featured

Best SCCM Patching Software Update Deployment Process Guide 5

Best SCCM Patching Software Update Deployment Process Guide

The SCCM Patching Software Update Deployment Process Guide is here for consumption. This guide is, again, a video tutorial to help IT Pros learn the patching (a.k.a. Software Update patching) process using the latest version of SCCM. Patch Software Update Deployment Process Guide.

Software updates in SCCM provide tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise. Patching is one of the essential tasks of SCCM admin.

SCCM patching involves many components and can become very complex if you don’t pay proper attention to the details. Windows Update for Business (WUfB) patching is much easier to set up and manage. However, there is less control over picking and choosing in WUfB. Intune Patch management options are explained in the Software Update Patching Options With Intune Setup Guide.

Let’s understand how to install WSUS for ConfigMgr Software Update Point Role | SUP | SCCM and install the SUP role. Also, learn how to Create and Deploy New Software Update Patch packages using SCCM | ConfigMgr.

NOTE!Third-Party Patching Best Practices for an Organization guide

Best SCCM Patching Software Update Deployment Process Guide

The following video guide is the high-level Patching Guide for SCCM beginners. There is little difference between SCCM 2012 patching and SCCM Current Branch Patching.

I have an old blog post discussing ConfigMgr Patch Management’s Pros and Cons. Some of the points in this post are still valid, so it’s worth reading better to grasp the SCCM patching process and setup scenarios.

In version SCCM 1806, software updates can be deployed to devices without downloading and distributing content to distribution points. This setting is beneficial when dealing with extensively updated content.

What is SCCM Patching?

All software applications and drivers must undergo the software release life cycle, which includes bug fixing and improvements. Each vendor releases a patch to fix bugs in software and drivers. Deploying/installing these patches to one or more systems or devices is called software patching.

Organizations must patch all existing applications. This process helps to keep the environment secure. Software vendors like Microsoft, Adobe, Android, iOS, macOS, Linux, and Unix OS release patches. These patches cover bug fixes for their software.

Best SCCM Patching Software Update Deployment Process Guide - Fig.1
Best SCCM Patching Software Update Deployment Process Guide – Fig.1

Why a Patching Guide? Patch Software Update Deployment Process

Recently, I saw someone looking for a video tutorial related to SCCM Software Updates in our Facebook group (which has about 11000 members now).

I thought, let me create a quick 25-minute video to cover the software update process in SCCM CB. I tried to briefly overview the end-to-end SCCM Software Update (patching) process.

SCCM Patching Infra Setup VideosSCCM Patching Process is Explained

The free end-to-end SCCM training is below: Free SCCM Training Part 1 | 17 Hours Of Latest Technical Content | ConfigMgr Lab HTMD Blog (anoopcnair.com).

This section teaches you how to set up SCCM patching-related infrastructure components such as WSUS and Software Update Point. It also discusses the architecture of SCCM patching infrastructure in the video tutorial below.

Launch Server Manager, Select Destination Server, Select Server Roles, Select Features, Windows Server Update Services, Select Role Services to Install WSUS, Content-Location Selection for WSUS, Database Instance Selection, Web Server Role (IIS), Select Roles Services for IIS, Install & Confirm Installation Selection, Complete WSUS Installation, Cancel WSUS Configuration Wizard, Completion – Install WSUS for ConfigMgr SUP.

Install WSUS for ConfigMgr SUP
Post Installation of WSUS Failed – WSUS service is disabled?
WSUS Reinstallation steps explained
WSUS post-installation was completed without any issues
Install ConfigMgr Software Update Point (SUP) – Install New ConfigMgr Software Update Point Role.
Best SCCM Patching Software Update Deployment Process Guide – Table 1

Add Site Systems Roles, Select a Server to Use as a Site System, Specify Internet Proxy Server, Specify Roles for this Server, Specify Software Update Point Settings, Specify Proxy & Account Settings for Software Update Point, Specify synchronization source settings, Synchronization Settings, Select Behavior for Software Updates are Superseded, Configure WSUS Maintenance Behavior, Configure Maximum Run Time, Specify Configuration for Software Update Content, Select the Software update classifications that you want to Synchronize, Select the Products that You Want to Synchronize, Specify the Language Settings that you want to Synchronize and Confirm the Settings.

