Anoop C Nair

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc...
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform 1

ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform

Let’s look at the SCCM Server Hardware Migration Step by Step Guide. Moving an SCCM/ConfigMgr server from one hardware to another is a common scenario in the enterprise world.

There could be several reasons for this kind of SCCM/ConfigMgr server hardware migration. Server OS upgrade is one of the most common scenarios. Yes, SCCM CB 1606 and later versions support the in-place upgrade of server OS. However, I’ve seen that most of our server teams don’t want to perform a place OS upgrade.

We have an article about the SCCM 2012 to CB Current Branch Upgrade | Migration | Possible Issues | ConfigMgr. In this post (SCCM 2012 to CB upgrade checklist), you will see the steps to upgrade SCCM 2012 to SCCM CB’s latest baseline (1606) and then the Latest Baseline to the newest version of CB (1610/1702).

This post provides a step-by-step guide for migrating ConfigMgr SCCM server hardware. It provides all the details you need to perform this migration smoothly and efficiently.

The Migration Process is into 5 Phases – ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform

I have completed similar migration activities many times in my career. Following these steps is crucial when migrating or server hardware changes to your SCCM server.

I’m not covering SQL migration in this post. In this scenario, SQL is on the remote box. If the SQL is on the same box, things will be easier. I’ve divided the migration process into 5 phases:-

  1. Pre-SCCM Migration Activities
  2. Start of SCCM Migration Activities – Downtime starts from here
  3. SCCM Installation activities on the new server
  4. SCCM/ConfigMgr Recovery/Restore activities
  5. Post SCCM/ConfigMgr Repair/Recovery activities
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform - Fig.1
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform – Fig.1

Pre-SCCM Migration Activities

  • Create new servers with new names – check whether the SCCM version you will install supports the OS version of the servers.
  • Make sure new servers are created in the same VLAN, making life much easier.
  • Ensure the drive letters of newly provisioned servers are the same as those of existing ones.
  • You can request a storage extension to keep 3 or 4 copies of the SCCM full backup on the new server.
  • Document the SMS Groups and security settings of existing servers and configurations of the SCCM console.
  • SCCM Site backup and store remotely (confirm success) – Probably a day before the actual migration schedule.
  • 4 to 5 days before actual SCCM server migration, replicate all the Data SCCM Package folders, drivers, etc (all data except those NOT covered as part of SCCM Full backup) to the Newly provisioned server.
  • Make sure the copy of SCCM source files and prerequisites are already copied to new SCCM servers.
  • Perform a differential copy of Data SCCM Package folders, drivers, etc., to newly provisioned servers (maybe a few hours before, depending on the data size).
  • Document current servers, AD membership in groups, OU, etc., and IP information.
  • Remove remote site system roles like SUP/RP. Make sure the site system details are removed from the SCCM console.
  • Please take a couple of extra Site backup copies and store them on the newly provisioned SCCM server.
  • Take a Snapshot of existing SCCM servers (include the drive where SCCM is installed).
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform - Fig.2
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform – Fig.2

Start of SCCM Migration Activities – Downtime Starts from Here

  • Remove existing SCCM servers from the domain, ensuring you know local admin account details.
  • Shut down existing SCCM servers.
  • Rename existing SCCM servers in Vcenter or HyperV to old.
  • Rename the new SCCM server in Vcenter/HyperV to the existing SCCM server names.
  • Delete existing SCCM servers from AD.
  • Remove new SCCM/ConfigMgr servers from the domain and reboot, ensuring you have local admin account details.
  • Log onto new SCCM/ConfigMgr servers using the local admin account.
  • Change IPs of new SCCM servers to reflect old SCCM server IP details.
  • Change new SCCM server names to existing SCCM server names and reboot.
  • Log on to new SCCM servers using the local admin account.
  • Add new SCCM servers to the domain and reboot.
  • Verify the OU, System Management Access, and AD membership information for the new SCCM/ConfigMgr servers. If you have made any changes above, reboot.
  • Storage migrates any back-end storage in VMware/HyperV to ensure that vmdk and vmx/VHDX files are named correctly.
  • Take a full backup of the Remote SQL Database (confirm success).
  • Archive this SQL backup so the old server can be reinstated as a backup plan if the site is not working correctly.
  • Delete SCCM Databases (SCCM and SUSDB) from the remote SQL server.
  • Delete SQL logins for existing SCCM computer objects using SQL Management Studio.
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform - Fig.3
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform – Fig.3

SCCM Installation Activities on the New Server

  • Ensure all security permissions and security groups/computers are added to the new SCCM servers.
  • Install the WSUS admin console.
  • Depending on the SCCM version, install WAIK 2.0 (SCCM 2007) or ADK (SCCM 2012 or CB).
  • Install all the prerequisites like IIS, Bits, etc…on new servers.
  • Install WSUS on the remote WSUS server.
  • Install SCCM/ConfigMgr Software on the new SCCM server – Make sure you install the exact version of the existing SCCM server. For SCCM CB versions, source files are part of the SCCM Full backup.
  • Ensure that everything works fine after installing SCCM/ConfigMgr on new servers.
  • Take a copy of the SRVACCT folder from the new installation (<Install Path>\Microsoft Configuration Manager\SRVAcct) N.B. This is a hidden folder.
  • Re-populate the local SMS group memberships as they were (not all site roles may be installed, so repeat the task at the end).
  • Take a Snapshot of the server pre-site recovery.
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform - Fig.4
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform – Fig.4

SCCM/ConfigMgr Recovery/Restore Activities

  • Make sure the servers are restarted.
  • Restore/attach databases (SCCM and SUSDB) from backup (use SQL to restore if it is a remote SQL box).
  • Run the SCCM/ConfigMgr site REPAIR wizard. Select the “Do not restore database” check box to skip the database restoration.
  • Please ensure you have started the REPAIR wizard with administrator access and provide the exact path of the SCCM backup folder.
  • Stop the SCCM services and copy the previously archived SRVACCCT folder back over.
  • Start SCCM services and monitor the sitecomp.log as components are re-installed.
  • Once sitecomp.log is complete, perform a site reset to repair file and registry permissions.
  • Install SCCM RP.
  • Install SCCM SUP on a remote server.
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform - Fig.5
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform – Fig.5

Post SCCM/ConfigMgr Repair/Recovery Activities

Ensure all package sources, including classic and software update packages, are restored with the same share names and permissions. Repopulate the local security groups on SCCM servers.

