Building a Modernizing Infrastructure Using Microsoft Technologies

If what you have is working great, then why change it? While that may very well be true, every business needs to adapt to the times and modernize if they want to maintain their success. Otherwise, your rivals won’t hesitate to take advantage if they can. Take Nokia for instance.

During the 90s, it dominated the smartphone market and at its peak in late 2007, it had a 50.9% share of the smartphone market. Yet, just 6 years later that number had plummeted to just 3.1%. Other companies came in with new technologies, the market changed, and Nokia has never fully recovered.

Modernizing helps you to expand your capabilities while reducing operational costs. And by leveraging cloud capabilities, you can unlock the limitless potential that can take your business to the next level. Microsoft Technologies provide you with the ideal platform to transform your IT infrastructure. And in this blog, we’ll show you just what these solutions can add to your business.   

Created for evolving businesses

Technology has changed the way businesses operate. The various solutions that are available to us have created new markets as well as exciting ways to serve clients. Whether it’s the scalability that Azure gives you, the flexibility provided by Endpoint Manager, or the security you get with Microsoft Defender ATP. The benefits are plenty. Evolving businesses can put themselves in a position where they reduce their overhead, streamline their operations, and market themselves better. Microsoft has recognized the needs that businesses have regarding effective IT solutions. 

Overview of Microsoft Technologies

The Microsoft Technologies that we’ll be going over consist of brilliant tools that will modernize your IT infrastructure. Rather than being individual entities that operate completely apart, Microsoft has designed these technologies such that they can function together. This will enhance your overall IT management and bring greater efficiency to your organization. The following technologies are going to be the focus of this blog:

1) Azure Active Directory

Microsoft’s cloud-based multi-tenant identity and access management service enables employees to sign in and access services from anywhere. Azure Active Directory (Azure AD) has plenty of features that help modernize your infrastructure, among which:

  • Application management: manages all apps, both cloud and on-premises, using Application Proxy, single sign-on, the MyApps portal, and any SaaS apps.
  • Authentication: manages Azure AD self-service password reset, MFA, smart lockout, and custom banned password list.
  • Conditional access: enforces and maintains control over access to your cloud apps.
  • Device management: controls the access that cloud and on-premises devices get to corporate data.
  • Business-to-business: helps you to maintain control over corporate data by managing guest users and external partners.
  • Reports and monitoring: allows you to receive insights concerning the security and usage patterns in your environment.

Key benefits

The advantage you’ll get from features like single sign-on is that employees won’t need multiple sign-ons for all their apps so password compliance issues are reduced. Simplified collaboration with guest users is possible because Azure AD allows you to invite these users into your directory to assign access. Also, the availability of real-time monitoring in conjunction with MFA and conditional access provides your organization with excellent application security and management control. And if you have productivity solutions that aren’t Microsoft products, you can still use them because Azure AD supports other OS and virtual tools.

2) Windows Autopilot

Windows Autopilot is Microsoft’s solution for transforming the provisioning of devices into an automated and friendly process. It aims to eliminate the countless, painful hours spent manually setting up devices. Undoubtedly, this is a product that will be a big hit with IT teams and it should please most employees as well. Its features include:

  • User-driven mode: provides a simple do-it-yourself approach to setting up new devices. This enables end-users to quickly get up and running without needing IT.
  • Self-deploying mode: allows you to deploy a Windows 10 device as a kiosk, digital signage device, or a shared device with minimal user interaction.
  • Support for existing devices: makes the process of deploying the latest version of Windows 10 to your existing devices quick and painless. In addition, whatever apps you need will be installed automatically and you’ll get your work profile synched as well.
  • Pre-provisioned deployment: partners and IT can pre-provision Windows 10 devices and have them business-ready for companies and their end-users.
  • Windows Autopilot reset: allows you to easily repurpose a device by wiping personal files, apps, and settings then restoring the device’s original settings.
  • Enrollment Status Page (ESP): the ESP tracks the setting up of the device to ensure that the device is fully configured correctly before the end-user can gain access.

Key benefits

As the saying goes, time is money. Hence the importance of the customized out-of-the-box experience (OOBE). It gets devices set up according to an organization’s preferences so that when the end-user receives it, they can immediately start using it. And they’ll have all the collaboration and productivity apps they need already installed. You’ll also gain time by not having to do any OS re-imaging because it’s done automatically. All of this will help to create an environment that empowers the user thereby increasing productivity rather than the restrictive nature of legacy IT.

3) Microsoft Endpoint Manager

Announced at Ignite 2019, Microsoft Endpoint Manager (MEM) is a brilliant development that merges ConfigMgr and Intune into a unified management platform. And you’ll get a lot of services with the product including co-management, Desktop Analytics, and the above-mentioned Windows Autopilot. MEM plays a key role in demonstrating the integration of Microsoft Technologies. Moreover, clients who already have Microsoft 365 licensing can benefit from the majority of the technologies that are within Microsoft Endpoint Manager.