  • Do Not Set up SUP with Default WSUS Product Selection ConfigMgr SCCM.
  • Log files to troubleshoot SUPSetup.log, WsyncMgr.log, WCM.log, and WSUSCtrl.log.
  • Initiate WSUS Sync twice. The first step is to update the category–products list for software update components.
  • Initiate WSUS Sync second to update the KB articles metadata. This is completed only after the second sync.

The SCCM SUP Product List filtering options are helpful in a scenario where you want to add a new product to the SCCM patching. This SUP product filter option has been added to the 2203 version of SCCM.

HTMD-CM0️⃣8️⃣Install WSUS for ConfigMgr Software Update Point Role SCCM Patch Management WSUSSync – YouTube

Best SCCM Patching Software Update Deployment Process Guide – Video 1

Step 2: SCCM Software Update Patching WSUS and SUP Infrastructure Configuration

The process is explained in the Video !! Patch Software Update Deployment Process?

  1. WSUS
  2. SUP Installation log files
  3. Software Update Component Configuration – Classifications/Products
  4. Software Update Sync – Logfile WsyncMgr.log
  5. Selection of Patch/Software Update and Creation of Software Update Group
  6. Deployment of Software Update Group
  7. End-User Experience at Windows 10 1511 device
  8. What happened to WindowsUpdate.log??
  9. How to Speed up SCCM policy flow?
  10. Windows 10 SCCM Client-side logs – Is a reboot required? If yes, reboot the Windows 10 1511 device.

I recommend reading Third-Party Patching Best Practices for an Organization guide for the non-Microsoft app patching process.

Best SCCM Patching Software Update Deployment Process Guide – Video 2

STEP 3: SCCM Patch Package Creation Process

In this post, let’s check the SCCM patch package creation process. You must complete the following high-level steps in the SCCM patch package or Software Update package creation process.

  • Prerequisites – New Software Update Patch Package Using SCCM
  • Select Patches & Create a Software Update Group
  • Create Software Update Group
  • Create a New Software Update Patch Package using SCCM
  • Specify the Distribution Points for this Software Update patch package
  • Automatically download content when packages are assigned to distribution points
  • Specify the updated language for products for the SCCM Patching Guide
  • Download Updates from the Internet for the SCCM Patch Package
  • Logs PatchDownloader.Log to check the Download
  • Results – Software Update Package Creation
  • Deploy SCCM Patch Package to Windows 11 or Windows 10 devices
  • SCCM Patch Deployment Settings – Available | Required
  • SCCM Patch Deployment Schedule Options
  • SCCM Patching Guide – Alert Options for the Patch Deployment
  • SCCM Patching Process – Download Options
  • Results from the SCCM Patch Deployment Process

The blog post below explains the end-to-end SCCM patch package creation process. Refer to the post linked below to get the end-to-end details of the SCCM software update patch package.

➡️How To Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr

The following video explains How to Create an ADR Patching Client-Side Issues Application Creation Process Manual in SCCM.

Best SCCM Patching Software Update Deployment Process Guide – Video 3

SCCM patching troubleshooting can also be very complex if you don’t understand the setup of Software Update or SCCM patching. As a first step, you need to understand the entire patching process explained above.

Best SCCM Patching Software Update Deployment Process Guide - Fig.2
Best SCCM Patching Software Update Deployment Process Guide – Fig.2

There could be server-side and client-side issues related to SCCM patching or software updates. You need to check the flows from the client side.

  1. UpdateStore.log to know the status of the updates.
  2. Updatedeployment.log – % of Download completed? Status = ciStateInstalling, PercentComplete = 16,
    1. added to the targeted list of deployment
    2. Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0
    3. Progress: Status = ciStateWaitInstall, PercentComplete = 0, DownloadSize = 0, Result = 0x0
    4. Progress: Status = ciStateInstalling, PercentComplete = 89, DownloadSize = 0, Result = 0x0
    5. Progress: Status = ciStateInstalling, PercentComplete = 100, DownloadSize = 0, Result = 0x0
    6. Progress: Status = ciStatePendingSoftReboot, PercentComplete = 0, DownloadSize = 0, Result = 0x0
    7. Progress: Status = ciStateInstallComplete, PercentComplete = 0, DownloadSize = 0, Result = 0x0
    8.  Job completion received.
  3. CCMSDKProvider.log – Get client agent settings…Getting reboot setting whether to show dialog instead of notification
Best SCCM Patching Software Update Deployment Process Guide - Fig.3
Best SCCM Patching Software Update Deployment Process Guide – Fig.3

Locationservices.log – Check whether it can find WSUS Path= and Distribution Point with patches. WUAHandler.log to check whether the scan is completed or not.

