Tag: Windows 10

SCCM Co-Management Monitoring greyed out and not populating

SCCM Co-Management Monitoring greyed out and not populating

SCCM Co-Management Monitoring

When I was recently configuring co-management with SCCM, I noticed that even after days the monitoring pane for co-management was not populating the charts and status of the co-management devices.

This issues can occur when SCCM is upgraded to a co-management support version (1710 +) but the prerequisites were not configured correctly.

One of the prerequisites for SCCM is to have the latest version of the SQL native client installed. The latest version of the native client can be downloaded here.

Once you have downloaded the client, run it on your primary site server and it will upgrade your version of SQL native client. You can verify the upgrade is successful by checking the ODBC 64-bit connection:

Click Start > type in ODBC > click on ODBC Data Sources (64-bit). Then click the Drives tab.

ODBC data sources

Microsoft will not be releasing a SQL Server 2014 or later version of the SQL Server Native Client. The SQL Server 2012 Native Client can continue to be utilised by SQL Server 2014 and later versions.

Once you have completed the update of the SQL native client, restart the server and wait around 24 hours. You will see SCCM automatically populating the charts in the monitoring pane.

SCCM Co-Management Monitoring

That’s all for now, let me know how you get on.

MDM Auto enroll error 0x80192efd

MDM Auto enroll error 0x80192efd

GPO auto enroll

When trying to use group policy to MDM Auto enroll a co-managed device you may come across the error 0x80192efd in task scheduler Microsoft > Windows > EnterpriseMGMT

Or you may see the error in the event log viewer Applications and Services Logs > Microsoft > Windows > DeviceManagementEnterpriseDiagnosticsProvider

Event ID: 71 – Auto MDM Enroll: Device Credential (0x1), Failed *Unknown Win32 Error code: 0x80192efd)

This error is most likely related to your proxy settings. Depending on how you configured enrollment within Group Policy. For example you have the ability to configure auto MDM enroll for Device Credentials or User Credentials. Using Device Credentials will utilise the NT\SYSTEM account to enroll and therefore you may need to set the system proxy on your device.

You can set the system proxy using a command prompt by typing netsh winhttp set proxy 111.111.111.111:8080 [replace with your proxy settings].

To view your current system proxy settings type the following in a command prompt: netsh winhttp show proxy

Further troubleshooting can be found at docs.microsoft.com

Windows Autopilot Disable Windows Hello

Windows Autopilot Disable Windows Hello

Image result for windows hello

For those enterprises thinking of taking the leap to Modern Desktop with Windows 10, Autopilot is a great feature that build your device to a business ready state by the end user. Those who have played around with this feature would notice that Windows Hello has to be configured by setting a PIN every time you build a device.

The problem you may see is that when logging into a device with Windows Hello you will not be able to Single Sign-On to corporate resources that authenticate with local Active Directory and you will be prompted to enter your corporate credentials each and every time.

To get around this you will either need to implement Windows Hello for Business or disable Windows Hello. To Disable Windows Hello, go to Microsoft Intune > Device Enrollment > Windows Hello for Business

Then click on Windows Hello for Business properties and set to Disable. When setting this to Disable is will disable the Windows Hello configuration screen. If set to Not Configured then Windows Hello will apply.

Windows Defender Browser Protection

Windows Defender Browser Protection

Smart Screen features now available in Google Chrome with the release of Microsoft’s Windows Defender Browser Protection extension for Chrome. Most organisations utilise a mixed browser environment and as Chrome being one of the most popular browsers around, I always see it as a requirement from customers to have it installed on their end user devices.

Windows Defender Browser Protection provides users with an early warning when navigating to phishing or malicious websites, with real-time protection from Microsoft. Windows Defender Browser Protection will show a red warning screen letting you know that the web page you are about to visit is known to be harmful.

Also Don’t forget, this extensions works with Microsoft’s Edge Chromium browser. 🙂


https://browserprotection.microsoft.com/learn.html

Once installed you can test the extension using Microsoft’s ATP test ground:


https://demo.wd.microsoft.com/Page/UrlRep

Microsoft Edge Chromium

Microsoft Edge Chromium

We all love Google’s Chrome browser and I must admit I use it all the time, I mean let’s address the elephant in the room. It eats RAM! But the speed and fluency of the Chrome browser I find it hands down better than Internet Explorer, Edge or Firefox. With a store full of extensions and customisation (Ad Block) it helps me navigate around the web without being bombarded with adverts.

With most organisations there is a need to stay Microsoft when deploying end user devices, this could be because you want more control on the browser, whilst Chrome in the early days didn’t do much to assist with granular control. It however does provide ADMX backed policies to control those minute settings to customise a browser for a organisations specific needs.

Internet Explorer is still around and well it won’t disappear anytime soon (I think!), we must move away from it one day. Organisations who deploy the latest Windows 10 OS to users tend to overlook Internet Explorer. Many legacy apps which are web based or interact with via the web utilise Internet Explorer in order to work not mentioning the 1800+ group policy settings you can enable…Yikes! The best recommendations on Internet Explorer is, if possible remove it!

Edge the new kid on the block was meant to be the successor of IE. It didnt go down to well when it failed to handle certain sites and would hand over back to IE. That’s 2 browsers users had to use!! More recently the Edge browser has stood up on it’s own but it is still clunky and slow in my opinion.

So where do we go now…?

Microsoft have revamped the Microsoft Edge browser to utilise Chromium. Yes that’s right! Microsoft are using Google’s Chromium power to bring a fast, fluent browsing experience to Windows 10 users. Using it over the past week has given a breath of fresh air to my Edge browser. I’m able to add all the extensions I used on chrome with the new Edge browser and it’s just as fast as Edge. This is defiantly a game changer with a whole new user experience. Admins no longer need to deploy Chrome to devices and users will still experience the same Edge UI but with lightening speed.

Go ahead download the new Edge browser (insider preview) and try it out for yourself.