What can MEM do for you?

According to Brad Anderson, Microsoft corporate vice president for Microsoft 365, MEM came about as a way to resolve the confusion surrounding modern management. It offered simplicity. And this simplicity should ease the way of doing business. For clients with ConfigMgr licenses, they automatically get Intune licenses thus enabling them to co-manage their devices.

With up to 190 million devices currently under ConfigMgr or Intune management, IT will get incredible insights that you can use for problem-solving and device deployment. MEM allows you to utilize the cloud where all data is stored in Azure thus eliminating data centers. This gives you the mobility advantages of the cloud as well as the security of Azure. However, some organizations prefer mixed environments so you can still use the cloud while retaining your on-premises infrastructure.

4) MSIX

The endless packaging and repackaging of applications has been the source of constant headaches over the years. Whenever you’d purchase new software, the problems would begin. Someone had to come up with a solution, and thus MSIX came to the fore.

MSIX is a universal package format designed for Windows 10 apps and has support for desktop, mobile, and all other Windows 10 devices. It’s an improvement on AppX and aims to resolve app packaging issues. The UWP features, app customization, and support for all Windows applications make MSIX a massive improvement on the currently available installers. Key features include:

  • Reliability: MSIX can just about guarantee installs with a success rate standing at a very impressive 99.96%.
  • Network bandwidth optimization: MSIX only downloads the 64k block and this allows for a reduction in impact to network bandwidth. It does this by leveraging the AppxBlockMap.xml file that’s in the MSIX app package.  
  • Disk space optimizations: MSIX doesn’t duplicate files across apps and Windows will manage the shared files across apps. Because apps remain independent, updates won’t affect other apps that share the file.

What you stand to gain

Microsoft has created a product that gives you the advantages of both MSI and AppX while eliminating their limitations. And it doesn’t just work on Windows only. You can use it on Linux, OSX, iOS, and Android. MSIX enables you to take a huge step towards modern management. Instead of the previous uncertainties, it offers you safety, reliability, and predictability of deployment. Security is enhanced as well with Windows giving you integrity for apps through tamper protection and policy controls.

5) Microsoft Defender ATP

As amazing as the above technologies are, you cannot successfully modernize your IT infrastructure without effective cybersecurity. In fact, all your efforts would probably be futile. But, with Microsoft Defender Advanced Threat Protection (MDATP), you get an enterprise endpoint security platform that enables your enterprise networks to prevent, detect, investigate, and remediate advanced threats.

Main capabilities

  • Endpoint behavioral sensors: these are sensors that are embedded in Windows 10 that collect and process behavioral signals from the OS. This data is then sent to your private, isolated, cloud instance of Microsoft Defender for Endpoint.
  • Threat and vulnerability management: MDATP has an overview of all the software on a device and can detect security vulnerabilities. It can then provide security recommendations for remediating endpoint vulnerabilities and misconfigurations.
  • Attack surface reduction: this capability enables you to put in place controls that reduce areas that are vulnerable to cyberattacks. With proper configuration settings and application of exploit mitigation techniques, this capability will resist attacks and exploitation.
  • Next-generation protection: MDATP offers you next-generation protection to catch all types of emerging threats.
  • Endpoint detection and response (EDR): EDR is designed to target advanced threats that make it past the first two security pillars.
  • Automated investigation and remediation: these capabilities help to create a reduction in the volume of alerts in minutes at scale.  
  • Microsoft secure score for devices: this tool will help you to carry out an assessment of the security status of your enterprise network and identify unprotected systems. After which, you can apply recommended actions to improve the overall security of your organization.

6) Windows Virtual Desktop

The advances that are happening in the field of technology not only enhance the modern workplace but can also completely change it. And with the internet creating “one global village”, the popularity of remote work has grown significantly. But for this to work, you need effective solutions. Enter Windows Virtual Desktop (WVD).

WVD is a desktop and app virtualization service that leverages the power of Microsoft Azure and runs on the cloud. So it can deliver a virtual desktop as well as remote apps to any device. Depending on your needs, you can configure WVD to run Windows 10 Enterprise, Windows 7 Enterprise, or Windows Server 2012 R2, 2016, 2019.

Benefits to your organization:

  • WVD gives you the ability to deliver Windows 10 desktops on any device, anywhere. By extension, you’ll give your employees an optimum virtual experience.
  • Cybersecurity is crucial and WVD has in-built intelligent security that is fully capable of proactive threat detection and remediation. Security protocols such as Azure Firewall, Azure Security Center, Azure Sentinel, and Microsoft Defender ATP ensure that corporate data is highly secure.
  • Your organization can become more efficient and productive because deployment and scaling can be carried out easily and quickly.
  • Utilizing the modern cloud-based virtual desktop infrastructure (VDI) is a great way to save costs. You’ll only pay for what you use.
  • Another way in which you’ll save costs is licensing. WVD is a free service so it comes with your Microsoft 365 or Windows per-user license.