  • Check the sender.log to ensure the restored SCCM servers can communicate with the child’s primary sites. Sometimes, we need to delete the addresses from the SCCM console and recreate it.
Post SCCM/ConfigMgr Repair/Recovery activities
Ensure all accounts with passwords in the SCCM console have been removed and recreated.
Please create a new package or collection and replicate it to downstream servers.
Please start a new WSUS Sync and check whether it works fine. You may need to wait for hours before completing the sync.
Make sure the replication of old and OSD-related packages is replicated OK or not.
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform – Table 1
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform - Fig.6
ConfigMgr SCCM Server Hardware Migration Step by Step Guide to Perform – Fig.6

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How-to-Restrict-Personal-iOS-Devices-from-Enrolling-on-Intune-Endpoint-Manager

How to Restrict Personal iOS Devices from Enrolling on Intune

How can I restrict Personal iOS Devices from Enrolling in Intune? Have you already seen the new Intune options in the MEM portal? If not, I recommend watching the following video post to get an overview of the new Intune portal.

The new Intune portal allows for more granular restrictions for MDM enrollments. On-prem services like ADFS or any federated access management system don’t need tweaking.

Now, we can block personal iOS devices from Intune enrollment. You can set this policy at the Enroll Devices node in the Intune Azure portal. Under “Enrolment restrictions,” you can find details about granular enrollment restriction policies.  

Enrollment restriction policies help us restrict/block a set of devices from enrolling in Intune. This post explains how to Restrict Personal iOS Devices from Enrolling in Intune Endpoint Manager.

How to Restrict Personal iOS Devices from Enrolling on Intune - Fig.1
How to Restrict Personal iOS Devices from Enrolling on Intune – Fig.1

How to Restrict Personal iOS Devices from Enrolling on Intune

There are two types of restrictions within enrolment restriction rules: device type and limit restrictions. Device limit restrictions are already available in the Intune Silverlight portal. In contrast, Device Type Restriction is new in the Intune Azure portal, allowing us to restrict or block specific platform devices from enrolling.

Read more – New Device Restriction Settings Available in macOS
New Device Restriction Settings Available in Apple Settings Catalog

Types of Restrictions
Device Type Restrictions
Device Limit Restrictions
How to Restrict Personal iOS Devices from Enrolling on Intune – Table 1
How to Restrict Personal iOS Devices from Enrolling on Intune - Fig.2
How to Restrict Personal iOS Devices from Enrolling on Intune – Fig.2

You can disable/block Android device enrollment from the new portal to restrict Android devices from enrolling in your Intune MDM enrollment. However, I’m unsure how we can allow ONLY “Android for Work” enabled devices to enrol in Intune.

  • I hope there are some limitations from the Android platform side to restrict the Android devices that are not enabled for the Android Work type of management.
How to Restrict Personal iOS Devices from Enrolling on Intune - Fig.3
How to Restrict Personal iOS Devices from Enrolling on Intune – Fig.3

The device type restriction policy is very helpful if you want to restrict Windows Mobile/Phone devices from enrolling into Intune. At the same time, you can allow Windows devices (desktops, laptops, surfaces, etc..) to enrol on Intune.

  • The most exciting feature, which is very helpful for any organization, is restricting personal iOS devices from enrolling on Intune.
  • Corporate/company-owned iOS devices can be enrolled using the Apple DEP program.
  • In this scenario, you need to create an enrollment type policy with the iOS platform enabled for enrollment via Device Type Restrictions — Platforms. Once the iOS platform is enabled for enrollment, go to Platform Configurations and then BLOCK personally owned iOS devices.

For example, when you try to enrol a device in Intune, the Enrollment restriction policies are checked against that device platform and user. Intune will check the device properties and user restriction limits configured in the enrollment restriction policies and confirm that the device platform and user can enrol. After this positive verification, Intune will allow the user to enrol on the device.

How do you restrict personal iOS devices from enrolling in Intune Endpoint Manager?

How to Restrict Personal iOS Devices from Enrolling on Intune - Fig.4
How to Restrict Personal iOS Devices from Enrolling on Intune – Fig.4

New Intune Home Page Redesign

The newly redesigned Intune Admin Portal Home Page comprehensively reviews the changes and the updated Intune Admin Portal Journey. The dynamic Home Page is used for Intune Administrators, and spotlight options highlight premium features, ensuring easy access to key functionalities.

How to Restrict Personal iOS Devices from Enrolling on Intune – Video 1

MEM Admin Portal

Below is a video on the Intune Admin Center Walkthrough for the latest updates. The Intune Admin Portal is one of the first things you must learn. This post explains where the Intune admin portal (aka Endpoint Manager) is. The official name of the Intune admin portal is the MEM Admin Center.

