Intune Conditional Access

Configure Conditional Access to Exchange Online based on Mobile Device Compliance – This only applies when managing devices with Intune integrated into ConfigMgr. Essentially, the lesson here is to do all your compliance management from the ConfigMgr console. Do not use the Intune administrative console ( other than to enable Exchange Online Conditional Access. How to do it wrong – Enable conditional access from the Intune management console ( Read more →

ConfigMgr – Add OS Requirements to an application deployment type

This was updated again 6/1/2017. Changes were needed in order to avoid corruption. Mainly, a new GUID needed to be generated and used in order to ensure the changes were recognized. Hat tip to Jeff Scripter for figuring this out. Thank you. This was updated 6/21/2016. The script was over hauled to handle windows 10, multiple deployment types and more. The script and supported files can be found on github here. Read more →

Modifying App-V Pass through Filters (reg_sz mult)

In PowerShell v5.0 passthrough filters were implemented that prevent certain registry keys and values to be part of the virtual package. Good article here. One of these is the HKLM\Software\Policies key. This essentially prevents a virtual package from overriding GPO settings. That’s normally awesome, but what if I really wanted some policy settings in my package as opposed to on the workstation itself? This is possible. Below is an example of how to modify a multi value registry string. Read more →

Endpoint Protection Installation Failing during OSD after 2012 R2 CU4

After updating to ConfigMgr 2012 R2 CU4 I ran into some issues with task sequences that were deploying System Center Endpoint Protection (SCEP). The nis_full.exe (Network Inspection Service definition updates) were not installing and failing with a vague error in the event viewer. Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Read more →

Using Select-String to search ConfigMgr log files

Have you ever tried to track down why a deployed Application isn’t doing what you expected? So you start looking at all the various logs that may be appropriate while hunting for clues? I have found Select-String to be quite helpful at times as a starting point when gathering clues. In this case, I will search for an application CI Unique ID. You can just as easily do this by application name, deployment type name, CI name, Distribution Point, etc, etc. Read more →