Out of Office Hours

Powered by
WordPress

  • Installing Windows updates during a Windows Autopilot deployment

    It’s not uncommon to want a device to have the latest security updates installed before the device can be used.  One of these days we’ll add that capability to the Windows Autopilot process, built in so you don’t need to do much, if anything, to enable that.  But until then, it’s not too hard to…

  • Windows Autopilot and ESP now work with Windows Hello for Business certs

    Some of you reported that you were trying to provision new devices using Windows Autopilot with ESP enabled, and were running into issues when trying to deploy Windows Hello for Business (useful for single sign-on scenarios) via Intune and SCEP.  The challenge: ESP would be waiting for the certs to install before Windows Hello for…

  • New Enrollment Status Page option available

    The enrollment status page (ESP) is something I highly recommend you implement, to ensure each device is fully provisioned before the user can get to the desktop.  It makes sure the device is sufficiently configured before the user is able to try to use the device. That said, there have been some challenges with ESP…

  • Use Intune to enable Delivery Optimization for Office 365 installs

    Just yesterday, I posted a blog about trying out Delivery Optimization for Office 365 ProPlus installs.  It was something I put together quickly, during a break while presenting at a SCUG Norway event in Oslo.  Fast forward to this morning, where I had an e-mail in my inbox saying “perhaps you might want to do…

  • Try out Delivery Optimization with Office 365 ProPlus installations

    One of the challenges with cloud-based content delivery (e.g. Intune deploying apps, Windows Update delivering updates, Microsoft Store updating apps):  You really don’t want each client downloading the content from the cloud, because internet bandwidth is not unlimited, and download speeds can vary.  If we all had internet connections like the Microsoft office in Redmond…

  • Interpreting the Windows Autopilot profile

    You’re probably used to looking at Windows Autopilot profiles in Intune.  But most of the time, I’m looking at one from the CAB file that is created by the MDMDiagnosticsTool.  As I noted in my previous log, these CAB files contain several files, including the AutopilotDDSZTDFile.json that contains all the Autopilot profile settings.  But those…

  • Troubleshooting Windows Autopilot, a reference

    I’ve done a variety of blogs on troubleshooting Windows Autopilot, which you can read up on for historical reference: Troubleshooting Windows AutoPilot (level 100/200) Troubleshooting Windows AutoPilot (level 300/400) Troubleshooting Improvements in Windows Autopilot TPM Attestation: What can possibly go wrong? And there are troubleshooting notes in several other blogs as well.  And yet, reading…

  • Working with UEFI variables from PowerShell

    In my past post about the inner workings of UEFI, I talked about using a UEFI shell to poke around, looking at all the UEFI variables that are defined on a typical system.  As part of that blog post, I published a PowerShell script to get the value of a particular UEFI variable, but it…

  • Password-less Azure AD Join can be done

    As I was trying out FIDO2 support in Windows 10 (see my blog here), I was disappointed that the one thing that I couldn’t do with the FIDO2 key was to join a device to Azure AD.  For that, I still needed to use a username (UPN/e-mail address) and password.  This is on the roadmap,…

  • Inside Windows Autopilot self-deploying mode

    In past blog posts, I walked through the user-driven scenarios – both user-driven Azure AD Join and user-driven Hybrid Azure AD Join.  Now on to scenario #3, self-deploying mode.  In many ways, this seems like a simple scenario.  But there are some interesting twists. First, let’s talk about the requirements, from the official documentation (which,…

  • Forcing an MDM sync from a Windows 10 client

    Updated 3/31/2024: Note that this method may no longer work. It certainly didn’t work for me on Windows 11 23H2. But see the PowerShell alternative in this post for a mechanism that does: https://oofhours.com/2024/03/30/when-does-a-windows-client-sync-with-intune/ (scroll most of the way down the page). I was reading a blog recently that made me think “there’s got to…

  • Now choose from more language/locale choices for Windows Autopilot self-deploying mode

    Several people pointed out in the past when setting up Windows Autopilot self-deploying mode profiles (used for kiosks, digital signs, and shared PCs) in Intune that the list of language and locale combinations was, well, very incomplete.  The drop-down list included the “core” language/locale combinations for each language pack (e.g. “en-us” and “en-gb”) but not…

  • Time for another Q&A session

    Back in August, I hosted an “OOF Hour” Q&A session and said I would try to schedule one each month.  September is rapidly disappearing, so it’s time to get something on the schedule. This one will be on September 26th (Thursday) at 8am Pacific time.  See the attached zip file containing an ICS appointment that…

  • Windows 10 on ARM64

    I admit it, I still have flashbacks about Windows RT, the previous version of Windows that ran on ARM processors.  (Don’t remember that?  Read up on it here.)  That was a 32-bit version of the OS (with significant restrictions), running on older, slower processors.  The ARM processor platform has come a long way since then…

  • A challenge with Windows Autopilot for existing devices and Windows 10 1903

    We implemented the Windows Autopilot for existing devices scenario with Windows 10 1809 to enable an interesting scenario:  Using ConfigMgr (or other deployment tools, e.g. MDT) to take an existing Windows 7 or 8.1 machine, wipe it, load Windows 10, and then take it through the Windows Autopilot user-driven experience (now supporting both Azure AD…

  • Turn your laptop into a portable mainframe

    Way before working with Windows, I started off in IT as a database administrator and systems programmer, working on IBM (and later Amdahl) mainframe systems running the MVS operating system, CICS transaction processing system (basically, software that drives thousands of terminals at once), and Adabas database.  The first model I remember working with was an…

  • Windows Autopilot known issues in Windows 10 1903

    I listed a few issues in a previous blog, which are also reflected in the Autopilot documentation, but there are more issues addressed in later cumulative updates as well.  Here’s a full list: Issues addressed in KB4505903 (7D update released in late July): Windows Autopilot white glove does not work for non-English OSes.  (If you’ve…

  • Windows Autopilot device provisioning network traffic, annotated

    While I will never be a fan of proxy servers, there is one case where it is useful to use one:  When you want to see all the network traffic and the actual URLs that are being visited.  I took the opportunity to capture a side-by-side video showing a Windows Autopilot user-driven scenario, joining a…

  • Geeking out with UEFI

    Some people may think some of my past posts get into the weeds, exploring the technical depths of Windows Autopilot, Intune, Windows 10, ConfigMgr, etc.  But I would say those generally only get to the 300-level – I will leave out the really deep stuff because it can be harder to explain, and some people…

  • Sign in to Azure Active Directory with a FIDO2 key

    Back in July, Alex Simons announced the public preview of Azure Active Directory’s support for FIDO2 security keys.  Even though I have been carrying one of those around with me for several months waiting for that (I couldn’t come up with a good reason to ask for access to the private preview), it’s taken me…