Jump to content


All Activity

This stream auto-updates

  1. Last week
  2. Hello! All of our mobile devices are Azure AD registered. We have configured two app protection policies, one for iOS and one for Android. You can find the configuration of the app protection policy below. The problem is, that the users can still save files from Microsoft Teams to Dropbox. How can I prevent the users to save files from MS Teams to private storages? Basics Name APP_iOS_-Default Description -- Platform iOS/iPadOS Apps Target to apps on all device types No Device types Unmanaged Public apps Microsoft Invoicing Microsoft Kaizala Microsoft Power Apps Microsoft 365 Admin Microsoft Excel Microsoft PowerPoint Microsoft Word Microsoft Bookings Microsoft Office Microsoft OneNote Microsoft Planner Microsoft Power BI Microsoft SharePoint Microsoft StaffHub Microsoft OneDrive Microsoft Teams Microsoft Lists Microsoft Stream Microsoft To-Do Microsoft Visio Viewer Microsoft Whiteboard Custom apps -- Data protection Prevent backups Block Send org data to other apps Policy managed apps Select apps to exempt Default: tel;telprompt;skype;app-settings;calshow;itms;itmss;itms-apps;itms-appss;itms-services; Save copies of org data Block Allow user to save copies to selected services OneDrive for Business SharePoint Transfer telecommunication data to Any dialer app Dialer App URL Scheme -- Receive data from other apps All Apps Open data into Org documents Allow Allow users to open data from selected services OneDrive for Business SharePoint Camera Restrict cut, copy, and paste between other apps Any app Cut and copy character limit for any app 0 Third party keyboards Allow Encrypt org data Require Sync policy managed app data with native apps Allow Printing org data Allow Restrict web content transfer with other apps Any app Unmanaged browser protocol -- Org data notifications Allow Access requirements PIN for access Require PIN type Numeric Simple PIN Allow Select minimum PIN length 4 Touch ID instead of PIN for access (iOS 8+/iPadOS) Allow Override biometrics with PIN after timeout Not required Timeout (minutes of inactivity) 0 Face ID instead of PIN for access (iOS 11+/iPadOS) Allow PIN reset after number of days No Number of days 0 App PIN when device PIN is set Require Work or school account credentials for access Not required Recheck the access requirements after (minutes of inactivity) 10 Conditional launch Setting Value Action Max PIN attempts 5 Reset PIN Offline grace period 720 Block access (minutes) Offline grace period 90 Wipe data (days) Jailbroken/rooted devices Block access Assignments Included groups CL--AZ-MGMT-AllUsers Excluded groups CL--AZ-MFA-Exclude- CL--AZ-MGMT-BreakGlass Scope tags Default
  3. Earlier
  4. Hi, Well guess what, it finally appeared after 5 days, I did not change anything since and this morning that appeared on the computer: Thanks to both of you for you answers and help! Have a nice day!
  5. The eHTTP MP should be sufficient for this to work. Has the SMS Role SSL Cert automatically bound to the IIS or been changed at all? Are you able to share the BitLockerManagementHandler log at all? Cheers Paul
  6. hi there, all the scripts are freely downloadable as long as you are a logged on member of windows-noob.com, which you now are, so please try again @Champ
  7. and what does it report when you evaluate the compliance of that configuration ?
  8. good info, can you show me your Configurations tab in the configmgr client agent...
  9. Hello, On the first tab: Nothing else is configured under. Second tab: Third tab: Nothing else is configured on the two last tabs. I tried to do exactly the same configuration on a lab with https on the management point and it works as intended. I'm starting to believe that it does not play well with http enhanced. Thanks!
  10. Seems that it's normal it won't work while we have a remote Wsus (SUP) server. So when it's hosted onto the same site server (primary) it will work but when you have a dedicated wsus it won't 😞
  11. show me screenshots of your configured settings, something is not right
  12. In fact the MBAM client is installed but it doesn't show the wizard asking the user to encrypt its device neither force him too. The only way to encrypt the device is to open a cmd with administrator rights and type manage-bde -on c : or do it trough the control panel. Thanks.
  13. So I ran into this and wanted to post the solution for others: https://www.sqlservercentral.com/articles/database-master-key-error-after-database-restore It all boils down to the new server not having the same key as the old server and you need to replace it with the new one. I randomly stumbled across this.
  14. ok if the mbam client is not getting installed then there's something wrong with your policy settings, are you sure you've configured Client Management and set it to Enabled ?
  15. Yes, they match. The client version is corresponding to the 2103 sccm version. I see it appearing in the configurations tab on the CCM client. It appears as non compliant until I trigger the encryption manually. I tried to reboot several times but the MBAMclientUI.exe never appears. I tried to do a cmd -> bdehdcfg -driveinfo and it tells me that everything is ok. When I do a get-tpm with Powershell, everyting is on True and seems fine even when I launch the tpm.msc everyting is good. I also tried to reset the TPM just in case, still no luck.
  16. i mean, do the client versions correspond to the site version, if yes then let's figure out if the client is getting the policy or not, did you check on the configmgr client agent to see if the bitlocker policy you configured is listed ?
