Category Archives: Microsoft Intune

What’s New with Windows Autopilot for HoloLens 2

Posted on by
Reply
Billedresultat for hololens 2

In early 2020, Microsoft announced that it was going to bring Windows Autopilot to the HoloLens platform. Initially, it was only in private preview on HoloLens 2. However, later on that year, Microsoft made it available for public preview. Windows Autopilot plays a key role in simplifying deployments and reducing the time required to productivity.

As a result, it helps your organization to cut down on costs and enhance efficiency. So if your business needs to introduce new devices, then Autopilot offers you a great solution for that. This announcement from Microsoft expectedly aroused significant interest. We’re going to take a look at what all this could mean for you.

HoloLens 2 overview

HoloLens 2 is the next step in the evolution of Microsoft’s revolutionary mixed reality headset. This device is one that you place over your head and has a visor that goes over your eyes offering users a new way to interact with information.

The technology provides apps and solutions that will enhance communication, learning, collaboration, and much more through the use of mixed reality. The challenge that organizations have had to face is that as this technology has grown in popularity and use, its deployment at scale has become a laborious and costly affair. Hence the need for Windows Autopilot to provide a simpler, more effective, and more streamlined deployment solution.

Device set up

To get started, you’ll need to go through the process of device set up. Fortunately, setting up your devices will only involve a few simple steps. Once a user has started the self-deployment process, Autopilot then proceeds with the following steps:

  • Join the device to Azure AD. However, it’s important to remember that Autopilot for HoloLens does not support Active Directory join or Hybrid Azure AD join.
  • Enroll the device in Microsoft Endpoint Manager (or another MDM) using Azure AD.
  • Download certificates, apps, device-targeted policies, and networking profiles and then apply them.
  • Provision the device.
  • Present the sign-in screen to the user.

With the public preview, Windows Autopilot for HoloLens devices can be configured using Microsoft Endpoint Manager (MEM) controls. And this applies to all customer tenants. To get started, you’ll have to log into the MEM admin center. Once there, select Devices > Windows > Windows enrollment. And then under Windows Autopilot Deployment Program, select Deployment Profiles > Create profile > HoloLens (preview).

Requirements

To use Windows Autopilot, you’ll need to have Windows Holographic, version 2004 (released May 2020) or newer. However, Microsoft only began shipping devices with this version pre-installed in late September 2020.

Fortunately, though, Microsoft allows you to use the Advanced Recovery Companion (ARC) to re-flash your devices to the latest operating system. Using ARC, you can also check the build version that is currently installed on your devices.

The process is not overly complicated. And you can find instructions here. Ideally, it would be best to request from your distributor that they supply you with Autopilot-ready devices.

Tenant Lock for HoloLens 2

This feature allows organizations to permanently bind devices to their Tenants and keep them under management after initial enrollment. With this feature, your device will always be deployed by Autopilot and managed by MEM, even in the event of OS updates, accidental or intentional resets, or wipes.

If your organization deploys HoloLens 2 devices with Autopilot, you can set up a specific policy. This policy which is deployed post-enrollment enforces:

  • the permanent enforcement of Autopilot deployment,
  • the prevention of local user creation during device setup,
  • mandatory network connection,
  • the prevention of all other escape hatches during device setup, and
  • the prevention of device ownership during the device setup process except for the organization Tenant it is registered to with Windows Autopilot.

Using Autopilot with Wi-Fi connection

Microsoft will also allow you to use Windows Autopilot Deployment for HoloLens 2 with a Wi-Fi connection in addition to the regular Ethernet-based connection. This is something that you can get as part of Insider Preview (Build 19041.1364 or above).

What this means is that you do not need to use ethernet to USB C or Wi-Fi to USB C adapter. Instead, all you simply need to do is to connect the device to your available Wi-Fi internet network and deploy the device with Windows Autopilot.

User experience

After the process of configuring Autopilot for HoloLens 2 is complete, you then move on to the provisioning of the HoloLens devices. The Autopilot experience needs internet access and you have several options to choose from. You can connect your device to a Wi-Fi network in OOBE and then let it detect Autopilot experience automatically.

Alternatively, you can use “USB-C to Ethernet” adapters for wired internet connectivity and let HoloLens 2 complete Autopilot experience automatically. And with the third option, you can connect your device with “USB-C to Wifi” adapters for wireless internet connectivity and let HoloLens 2 complete Autopilot experience automatically.

During the next step in the provisioning process, the device will automatically start OOBE and all that is required of you is to let HoloLens 2 detect network connectivity and leave it to complete OOBE automatically. And when the OOBE process is complete, you can then sign in to the device using your user name and password.

Simplifying deployments

Windows Autopilot has provided countless benefits to a lot of organizations by reducing the complex nature of deployments at scale. This cloud-based platform significantly reduces time to productivity and empowers end-users. And so it only makes sense that HoloLens 2 is now able to leverage the capabilities of this fantastic technology. Organizations cannot afford to spend vast amounts of time dealing with deployment scenarios for which fast, cost-effective solutions are available. From medical institutions to academic ones, HoloLens 2 gives you an amazing new way of interacting with information and Autopilot enhances that experience.

