Learn how to Delete Devices from Azure Active Directory | Azure Portal. For effective device management, we need to delete and disable the Azure AD and Intune options.
A device can be retired and deleted from the Intune console (Silverlight), and I’m sure the new MEM portal will indeed have these options.
If you are an SCCM admin, you may recall that the SCCM console has an option to delete and disable a device. However, I have seen that when you retire and delete a device from the Intune console, that device will be removed from the Intune console but will still stay in Azure AD.
Managing devices in Azure Active Directory (AAD) and the Azure portal is crucial for maintaining organizational efficiency and security. The process remains similar whether you need to remove outdated devices or restrict access for specific ones.
Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices – Table 1
Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices – Fig.1
Back to delete and disable device options in the new Azure AD portal. We will first cover the disable/enable device option and then discuss the delete option. Consider a hypothetical emergency scenario where you want to disable an AAD device to prevent further damage to your organization.
Go to the MEM portal’s All Users and Groups blade to disable a device. Select All Users and select the Devices option from that blade. This will give you a list of devices. You can choose one device from that list and click on disable/enable the option per the requirement.
You can review the video attached to this post for a real-time experience. We don’t have to disable the option in the Intune console, so the only way to disable a device is from the Azure AD portal. Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices?
Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices – Fig.2
Delete Devices from Azure Active Directory
Now, we can see the delete device option in the Azure portal. This is a critical option that is very helpful in keeping your Azure AD environment clean. It will also help device management admins get better results from configuration/compliance policy and application deployments. To disable a device, go to the Azure portal’s All Users and Groups blade here.
Select All Users and the Devices option from that blade. This will give you a list of devices; you can choose one device and click delete.
Learn How to Delete Devices from Azure Active Directory | Azure Portal | Disable Devices – Fig.3
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
Let’s discuss how to Exclude a Device from Azure AD Dynamic Device Group or Azure Active Directory Dynamic Group.
In my previous post, “How to Create Azure AD Dynamic Groups for Managing Devices via Intune,” we discussed creating Azure AD Dynamic Device or User groups. Another question I usually get is, “How do you remove or Exclude a device from Azure Active Directory Dynamic Device Group?”.
I expect this could be one of the scenarios used in deploying security/configuration policies via Intune. It is a very valid scenario; you can’t avoid it in device management. If you are an experienced SCCM Admin, no explanation is needed.
Removinga single device directly from the AAD Dynamic device group is impossible. Yes, a remove button is available, but when you select a device and click on it, a confirmation popup with a YES button will appear.
Exclude a Device from Azure AD Dynamic Device Group
Clicking the YES button will give an error message stating that you can’t remove the device from the Azure AD dynamic device group: “Failed to remove member LENexus 5 from group _Android Devices.” However, this can be achieved by adding some conditions to the advance membership rule query in AAD dynamic groups.
Device
Details
Member
LGENexus 5
Group
Android Devices
Membership Type
Dynamic
Member Type
Device
How to Exclude a Device from Azure AD Dynamic Device Group | Azure Active Directory Dynamic Groups – Table 1
How to Exclude a Device from Azure AD Dynamic Device Group | Azure Active Directory Dynamic Groups – Fig.1
Advanced rules for AAD Dynamic membership are based on binary expressions. One Azure AD dynamic query can have more than one binary expression. Each binary expression is separated by a conditional operator, either ‘and” or “or“. You can play around with this conditional operator to remove the devices from the AAD dynamic device or user groups.
How to Exclude a Device from Azure AD Dynamic Device Group | Azure Active Directory Dynamic Groups – Fig.2
Following is the advanced membership rule query I used to remove a device in the AAD dynamic device group. In this query, the conditional operator between 2 binary expressions is -and.
I don’t know the result or whether this will work effectively when we deploy a configuration policy via Intune to this AAD device group. I assume it will work because I can see a difference in the device icon called “LGENexus 5.” That is the device that I tried to exclude using the above query.