3. Updatedeployment.log—Check for the assignment deadline and Software Updates client configuration policy, DetectJob completion received for assignment, and Added update (Site_, PercentComplete, etc…

4. Execmgr.log – Execution is complete for program Software Updates Program

5. RebootCoordinator.logReboot-related things

Best SCCM Patching Software Update Deployment Process Guide - Fig.4
Best SCCM Patching Software Update Deployment Process Guide – Fig.4

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Video Tutorial How to Install SCCM CB Update Rollup via New Updates and Servicing Channel ConfigMgr 6

Video Tutorial How to Install SCCM CB Update Rollup via New Updates and Servicing Channel ConfigMgr

Let’s learn the Video Tutorial on Installing SCCM CB Update Rollup via New Updates and Servicing Channel ConfigMgr. This video tutorial helps you understand the SCCM/ConfigMgr CB Update and Servicing process. Learn how to Install SCCM CB 1602 Update Rollup KB 3155482 via the New Updates and Servicing channel.   

Today, Microsoft released a new Update Rollup, KB3155482, for SCCM CB 1602. As seen in the video, it is already available in my LAB setup

This is available under “\Administration\Overview\Cloud Services\Updates and Servicing“. There are no features in this Update rollup for SCCM 1602 !!!  

How to install the Rollup? Right-click on the available update and complete the Wizard !! The update has already been downloaded to C:\Program Files\Microsoft Configuration Manager\EasySetupPayload\59bca34e-df87-4041-b9b7-f53395849e81.

Video Tutorial How to Install SCCM CB Update Rollup via New Updates and Servicing Channel ConfigMgr - Fig.1
Video Tutorial How to Install SCCM CB Update Rollup via New Updates and Servicing Channel ConfigMgr – Fig.1

How to Install SCCM CB 1602 Update Rollup via New Updates and Servicing Channel

Following are the 3 logs you must keep watching while updating the hotfix. 1) dmpdownloader.log, 2) CMUpdate.log, and 3) hman.log.  

You can also check the status via the SCCM CB console “\Monitoring\Overview\Site Servicing Status“. This video shows an error in the HMAN.log because it could not contact the local AD, which is very specific to my lab. You can safely ignore that 😉

Install SCCM CB Update Rollup

I disabled my internet connection, which resolved the issue of AD connectivity. Video Tutorial: How do I install the SCCM CB Update Rollup via the New Updates and Servicing channel ConfigMgr?

NameState
Configuration Manager 1602 Hotfix KB3155482Installed
Video Tutorial How to Install SCCM CB Update Rollup via New Updates and Servicing Channel ConfigMgr – Table 1
Video Tutorial How to Install SCCM CB Update Rollup via New Updates and Servicing Channel ConfigMgr - Fig.2
Video Tutorial How to Install SCCM CB Update Rollup via New Updates and Servicing Channel ConfigMgr – Fig.2

As you can see in the video, the updated Rollup has been installed successfully. Thank you for watching !!!!

Resources

SCCM Video Tutorials For IT Pros – HTMD Blog #2 (howtomanagedevices.com)

SCCM Related Posts Real World Experiences Of SCCM Admins (anoopcnair.com)

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Create Deploy Custom Policies using OMA URI Configuration Manager SCCM ConfigMgr 7

How to Create Deploy Custom Policies using OMA URI Configuration Manager SCCM ConfigMgr

SCCM CB Hybrid Video Tutorial: How to Create and Deploy Custom Policies Using OMA URI? I have created a Video tutorial to help SCCM admins create custom policies in the SCCM/ConfigMgr Current Branch using OMA DM/OMA URI.