How to Restrict Personal iOS Devices from Enrolling on Intune – Video 2

Resources

How to Configure Intune Enrollment Setup for iOS macOS Devices

Windows 10 Intune Enrollment Manual Process AAD Registration (anoopcnair.com)

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Privileged to be Part of Veeam Vanguard for 3 Years in a Row | Three Years 3

Privileged to be Part of Veeam Vanguard for 3 Years in a Row | Three Years

WOW! I am Privileged to have been part of Veeam Vanguard for 3 Years. It’s a great pleasure to inform you all that I received an invitation from the Veeam Vanguard team to be part of an elite group of Techies called “Veeam Vanguards 2017.”

This is my 3rd Veeam Vanguard award in a row! Veeam Vanguard is a community program by Veeam, and I’m honoured and privileged to be part of this exciting tech community.

As Rick Vanover explains in the above video, the Veeam Vanguard program was created to connect different communities. This Veeam Vanguard community is there to connect different echo systems of the IT world.

This is also to help IT Pros worldwide gain more knowledge about the new technologies and trends in the IT market and gain real-world experience. More details about the Veeam Vanguard program are available at the following link.

Privileged to be Part of Veeam Vanguard for 3 Years in a Row | Three Years - Fig.1
Privileged to be Part of Veeam Vanguard for 3 Years in a Row | Three Years – Fig.1

Privileged to be Part of Veeam Vanguard for 3 Years in a Row | Three Years

We are a small group, and being part of a very diversified tech community is always a pleasure. The natural world experts from Backup, Hyper-V, VMware, Storage, Servers, Cloud, etc… Privileged to be Part of Veeam Vanguard are 3 Years in a Row | Three Years?

Am I privileged to be part of Veeam Vanguard for 3 Years in a Row | Three Years?

[Related Post – Video on Veeam Vanguard experience of VeeamON 2017]

  • The Veeam Vanguard Program is a prestigious community of top influencers recognized for their expertise, feedback, and commitment to mutual success within the Veeam technology ecosystem.
  • Vanguard members come from diverse backgrounds and excel in various technical disciplines, serving as thought leaders in their respective communities.
  • They are selected for their exceptional knowledge, active engagement, and impactful presence both online and offline. They represent the Veeam brand at the highest level across multiple technology platforms.
Privileged to be Part of Veeam Vanguard for 3 Years in a Row | Three Years - Fig.2
Privileged to be Part of Veeam Vanguard for 3 Years in a Row | Three Years – Fig.2

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Quick Overview Comparison between Intune Azure and Silverlight Portal 6

Quick Overview Comparison between Intune Azure and Silverlight Portal

Quick Overview Comparison between Intune Azure and Silverlight Portal? I’m excited to share the comparison video and post about Intune Silverlight and the new Intune in the MEM portal.

There are many new features and many perfect changes. All the new Azure tenants with a new Microsoft EMS subscription can access a preview version of Intune in the MEM portal.

Latest Intune Admin Portal Walkthrough Guide | MEM Admin Center Latest Intune Admin Portal Walkthrough Guide | MEM Admin Center HTMD Blog (anoopcnair.com).

The Intune console’s performance, look, and feel are far better than those of the Intune Silverlight console. Intune in the MEM portal helps us eliminate the duplication of work needed to create Azure AD and Intune groups.

In the new portal, we can directly deploy applications, policies, profiles, etc… to Azure Active Directory Dynamic device groups and user groups. Enrolment restriction rules and RBA for Intune admins are other most exciting features for me within the new portal.

Microsoft recently changed the brand name from MEM (Microsoft Endpoint Manager) to Microsoft Intune. You can also refer to the Top 50 Latest Intune Interview Questions and Answers, and if you are interested, check out the Top 50 Latest SCCM Interview Questions and Answers.

Quick Overview Comparison between Intune Azure and Silverlight Portal - fig.1
Quick Overview Comparison between Intune Azure and Silverlight Portal – fig.1

Video Tutorial to know Intune Silverlight Portal Experience

Video tutorial to learn about the Intune Silverlight Portal Experience. The Intune blade in the Azure portal is like a special section where you can manage many things for your devices. It’s part of the Azure portal, where you do all sorts of stuff with your cloud services.

  • This Intune blade has many new features and tools to help you manage your devices even better.
Quick Overview Comparison between Intune Azure and Silverlight Portal – Video 1

Quick Overview Comparison between Intune Azure and Silverlight Portal

Manage Apps node is where you can create apps from the Android, Apple, and Windows stores. The most exciting feature in Manage Apps is that you can directly search the Apple App Store (Yes, I think for preview, we have only the option to select the US store) and fetch the application from there.

Hence, you don’t need to specify the app’s properties. Deployments in the new MEM portal are called ASSIGNMENTS. You can directly deploy applications to AAD groups. One thing missing in the review version of Intune is an option to upload MSI applications.

Quick Overview Comparison between Intune Azure and Silverlight Portal - fig.2
Quick Overview Comparison between Intune Azure and Silverlight Portal – fig.2

The Configure Device node is in the new Azure console, where you can create configuration policies for iOS, Android for Work, Android, and Windows devices. Configuration policies in the Intune Silverlight portal have built-in generic policies for Windows, iOS, Android, etc. Similarly, the new Intune portal in Azure has built-in profiles.

We have different profile types, such as Device Restriction policies, WiFi profiles, VPN profiles, SCEP deployment profiles, and eMail profiles. Device restriction policies are the built-in configuration policies for specific device platforms.

