Forum Widgets
Latest Discussions
Get-WindowsAutoPilotInfo - A quicker way...
Hi All Just a Tip from me to make it easier (if you got other ways, let me know, would be interested) Starting to deploy via Autopilot but first grabbing the information - so I am using a USB Drive with the following : Plug in the USB Drive.. Right Click the file ..GetAutoPilot.cmd and (run as Administrator) (it seems everytime I plug in the USB I get 😧 Drive but with the updated command below its automatic ) Prepare Files 1) GetAutoPilot.cmd 2) Download a copy of Get-WindowsAutoPilotInfo.ps1 Contents of GetAutoPilot.cmd PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command %~d0\Get-WindowsAutoPilotInfo.ps1 -ComputerName $env:computername -OutputFile %~d0\computers.csv -append Get-WindowsAutoPilotInfo.ps1 - downloaded from powershellgallery https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo/1.6 What it does... It quickly dumps the CSV file onto the USB Drive and now I have all the CSV Files that I need in one file ready to upload to intune. Then unplug and move onto the next device ... Easy ! Simon Allison
FAQ: Supporting Microsoft Store experiences on managed devices
Find answers to common questions about new Microsoft Store app integrations in Microsoft Intune and transitioning application management from the Microsoft Store for Business. Looking for more information? Read Update to Intune integration with the Microsoft Store on Windows. Editor's note: Questions in this FAQ may be added and/or updated over time to provide more detail. Updates and new questions will be indicated. Editor's note (3.23.2023): The retirement of the Microsoft Store for Business and the Microsoft Store for Education, originally scheduled for March 31, 2023, has been postponed. We will share an update here on future plans when they're available. In this FAQ: Early access and availability Application content Technical requirements Migration Application management and controls Benefits of integration with Endpoint Manager Options for app acquisition without Endpoint Manager Early access and availability What are the preview opportunities and when will they be available? Organizations looking to evaluate the new Microsoft Store app repository integration with Endpoint Manager will be able to sign up and participate in a private preview in the September 2022 release of Endpoint Manager. (Note: this date is subject to change.)) How can I sign up for the private, and later, the public preview? We will work with select organizations in the initial phase of the private preview and open it to additional organizations later in the process. When we move to Public Preview, there will be no need to sign up. The new capabilities will appear with the (Preview) tag in the Microsoft Endpoint Manager admin center. Contact your Microsoft account team for more information. When is the end-to-end replacement scenario for Microsoft Store for Business going to be generally available? The current plan is to make Microsoft Store support within Microsoft Endpoint Manager generally available in Q4 of 2022, with the community and private repository support in early 2023. This date is subject to change. When is the Microsoft Store for Business being retired? The retirement of the Microsoft Store for Business is planned for Q1 of 2023. This date is subject to change. What are the options for organizations to meet Microsoft Store for Business needs between now and general availability as the current Microsoft Store for Business does not work on Windows 11? Do we need to wait to update our estate to Windows 11? If deploying Store apps on Windows 11 is a core priority and you are not currently using Endpoint Manager, then you will not be able to deploy Store apps to devices on Windows 11. For organizations currently using Endpoint Manager, the process of deploying Microsoft Store apps to Windows 11 works currently with no interruptions. Application content Can I pick and choose from a combination of Stores and Apps? Yes. You will be able to pick from a variety of sources of Microsoft Store apps, including public Microsoft Store apps or apps made available from private sources including software vendor and line-of-business applications not available in public sources. The private sources will require prior authorization from the private repository owner and authentication to be able to access those applications. Is there a plan to incorporate the replacement of Microsoft Store for Business into the Store app tab on Windows 10/11 for employees to access the private store? No, the private Microsoft Store for Business, as it existed, is being retired. Organizations should leverage Microsoft Endpoint Manager and the Company Portal to provide end-to-end app experiences for their employees. Technical requirements Is the Company Portal App going to be free if we don't license Intune? An Intune license is required to take advantage of the new functionality and to continue to deploy Store apps directly to user and device groups. The Windows Package Manager platform is openly available to enable custom app installation apps and websites to be built. How can people download the Company Portal directly? Today there is not a standalone download to meet this need. The Company Portal app is a free download from the Microsoft Store on Windows. To discover and install applications, devices will need to be enrolled. It is expected that, as is the case today with Microsoft Endpoint Manager, IT admins will deploy the Company Portal app as part of the provisioning process. Employees that have access to the Store can also download and install it themselves, then login with their company credentials. How is servicing for apps installed from the Microsoft Store integration with Endpoint Manager going to work? What configuration (service accounts, ports, and policies) needs to be in place? Using Intune, you can assign applications as required or available to employees taking