Maximizing potential

By now most organizations are starting to appreciate just how legacy technology can hold them back. Instead of holding on to what has worked in the past, it’s important to know that technology can expire. Therefore, transformation is a must. Modern infrastructure will help you to reduce your costs, improve your cybersecurity, and provide easy and convenient access to corporate resources from anywhere. Microsoft has a vast array of technologies that can take your organization to the next level. The powerful and flexible hybrid-cloud architecture is something that we can all benefit from.

Microsoft Intune – New Updates in PowerShell Scripts

Microsoft Intune is one of those brilliant products that has helped to optimize IT infrastructure for many businesses. It’s a platform that can transform your business into a modern workplace. And its capabilities are almost without limit. If you want to upload PowerShell scripts in Intune, there is the Microsoft Intune management extension (IME) that you can use for that. This management extension can enhance Mobile Device Management (MDM) resulting in a simpler move to modern management. With all this done, you can then run these scripts on Windows 10 devices. PowerShell scripts are important in a lot of different use cases and this blog is going to take a look at what this technology can do.

What is PowerShell?

PowerShell is a scripting and automation platform belonging to Microsoft. It’s an amazing product that is both a scripting language as well as an interactive command environment that is built on the .NET framework. Released back in 2006, PowerShell was basically a replacement for Command Prompt as the default method for automation of batch processes and creation of customized system management tools. PowerShell can easily automate laborious admin tasks by combining commands known as cmdlets and creating scripts. Available in all Windows OS starting with Windows 2008R2, PowerShell plays a huge role in helping IT professionals configure systems.

Adopting modern management

Modern workplaces now have plenty of user and business-owned platforms allowing users to work from anywhere. With MDM services like Microsoft Intune, you can manage devices that are running Windows 10. The Windows 10 management client will communicate with Intune to run enterprise management tasks. Windows 10 MDM features will be supplemented by IME. With this in place, you can create PowerShell scripts to run on Windows 10 devices e.g, creating a PowerShell script that does advanced device configurations. Having done this, you can upload the script to Intune and assign the script to an Azure AD group. Then run the script. Moreover, you can monitor the run status of the script from start to finish.

Latest updates from Microsoft

In November 2020, Microsoft announced the general availability of PowerShell 7.1 which is built on the foundation of PowerShell 7.0. The goal was to bring about improvements and fixes to the existing technology. Some of these features, updates, and breaking changes include:

  • PSReadLine 2.1.0, including Predictive IntelliSense
  • PowerShell 7.1 has been published to the Microsoft Store
  • Installer packages have been updated for new operating system versions with support for ARM64
  • 4 new experimental features and 2 experimental features promoted to mainstream
  • A number of breaking changes that improve usability

Using scripts in Intune

Before IME can automatically install when a PowerShell script or Win32 app is assigned to the user or device, a few prerequisites should be met:

  • Windows 10 version 1607 or later, Windows 10 version 1709 or later for devices enrolled using bulk auto-enrollment.
  • Devices joined to Azure AD including Hybrid Azure AD-joined which consists of devices that are joined to Azure AD, and are also joined to on-premises Active Directory (AD).
  • Devices enrolled in Intune namely devices enrolled in a group policy, devices that are manually enrolled in Intune, and co-managed devices that use both Configuration Manager and Intune.

Script policy creation

Start by signing in to the Microsoft Endpoint Manager admin center. From there you’ll select Devices then PowerShell scripts then add. Under Basics, you will then have to provide a name and a description for the PowerShell script. Next, you go to Script settings and you’ll have to enter the required properties. After that, you select Scope tags, however, these are optional. And then select Assignments > Select groups to include and an existing list of Azure AD groups will be shown. Lastly, in Review + add, you’ll see a summary of the settings you configured. Select Add to save the script. When you have done so, the policy is deployed to the groups you chose.

Important considerations

If you have scripts that are set to user context with the end-user having admin rights, by default, the PowerShell script runs under the administrator privilege. Also, end-users don’t need to sign in to the device to execute PowerShell scripts. The IME agent checks with Intune once per hour and after every reboot for any new scripts or changes. In the event of a script failing, the agent attempts to retry the script three times for the next 3 consecutive IME agent check-ins. And as far as shared devices are concerned, the PowerShell script runs for every new user that signs in.

PowerShell scripts limitations

Although with Microsoft Intune you can deploy PowerShell scripts to Windows 10 devices, there are a few limitations worth noting. These include: 

  • You won’t get support for running PowerShell scripts on a scheduled basis.
  • Although you can see whether the PowerShell script execution succeeded or failed, the output generated is only available on the endpoint that executes it and is not returned to the MEM Admin Portal.
  • Since executed PowerShell scripts are visible in the Intune Management Extension log file as plain text, credentials can’t be passed securely.
  • The Intune Management Extension agent responsible for executing PowerShell scripts on the endpoints only checks once an hour for new scripts so there is a delay with execution.