Microsoft Intune – New Updates in PowerShell Scripts

Posted on by
Reply

Microsoft Intune is one of those brilliant products that has helped to optimize IT infrastructure for many businesses. It’s a platform that can transform your business into a modern workplace. And its capabilities are almost without limit. If you want to upload PowerShell scripts in Intune, there is the Microsoft Intune management extension (IME) that you can use for that. This management extension can enhance Mobile Device Management (MDM) resulting in a simpler move to modern management. With all this done, you can then run these scripts on Windows 10 devices. PowerShell scripts are important in a lot of different use cases and this blog is going to take a look at what this technology can do.

What is PowerShell?

PowerShell is a scripting and automation platform belonging to Microsoft. It’s an amazing product that is both a scripting language as well as an interactive command environment that is built on the .NET framework. Released back in 2006, PowerShell was basically a replacement for Command Prompt as the default method for automation of batch processes and creation of customized system management tools. PowerShell can easily automate laborious admin tasks by combining commands known as cmdlets and creating scripts. Available in all Windows OS starting with Windows 2008R2, PowerShell plays a huge role in helping IT professionals configure systems.

Adopting modern management

Modern workplaces now have plenty of user and business-owned platforms allowing users to work from anywhere. With MDM services like Microsoft Intune, you can manage devices that are running Windows 10. The Windows 10 management client will communicate with Intune to run enterprise management tasks. Windows 10 MDM features will be supplemented by IME. With this in place, you can create PowerShell scripts to run on Windows 10 devices e.g, creating a PowerShell script that does advanced device configurations. Having done this, you can upload the script to Intune and assign the script to an Azure AD group. Then run the script. Moreover, you can monitor the run status of the script from start to finish.

Latest updates from Microsoft

In November 2020, Microsoft announced the general availability of PowerShell 7.1 which is built on the foundation of PowerShell 7.0. The goal was to bring about improvements and fixes to the existing technology. Some of these features, updates, and breaking changes include:

  • PSReadLine 2.1.0, including Predictive IntelliSense
  • PowerShell 7.1 has been published to the Microsoft Store
  • Installer packages have been updated for new operating system versions with support for ARM64
  • 4 new experimental features and 2 experimental features promoted to mainstream
  • A number of breaking changes that improve usability

Using scripts in Intune

Before IME can automatically install, when a PowerShell script or a Win32 app is assigned to the device or user, a few prerequisites should be met:

  • Windows 10 version 1607 or later, Windows 10 version 1709 or later for devices enrolled using bulk auto-enrollment.
  • Devices joined to Azure AD including Hybrid Azure AD-joined which consists of devices that are joined to Azure AD, and are also joined to on-premises Active Directory (AD).
  • Devices enrolled in Intune namely devices enrolled in a group policy, devices that are manually enrolled in Intune, and co-managed devices that use both Configuration Manager and Intune.

Script policy creation

Start by signing in to the Microsoft Endpoint Manager admin center. From there you’ll select Devices then PowerShell scripts then add. Under Basics, you will then have to provide a name and a description for the PowerShell script. Next, you go to Script settings and you’ll have to enter the required properties. After that, you select Scope tags, however, these are optional. And then select Assignments > Select groups to include and an existing list of Azure AD groups will be shown. Lastly, in Review + add, you’ll see a summary of the settings you configured. Select Add to save the script. When you have done so, the policy is deployed to the groups you chose.

Important considerations

If you have scripts that are set to user context with the end-user having admin rights, by default, the PowerShell script runs under the administrator privilege. Also, end-users don’t need to sign in to the device to execute PowerShell scripts. The IME agent checks with Intune once per hour and after every reboot for any new scripts or changes. In the event of a script failing, the agent attempts to retry the script three times for the next 3 consecutive IME agent check-ins. And as far as shared devices are concerned, the PowerShell script runs for every new user that signs in.

PowerShell scripts limitations

Although with Microsoft Intune you can deploy PowerShell scripts to Windows 10 devices, there are a few limitations worth noting. These include: 

  • You won’t get support for running PowerShell scripts on a scheduled basis.
  • Although you can see whether the PowerShell script execution succeeded or failed, the output generated is only available on the endpoint that executes it and is not returned to the MEM Admin Portal.
  • Since executed PowerShell scripts are visible in the Intune Management Extension log file as plain text, credentials can’t be passed securely.
  • The Intune Management Extension agent responsible for executing PowerShell scripts on the endpoints only checks once an hour for new scripts so there is a delay with execution.

Wrap up about Microsoft Intune

Maximizing the time we have is increasingly a massive concern for most organizations. Technological innovation has made it such that we can have more productive time on our hands. PowerShell is a product that is very useful to IT professionals for overall system management. By being able to automate the administration of Windows OS and other applications, organizations can operate more efficiently. The evolution of this platform since its release fourteen years ago has seen it grow from strength to strength. Undoubtedly, this is a product that can easily boost your productivity.