advantage of their existing device enrollment with their organization. IT admins and employees will be able to install and update Store apps. For more information, see Network endpoints for Microsoft Intune. Do our devices need to be managed by Intune (enrolled in MDM) or can Microsoft Configuration Manager be used instead? Microsoft Endpoint Manager includes both Intune and Configuration Manager. In order to leverage the new Store and private repositories for apps, you will need to enroll in MDM and use the Company Portal app for discovery and installation. Organizations using Configuration Manager can take advantage of co-management to deploy Store apps. Migration Will servicing of Microsoft Store in-box apps be able to be done in the same way? Yes, in-box apps that have a presence in the Microsoft Store on Windows can be serviced exactly the same way. In some cases, in-box apps can be uninstalled using Endpoint Manager app uninstall assignments. What do I need to do to have apps I installed from the Microsoft Store for Business remain up-to-date and manageable? Do I need to reinstall them? Will they stop working? Apps that are already installed on devices will continue to work for employees. To be able to service them as an IT pro, you will need to create a new assignment of those apps using the new Store integration with Endpoint Manager. This will not force any reinstall of the app, just reconnect the app from the employee's device to your Endpoint Manager app list. What is the process to migrate existing Microsoft Store for Business applications over to the new solution? There is no client migration or device changes required for previously installed apps. On the admin side, you will need to recreate and reassign applications to user and/or device groups and recreate role-based access control assignments that were previously created for individual Store for Business applications. What should I be doing right now to be ready for the transition? Identify those business-critical apps that you have deployed through the Microsoft Store for Business, understand how they are being used in your environment, and plan to recreate the app in the Endpoint Manager console and reassign. Existing assignments continue to work; new deployments will proceed according to your group assignments. Can I service part of my app instead of reinstalling the entire app if I'm using the new Microsoft Store app integration with Endpoint Manager solution? Redeploying an app will not explicitly result in a complete reinstall if the app is already available on the client device. However, this is entirely dependent on the application installer and how the vendor created it to behave. It is independent from how the Store works as the delivery mechanism. Do I need to repackage all my line-of-business apps for the new Microsoft Store app integration with Endpoint Manager solution? Repackaging is not a requirement. LOB apps previously deployed via Endpoint Manager are not affected. Application management and controls Can I force or gate a user to stay on a specific version of an app until I approve a newer version for my enterprise? The Store will only keep a few of the most current versions of an app available. We are evaluating, with the new Microsoft Store integration, a way that you will be able to, per app, decide whether auto-update is appropriate or whether you as an IT admin want to control the flow of updates using Endpoint Manager. If you need to keep an older version of an app around (N-2 or N-3, etc.) you will need to maintain your own copy of that application and deploy it manually. Can IT admins enforce mandatory or deadline dates? This capability is not yet available, but something we are looking into. How do I manage app entitlements using the Microsoft Store app integration with Endpoint Manager? There is no concept of entitlements or licenses. You also cannot use the Store to purchase apps on behalf of your employees. By assigning an app to a user group or device group, you are granting installation rights to all members of that group either as a required (also known as a push-install) or as an app available for the employee to install themselves through the Company Portal. Do you expect apps that have their own "auto updaters' (e.g. Microsoft Edge, Teams, and OneDrive) to change their servicing strategy? What powers the Store and private repositories and app manageability is the Windows Package Manager technology which affords the ability to update applications. Although applications with auto-updates still exist, you can use the Store to control the flow of updates with more certainty. We want apps to be automatically serviced, how will that work? What about for organizations not using Intune? Automatic servicing of apps deployed from the Store using Endpoint Manager will be an option that IT Admins can select on a per-app basis. The Store in the absence of management tools, like Endpoint Manager, will behave as it does today. Is there a plan for compliance reporting to show when applications are not current, i.e., out of date and subject to security fixes? These types of features are possible and under consideration. What management capabilities are there for IT admins to curate which apps an employee can install, but not allow full access to download all apps? IT admins can block access to the full Microsoft Store and, using Endpoint Manager, only allow the installation of apps either through required assignments or available assignments, in which the employee can search and install apps using the Company Portal. Will apps take advantage of peer content sharing, e.g., Delivery Optimization, or do they pull direct each time? Full Delivery Optimization support is available for Store applications deployed to Windows devices. What monitoring and reporting options will be available? As with most apps deployed via Endpoint Manager, you will have full monitoring and assignment reports available