Wrap up

Maximizing the time we have is increasingly a massive concern for most organizations. Technological innovation has made it such that we can have more productive time on our hands. PowerShell is a product that is very useful to IT professionals for overall system management. By being able to automate the administration of Windows OS and other applications, organizations can operate more efficiently. The evolution of this platform since its release fourteen years ago has seen it grow from strength to strength. Undoubtedly, this is a product that can easily boost your productivity.        

How AppLocker Improves Security and Compliance

The security of your organization is not something that you can afford to leave to chance. The wave of cybercrime over the last few years has been unrelenting. This is why you need to take advantage of platforms such as AppLocker. By leveraging its application whitelisting feature, you’ll get a very powerful way of stopping a multitude of attacks. And if you configure it correctly, you can massively increase the amount of time it would require for a cyberattacker to get around the system. This is the kind of technology that can enhance the security of your organization. Hence why we need to discuss just how AppLocker will help you with security and compliance measures.

Securing your organization

Arguably the biggest security risk for most organizations comes from employees simply running applications. As long as users can run executables or have access to files that can potentially contain malicious code, your organization is at risk. Such incidents could compromise the entire network and not just a single device. So by helping you to determine which files and applications users can run, AppLocker immediately improves your security. These files can include DLLs, scripts, Windows Installer files, and packaged app installers. Giving system admins greater control in these particular areas will shore up your business’ defenses.

Control allowed software

To maintain high-level security for corporate data and your business as a whole, system admins need to be strict about which softwares and applications are allowed to run. Otherwise, you risk giving access to software that can create vulnerabilities in your network. AppLocker is fully capable of denying applications from running when you exclude them from the list of allowed apps. And in the production environment, when AppLocker rules are enforced any apps that are not in the allowed rules are blocked from running. Therefore, users can’t intentionally or accidentally run software that is explicitly excluded from the allowed list.

AppLocker rules

AppLocker has several different types of files that it can block. This makes it extremely efficient in its whitelisting capabilities because it’s highly unlikely that anything that you want to block will make it through. The types of files that AppLocker can block include the following:

  • Executable files such as .exe, and .com
  • Windows installer files such as .mst, .msi and .msp
  • Executable files such as .bat, .ps1, .cmd, .js and .vbs
  • DLL executables
  • Packaged app installers such as .appx

The organization of the above into rule collections is something that will help you to easily differentiate the rules for different types of apps.

Default rules

In addition to the above, AppLocker also gives you default rules for each rule collection. These rules are allowed in an AppLocker rule collection and they are necessary if Windows is to function correctly. To start, you’ll have to go and open the AppLocker console. Having done that, right-click the appropriate rule type for which you want to generate default rules automatically. You can automatically create executable rules, Windows Installer rules, script rules, and packaged application rules. Lastly, click on Create Default Rules.

Monitoring app usage

After you set your rules and deploy the AppLocker policies, monitoring app usage can help you assess whether policy implementation is per your expectations. To understand what application controls are currently enforced through AppLocker rules, you can:

  • Analyze the AppLocker logs in Event Viewer.
  • Enable the Audit-only AppLocker enforcement setting to ensure that the AppLocker rules are properly configured for your organization.
  • Review AppLocker events with Get-AppLocker File Information.
  • Review AppLocker events with Test-AppLocker Policy Windows PowerShell cmdlet to see whether any of the rules in your rule collections will be blocked on your reference device or the device on which you maintain policies.

Main advantages

Several benefits come with AppLocker that help to make it a more attractive option for any business looking to enhance security and compliance. The first thing is the cost. How much you ask? Well, if you already have the enterprise edition of Windows Server, then there is no extra cost to talk about. Moreover, AppLocker comes as an integrated part of Group Policy, which most Windows Admins are already familiar with. Because of that, this can simplify the AppLocker user experience and make it a seamless one. Also, any AppLocker policy can be imported into Intune as an XML file giving you a similar level of control of apps for MDM-enrolled devices as you would for on-premises, domain-joined devices. And to further save you productive time, Windows internal apps are automatically whitelisted.

Why consider AppLocker?

Even with all the security benefits available, as an organization, you still have to determine whether or not you actually need AppLocker. And for most, the answer will probably be a resounding yes. If your organization needs the ability to verify which apps are allowed to run on your corporate network, then you need AppLocker. Furthermore, if you want to check which users are allowed to use the licensed program, then you probably also need it. To these, you can also add organizations that need to provide audit logs containing the type of apps that clients have been running. And of course, wherever there is a need to prevent overzealous users from running random software, AppLocker can play a significant role.