Configuration Type
Custom
Quick Overview Comparison between Intune Azure and Silverlight Portal – Table 1
Quick Overview Comparison between Intune Azure and Silverlight Portal - fig.3
Quick Overview Comparison between Intune Azure and Silverlight Portal – fig.3

Set device compliance is the node where you can create new, improved compliance policies for all the supported devices like iOS, Android, and Windows. The improvement over the Silverlight Intune portal is that we can select the device platform explicitly in the compliance policies.

Also, depending upon the device platform, separate compliance policies will be applied to different devices (even if a user is targeted to iOS, Android, and Windows compliance policies). Compliance policies are deployed via assignments in the Intune portal.

Quick Overview Comparison between Intune Azure and Silverlight Portal - fig.4
Quick Overview Comparison between Intune Azure and Silverlight Portal – fig.4

The conditional Access node in the new Intune portal has very few options compared to Intune Silverlight conditional access options. All the device-based conditional access rules have been moved out of Intune and are now part of Azure Active Directory. Device-based conditional access policy has loads of granular options, more conditions, more control options, etc.

Quick Overview Comparison between Intune Azure and Silverlight Portal - fig.5
Quick Overview Comparison between Intune Azure and Silverlight Portal – fig.5

The Enroll Devices node is where you can define enrolment restriction rules. These rules help to prevent devices from enrolling in Intune. The enrolment restriction rule comes before conditional access verification. Within enrolment restriction rules, we can have different types of restrictions, such as Device Type restrictions and Device Limit restrictions.

Device type restriction is where we can select device platforms and platform configurations. The Enroll Devices node is where you can also define/configure Windows Hello for business and check the MDM management authority, Terms and conditions, Corporate device identities, and Apple MDM push certificates.

Quick Overview Comparison between Intune Azure and Silverlight Portal - fig.6
Quick Overview Comparison between Intune Azure and Silverlight Portal – fig.6

Access control is where we can define custom security permissions for Administrator users. Role-based administrator (RBA) is enabled in the new Intune portal, where you can create your own customized Intune admin roles.

Once you create a security role, you can assign it to a new Member Group and Scope Group. The Intune review portal offers the following permission options: Device Configurations, Managed Apps, Managed Devices, Mobile Apps, Organization, Remote tasks, Roles, Telecom Expenses, and Terms and Conditions.

Quick Overview Comparison between Intune Azure and Silverlight Portal - fig.7
Quick Overview Comparison between Intune Azure and Silverlight Portal – fig.7

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices 7

Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices

Learn how to Delete Devices from Azure Active Directory | Azure Portal. For effective device management, we need to delete and disable the Azure AD and Intune options.

A device can be retired and deleted from the Intune console (Silverlight), and I’m sure the new MEM portal will indeed have these options.

If you are an SCCM admin, you may recall that the SCCM console has an option to delete and disable a device. However, I have seen that when you retire and delete a device from the Intune console, that device will be removed from the Intune console but will still stay in Azure AD.

Managing devices in Azure Active Directory (AAD) and the Azure portal is crucial for maintaining organizational efficiency and security. The process remains similar whether you need to remove outdated devices or restrict access for specific ones.

How to Delete Devices from Azure Active Directory

So, it’s critical to delete these devices from Azure AD and keep the environment clean. I have created a video tutorial to help you with this topic, “Learn How to have a Clean and Tidy Intune and Azure AD Environment“.

NameEnabled/Disabled
DESKTOP-LNK7273Enabled
DESKTOP-213GHPAEnabled
DESKTOP-9GTRJRVEnabled
Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices – Table 1
Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices - Fig.1
Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices – Fig.1

Back to delete and disable device options in the new Azure AD portal. We will first cover the disable/enable device option and then discuss the delete option. Consider a hypothetical emergency scenario where you want to disable an AAD device to prevent further damage to your organization.

Go to the MEM portal’s All Users and Groups blade to disable a device. Select All Users and select the Devices option from that blade. This will give you a list of devices. You can choose one device from that list and click on disable/enable the option per the requirement.

You can review the video attached to this post for a real-time experience. We don’t have to disable the option in the Intune console, so the only way to disable a device is from the Azure AD portal. Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices?

Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices - Fig.2
Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices – Fig.2

Delete Devices from Azure Active Directory

Now, we can see the delete device option in the Azure portal. This is a critical option that is very helpful in keeping your Azure AD environment clean. It will also help device management admins get better results from configuration/compliance policy and application deployments. To disable a device, go to the Azure portal’s All Users and Groups blade here.

Select All Users and the Devices option from that blade. This will give you a list of devices; you can choose one device and click delete.

Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices - Fig.3
Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices – Fig.3

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Exclude a Device from Azure AD Dynamic Device Group | Azure Active Directory Dynamic Groups 8

How to Exclude a Device from Azure AD Dynamic Device Group | Azure Active Directory Dynamic Groups

Let’s discuss how to Exclude a Device from Azure AD Dynamic Device Group or Azure Active Directory Dynamic Group.

In my previous post, “How to Create Azure AD Dynamic Groups for Managing Devices via Intune,” we discussed creating Azure AD Dynamic Device or User groups. Another question I usually get is, “How do you remove or Exclude a device from Azure Active Directory Dynamic Device Group?”.

I expect this could be one of the scenarios used in deploying security/configuration policies via Intune. It is a very valid scenario; you can’t avoid it in device management. If you are an experienced SCCM Admin, no explanation is needed.

Removing a single device directly from the AAD Dynamic device group is impossible. Yes, a remove button is available, but when you select a device and click on it, a confirmation popup with a YES button will appear.

Exclude a Device from Azure AD Dynamic Device Group

Clicking the YES button will give an error message stating that you can’t remove the device from the Azure AD dynamic device group: “Failed to remove member LENexus 5 from group _Android Devices.” However, this can be achieved by adding some conditions to the advance membership rule query in AAD dynamic groups.

