Manager ConfigMgr.

Navigate to Microsoft Intune—Enroll Devices—Enrollment device limit restrictions. You will see two Intune enrollment restriction policies.

Intune Enrollment Restriction Policies
Device Type Restrictions
Device Limit Restrictions
Differences Between Intune Enrollment Restriction Device Restriction Profile – Table 1

Device Type restriction is where we can define which platforms, versions, and management types can enroll. So, all other devices are blocked from Intune enrollment.

The only problem with Intune enrollment restrictions I can think of is that device type restrictions in Intune are deployed to “All Users, ” we can’t deploy or assign Intune enrollment restriction policies to “specific user group.” At the moment, the device type restrictions policies are tenant-wide configurations.

Device Limit Restrictions in Intune

Navigate to Enroll Devices – Enrollment Device Limit Restrictions to configure the limitation.

Differences Between Intune Enrollment Restriction Device Restriction Profile - Fig.2
Differences Between Intune Enrollment Restriction Device Restriction Profile – Fig.2

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.