Wrap up

Only the best technology will do for any organization that seeks to keep cybercriminals away. Attacks are being orchestrated from all around and the degree of sophistication is constantly changing. Therefore, organizations need to take proactive measures to stay ahead of hackers. And platforms such as AppLocker can enable you to do that. By setting up blocks for different types of files and software, you instantly reduce your surface area of attack. It’s time to leverage all available technology to fight back against cybercrime.

7 Ways Microsoft 365 Can Help Manage Your Organizational Governance

These days, you will find cloud services offering some pretty amazing features. Platforms like Microsoft 365 (M365) have been developing their functionalities at a very fast pace. With all of those changes, businesses can expect to benefit as well. And they do. The advances in cloud technology have had a significant impact on things like corporate data security and remote work. Moreover, the round the clock support you get from Microsoft experts allows you to swiftly deal with any issues. Even more importantly, M365 helps you manage your organizational governance and that’s something we want to take a closer look at.

Governance in M365

Under Microsoft 365, the key thing is the protection of essential data assets while minimizing risk. There are a few crucial areas that need consideration. Firstly, there is operational assurance. This is mainly an IT task responsible for the operation and performance of the platform. Next, we talk about information assurance. For this, you need to know the regulatory requirements as well as the goals of the business because it involves the management of information throughout the lifecycle. Lastly, we’ll talk about outcome assurance. This part is concerned with providing the necessary guidance to enable an organization to obtain favorable outcomes.  

Preparing your business

Cloud services are constantly evolving and that means businesses need to adequately prepare. These continuous changes can have positive or negative effects depending on your governance policies. It’s important to have policies that best suit your IT team to ensure maximum productivity. Although leveraging the power of the cloud has numerous benefits, your IT team still needs to maintain a framework that guarantees data security. All of this requires the company to set up informed governance policies that are regularly updated as and when necessary.    

Service offering

When it comes to IT governance for M365, all the services you get with M365 including Office 365 and Enterprise Mobility + Security are considered. Businesses will need to assess aspects such as user lifecycles and legal data requirements for the governance framework. It’s important to note that employee recruitment or retirement can upset your governance processes because user and data lifecycle concepts are designed and applied in an expanded form. Given that there will be other employees that need greater access and security, you need to establish protocols for these groups. This will help to maintain corporate data security while granting secure access to those that need it.  

Great communication platforms

Most people will agree that good communication is an absolute necessity for any business to operate properly. Again, this is something Microsoft 365 fully understands. You can have the best business strategies but without good communication channels, your business will struggle. To facilitate great communication, M365 clients can get in touch via Skype, voice calls, and video calls. Yammer and other business platforms are also available when it comes to organizing projects. As well as giving users fantastic options for communication, these platforms are highly secure. So management can rest easy knowing that they can easily relay information and organize projects without worrying about security.  

Improve service delivery

Online platforms have changed the way that clients can interact with businesses. In addition, these platforms also enable businesses to market themselves better to potential clients. With the amount of information available online, decision-making is a lot easier. For instance, through the use of Outlook’s CRM capabilities, you can track your clients and establish business relationships. You also have Microsoft 365 Business that you can use to create mailing lists and manage your marketing emails. Clients get increased convenience because of Bookings which allows them to make appointments anytime, anywhere. Because of the popularity of social media and its significant reach, Microsoft 365 Business also helps you to manage these platforms. It does this by updating the information on your social media platforms and making communication with clients easier.              

 

Microsoft information governance

Information governance has a massive role to play in how effectively an organization operates. With information being a very valuable asset, you cannot afford to compromise your data management. You need to start by understanding the type of information that is governed, something that is done with retention labels which drive the automated lifecycle management of all data. After this, you can configure the labels in a few different ways. You can publish the labels, use MIG/ADG to auto-apply labels, or apply pre-applied labels in bulk. Information governance gives you a system for comprehensive data management on a secure platform.

Effective device management

In these times when plenty of people are working from home, managing employees’ devices is essential to overall organizational governance. Not only is this important to maintain productivity levels, but it’s also necessary for data security. By joining Azure AD and enrolling in Microsoft Endpoint Manager (MEM), users will encrypt their devices and obtain certificates enabling them to access VPNs, Wi-Fi, etc. Furthermore, this will keep employees’ devices up to date, secure, and compliant with all your policies. MEM is a great tool for any business looking to organize their workforce when working remotely without compromising data security.

Simplifying management

Good management is often what makes the difference between successful businesses and struggling ones. Likewise, good technology can have a similar effect on your business. Which is why it’s not a bad idea to check out Microsoft 365. It’s a package deal that has some of Microsoft’s best products, not least of which is the hugely popular Office 365. The tools you get in this package will not only help but improve your organizational governance. Easier communication, advanced security, and 24/7 support help to make your business run efficiently. So if you want to simplify management for your organization, M365 is a great place to start.

