Skip to main content

Posts

KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932

Recent posts

iOS Microsoft 365 App 'Another account from your organisation is already signed in on this device'

  Issue: Trying to login to the Microsoft 365 app on iOS. It prompts for username, then briefly opens Authenticator app then return with the error "Another account from your organisation is already signed in on this device. Try again with a different account" Solution: Settings > Apps > Microsoft 365 > Reset Microsoft 365 (Office) (Slide over Clear all content and Delete Sign-in Credentials) Restart App Just logs in

Azure Active Directory Dynamic Groups for AutoPilot and Group Tags

  Introduction: In Azure Active Directory (Azure AD), you can create dynamic membership rules to automatically update groups. To quote Microsoft "Dynamic group membership reduces the administrative overhead of adding and removing users".. Or devices. This blog is to detail the properties and syntax needed to create dynamic membership rules for AutoPilot devices and assign deployment and ESP profiles.  https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership   I wanted to create a group of all AutoPilot registered devices that has a specific Group tag 'PAW'. The intention being to assign a specific AutoPilot deployment profile/ESP and a set of configuration but only to defined computers and not all AutoPilot registered devices.  Group tags will be created for different departments so they receive specific policy, apps, config per department i.e. Finance, HR, IT services etc. Within my list of AutoPilot devices (see how to popul

WMUG - 20th January 2020

Windows Management User Group Special thanks to the WMUG team for allowing me to speak on the Topic " Keeping up -to-date with Windows 10 Servicing"; Key words 'Keeping Up' For those of you who asked for my slide deck please see the OneDrive link here . Hope see you at the next Meetup. https://www.meetup.com/en-AU/WMUGUK/events/calendar/

ConfigMgr Clients are no longer receiving User Deployments

Removing the Application Catalog Role within ConfigMgr was not as straight forward as i was hoping ! Like many SCCM admins historically the Application Catalog Web service Point and Website point were installed in order to deploy applications to Users.   However, this feature is now depreciated and User deployments can be deployed without this role as the client will query a management point instead for all deployments (user and device). ( https://docs.microsoft.com/en-us/sccm/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures ) I decided that this role should be removed as we were on 1810 Hotfix2 and colleagues had stated the transition was near seamless (see below regarding a reported BUG and quick fix to modify any Client setting). The procedure to remove the App Catalog role is straight forward: 1. Remove references to App Catalog website within Client Settings. 2. Remove the Roles within the SCCM console. See Adam Gross blog   In our case the removal of the webs

Windows 10 - Feature Upgrade using SCCM Servicing

Software Updates - Feature Upgrade - Windows 10 Software updates within an Enterprise organisation has been fairly straight forward until you attempt to use it for Feature Upgrades of Windows 10.  SCCM is very reliable at delivering the updates (Rollups, Updates, Upgrades) and as i have previously proved is UWF aware in Windows 10. However, the Feature Upgrade does require a bit of prep work if you do not want the new Appx Applications installed as part of the Upgrade. Moving between the 1507-1703 branches each Feature upgrade would reinstall the Appx Applications that you previously removed. Microsoft has addressed this in the 1703 - 1709 feature upgrade and if you removed an application it will not come back.  However, if the new branch has a new application this will get installed. Uninstalled in-box apps no longer automatically reinstall Starting with Windows 10, version 1703, in-box apps that were uninstalled by the user won't automatically reinstall as part of the feature upd

Creating Global Conditions in System Center Configuration Manager for Office 365 deployments

Creating Global Conditions in System Center configuration Manager for Office 365 deployments Firstly I would recommend reading the Microsoft docs article below. https://docs.microsoft.com/en-us/sccm/apps/deploy-use/create-global-conditions Software Library  >  Application Management  >  Global Conditions . Scenario: I have an AD group " SD-LSG-Comp-Microsoft Project ClickToRun"  with computer objects that should install Office 365 -  ProjectProXVolume edition. I wanted to create one application with multiple deployment types depending on their AD membership. For example if the computer is only a members of the  " SD-LSG-Comp-Microsoft Project ClickToRun" AD group then the deployment should only run the deployment Type " Office 365 Default Deployment Type-Install_InstallProject.cmd ".   This deplyoment Type calls the Office 365 setup.exe with a configuration xml detailing the  <Product ID="ProjectProXVolume">. (For a detailed understa