How to Exclude a Device from Azure AD Dynamic Device Group | Azure Active Directory Dynamic Groups – Fig.3
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
Learn two things from this post. How to Create Azure AD Dynamic Groups for Managing Devices using Intune? and How to Pause AAD Dynamic Group Update?
This post will see how to create Dynamic device groups and User Groups in Azure Active Directory. Azure AD groups are similar to collections (in the SCCM world) for Intune device management solutions.
So this is very important in the world of modern management of devices using Microsoft Intune. If you are an SCCM admin, the AAD dynamic group is similar to creating a dynamic collection using WQL query rules. AAD groups don’t have that granularity in creating dynamic query rules if you compare them with WQL query rules.
However, the new Azure portal has many options to create dynamic query rules. The video tutorial will help you get more inside AAD Dynamic groups.
Advanced rules for AAD Dynamic membership are based on binary expressions. One Azure AD dynamic query can have more than one binary expression. Each binary expression in the AAD dynamic membership rule query must have 3 parts: the left parameter, the binary operator, and the right constant.
A left parameter in the query rule is one of the attributes of the AAD object (either user or device). If you want to query users in a particular department, then the user is the object, and the department is the attribute (user. department).
A binary operator is only a conditional operator like “-ne,-eq, -contains -match.” The right constant is a constant value specific to your requirement; for example, if you want to create a group for all IT users, it is “IT.”
Let’s take an example of creating an Azure AD dynamic group for Windows devices. The following are the steps to create the AAD dynamic Device group. You must have appropriate permissions to create Azure AD groups. Follow the steps to create the Device group for 22H2.
Select Security – Group Type from the drop-down option.
Enter Group Name “HTMD Windows 11 22H2 Device Group” (any name is fine).
Enter Group Description “HTMD Windows 11 22H2 Device Group” (any description is fine).
Select Dynamic Device as the Membership type.
Click on Add Dynamic Query under Dynamic Device Members.
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.1
You need to hover over the properties column to get an option to select Azure AD dynamic device groups based on Windows on the Dynamic membership rules page.
You can create or edit rules directly by editing the syntax in the box below. Or you can use the Azure AD portal UI as shown below to create a dynamic group query rule. There are some scenarios where the device properties (e.g. nesting) are not published in the UI property list.
(device.deviceOSVersion -startsWith "10.0.22621")
Click on the SAVE button to save the query rule.
You also have the option to validate the Azure AD query from the Validate Rules tab, as shown in the picture. The section below explains more details.
Dynamic Membership Rules
Details
Property
deviceOSVersion
Operator
Starts With
Value
10.0.22621
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Table 1
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.2
You can now click on the CREATE button to complete the process of creating a Windows devices Azure AD dynamic group. You can also change the version numbers to get different results.
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.3
Microsoft recently added an option to Pause Azure AD Dynamic Group Update. You can perform the PAUSE action from the Azure AD portal itself. You don’t have to do this using Microsoft Graph or any other crazy method.
An accidental deployment happened to the Azure AD dynamic group, and you must reduce the impact. What would be your first step? I think the update pause might help to pause the deployment with immediate effect at least for new devices.
You can navigate to the Azure AD dynamic group that you want to pause. You can enable the Pause Processing option for Azure AD Dynamic groups from the Overview tab.
When the setting is set to YES, the processing of this dynamic group will pause.
When set to NO, processing will continue.
The Dynamic Rule Processing Status = Updates Paused once you enable the Pause Processing option from Azure AD dynamic group. The Dynamic Rule Processing Status shows whether or not this group is processing changes to the dynamic group rules.
This is only applicable when a group is newly created or the rule was recently edited or the Pause Processing setting is changed.
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.4
Maximum Supported Words/Characters
I did a test to understand the maximum supported words/characters in Azure AD dynamic, advanced membership rule, and I found that we could save a query with a maximum of 311 words and 3045 characters.