What You Can Learn From Microsoft Endpoint Manager Analytics

The importance of data analysis has been steadily growing in the last couple of decades. And as technology has continued to evolve, the tools that we have available to us have significantly improved. These tools help businesses get a clearer view of their operations. One of the more recent offerings is Microsoft Endpoint Manager Analytics (MEMA). With this product, Microsoft is aiming to help organizations measure and improve their productivity. These days, businesses are placing significant emphasis on the degree of productivity of their employees. Therefore it’s important to have a way to actually see this and that’s what we’ll be going over below.

What is Microsoft Endpoint Manager Analytics?

Endpoint Analytics is essentially a new feature that Microsoft has added to Microsoft Productivity Score. What it does is to provide you with information on how the organization is operating as well as the experiences that your users are receiving. Moreover, it can pinpoint policies or hardware issues that are slowing down devices and then make any necessary changes without causing needless disruptions. Therefore, Endpoint Analytics can provide insights that are normally unavailable to IT because of a lack of visibility into the end-user experience. And it can offer this service at a better cost as compared to the costly support channel that you would otherwise use.

Getting started

Once you’ve met all the requirements, the actual process of enrolling a device is pretty straightforward. For Intune-managed devices, you need to go to the Onboard in the Endpoint Analytics portal. When you’re enrolling devices that are managed by Configuration Manager, there are a few steps to follow. Firstly, you have to go and enable Endpoint Analytics data collection in Configuration Manager. Next, you’ll need to enable data upload from Configuration Manager. And the last step involves onboarding in the Endpoint Analytics portal. You will see the connector status light up in Microsoft Endpoint Manager once you have successfully enabled.

Startup performance

This is an area that can be of great concern when it comes to causing delays to your employees. By measuring time to productivity, you can easily see where users are losing time. Endpoint Analytics will help your organization by identifying lengthy boot and sign-in times and then resolving them. In addition, you’ll get a couple of recommended actions that you can take to improve startup times. Having this data at hand enables you to evaluate your startup performance. You can then use this data and compare it to other organizations thus getting a better view of how you’re doing as a business. 

Software optimization

A lot of the time, increasing productivity only requires you to optimize your current software. MEMA plays a key role by providing you with information for improving user experience by optimizing your operating system as well as the versions of Microsoft software that you are already using. You’ll get to benefit from insights for various deployment and management services. Among these are Windows Autopilot, Microsoft Intune, Configuration Manager, Windows 10, and Azure Active Directory. Although you may already be using these platforms, analytics gives you data that helps you to get the most out of them.

Swift problem resolution

In the past, one of the major causes of delays has been users having to wait for IT to resolve problems. However, Endpoint Analytics provides proactive remediation scripting. Simply put, this great feature will resolve common support issues on any of your endpoints. Not only that, but it will fix these problems before users even know there’s an issue. There are built-in scripts that you can use for common issues. But, there is also the possibility of authoring your own scripts based on what issues your users frequently encounter.

Licensing requirements

A valid Microsoft Endpoint Manager license is necessary to enroll devices in Endpoint Analytics. In addition, for proactive remediations, one of the following licenses for managed devices will be required:

  • Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
  • Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5)
  • Windows Virtual Desktop Access E3 or E5

Requirements for Intune devices

Devices under co-management or enrolled in Intune running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Enterprise, or Windows 10 Education. Windows 10 Home isn’t supported. Only devices with Windows 10 Enterprise, Education, or Pro version 1903 or later will get startup performance insights. It’s also important to note that workplace joined or Azure AD registered devices won’t be supported. Lastly, you need to ensure that the Connected User Experiences and Telemetry service are running.

Configuration Manager requirements

For devices that are under the management of Configuration Manager, you’re going to need a minimum of Configuration Manager version 2002 with KB4560496 – Update rollup for Microsoft Endpoint Configuration Manager version 2002 or later. Also, the Configuration Manager clients need to be upgraded to version 2002 or later. And then you should ensure that the Microsoft Endpoint Manager tenant is attached. Another thing to remember is that enrolled devices that meet the Intune requirements will send required functional data directly to Microsoft public cloud.

Enhance your productivity

Common issues that trouble most organizations should not have to persist indefinitely. Time is a priceless commodity and your business needs to strive to fully enhance productivity. Hence the importance of software such as Microsoft Endpoint Manager Analytics. Its ability to furnish you with a comprehensive overview of how your organization is operating has the potential to make it key to your business strategies. Evaluating the problem areas affecting your users and resolving them without disruption will immediately improve workflow. Although Endpoint Analytics is still very much a new product, it’s certainly one that looks like most businesses could need.

7 Microsoft 365 Tools for IT Professional and Admin Training

A lot of people are familiar with Microsoft software and have been using it for years. However, new products as well as updates are constantly being rolled out. As such, it’s important to educate yourself on all the new features that are available in order to optimize the user experience. Microsoft 365 (M365) has plenty of amazing features that can vastly improve how you operate. And there are several training tools available to help fully equip you with the necessary skills to run M365. It’s these tools that we’ll go over below to see just how they can help you.