DeviceDetails
MemberLGENexus 5
GroupAndroid Devices
Membership TypeDynamic
Member TypeDevice
How to Exclude a Device from Azure AD Dynamic Device Group | Azure Active Directory Dynamic Groups – Table 1
How to Exclude a Device from Azure AD Dynamic Device Group | Azure Active Directory Dynamic Groups - Fig.1
How to Exclude a Device from Azure AD Dynamic Device Group | Azure Active Directory Dynamic Groups – Fig.1

Advanced rules for AAD Dynamic membership are based on binary expressions. One Azure AD dynamic query can have more than one binary expression. Each binary expression is separated by a conditional operator, either ‘and” or “or“. You can play around with this conditional operator to remove the devices from the AAD dynamic device or user groups.

How to Exclude a Device from Azure AD Dynamic Device Group | Azure Active Directory Dynamic Groups - Fig.2
How to Exclude a Device from Azure AD Dynamic Device Group | Azure Active Directory Dynamic Groups – Fig.2

Following is the advanced membership rule query I used to remove a device in the AAD dynamic device group. In this query, the conditional operator between 2 binary expressions is -and.

(device.deviceOSType -contains "Android") -and (device.displayName -notcontains "LGENexus 5")

I don’t know the result or whether this will work effectively when we deploy a configuration policy via Intune to this AAD device group. I assume it will work because I can see a difference in the device icon called “LGENexus 5.” That is the device that I tried to exclude using the above query.

How to Exclude a Device from Azure AD Dynamic Device Group | Azure Active Directory Dynamic Groups - Fig.3
How to Exclude a Device from Azure AD Dynamic Device Group | Azure Active Directory Dynamic Groups – Fig.3

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How-to-Pause-Azure-AD-Dynamic-Group-Update-Fig.-1

How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update

Learn two things from this post. How to Create Azure AD Dynamic Groups for Managing Devices using Intune? and How to Pause AAD Dynamic Group Update?

This post will see how to create Dynamic device groups and User Groups in Azure Active Directory. Azure AD groups are similar to collections (in the SCCM world) for Intune device management solutions.

These AAD groups can be used to target different policies for a specific group of devices. Latest postValidate Azure AD Dynamic Group Rules | Intune.

So this is very important in the world of modern management of devices using Microsoft Intune. If you are an SCCM admin, the AAD dynamic group is similar to creating a dynamic collection using WQL query rules. AAD groups don’t have that granularity in creating dynamic query rules if you compare them with WQL query rules.

However, the new Azure portal has many options to create dynamic query rules. The video tutorial will help you get more inside AAD Dynamic groups.

Updated Post -> How To Create Nested Azure AD Dynamic Groups.

Create Azure AD Dynamic Groups

Advanced rules for AAD Dynamic membership are based on binary expressions. One Azure AD dynamic query can have more than one binary expression. Each binary expression in the AAD dynamic membership rule query must have 3 parts: the left parameter, the binary operator, and the right constant.

A left parameter in the query rule is one of the attributes of the AAD object (either user or device). If you want to query users in a particular department, then the user is the object, and the department is the attribute (user. department).

A binary operator is only a conditional operator like “-ne,-eq, -contains -match.” The right constant is a constant value specific to your requirement; for example, if you want to create a group for all IT users, it is “IT.”

(user.department -startsWith "IT")

(user.department -match "IT")

(user.department -eq "IT")

Let’s take an example of creating an Azure AD dynamic group for Windows devices. The following are the steps to create the AAD dynamic Device group. You must have appropriate permissions to create Azure AD groups. Follow the steps to create the Device group for 22H2.

  • Login to Endpoint Manager Portal (endpoint.microsoft.com)
  • Navigate to the Groups node.
  • Click on “+ New Group. “
  • Select Security – Group Type from the drop-down option.
  • Enter Group Name “HTMD Windows 11 22H2 Device Group” (any name is fine).
  • Enter Group Description “HTMD Windows 11 22H2 Device Group” (any description is fine).
  • Select Dynamic Device as the Membership type.
  • Click on Add Dynamic Query under Dynamic Device Members.
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update - Fig.1
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.1

You need to hover over the properties column to get an option to select Azure AD dynamic device groups based on Windows on the Dynamic membership rules page.

You can create or edit rules directly by editing the syntax in the box below. Or you can use the Azure AD portal UI as shown below to create a dynamic group query rule. There are some scenarios where the device properties (e.g. nesting) are not published in the UI property list.

(device.deviceOSVersion -startsWith "10.0.22621")
  • Click on the SAVE button to save the query rule.
  • You also have the option to validate the Azure AD query from the Validate Rules tab, as shown in the picture. The section below explains more details.
Dynamic Membership RulesDetails
PropertydeviceOSVersion
OperatorStarts With
Value10.0.22621
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Table 1
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update - Fig.2
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.2

You can now click on the CREATE button to complete the process of creating a Windows devices Azure AD dynamic group. You can also change the version numbers to get different results.

How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update - Fig.3
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.3

How to Pause Azure AD Dynamic Group Update

Microsoft recently added an option to Pause Azure AD Dynamic Group Update. You can perform the PAUSE action from the Azure AD portal itself. You don’t have to do this using Microsoft Graph or any other crazy method.

An accidental deployment happened to the Azure AD dynamic group, and you must reduce the impact. What would be your first step? I think the update pause might help to pause the deployment with immediate effect at least for new devices.

You can navigate to the Azure AD dynamic group that you want to pause. You can enable the Pause Processing option for Azure AD Dynamic groups from the Overview tab.