When I increased the numbers to 315 words and 3085characters, it gave an error “Failed to create Group_Maxi. Undefined,” where MAXI is the group name.
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.5
Now back to Intune and device management. I will create 3 basic groups for device management. These AAD dynamic device groups (All Windows Devices, All iOS Devices, and All Android Devices) will be used to deploy different configuration policies.
Dynamic Query
First, I wanted to group all Windows devices in my Intune environment. There are two ways to create an AAD group with dynamic membership query rules 1. Simple rule, and 2. Advanced Rule. It’s better to use simple queries via Azure portal GUI to group Windows devices based on the operating system.
If you want to use advanced membership, then the following is the query “(device.deviceOSType -contains “Windows”).” When you create an Azure AD dynamic device group, it will take 1 or 2 minutes (depending upon the query’s complexity and the database’s size) to populate the devices into the group.
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.6
It’s time to find iOS devices (iPhone or iPad) in my environment via AAD Dynamic query and group them into an AAD dynamic group. Unlike the Windows device group, the iOS device AAD dynamic Device group can’t be created using a simple membership rule; rather, we should use the Advanced membership rule.
We need to have two constant values like iPhone and iPad. Following is the query that I used to fetch iOS devices (device.deviceOSType -contains “iPhone”) -or (device.deviceOSType -contains “iPad”).
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.7
OK, here we go with a grouping of Android devices. In this scenario, I want to create an AAD dynamic device group using a simple membership rule.
Because I don’t have more than one constant value in the AAD group binary expression. Following is the dynamic query for the Android device group “(device.deviceOSType -contains “Android”).”
How to Create Azure AD Dynamic Groups for Managing Devices using Intune | How to Pause AAD Dynamic Group Update – Fig.8
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Endpoint Manager? A Clean Intune environment always gives us better deployment results, and one of the important steps to keep your environment clean is explained in this post.
This is not the only way to keep your Intune environment clean. Rather you should have regular sanity checks for your environment to ensure that you don’t have duplicate copies of policies and applications.
Moreover, you should avoid duplicate deployments of policies and applications. Duplicate deployments of policies can cause conflicts and could result in unexpected results.
We SCCM Admins are familiar with the process of deletion and removal of a device in SCCM and Microsoft Intune. However, we are always not sure when you remove a device from SCCM, then that device record will automatically get removed from On-prem Active Directory or not.
Table of Contents
Introduction – How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune
The removal or deletion of a device or machine from Active Directory is not SCCM’s responsibility, and this should be handled separately by on-prem Active Directory.
So how are these operations handled in the modern device management world in terms of Intune SA (or SCCM Hybrid) and Azure Active Directory? In most cases, I have not seen that when you retire and delete a device from Intune, that device record will automatically get purged from Azure Active Directory (AAD).
To have better results for your Compliance/configuration policy and application deployments in the modern device management world, we should ensure a clean environment with clean Azure AD.
You can get a better understanding of this issue from the above video tutorial.
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Endpoint Manager?
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune – Fig.1
How to Delete Clean Tidy Intune Azure Active Directory?
In the above example, Intune console shows me only one device assigned to my user account. Whereas if you look at my Azure AD user ID and check for the devices assigned against my account, you can see there are a total of 3 devices, and all the 3 devices have been shown as managed by Intune.
This is not accurate data that is getting reflected in Azure Active Directory. I’m not saying every time this scenario will happen. I’ve seen some devices automatically get removed from Intune and AAD. How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Endpoint Manager?
I suppose we should have a better accuracy/sync between Intune and Azure AD databases. I don’t see a scheduled task in Azure AD to purge the deleted records from Microsoft Intune. I’m not sure whether this is coming in the near future or not.
To ensure better results for Intune device management policies, when you delete a device from Intune, you should make sure that the device record is removed from Azure AD. I’m planning to post a video tutorial showing how to delete a device from Azure AD to have a clean and tidy environment.