Video Hub

Poring over countless pages of documents can be a painstaking task for most people. It’s something that can very easily put one off from learning something. Fortunately, Microsoft 365 gives its clients a great alternative. With Video Hub you’ll get to do you learning through watching videos that will provide you with all the expertise you need. This platform contains over 150 technical videos about Microsoft technologies. Also, if you happen to have any questions, there are subject matter experts available to answer those for you. By using Video Hub, you will undoubtedly enhance your learning experience and gain new skills.

Instructor-led courses

To further sharpen your skills, Microsoft also has courses available that are taught by experts. Depending on your preference, you have the choice of taking the course online or in person. Moreover, the courses are taught by Microsoft Certified Trainers so you can be certain that you’ll be receiving a quality education. In addition, the web page comes with a filter so you don’t have to browse over a hundred courses searching for what you need. You get to pick the material that you want to learn and focus on that only. So whether you’re a beginner or advanced, an administrator or a developer, there are courses available for you.

Certification

The tools mentioned above can help you on your journey to get certification. For a lot of people, this is the goal as it will help to improve your prospects. Microsoft certification shows that you are keeping up with recent technological advances as well as the requirements that come with various roles. Similarly to the courses above, the certifications page also has a filter that will point you to the material that you need. Doing these certifications will boost not only your productivity as an individual but your value to your organization as well. Additionally, these certifications have great potential to advance your career and prepare you for future possibilities.

Online providers

Apart from Microsoft, you can also find online service providers that can provide you with the training you need. Having alternative options gives clients a lot more convenience as well as the choice of how they want to proceed with their learning. These courses can help individuals to get an in-depth understanding of the administrative capabilities of Microsoft 365. And the key thing here is to search for courses that are led by Microsoft certified trainers. Otherwise, you may end up receiving training that will not be recognized in the future. 

Microsoft Learn

Microsoft Learn is an exciting sandbox-based learning platform that enables people to learn about various technologies. By putting everything together in one place, Microsoft makes IT professional and admin training a whole lot simpler. All you need to get started is to set up a Microsoft account if you don’t already have one. It’s a very simple process that just requires you to fill in your details. Another great benefit that you get from this platform is the fun aspect of the learning process. Things such as points and trophies awarded for reaching certain goals serve to add a little fun to the learning process.

Learning paths and modules

Microsoft offers various learning paths and modules that are designed to fully equip you with the knowledge you need. You’ll find close to 300 options available on this particular web page. So this is an area that will provide you with step-by-step guidance to mastering Microsoft products. With some of these having no prerequisites it means that you can select a learning path or module and jump straight in. You’ll need to dedicate a couple of hours to learning the material but you can do it at your convenience. If you’re looking for efficient learning platforms then this is what you need.

YouTube tutorials

In addition to the Video Hub that you get from Microsoft, you’ll find that YouTube is also a rich source of learning material. In fact, Microsoft has the vast majority of M365 videos that can be found on YouTube. The advantage of using this platform is that you get to learn from various individuals. Although some may not be Microsoft certified trainers, they can still provide you with a great learning platform. Sometimes all you need to understand a challenging concept is for someone to explain it in a slightly different way and it’s as if a light has been switched on. Without a doubt, YouTube can be a valuable learning tool, if used with discretion of course.   

Equipping yourself

Technology is moving at a very rapid pace that makes it difficult to keep up with. And because of that pace, it’s not always feasible to physically attend classes or seminars to learn what you need. Fortunately, for Microsoft 365 users they get plenty of tools to provide them with adequate training. These tools allow you to enhance your skills at your own pace and gain Microsoft certification. All of which you can achieve in the comfort of your own home. Whatever you need to learn is potentially just the click of a button away.

Automate Configuration Manager Application Creation

A simple example to automate the application creation process in ConfigMgr.

RebootBehavior set to NoAction, Accepted values: BasedOnExitCode, NoAction, ForceReboot, ProgramReboot
AutoInstall $true – indicates whether a task sequence action can install the application
Added Action to Distribute the Content to the DP Group at the end

Checklist:

  • Application Name
  • With a deployment type: Same application name
  • Content Location
  • Installation Program
  • Uninstall program
  • Repair Program
  • Detection method (a specific MSI Product code)
  • User expierence: Install for system if resource is device; otherwise install for user
  • Logon requirement: weather or not a user is logged on

    Published on Github:

https://github.com/ThomasMarcussen/assortedScripts/blob/master/Create_SCCMApplication_1.0.1.ps1

New Microsoft Edge based on Chromium – error status: 1603

I recently ran into to an issue deploying the New Microsoft Edge, for some reason it kept failing with Error status 1603 on most of the systems.