  • When the setting is set to YES, the processing of this dynamic group will pause.
  • When set to NO, processing will continue.

The Dynamic Rule Processing Status = Updates Paused once you enable the Pause Processing option from Azure AD dynamic group. The Dynamic Rule Processing Status shows whether or not this group is processing changes to the dynamic group rules.

This is only applicable when a group is newly created or the rule was recently edited or the Pause Processing setting is changed. 

How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update - Fig.4
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.4

Maximum Supported Words/Characters

I did a test to understand the maximum supported words/characters in Azure AD dynamic, advanced membership rule, and I found that we could save a query with a maximum of 311 words and 3045 characters.

When I increased the numbers to 315 words and 3085 characters, it gave an error “Failed to create Group_Maxi. Undefined,” where MAXI is the group name.

How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update - Fig.5
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.5

Now back to Intune and device management. I will create 3 basic groups for device management. These AAD dynamic device groups (All Windows Devices, All iOS Devices, and All Android Devices) will be used to deploy different configuration policies.

Dynamic Query

First, I wanted to group all Windows devices in my Intune environment. There are two ways to create an AAD group with dynamic membership query rules 1. Simple rule, and 2. Advanced Rule. It’s better to use simple queries via Azure portal GUI to group Windows devices based on the operating system.

If you want to use advanced membership, then the following is the query “(device.deviceOSType -contains “Windows”).” When you create an Azure AD dynamic device group, it will take 1 or 2 minutes (depending upon the query’s complexity and the database’s size) to populate the devices into the group.

How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update - Fig.6
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.6

It’s time to find iOS devices (iPhone or iPad) in my environment via AAD Dynamic query and group them into an AAD dynamic group. Unlike the Windows device group, the iOS device AAD dynamic Device group can’t be created using a simple membership rule; rather, we should use the Advanced membership rule.

We need to have two constant values like iPhone and iPad. Following is the query that I used to fetch iOS devices (device.deviceOSType -contains “iPhone”) -or (device.deviceOSType -contains “iPad”).

How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update - Fig.7
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.7

OK, here we go with a grouping of Android devices. In this scenario, I want to create an AAD dynamic device group using a simple membership rule.

Because I don’t have more than one constant value in the AAD group binary expression. Following is the dynamic query for the Android device group “(device.deviceOSType -contains “Android”).”

How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update - Fig.8
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.8

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…

How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune 9

How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune

How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Endpoint Manager? A Clean Intune environment always gives us better deployment results, and one of the important steps to keep your environment clean is explained in this post.

This is not the only way to keep your Intune environment clean. Rather you should have regular sanity checks for your environment to ensure that you don’t have duplicate copies of policies and applications.

Moreover, you should avoid duplicate deployments of policies and applications. Duplicate deployments of policies can cause conflicts and could result in unexpected results.

We SCCM Admins are familiar with the process of deletion and removal of a device in SCCM and Microsoft Intune. However, we are always not sure when you remove a device from SCCM, then that device record will automatically get removed from On-prem Active Directory or not.

Introduction – How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune

The removal or deletion of a device or machine from Active Directory is not SCCM’s responsibility, and this should be handled separately by on-prem Active Directory.

So how are these operations handled in the modern device management world in terms of Intune SA (or SCCM Hybrid) and Azure Active Directory? In most cases, I have not seen that when you retire and delete a device from Intune, that device record will automatically get purged from Azure Active Directory (AAD).

  • To have better results for your Compliance/configuration policy and application deployments in the modern device management world, we should ensure a clean environment with clean Azure AD.
  • You can get a better understanding of this issue from the above video tutorial.
  • How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Endpoint Manager?
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune - Fig.1
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune – Fig.1

How to Delete Clean Tidy Intune Azure Active Directory?

In the above example, Intune console shows me only one device assigned to my user account. Whereas if you look at my Azure AD user ID and check for the devices assigned against my account, you can see there are a total of 3 devices, and all the 3 devices have been shown as managed by Intune.

This is not accurate data that is getting reflected in Azure Active Directory. I’m not saying every time this scenario will happen. I’ve seen some devices automatically get removed from Intune and AAD. How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Endpoint Manager?

I suppose we should have a better accuracy/sync between Intune and Azure AD databases.  I don’t see a scheduled task in Azure AD to purge the deleted records from Microsoft Intune. I’m not sure whether this is coming in the near future or not.

To ensure better results for Intune device management policies, when you delete a device from Intune, you should make sure that the device record is removed from Azure AD. I’m planning to post a video tutorial showing how to delete a device from Azure AD to have a clean and tidy environment.

NameEnabled/DisabledPlatformTrust TypeIs CompliantManaged by
DESKTOP-LNK7273DisabledWindows 10.0.1439AzureAdTrueIntune
DESKTOP-213GHPAEnabledWindows 10.0.1439AzureAdTrueIntune
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune – Table 1
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune - Fig.2
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune – Fig.2

Resources

Windows 10 Intune Enrollment Manual Process AAD Registration (anoopcnair.com)

Validate Azure AD Dynamic Group Rules | Intune

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Troubleshoot Windows 11 10 Intune MDM Issues 10

How to Troubleshoot Windows 11 10 Intune MDM Issues

This blog post teaches you how to Troubleshoot Windows 11 10 Intune MDM Issues. There are several options to troubleshoot, and some of them are explained here.

Windows 11 or 10 MDM issues and troubleshooting are pretty new for SCCM admins like me! So what is the importance of Windows 10 MDM? When you use Intune or SCCM + Intune hybrid to manage Windows 10 machines, all the management policies are deployed through the MDM channel. This post is Windows 10 MDM Troubleshooting Guide.