Name
Enabled/Disabled
Platform
Trust Type
Is Compliant
Managed by
DESKTOP-LNK7273
Disabled
Windows 10.0.1439
AzureAd
True
Intune
DESKTOP-213GHPA
Enabled
Windows 10.0.1439
AzureAd
True
Intune
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune – Table 1
How to Delete Clean Tidy Intune Azure Active Directory Environment | Microsoft Intune – Fig.2
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
This blog post teaches you how to Troubleshoot Windows 11 10 Intune MDM Issues. There are several options to troubleshoot, and some of them are explained here.
Windows 11 or 10 MDM issues and troubleshooting are pretty new for SCCM admins like me! So what is the importance of Windows 10 MDM? When you use Intune or SCCM + Intune hybrid to manage Windows 10 machines, all the management policies are deployed through the MDM channel. This post is Windows 10 MDM Troubleshooting Guide.
There could be many ways to troubleshoot Windows 10 MDM issues while using Microsoft Intune to deploy policies to those devices. In this post, I will share the 3 easy ways to start MDM troubleshooting. Yes, it’s different from the SCCM/ConfigMgr client’s way of troubleshooting, as there are no log files for the MDM client.
MDM client is in build with the Windows 10 operating system, and events logs are the best place to troubleshoot Windows 10 MDM issues. The 3rd way mentioned in this post is very easy for me and IT Pros to understand and start Windows 10 MDM troubleshooting. I have created a video to explain the troubleshooting tips, as you can see above.
For example, if an Intune policy is deployed to a Windows 10 machine but is not getting applied, how do we start troubleshooting? First, we need to understand Windows 10 management architecture.
The following is the high-level architecture diagram for Windows 10 management. If we know this high-level architecture, troubleshooting Windows 10 MDM issues will be easy. This post will help us as a Windows 10 MDM Troubleshooting Guide.
How to Troubleshoot Windows 11 10 Intune MDM Issues – Fig.1
Video Tutorial – Windows 10 MDM Troubleshooting Guide
Windows 10 MDM Troubleshooting Guide video tutorial to help IT Pros! This video teaches you how to fix problems with Windows 10 MDM (Mobile Device Management) using the registry, WMI (Windows Management Instrumentation), and Event Logs.
It breaks down troubleshooting into simple steps, showing you how to identify and solve issues with your device management. You can learn to resolve common problems efficiently by following along with the video.
How to Troubleshoot Windows 11 10 Intune MDM Issues – Video 1
Event logs in Windows 10 machines are the best to start troubleshooting MDM-related issues. As you can see in the below screen capture, you could be able to see where to go in events logs (Microsoft->Windows->DeviceManagement->Enterprise-Diagnostics-Provider/Admin) to see the details of the MDM and Device Management related issues. When the machine is Workplace Joined or AAD joined, all the events related to Intune/SCCM policies are recorded in “this” event log section.
AAD event logs are also very useful in this Windows 10 MDM issue, and you can check out the following location for AAD-related event logs: “Microsoft-Windows-AAD/ Operational”. Event logs are an integral part of the Windows 10 MDM Troubleshooting Guide.
The event logs are the best way to troubleshoot Windows 10 MDM issues. You will get the detailed status of Intune or SCCM hybrid policies from event logs. Each entry in those event logs will tell you whether or not the deployed policies are reached and applied on that machine. There is also a way to export the MDM log files to the folder “C:\Users\Public\Documents\MDMDiagnostics” from Windows 10 settings – connect to the work or school page.
How to Troubleshoot Windows 11 10 Intune MDM Issues – Fig.2
Troubleshoot Windows 10 with WMI Explorer
WMI Explorer way of Checking whether the Policy Settings are Applied or Not:-
WMI Explorer is the best tool to check the MDM policies to confirm whether those settings are applied on the windows 10 system or not. As you can see in the following screen capture, this is how to check whether MDM policies are correctly applied to a Windows 10 machine.
