Out of Office Hours

Powered by
WordPress

  • Windows 10 Enterprise 2004 is available

    You probably saw the announcements: How to get the Windows 10 May 2020 Update What’s new for IT pros in Windows 10, version 2004 And yes, it’s available on VLSC as well, pre-patched to include the May cumulative update (and that will be updated every month): As noted in the “what’s new” post, there are…

  • Deploying Edge without a desktop shortcut, the easiest way

    First, I described a messy way to get rid of the Edge (the Chromium-based one) desktop shortcut.  That led to some Twitter discussions with the Edge team, resulting in a new MSI command line parameter that I blogged about separately, and a promise to later add a Group Policy setting to turn it off more…

  • Digging into Hybrid Azure AD Join

    I’m sure most of you are aware that Windows Autopilot supports a user-driven Hybrid Azure AD Join scenario.  That’s not what I’m talking about here.  I want to talk about Hybrid Azure AD Join itself, which seems to be surprisingly misunderstood by a lot of IT pros.  And there’s probably good reason for that.  Let’s…

  • Try out the new Windows Package Manager

    My initial response when reading through the Windows Package Manager Preview announcement from the Build event was “ugh, another package manager” (on top of OneGet, NuGet, Chocolately, etc.).  But it is immediately useful, mainly because of the apps that are available.  The easiest way to install it is manually using the .appxbundle from https://github.com/microsoft/winget-cli/releases (download…

  • Renaming Autopilot-deployed Hybrid Azure AD Join devices

    As some of you have noticed, the naming convention allowed for Windows Autopilot Hybrid Azure AD joined devices isn’t particularly flexible:  You can specify a prefix (e.g. “AD-“) and the rest of the computer name will be filled in with random characters and digits to pad the name to 15 characters.  So you end up…

  • Two for one: Updated Autopilot Branding and Update OS scripts

    A few days ago, I started working on a new script.  This blog is not about that script, but rather the unrelated issues I encountered while working on that script.  Let’s start with a little history lesson of the two existing scripts. Introducing Autopilot Branding Just over a year ago, I published two blogs (first…

  • A milestone: One million downloads

    Back when I was still in Windows product management/marketing, around the time when Windows Autopilot was first announced in June 2017, I was working with the team to try it out.  “All you need to do is register your device using the hardware hash.”  OK, how do you do that?  With no great answer to…

  • Updated troubleshooting script posted

    After a productive Friday night/Saturday morning, I’ve made a number of script updates.  Let’s start off with the most interesting of them.  The Get-AutopilotESPStatus script has been updated to version 3.6 to add one significant piece of new functionality:  It can now dump a list of all the MDM policies that have been received by…

  • The most useful PowerShell cmdlet I didn’t know existed

    Sometimes I should probably pay more attention.  I use PowerShell a lot.  I use Windows 10 a lot.  But I still missed this one: Some highlights: Want to know if the device is joined to AD?  Check CsPartOfDomain.  Want to know what domain?  Look at CsDomain (which will be WORKGROUP on an AAD-joined device). Need…

  • Fun with Azure: Creating an Azure function

    Sometimes you need to run some code – somewhere.  You don’t care where.  But clients need to be able to get to it.  You don’t want servers, VMs, or web apps, just something very lightweight.  So Azure Functions sounded like a workable solution.  I’m starting from a blank slate: I clicked to add an app…

  • You can use Intune to create a local admin account, but that doesn’t mean its a good idea

    There are a variety of blog posts that talk about creating a local account on a device, to be used as a “break glass” account in case anything ever happens where the user can’t sign in.  That’s not too hard to do using custom OMA-URIs, since the Accounts CSP already supports that.  You can specify…

  • More help with Windows Autopilot diagnostics

    I’ve talked about the Get-AutopilotESPStatus.ps1 script a few times in previous blogs (like this one).  Well, here’s another one.  First, I added some additional diagnostics information at the top of the output: This will tell you some basic information about the device (e.g. the tenant details, the Intune device ID, the Autopilot settings being used),…

  • Windows enrollment restrictions

    It seems some days become worthy of a blog post, if only due to the coincidental collision of research and customer questions.  Today is one of those days.  I started off the day looking at the behavior of a Windows enrollment restriction that can be configured in Intune to block the enrollment of personal devices…

  • Podcast episode #2: Group tags

    I did my first podcast episode back in March.  Because I didn’t know any better, it was posted at a higher bitrate than necessary, so it used up a significant amount of the monthly quota on the service that is hosting the audio.  No problem, I thought, as the quota is reset at the beginning…

  • VLSC is getting monthly updates for Windows 10 media!

    If you routinely sign into the VLSC portal at https://www.microsoft.com/vlsc to download Windows 10 media you may have noticed something interesting recently.  Here’s a snapshot of Windows 10 1909 from mid-March: And here’s another snapshot from today: Notice the difference?  Windows 10 version 1909 was updated.  And if I would have captured an update during…

  • My guide to setting up Windows Server 2019 for VPN (with no guarantees that it will work)

    Sadly, I can remember setting up my first Remote Access Service (RAS) on Windows NT Server 4.0.  It was a very simple process:  First you added the Remote Access Service in network settings as a new service, specifying how many ports you wanted and of what types (dial-up, PPTP), then you checked a box on…

  • Publish Certificate Services CRL and OCSP sites to the internet using Azure App Proxy

    I have set up a variety of test domains over the years, and inevitably I need to set up Active Directory Certificate Services (ADCS) on them because I need to issue certificates of some kind for some purpose (e.g. VPN, Wi-Fi access, Windows Hello for Business, etc. – see https://oofhours.com/2020/04/05/intune-certificates-something-everyone-should-set-up/ for details on how to…

  • Random news of the week: New white glove fix, updated Intune module

    In the category of “stuff probably not worth a separate blog” category, I’ll combine some notes together into a single post.  Let’s go through those one at a time. New white glove fix Windows Autopilot white glove scenarios have always supported the provisioning of all device-targeted apps, policies, certs, etc.  And if there is a…

  • Deploying Edge without a desktop shortcut, the easier (but not easiest) way

    As Per Larsen blogged this week, the recent Edge stable release now has a new MSI parameter to skip the desktop shortcut.  From the release notes: Added an MSI command line parameter that lets you suppress Desktop icon creation when you install Microsoft Edge. The following example shows how to use this new parameter:MicrosoftEdgeEnterpriseX64.msi DONOTCREATEDESKTOPSHORTCUT=trueThere…

  • Fun with Windows Autopilot Group Tags

    This one falls squarely in the “I can’t believe I’m doing another blob about group tags” category.  Past examples: Group tags with spaces? Fun with Azure AD dynamic groups Now you can edit group tags and computer names for Windows Autopilot devices Windows Autopilot Companion app updated to support editing the computer name and group…