The deployment version was version: 87.0.664.47
It kept failing on a lot of systems with build: 1803, I did suspect a missing KB of some kind, but did not find any apparent prerequisites missing.

Tried the same method for the latests version – 87.0.664.60, both downloaded from: https://www.microsoft.com/en-us/edge/business/download and everything seem to be working, now deployed to more then 2000 systems.

CustomAction DoInstall returned actual error code -2147219187 (note this may not be 100% accurate if translation happened inside sandbox)

Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action DoInstall, location: C:\WINDOWS\Installer\MSI9085.tmp, command: /silent /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft Edge&needsAdmin=True&usagestats=0&ap=stable-arch_x64" /installsource enterprisemsi /appargs "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&installerdata=%7B%22distribution%22%3A%7B%22msi%22%3Atrue%2C%22system_level%22%3Atrue%2C%22verbose_logging%22%3Atrue%2C%22msi_product_id%22%3A%2292749E40-069E-3467-BB1F-78BB266190E2%22%2C%22allow_downgrade%22%3Afalse%2C%22do_not_create_desktop_shortcut%22%3Afalse%2C%22do_not_create_taskbar_shortcut%22%3Afalse%7D%7D" 

MSI (s) (10:A8) [13:21:48:649]: Product: Microsoft Edge -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action DoInstall, location: C:\WINDOWS\Installer\MSI9085.tmp, command: /silent /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft Edge&needsAdmin=True&usagestats=0&ap=stable-arch_x64" /installsource enterprisemsi /appargs "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&installerdata=%7B%22distribution%22%3A%7B%22msi%22%3Atrue%2C%22system_level%22%3Atrue%2C%22verbose_logging%22%3Atrue%2C%22msi_product_id%22%3A%2292749E40-069E-3467-BB1F-78BB266190E2%22%2C%22allow_downgrade%22%3Afalse%2C%22do_not_create_desktop_shortcut%22%3Afalse%2C%22do_not_create_taskbar_shortcut%22%3Afalse%7D%7D" 

MSI (c) (C4:44) [13:21:48:771]: Windows Installer installed the product. Product Name: Microsoft Edge. Product Version: 87.0.664.47. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.

Any ideas, other then deploying latest and greatest? Let me know

Deploy Microsoft Edge Chromium Using PowerShell App Deployment Toolkit (PSADT)

The new Microsoft Edge  is based on Chromium and was released on January 15, 2020. It is compatible with all supported versions of Windows. Installing the browser will replace the legacy version of Microsoft Edge on Windows 10.

PowerShell App Deployment Toolkit (PSADT) is a great framework to deploy and manage application deployment – it is free of charge and can be downloaded from https://psappdeploytoolkit.com/

The script is published here on Github

This deployment script example does the following within the PSADT framework:

Pre-Install:
If Microsoft Edge is open, it will prompt the user to close it or delay the deployment 3 times (Comment line 120 if you prefer to just shut it down)
As a Pre-installation task it searches the add/remove program list for any version of Microsoft Edge and uninstalls it.

Install:
It then installs the MSI file from the Files directory – MicrosoftEdgeEnterpriseX64.msi
The latests version of Microsoft Edge for Business version can also we downloaded from – https://www.microsoft.com/en-us/edge/business/download

Uninstall:
Uninstalltion is performed using the name from Add/remove programs (same as for the pre-install step) so this will require no changes. (Line 181)

Repair:
If needed repair can be enabled (or updated for other versions)
(Modify line 203 if deploy other versions)

Microsoft Edge follows the Modern Lifecycle policy. Learn more about supported Microsoft Edge releases.

SMS_SITE_BACKUP failed. Please see previous errors.

I ran into this issue, where after sometime the SMS Build-in backup function would fail.
When running the SMS_SITE_BACKUP from Window Services (services.msc) it would fail with some of the following errors:

SMS_SITE_BACKUP failed. Please see previous errors.

Error: SMS Writer service either does not exist or is not running .

Error: GatherWriterMetadata failed.

SMS_SITE_BACKUP failed. Please see previous errors.

STATMSG: ID=5060 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_SITE_BACKUP” SYS=Server001.domain.com SITE=PS1 PID=67372 TID=61212 GMTDATE=Thu Dec 10 01:20:41.530 2020 ISTR0=”Error: GatherWriterMetadata failed.” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS

Resolution:
List the VSS writers available with the following command: VSSADMIN list writers
If you find the SMS Writer to be missing run the following commands:

Net stop SMS_SITE_VSS_WRITER
Net start SMS_SITE_VSS_WRITER

This should add it back to the list as shown below. Now restart you SMS_SITE_BACKUP (can be done form services.msc) and review the logfile: smsbkup.log. it should now be running.

The issue here was caused by another backup solution using the Volume Shadow Copy Service (VSS). So fixing also required the other solution to be removed/reconfigured.