The video “How to Create and Deploy Custom Policies using OMA URI and SCCM CB Hybrid” covers the following topics: How to Create and Deploy Custom Policies using OMA URI Configuration Manager.

SCCM is a device management tool for Windows devices. This is a client server application by Microsoft. How to manage devices with this tool for Windows devices? 90% of corporate Windows devices are managed by this tool.

This post provides all the details for creating and deploying custom Policies using OMA URI Configuration Manager SCCM ConfigMgr.

How to Create Deploy Custom Policies using OMA URI Configuration Manager SCCM ConfigMgr - Fig.1
How to Create Deploy Custom Policies using OMA URI Configuration Manager SCCM ConfigMgr – Fig.1
How to Create Deploy Custom Policies using OMA URI Configuration Manager SCCM ConfigMgr
How to create SCCM CB Configuration Items
How to create custom policies within  Configuration Items
How to create SCCM Configuration Baselines
How to Deploy Configuration Baselines to a user collection via MDM channel to Windows 10 device
How to troubleshoot Windows 10 machines and any issues related to MDM management
The End user experience of Windows 10 after deploying the custom policies
How to Create Deploy Custom Policies using OMA URI Configuration Manager SCCM ConfigMgr – Table 1
How to Create Deploy Custom Policies using OMA URI Configuration Manager SCCM ConfigMgr - Fig.2
How to Create Deploy Custom Policies using OMA URI Configuration Manager SCCM ConfigMgr – Fig.2

SCCM Video Tutorial How to Create and Deploy Custom Policies using OMA URI and SCCM CB Hybrid

I created a blog post on this topic a few months ago, and you can read that post.

Resources

SCCM Video Tutorials For IT Pros – HTMD Blog #2 (howtomanagedevices.com)

SCCM Related Posts Real World Experiences Of SCCM Admins (anoopcnair.com)

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How-to-Create-Upload-Apple-Push-Notification-Service-APNs-Certificate-Using-SCCM-CB

How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB

How do I create and Upload an Apple Push Notification Service APN Certificate Using SCCM CB? We need an APN cert to manage iOS and Mac OS devices via Intune and Hybrid SCCM CB. 

In this video tutorial, we can see how to get the certs from Apple and How to upload them to SCCM CB for a hybrid solution. How to Create an Apple Push Notification Service (APN) Certificate to Manage iOS and Mac OS X devices via Intune.

You must have an Apple ID/user name and password to upload and download the SCCM CB hybrid certificates. I’m adding more detailed Videos to my YouTube Channel; subscribe here.  

The following is the location and file where I saved the downloaded cert from the SCCM CB hybrid environment: C: UsersanoopDocumentsApple CertApple_Cert_4_How_2_Manage.CSR.

How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB - Fig.1
How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB – Fig.1

How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB

The screenshot below helps you show the Apple push certificates portal and the certificate for third-party servers. The table below enables you to show more details.

Sep 24, 2016VendorExpiration DateStatus
Mobile Device ManagementMicrosoft CorporationSep 24, 2016Active
Mobile Device ManagementMicrosoft Corporation Sep 24 2016Active
How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB – Table 1
How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB - Fig.2
How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB – Fig.2

 

How to Create Upload Apple Push Notification Service APNs Certificate Using SCCM CB

Go to the following website !! Apple Website:- https://identity.apple.com/pushcert/.

You can manage iOS and Mac OS devices via Microsoft Intune and SCCM CB hybrid environments at the end of this process!

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr 10

How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr

Let’s discuss how to Sync On-Prem AD Users with Azure AD Intune ConfigMgr. Using Azure AD Connect, you can sync on-prem AD users identities/attributes and passwords to Azure AD. Azure AD connect installation and configuration is very straightforward if we use (express settings 🙂 ).

I have a video tutorial here that helps you understand the AAD connect configuration, How to enable MFA for Azure AD to join Windows 10 devices and Twitter app integration with Azure AD.

In this post, I will cover two other Azure AD (AAD) Sync topics.

  1. Where is the Scheduled Task used to create Azure AD?
  2. How do you create a service connection point in the on-premises Active Directory?
  3. Video Tutorial – How to Sync On-Prem AD User Accounts with Azure AD

Windows 10 MDM devices can write back to on-prem AD. More details are available here. AAD Connect is mandatory for the write-back feature of Windows 10 devices.  