There could be many ways to troubleshoot Windows 10 MDM issues while using Microsoft Intune to deploy policies to those devices. In this post, I will share the 3 easy ways to start MDM troubleshooting. Yes, it’s different from the SCCM/ConfigMgr client’s way of troubleshooting, as there are no log files for the MDM client.

MDM client is in build with the Windows 10 operating system, and events logs are the best place to troubleshoot Windows 10 MDM issues. The 3rd way mentioned in this post is very easy for me and IT Pros to understand and start Windows 10 MDM troubleshooting. I have created a video to explain the troubleshooting tips, as you can see above.

[Related Posts – How to Start Troubleshooting Intune Issues]

Related Posts

Understand Windows 10 MDM Architecture

For example, if an Intune policy is deployed to a Windows 10 machine but is not getting applied, how do we start troubleshooting? First, we need to understand Windows 10 management architecture.

The following is the high-level architecture diagram for Windows 10 management. If we know this high-level architecture, troubleshooting Windows 10 MDM issues will be easy. This post will help us as a Windows 10 MDM Troubleshooting Guide.

How to Troubleshoot Windows 11 10 Intune MDM Issues - Fig.1
How to Troubleshoot Windows 11 10 Intune MDM Issues – Fig.1

Video Tutorial – Windows 10 MDM Troubleshooting Guide

Windows 10 MDM Troubleshooting Guide video tutorial to help IT Pros! This video teaches you how to fix problems with Windows 10 MDM (Mobile Device Management) using the registry, WMI (Windows Management Instrumentation), and Event Logs.

It breaks down troubleshooting into simple steps, showing you how to identify and solve issues with your device management. You can learn to resolve common problems efficiently by following along with the video.

How to Troubleshoot Windows 11 10 Intune MDM Issues – Video 1

Troubleshoot with Windows 10 Event Logs

Event Logs  :- Microsoft->Windows->DeviceManagement-> Enterprise-Diagnostics-Provider/Admin

Event logs in Windows 10 machines are the best to start troubleshooting MDM-related issues. As you can see in the below screen capture, you could be able to see where to go in events logs (Microsoft->Windows->DeviceManagement->Enterprise-Diagnostics-Provider/Admin) to see the details of the MDM and Device Management related issues. When the machine is Workplace Joined or AAD joined, all the events related to Intune/SCCM policies are recorded in “this” event log section.

AAD event logs are also very useful in this Windows 10 MDM issue, and you can check out the following location for AAD-related event logs: “Microsoft-Windows-AAD/ Operational”. Event logs are an integral part of the Windows 10 MDM Troubleshooting Guide.

The event logs are the best way to troubleshoot Windows 10 MDM issues. You will get the detailed status of Intune or SCCM hybrid policies from event logs. Each entry in those event logs will tell you whether or not the deployed policies are reached and applied on that machine. There is also a way to export the MDM log files to the folder “C:\Users\Public\Documents\MDMDiagnostics” from Windows 10 settings – connect to the work or school page.

[Related Posts – How to Start Troubleshooting Intune Issues]

How to Troubleshoot Windows 11 10 Intune MDM Issues - Fig.2
How to Troubleshoot Windows 11 10 Intune MDM Issues – Fig.2

Troubleshoot Windows 10 with WMI Explorer

WMI Explorer way of Checking whether the Policy Settings are Applied or Not:-

WMI Explorer is the best tool to check the MDM policies to confirm whether those settings are applied on the windows 10 system or not. As you can see in the following screen capture, this is how to check whether MDM policies are correctly applied to a Windows 10 machine.

I have deployed the Windows Defender policy from Intune to this Windows 10 machine, and you can use WMI explorer to find out whether these policies are applied on the machine or not. Again, when you start troubleshooting, the best place to begin with is event logs.

We can also check this via WBEMTEST, but we may need to start WBEMTEST from the system context to see the policy details. WMI Explorer is the best place to check and confirm whether the MDM policies (from Intune or SCCM) have been applied to a machine.

[Related Posts – How to Start Troubleshooting Intune Issues]

Registry way of Checking Windows 10 MDM Policy Settings

Troubleshoot Windows 10 with Registry Entries

The 3rd and easiest way to check whether the MDM policies are applied to a Windows 10 machine is the registry key. Following is the registry location where you can find MDM policy settings. You want to check for MDM policy settings on Windows 10 machine is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers

In this below screen capture, you can see the Windows Defender settings I applied to Windows 10 machines through Intune policies. The only caveat of this method is we need to find out a way to decode each provider GUID (CLSID Key?) related to MDM policies. Following are some of the extracts from my Windows 10 machine:-

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\18dcffd4-37d6-4bc6-87e0-4266fdbb8e49 - Power Policy Settings Buttons

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\1e05dd5d-a022-46c5-963c-b20de341170f - Power Policy Controls Energy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\23cb517f-5073-4e96-a202-7fe6122a2271 - Power Policy Settings Disaplay

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\2648BF76-DA4B-409A-BFFA-6AF111C298A5 - ?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\268c43e1-aa2b-4036-86ef-8cda98a0c2fe - ? Power Policy Settings PCI Express

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\2AB668F3-6D58-4030-9967-0E5358B1B78B - Microsoft Intune MDM Policy Settings - Account, Bitlocker, Connectivity, Data Protection, Defender, Device Lock, Experience, Network Isolation, Security, System, update and WiFi

