Troubleshooting ConfigMgr Enhanced HTTP and Azure Directory Group Sync

Today I got to help my buddy Adam Juelich with getting ConfigMgr Azure Directory Group Sync working. It’s an awesome new feature that allows you to sync ConfigMgr collection memberships to your Azure tenant. Adam had followed all of the steps and ensured that prerequisites were all configured properly but sync would never work. Over a Teams meeting we double checked everything and walked through Ronny Dejong’s (He covers pretty much all of troubleshooting steps needed for this!

Remove Windows 10 In-Box Apps with ConfigMgr or Intune and the Microsoft Store for Business

If you’ve been managing Windows 10 for very long, you’ve likely implemented a script or other method to remove some of the In-Box apps that come with Windows 10. We have been using a customized version of a script that Michael Niehaus published in 2015. It uses PowerShell and an XML file with a list of apps to be removed. I have integrated it into my Windows 10 offline servicing script that I use to apply updates to my image each month.

Demystifying Windows 10 Feature Update Blocks

Disclaimer - if you manually bypass Feature Update blocks, you risk causing issues with your device. The blocks exist for a reason and should be respected. This information is provided for educational purposes only. Proceed with caution. Windows 10 Feature Updates are released twice per year. For each release, Microsoft has the ability to block the update from being installed or even showing up in Widows Update for applications/drivers/devices that have known compatibility issues.

Lockdown Diary – Metered Internet Connections and Broken ConfigMgr Clients

Do you know how hard it is to find things when you don’t know what to search for?? I’m paranoid. We recently upgraded our site to ConfigMgr 2002, first fast ring, then the hotfix. We also installed a Cloud Management Gateway, re-worked our Boundary Groups to handle VPN better, added a second Management Point and generally made a butt-load of changes to our environment to help our remote clients have access to content more easily.

Extracting Device Names from Bad MIFs in ConfigMgr

If you are here, you either know what a BADMIF is or Google brought you here after you searched for something like ‘Large number of BADMIFS’ or ‘Can I delete BADMIFS’ or something like that. Anyway, if you want great info on what MIFs are and some great in-depth troubleshooting steps for them, you should check out Umair Kahn’s post over on Tech Community (migrated from Technet). It’s a bit old, but still very relevant.

Lockdown Diary – My Always On VPN is Schrödinger’s Cat

When is your Always On VPN not Always On? An Always On VPN client uses a machine certificate to connect to the VPN gateway and connect to the network on startup. This feature is wonderful since it allows VPN clients to process machine group policies and even makes it easy for users with expired passwords to reset their passwords. But how can you verify that the machine channel is connected if you can’t see any indicators on the logon screen?

LockDown Diary – How I used DJOIN to Build Test Machines over VPN

It’s been a few months since I’ve sat down to put write something. I’ve been taking a break trying to pick up some woodworking skills and spend a bit more time with the family during this COVID-19 lockdown. On March 5, I left work to take a week off for Spring Break and never returned to the office. Today is May 5. I wasn’t prepared for being at home and since I don’t regularly work from home, I don’t have any hardware here other than a normal desk setup.

Gather No More – Using Dynamic Task Sequence Variables in ConfigMgr

Update 09/14/2020 - You can download the Gather Light Task Sequence from the Community Hub now! Update 02/21/2020 - I added a new section with a Gather Task Sequence. Check out the DIY Gather in the Task Sequence section below. It even has a GIF (unlike Software Center!) If you’ve used the Microsoft Deployment ToolKit (MDT) or ConfigMgr or have ever heard of ‘Johan and Mikael’, you’ve likely used or at least heard/read about using MDT and the Gather script that’s included with it as part of your Task Sequences.

Repairing Invalid Win32_UserProfile WMI Class on Windows 7 to 10 In-Place Upgraded Devices

I recently needed to query the Win32_UserProfile class in WMI for some reporting I was working on. This class is a default Hardware Inventory class in ConfigMgr. I noticed that we had a large number of devices were reporting NULL values for several properties in this class when I queried them in SQL so I decided to investigate. From the ConfigMgr console, I used CMPivot (only one of the best tools ever!

ConfigMgr AdminService and WMI Methods – A match made in the cloud (1910)

This post applies to Microsoft Endpoint Configuration Manager 1910 Current Branch At Microsoft Ignite 2019 Brad Anderson demoed a few things in his sessions, later covered more in depth in other sessions, that highlighted some new features to allow you to leverage the cloud console to manage ConfigMgr-only devices. As I watched these sessions, I realized that they were using the ConfigMgr Administration Service to do integrate into the cloud.