I have deployed the Windows Defender policy from Intune to this Windows 10 machine, and you can use WMI explorer to find out whether these policies are applied on the machine or not. Again, when you start troubleshooting, the best place to begin with is event logs.
We can also check this via WBEMTEST, but we may need to start WBEMTEST from the system context to see the policy details. WMI Explorer is the best place to check and confirm whether the MDM policies (from Intune or SCCM) have been applied to a machine.
Registry way of Checking Windows 10 MDM Policy Settings
Troubleshoot Windows 10 with Registry Entries
The 3rd and easiest way to check whether the MDM policies are applied to a Windows 10 machine is the registry key. Following is the registry location where you can find MDM policy settings. You want to check for MDM policy settings on Windows 10 machine is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers
In this below screen capture, you can see the Windows Defender settings I applied to Windows 10 machines through Intune policies. The only caveat of this method is we need to find out a way to decode each provider GUID (CLSID Key?) related to MDM policies. Following are some of the extracts from my Windows 10 machine:-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\18dcffd4-37d6-4bc6-87e0-4266fdbb8e49 - Power Policy Settings Buttons
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\1e05dd5d-a022-46c5-963c-b20de341170f - Power Policy Controls Energy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\23cb517f-5073-4e96-a202-7fe6122a2271 - Power Policy Settings Disaplay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\2648BF76-DA4B-409A-BFFA-6AF111C298A5 - ?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\268c43e1-aa2b-4036-86ef-8cda98a0c2fe - ? Power Policy Settings PCI Express
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\2AB668F3-6D58-4030-9967-0E5358B1B78B - Microsoft Intune MDM Policy Settings - Account, Bitlocker, Connectivity, Data Protection, Defender, Device Lock, Experience, Network Isolation, Security, System, update and WiFi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\C8DC8AF6-2A7D-4195-BA77-0A4DAC2C05A4 - Microsoft Intune/SCCM MDM policy settings - Browser, Camera, Connectivity, Device Lock, Security, Systems and Wifi
System > Power Management > Button Settings
Select the Start menu Power button action (on battery)
Select the Start menu Power button action (plugged in)
Select the Start menu Power button action (plugged in)
Enabled – Select the Start menu Power button action (on battery).
Steps
System > Power Management > Button Settings
Select the Start menu Power button action (on battery)
Select the Start menu Power button action (plugged in)
Select the Start menu Power button action (plugged in)
Enabled – Select the Start menu Power button action (on battery).
How to Troubleshoot Windows 11 10 Intune MDM Issues – Table 1
How to Troubleshoot Windows 11 10 Intune MDM Issues – Fig.3
Troubleshoot Windows 10 with MDMDiagReport
These GUID IDs can be found in the MDMDiagReport.xml file, and this XML can be decoded into HTML file MDMDiagReport.html using the tool.
How to Troubleshoot Windows 11 10 Intune MDM Issues – Fig.4
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
Let’s discuss the SCCM ConfigMgr Current Branch Backup Recovery Options | Configuration Manager | Endpoint Manager. This post contains a collection of video tutorials that I created last year to help you better understand the backup and recovery process of the SCCM ConfigMgr Current Branch (CB).
As part of the website revamp, I checked whether the posts were okay, and this series of SCCM/ConfigMgr CB backup and recovery posts came to my attention. SCCM ConfigMgr Current Branch Backup Recovery Options?
These videos should give you an overview of the entire backup and recovery process, with different scenarios, such as restoring with a full native SCCM ConfigMgr CB backup.
Also, backup and restore only using SQL backup, etc..CD.LATEST folder is another big change in the backup and recovery process if you compare SCCM 2012 and SCCM CB. I wish that none of us (SCCM Admins) should be in a situation where we must restore our site from backup! But be ready for the worst case.
How to Recover or Restore the SCCM CB Primary Server using SQL Database Backup
In this video, I’ll show you how to restore your SCCM CB 1606 primary server, especially if you’re using Intune Hybrid, using an SQL database backup. The key is that you don’t need a full backup of SCCM CB to get your primary server back up and running.