Earlier versions of Azure AD Connect used a Windows task scheduler to schedule the Azure AD sync of on-prem objects and attributes. The latest version of Azure AD Connect has an inbuilt sync engine. Hence, we won’t find a scheduled task for AAD Connect.

Index
How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr
How to Sync On-Prem AD Users Accounts With Azure AD
How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr – Table.1

How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr

The new default synchronization frequency is 30 minutes. We can change the AD Sync Schedule using the PowerShell command “Get-ADSyncScheduler” and other parameters documented here.

How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr
How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr

PS C:\Users\anoop\Desktop> Get-ADSyncSchedulerAllowedSyncCycleInterval            : 00:30:00
CurrentlyEffectiveSyncCycleInterval : 00:30:00
CustomizedSyncCycleInterval         :
NextSyncCyclePolicyType             : Delta
NextSyncCycleStartTimeInUTC         : 26-05-2016 02:06:23
PurgeRunHistoryInterval             : 7.00:00:00
SyncCycleEnabled                    : True
MaintenanceEnabled                  : True
StagingModeEnabled                  : False

I had trouble creating a service connection point in the on-premises Active Directory. This service connection point is used to “Connect domain-joined devices to Azure AD for Windows 10 experiences.” I followed the documentation to configure the service connection points in on-premises AD but was getting stuck with PowerShell Commands. I ran the PowerShell commands per the above documentation but with no luck.

After that, I installed the appropriate version of the Windows Azure Active Directory Module for Windows PowerShell. Then I tried to run the following PowerShell commands, which worked like a champ!

How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr
How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr
PS C:\Users\anoop\Desktop> Connect-MsolService

PS C:\Users\anoop\Desktop> Import-Module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1"

PS C:\Users\anoop\Desktop> Initialize-ADSyncDomainJoinedComputerSync

cmdlet Initialize-ADSyncDomainJoinedComputerSync at command pipeline position 1
Supply values for the following parameters:
AdConnectorAccount: nair\Anoop
AzureADCredentials
Initializing your Active Directory forest to sync Windows 10 domain joined computers to Azure AD.
Configuration Complete

How to Sync On-Prem AD Users Accounts With Azure AD

This video helps you to understand the AAD connect configuration, how to enable MFA for Azure AD to join Windows 10 devices, and how to integrate the Twitter app with Azure AD. In this post, I will cover two other Azure AD (AAD) Sync topics.

I’ve already downloaded and installed the AAD connect tool, and I can show you how to configure it and start syncing it. How to enable MFA for AAD Join Machines How to integrate Twitter with Azure AD to get SSO.

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments 12

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments

How do you create and deploy compliance policies using SCCM CB Hybrid and Intune Environments? We will discuss developing and deploying compliance policies using SCCM CB Hybrid and Intune Environments. Ok, at 3 topics in this post. 

  • 1. How to Create Compliance policies using Intune and SCCM CB Hybrid environment.
  • 2. How to deploy Compliance policies and
  • 3. Differences between the compliance policy settings !!

I have created a quick and dirty video tutorial to explain all these steps, and the video is embedded in this post as well 🙂 First and foremost, the compliance policies work along with Conditional Access policies.

The device must comply with our policies to have permission to access corporate resources like emails, SharePoint Online, etc. SCCM CB and Intune Compliance policies can be deployed only to users, not device collections or groups.

As you can see in the following picture, we can specify the type of compliance policy that you want to create in SCCM CB. There are two options: 1. Compliance rules for devices managed with SCCM clients; 2. Compliance rules for devices managed without SCCM clients (MDM clients, etc.).

How Do You Create An SCCM CB Hybrid Compliance Policy?

Moreover, it allows you to select different device platforms, such as Windows 8.1, Windows 10 mobile, iOS, Android, and KNOX. This is a handy option in SCCM CB Hybrid compliance settings! The video tutorial above explains the steps to create an SCCM CB compliance policy.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.1
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.1

How Do You Create a Compliance Policy using Intune?

As you must have noticed, all platforms have one general compliance policy. There is no option to create compliance policies for various device platforms, such as iOS, Android, and Windows.

