Out of Office Hours

Powered by
WordPress

  • Options for Terms of Use

    Some organizations want to display a “terms of use” page to users when the join or enroll in the organization.  (Personally, I think this is a bit silly, but if it makes the lawyers happy…)  I always knew that could be enabled in Intune: with some simple text fields that can be displayed to the…

  • CSP partners: Add devices to Windows Autopilot using Partner Center and PowerShell

    I’ve given presentations at a variety of events that included this slide, talking about the different mechanisms that are available for registering devices with Windows Autopilot: For customers, you can register devices using the serial number and hardware hash via Intune.  I published a blog last year that showed how to automate that using PowerShell…

  • Automatically setting up OneDrive for Business via Intune

    The OneDrive for Business team has made a number of changes to support automatic configuration of OneDrive, including support for automatically signing in, configuring known folder migration, enabling offline files, and more.  But since the OneDrive client is configured via GPO and not MDM policies, that meant using some rather nasty-looking custom OMA-URI policies in…

  • Inside Windows Autopilot user-driven mode with Azure AD join

    We’ve already talked about device registration and the initial Windows Autopilot profile download.  That’s all prep work for the “real” provisioning process performed by Windows Autopilot.  Now let’s look at the provisioning process itself, starting from where those other blogs left off: If the Windows Autopilot profile specified a naming template, the name will be…

  • TPM Attestation: What can possibly go wrong?

    First off, it would be good to touch on what TPM attestation is, and then talk about why you care.  From some older Windows Server documentation, here’s a decent overview: With TPM key attestation, a new management paradigm is now possible: An administrator can define the set of devices that users can use to access…

  • What happens when a Windows Autopilot-registered device starts up?

    The last time, I talked about the device registration process – preparing for deploying a device using Windows Autopilot.  This time, I want to switch to the device itself and explore what happens when a Windows Autopilot-registered device starts up into the out-of-box experience (OOBE) and is connected to a network. Using a trusty network…

  • Self-serving post: Follow my blog from Outlook

    If you are like me, you live and breathe through Outlook – it’s the center of my work world, enabling me to rapidly sift through obscene amounts of e-mail effectively.  (You might disagree if you are one of the people who has e-mailed me and awaited a reply – my general rule is that if…

  • Which Intune portal do you use?

    Update 2020/07/08: The https://devicemanagement.microsoft.com portal should now be accessed via https://endpoint.microsoft.com. This site is identical to the previous one, just with a new URL. That might seem like an odd question, but there are actually multiple portals that you can use to manage Intune.  As I’ve worked with customers who are implementing Intune, it seems…

  • What happens when you register a device with Windows Autopilot?

    Let’s assume that you are registering a new VM, or some existing device that you want to use for validating Windows Autopilot.  (New devices should be registered by the OEM, distributor, or reseller that you buy the device from – more on that later.)  In that scenario, you need to start off with the hardware…

  • Disk Deduplication: A great feature for lab environments

    I have a reasonably powerful workstation that I’ve been using for testing and validation for many years, an HP z800 Workstation with 8 CPU cores, 96GB of RAM, and 4TB of disk space.  On that server, I have 55 VMs at the moment, including multiple ConfigMgr environments, MDT servers, Active Directory, proxy and VPN servers,…

  • Configuring company branding in Azure AD

    As you may know, Windows Autopilot leverages Azure AD company branding to show custom logos and text during the Azure AD authentication/join process.  I described how this company branding information was used in a blog from 2017: And I mentioned that there are three image layouts that you need to use for this: A square…

  • Using UE-V with Windows Autopilot

    When we talk about what it takes to get a device ready for productive use, we generally include OneDrive for Business for ensuring that files and folders are automatically synced to the cloud and accessible from every one of the user’s devices.  And some settings (e.g. background image, UWP app settings) can automatically roam through…

  • More on Windows Autopilot for existing devices

    With any luck, you saw this morning’s blog post talking about Windows Autopilot for existing devices.  In that blog, I talked about how this didn’t require any client-side changes to support joining devices to Active Directory (via Hybrid Azure AD Join, my least favorite feature name – more on that some other time).  So why…

  • Starting again…

    I’ve been blogging since 2006 on my original Microsoft blog. But you might have noticed an exodus from that blog site, with a move to the Tech Community site or one of many other new blog sites taking its place. And while you can expect to see me continuing to publish blogs via the Tech…