SCCM ConfigMgr Current Branch Backup Recovery Options – Video 1
The following are the posts you can refer to for each scenario. I’m still planning to create the last couple of videos in this series, which will cover the backup and restore of the SCCM/ConfigMgr CB CAS server either from native SCCM backup or from SQL backup.
How to Plan Backup and Recovery for SCCM ConfigMgr CB
SCCM ConfigMgr Current Branch Backup Recovery Options | Configuration Manager | Endpoint Manager? This post contains a collection of video tutorials that I created last year to help you better understand the backup and recovery process of the SCCM ConfigMgr Current Branch (CB).
As part of the website revamp, I checked whether the posts were okay, and this series of SCCM/ConfigMgr CB backup and recovery posts came to my attention.
CD.LATEST?
These videos should give you an overview of the entire backup and recovery process, with different scenarios, like restoring with a full native SCCM ConfigMgr CB backup, backup and restore only using SQL backup, etc. The CD.LATEST folder is another big change in the backup and recovery process if you compare SCCM 2012 and SCCM CB.
I wish we (SCCM Admins) would never be in a situation where we must restore our site from backup, but be ready for the worst case.
The following are the posts you can refer to for each scenario. I’m still planning to create the last couple of videos in this series, which will cover the backup and restore of the SCCM/ConfigMgr CB CAS server either from native SCCM backup or from SQL backup.
How to Plan Backup and Recovery for SCCM ConfigMgr CB
How to Restore or Recover SCCM ConfigMgr CB Standalone Primary Server
This video tutorial explains restoring or recovering an SCCM/ConfigMgr CB standalone primary server. Some prerequisites are needed to ensure a smooth and successful recovery of your SCCM/ConfigMgr CB standalone primary server. It helps maintain consistency and compatibility with your existing setup.
How to Recover SCCM CB Primary Server Using SQL Database Backup
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
Let’s discuss the SCCM Online Service Connection Point Details – 2 Options. Microsoft released a new SCCM Current Branch version, SCCM CB 1610. If you are running SCCM CB 1511, 1602, or 1606, you can directly upgrade to SCCM CB 1610. This post and video provide more details about SCCM ConfigMgr CB Updates in Console and Upgrade.
SCCM Upgrade Process The ConfigMgr CB upgrade process via updates and servicing channel is very straightforward if you have an ONLINE service connection point mode.
If you are running an offline service connection point mode, you must perform manual ways to get the latest SCCM CB 1610 updates available in your SCCM CB console.
This post provides all the details about the SCCM Online Service Connection Point Details—2 Options. For SCCM CB infra with an online service connection point, the SCCM CB 1610 update will automatically appear in the console once Microsoft has released this for “slow ring“.
Now (18th Nov 2016), Microsoft released SCCM CB 1610 updates only for the “fast ring,” which can be enabled only by running a PowerShell script provided in the following link.
SCCM Online Service Connection Point Details – 2 Options – Fig.1
SCCM Servicing Flowchart
Let’s discuss the SCCM Servicing Flowchart. The screenshot helps you show the updates and servicing download process. The flow chart documentation is here.
Updates and Servicing Download Process
Service Connection Point
Hierarchy Manager
The hierarchy Manager checks the applicability of the package
Is the package applicable?
DMP Downloader downloads the payload and redist files
The hierarchy Manager checks the applicability of the package
SCCM Online Service Connection Point Details – 2 Options – Table 1
SCCM Online Service Connection Point Details – 2 Options – Fig.2
How Did I Upgrade ConfigMgr SCCM CB 1602 to 1606
This is a 1-minute video that tells you how to start the SCCM CB 1610 upgrade process once the updates are available in the CM CB console. I have already covered the end-to-end SCCM CB upgrade process in a videohere (even though that is about the CM 1606 upgrade, the process is similar).