Yes, we don’t have the option to select a specific OS platform in Intune compliance policies. The three common segregations available are as follows. The video tutorial above explains all the steps to create an Intune compliance policy.

Three Common Segregations
System Security
Device Health
Device Properties
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Table 1
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.2
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.2

How Do You Deploy Compliance Policies Using SCCM CB Hybrid?

Yes, compliance policies can deploy only to User Collections, not device collections, in SCCM. There are no DEVICE Collections in the drop-down menu!! Yes, this makes sense because compliance policies are associated with conditional access policies in BYOD and CYOD scenarios.

Another point is SCCM CB’s granularity regarding Compliance rules/policy evaluation schedules. You can change the Compliance policy evaluation schedule!!! By default, the SCCM CB compliance policy evaluation schedule is 23 hours. You can change and customize it according to your needs. The video tutorial above explains the steps to deploy the SCCM compliance policy.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.3
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.3

How to Deploy Compliance Policy using Intune?

Yes, compliance policies can be deployed only to user groups in Intune, not device groups. Moreover, compared with SCCM CB, the scheduling of compliance policies is not granular. Instead, Intune provides global settings for all the compliance policies we create for that tenant.

Check out the Intune compliance policy settings. What is that? It’s the compliance status validity period. Nice!! It’s a global setting—we can’t specify 31 days for one compliance setting and 20 days for another!! The video tutorial above explains all the steps to deploy the Intune compliance policy.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.4
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.4

Difference Between Intune vs SCCM CB Hybrid Compliance Policies

Following are the differences that I have noticed in Intune vs SCCM CB Hybrid Compliance Policies:-
Intune does not allow users to select a specific supported platform. However, with SCCM CB, we can create platform-specific compliance policies.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.5
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.5

There is no Granularity in Deploy Scheduling options with Intune. However, many more scheduling options are available for SCCM CB compliance policies.

Intune_Vs_SCCMHow to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.6_Compliance_Policies_3
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.6

Outcome/Result of Compliance Policies – Windows 10 Device

The following is an example of a Windows 10 machine that AAD and MDM joined, but it’s not compliant. Device encryption is not enabled on Windows 10 machines.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.7
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.7

The following is an example of a Windows 10 device compliant with an organization’s policies. Once Windows 10 is compliant, the user can access corporate mail and other resources.

How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments - Fig.8
How to Create and Deploy Compliance Policies Using SCCM CB Hybrid and Intune Environments – Fig.8

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Video Tutorial to Learn about Intune MAM Policies and App Reporting by Specific User 15

Video Tutorial to Learn about Intune MAM Policies and App Reporting by Specific User

Video Tutorial to Learn about Intune MAM Policies and App Reporting by Specific User? In this post, I would like to share the video tutorial to explain. Microsoft Intune introduced MAM Reporting options with the Intune 2305 release.

 Let’s learn how to create Intune App Protection Policies for iOS iPadOS. In this article – Create Intune App Protection Policies For IOS IPadOS. App Protection Policies can be applied to both enrolled and non-enrolled devices. APP can be used for third-party MDM solutions.

MAM policies created in the MEM portal are different from the MAM policies that we make from the Intune portal for MDM-enrolled devices. Outlook Groups is the newest application included in the Azure portal for Intune MAM-enabled applications.

Let’s check how to enable Intune App Protection Policies for Android and iOS devices. The video below provides more details and an end-user experience.

Intune MAM Policies and App Reporting?

Also, I can see the PREVIEW option to add custom applications for MAM policies without MDM enrollment. This is an excellent feature. Settings –>PreviewLine-of-business apps –>  Preview – Add a custom app.

Intune MAM Policies and App Reporting
Settings
Preview – Line of business apps
Preview – Add a custom app
Video Tutorial to Learn about Intune MAM Policies and App Reporting by Specific User – Table 1
Video Tutorial to Learn about Intune MAM Policies and App Reporting by Specific User - Fig.1
Video Tutorial to Learn about Intune MAM Policies and App Reporting by Specific User – Fig.1

Resources

SCCM Related Posts Real World Experiences Of SCCM Admins

SCCM Video Tutorials For IT Pros – HTMD Blog #2

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.