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\C8DC8AF6-2A7D-4195-BA77-0A4DAC2C05A4 - Microsoft Intune/SCCM MDM policy settings - Browser, Camera, Connectivity, Device Lock, Security, Systems and Wifi
  • System > Power Management > Button Settings
  • Select the Start menu Power button action (on battery)
  • Select the Start menu Power button action (plugged in)
  • Select the Start menu Power button action (plugged in)
  • Enabled – Select the Start menu Power button action (on battery).
Steps
System > Power Management > Button Settings
Select the Start menu Power button action (on battery)
Select the Start menu Power button action (plugged in)
Select the Start menu Power button action (plugged in)
Enabled – Select the Start menu Power button action (on battery).
How to Troubleshoot Windows 11 10 Intune MDM Issues – Table 1
How to Troubleshoot Windows 11 10 Intune MDM Issues - Fig.3
How to Troubleshoot Windows 11 10 Intune MDM Issues – Fig.3

Troubleshoot Windows 10 with MDMDiagReport

These GUID IDs can be found in the MDMDiagReport.xml file, and this XML can be decoded into HTML file MDMDiagReport.html using the tool.

How to Troubleshoot Windows 11 10 Intune MDM Issues - Fig.4
How to Troubleshoot Windows 11 10 Intune MDM Issues – Fig.4

[Related Posts – How to Start Troubleshooting Intune Issues]

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

SCCM ConfigMgr Current Branch Backup Recovery Options 12

SCCM ConfigMgr Current Branch Backup Recovery Options

Let’s discuss the SCCM ConfigMgr Current Branch Backup Recovery Options | Configuration Manager | Endpoint Manager. This post contains a collection of video tutorials that I created last year to help you better understand the backup and recovery process of the SCCM ConfigMgr Current Branch (CB).

As part of the website revamp, I checked whether the posts were okay, and this series of SCCM/ConfigMgr CB backup and recovery posts came to my attention. SCCM ConfigMgr Current Branch Backup Recovery Options?

These videos should give you an overview of the entire backup and recovery process, with different scenarios, such as restoring with a full native SCCM ConfigMgr CB backup.

Also, backup and restore only using SQL backup, etc..CD.LATEST folder is another big change in the backup and recovery process if you compare SCCM 2012 and SCCM CB. I wish that none of us (SCCM Admins) should be in a situation where we must restore our site from backup! But be ready for the worst case.

How to Recover or Restore the SCCM CB Primary Server using SQL Database Backup

In this video, I’ll show you how to restore your SCCM CB 1606 primary server, especially if you’re using Intune Hybrid, using an SQL database backup. The key is that you don’t need a full backup of SCCM CB to get your primary server back up and running.

SCCM ConfigMgr Current Branch Backup Recovery Options – Video 1

Introduction – SCCM ConfigMgr Current Branch Backup Recovery Options | Configuration Manager | Endpoint Manager

The following are the posts you can refer to for each scenario. I’m still planning to create the last couple of videos in this series, which will cover the backup and restore of the SCCM/ConfigMgr CB CAS server either from native SCCM backup or from SQL backup.

How to Plan Backup and Recovery for SCCM ConfigMgr CB

SCCM ConfigMgr Current Branch Backup Recovery Options | Configuration Manager | Endpoint Manager? This post contains a collection of video tutorials that I created last year to help you better understand the backup and recovery process of the SCCM ConfigMgr Current Branch (CB).

As part of the website revamp, I checked whether the posts were okay, and this series of SCCM/ConfigMgr CB backup and recovery posts came to my attention.

CD.LATEST?

These videos should give you an overview of the entire backup and recovery process, with different scenarios, like restoring with a full native SCCM ConfigMgr CB backup, backup and restore only using SQL backup, etc. The CD.LATEST folder is another big change in the backup and recovery process if you compare SCCM 2012 and SCCM CB.

I wish we (SCCM Admins) would never be in a situation where we must restore our site from backup, but be ready for the worst case.

SCCM ConfigMgr Current Branch Backup Recovery Options | Configuration Manager | Endpoint Manager - Fig.1
SCCM ConfigMgr Current Branch Backup Recovery Options | Configuration Manager | Endpoint Manager – Fig.1

The following are the posts you can refer to for each scenario. I’m still planning to create the last couple of videos in this series, which will cover the backup and restore of the SCCM/ConfigMgr CB CAS server either from native SCCM backup or from SQL backup.

How to Plan Backup and Recovery for SCCM ConfigMgr CB

SCCM ConfigMgr Current Branch Backup Recovery Options | Configuration Manager | Endpoint Manager? More details in the following link https://www.anoopcnair.com/what-are-the-options-for-sccm-cb-1606-backup-and-recovery/

How to Restore or Recover SCCM ConfigMgr CB Standalone Primary Server

This video tutorial explains restoring or recovering an SCCM/ConfigMgr CB standalone primary server. Some prerequisites are needed to ensure a smooth and successful recovery of your SCCM/ConfigMgr CB standalone primary server. It helps maintain consistency and compatibility with your existing setup.

How to Recover SCCM CB Primary Server Using SQL Database Backup 

SCCM ConfigMgr Current Branch Backup Recovery Options | Configuration Manager | Endpoint Manager? The following Link will have more details – https://www.anoopcnair.com/how-to-recover-sccm-cb-primary-server-using-sql-database-backup/

More details in the following link https://www.anoopcnair.com/what-are-the-options-for-sccm-cb-1606-backup-and-recovery/

How to Recover SCCM CB Primary Server Using SQL Database Backup 

The following Link will have more details – https://www.anoopcnair.com/how-to-recover-sccm-cb-primary-server-using-sql-database-backup/
https://www.youtube.com/embed/4aZFSPI3x1I

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.