SCCM Online Service Connection Point Details – 2 Options – Video 1
Start the Upgrade Process from the Console
I’m sharing the video tutorial about upgrading the SCCM ConfigMgr CB 1610 console. Before initiating the SCCM ConfigMgr CB console upgrade process, you must complete all the reset activities for site system roles (sitecomp.log gives you more ideas). Otherwise, there could be more chances of failures during the SCCM CB console upgrade.
SCCM Console Upgrade
Let’s discuss the SCCM Console Upgrade. The below section shows the SCCM Console Upgrade details.
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
Let’s discuss the Feature Comparison Between SCCM ConfigMgr CB Versions | Configuration Manager Current Branch. SCCM ConfigMgr’s current branch (CB) XXXX was released last Friday (18th Nov 2016).
SCCM CB YYYY has many features, and the upgrade process via updates and servicing channels is straightforward. You are done with the SCCM CB 1610 upgrade with just a couple of clicks.
You can directly upgrade your SCCM CB 1511 server to 1610. You do not need to go through all the other upgrades (1602 /1606) available in your SCCM CB console. The blog post with more details is availablehere.
This post will share a comparison video of SCCM CB 1606 and 1610 features. The features discussed in the video below are essential for upcoming changes to SCCM ConfigMgr CB.
The video tutorial below explains how I Upgraded ConfigMgr SCCM CB 1602 to 1606.
Feature Comparison Between SCCM ConfigMgr CB Versions | Configuration Manager Current Branch – Video 1
Feature Comparison Between SCCM ConfigMgr CB Versions
The configuration and compliance policy updates are critical if you use a hybrid SCCM CB version to manage mobile devices and domain-joined machines. I think the SCCM team invested loads of time in improving the features of their product.
Feature Comparison Between SCCM ConfigMgr CB Versions
SCCM ConfigMgr 1606 and 1610
Feature Comparison Between SCCM ConfigMgr CB Versions | Configuration Manager Current Branch – Table 1
Feature Comparison Between SCCM ConfigMgr CB Versions | Configuration Manager Current Branch – Fig.1
Feature Comparison Between SCCM ConfigMgr CB Versions
SCCM CB is moving away from old-fashioned boundary-setting, such as fast and slow boundaries. Rather, investing more in current and neighbor boundary groups. This will help to evolve the product further in upcoming versions.
A version of SCCM 1610 feature comparison includes Boundary groups
current and neighbor boundary groups, Improvements on Windows Store for business,
Content size filter in Software update ADR and monitoring of loads of components have been updated,
And new dashboards have been included.
List of Feature Comparison Between SCCM ConfigMgr CB Versions
New Features as part of SCCM CB 1610 updates and servicing. Boundary Changes – Improvements for boundary groups – current boundary group vs neighbor boundary groups.
Improvements Windows Store for Business – Modify the client secret key and delete a subscription to the store from the SCCM Console.
Cloud management gateway for managing Internet-based clients – Cloud management gateway provides a simple way to manage Configuration Manager clients on the Internet.
Immediate Policy sync for MDM channel Intune-enrolled devices.
Configuration policies – New policies included in SCCM CB 1610 – Android (23), iOS (4), Mac (4), Windows 10 desktop and mobile (37), Windows 10 Team (7), Windows 8.1 (11), and Windows Phone 8.1 (3).
The Windows 10 Edition Upgrade Policy can be applied for SCCM CB 1610. It is now available for Intune and SCCM clients.
Client Agent—Client Peer Cache helps you manage content deployment to clients in remote locations. Peer Cache is a built-in SCCM solution that allows clients to share content directly from their local cache. To share content, enable the Configuration Manager client in full OS. Yes.
Customizable Branding is also included in the SCCM CB 1610.
The enforcement grace period is an excellent feature of SCCM CB 1610.
Another nice feature included in SCCM CB 1610 Software Update ADR is Content Size.
Monitoring – Compliance policies Dashboard and Client Data Source Dashboard.
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