to you as well as complete device app inventory reporting for apps assigned using Windows Package Manager integration. What is the process to revoke or uninstall an application in the event of a zero-day vulnerability or once we are no longer licensing an application? Endpoint Manager has the full ability to update an app to resolve bugs or vulnerabilities. It also can be used to remove or uninstall apps of your choosing. How do I handle application dependencies? For example, one of our apps requires .NET to be installed before the app itself can be installed? Dependencies are a feature that is likely to be shipped after general availability but is something we plan to support in the future. Benefits of integration with Endpoint Manager What are the advantages of the Store for Business replacement solution in Endpoint Manager? There are many advantages, one of which is improved search and app discovery experience. It is much easier to find and assign apps to user groups, and the expanded app catalog content includes Win32 apps. There is also access to a broader set of apps from the Microsoft Store on Windows, including those submitted by the community and those made available through private software vendors or company-owned app repositories. Through Windows Package Manager, you have a richer set of APIs and integration points as well as developer tools. Options for app acquisition without Endpoint Manager What are our options if we don't have Intune or use a non-Microsoft management solution? Windows Package Manager has a rich set of tools and APIs available for you to discover and deploy applications to Windows devices. See the following for more details: Manage Windows Package Manager with Group Policy. What is the process for custom and line-of-business apps? Line-of-business apps can continue to be deployed through any of the various methods already available in Endpoint Manager through the Intune service or through Configuration Manager. For Store-based apps, using a private repository would include the benefits of publishing, lifecycle management, servicing/updating, and uninstalling/removing.
Bitlocker keys not visible in Active Directory
Hello, We are enabling Bitlocker in our environment. I had configured all policies related to Bitlocker inside AD. For example, i configured Bitlocker to not start until recovery key backed up to AD. This is the policy about i want to ask something. I want to ask something about this policy because i had an issue with this policy. It seems it not working well or i am missing some point in the configuration. Let me explain what i'm doing after this configuration: - I start Bitlocker encryption, Bitlocker encrypt correctly the Hard Disk. When encrypt finish, I can see the tab on AD called "Bitlocker Recovery", but, at the time I open this tab to request the key stored i get an information message : "There is no elements on this view, To search a recovery key press right button on object domain ... etc ... ". My question is, i know that bitlocker can not start if key is not backed up on AD, so Bitlocker is correctly performed the encryption and the key is backed up on AD. For any reason i can not see the key, even domain admins can not see it. So, how can i see this keys in AD? I need something more, maybe a plugin? a feature? I'm running Windows 10 1809 Professional and Active Directory v 10.0.171321. Any help is really welcome. Thanks in advance. Rgards.
Disable Windows automatic redeployment at logon screen
Looking for a way to disable the automatic redeployment screen from ever showing up. I have been unable to find a GPO, registry setting, DISM or powershell command that can do this. It is a scree that will show up once windows auto logon is disabled on our multi-user domain computers. The devices are running 1709 (FCU) and if you click sign-in options it will show the normal login, but if you enter a admin account it will reset windows to factory. We are using SCCM but not Intune.
Windows 10 21H2 and Windows 11 21H2 both show up as "2009" release
I'm not real sure where to post this, so will try here. I have noticed that for both Windows 10 - 21H2 and Windows 11 - 21H2, the "ReleaseID" value in the Registry is incorrectly shown as "2009". (We are using Windows 10/11 Enterprise.) This is located at this key in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion We rely on inventorying this value to determine which computers have which "Feature Update" installed, and therefore, which computers we still need to update. Has Microsoft migrated away from using this value to indicate which Feature Update is installed? Do we need to change our approach to look at the "DisplayVersion" instead of the "ReleaseID"? Or some other value in the registry? Also, Windows 11 has another issue. In the same registry key location, the "ProductName" value is listed as "Windows 10 Enterprise", which of course is incorrect. Are others seeing these same results with these items? Anyone heard if Microsoft has plans to fix these issues?Prevent auto-installation of Apps on Windows 10 computers and remove the apps
I am responsible for running some Win 10 computers in our group (there is no formal admin position), and on 22 Dec 2018, several people mentioned that new apps had been installed on their computers without their consent. An example includes a Xing app. Our users are local admins, but it seems that nobody installed these apps. I was asked to remove the apps and prevent this from happening again, but I cannot even uninstall the apps. We are not running a domain controller, all computers are independent (they can access a common share on a file server). How can I remove the apps and prevent this from happening again? I would prefer a solution that can be replicated to all my machines without too much manual intervention (e.g., some shell script or command). It would be OK for me to completely disable the store if that is needed, we do not use it. Thanks, Tim