  17. Thanks for the answer. The clients are on the 5.00.9049.1010 version which is pretty recent if I'm correct
  18. Did you manage to make it work? I'm in the same configuration than you (I'm on 2103 with http enhanced) except that I have registry keys that appears correctly but on my side, the MBAM client never shows up so clients never get notified of encryption policy even tough I putted non compliance grace period to 0 days. Even when I try to launch manually the MBAMclientUI.exe, it doesn't appear. I get an error in the event viewer/MBAM/admin: Which on Microsoft website means: But when I trigger the encryption manually with manage-bde c : on, the client start encrypting with the good encryption method and the recovery key appear in the database correctly. If any of you have an idea? Thanks in advance.
  19. Introduction If you haven’t already noticed I’m currently blogging about a series of DEM in 20 webinars from 1E and I’ve linked each one that I’ve covered below for your perusal. In today’s blog post I’ll focus on how to deal with that Change Management Success Rate Struggle. That’s a mouthful, but in a nutshell what it means is how can you cope with the onslaught of issues raised both pre and post change for a change management request. Every company has to deal with change management, possibly even more so now with so many people still working from home. Not only will you learn how to deal with the change management success rate, but get real time data before and after the change. Episode 1. How to find and fix Slow Endpoints Episode 2. That crashy app Episode 3. Dealing with annoying admin requests Episode 4. That Change Management Success Rate Struggle Why is change control important ? Help Desk International (HDI) referenced that 80% of incidents are caused by internal change. That’s a huge percentage. “80% of incidents are caused by internal change” If we could just control that better and get an idea of what the output would be like before we roll it out into production then we’d have less incidents and more time to do the job we we’re hired to do. Change Control Requests Change control usually starts with a change control request form for the desired change, in this example it’s for a global Zoom upgrade. Zoom is telecommunication software for holding meetings, and it became hugely popular during the ongoing Covid pandemic due to so many workers having to work from home. As new features are added, or security patches released, new versions need to be pushed out, and that all starts with a change control request. In Robs’ line of business (Rob Key, Senior Solutions Engineer at 1E), and some of the customers he talks to, it’s common to see them using the following methods for change control, either by sending the change to IT so they can test it on one or more machines, and then after doing that test, sending out a survey to the users involved asking how did that affect your machine, but depending on that change, IT might not dig in as deep as we’d like or using an UAT (user acceptance testing) group to look at it. Capturing pre-change data Let’s take a different approach using Tachyon Experience. Not only can we do monitoring but we can check health and compliance policies on a group of test machines to make sure that we can see that those machines stay healthy both before and after the change is completed. For that we’d want to capture pre-change health and compliance information. In this particular example there are two control groups, manufacturing and marketing. These are two different parts of the organization and they have different needs, so they should be good target groups for the data that we need. In the screenshot below we can dig down and see that services are healthy and all of the numbers are looking good. Next we can verify the version (in real-time) of the target software we intend to change, and below we can see it’s not yet upgraded. We can also see the services running, or in the example below, that a Zoom sharing Service is both stopped and disabled. It was disabled as a policy was created to not allow that service to run in the manufacturing group, for security reasons, to stop the release of important and confidential information. For the marketing group another policy was created to allow it to run. Post-change rules to guarantee state Any area of a business that goes down due to change management processes that go wrong costs that business money, so to avoid that, policies are created in Tachyon in Guaranteed State. You can see two policies in the drop down menu below, one for marketing, and one for the manufacturing group. Here’s a closeup of those policies. These policies are created using one or more rules in Tachyon Guaranteed State. This is post-change, and here we can see a rule from our policy targeting the marketing department, pay attention to the Not Applicable slice. Clicking on that reveals the following, and here we can see that there is a check to ensure that the Zoom sharing service is enabled, however this new version of Zoom doesn’t use this as Zoom changed the way they structure their software. So how were these Guaranteed State policies created? Each rule can check for various things, such as checking for free disk space or whether or not the Zoom Sharing Service is enabled or that the 1E Client service is in a correct state. Below you can see a list of some of those rules. If we take a closer look at a rule, in this case a rule to Ensure the DNS service is in a correct state, you can see from the screenshot below that the rule looks at optional Pre-conditions, Triggers, the Check itself and an optional Fix. What about non-compliance post-change ? Seeing real-time results that reveal non-compliance post-change is a great ability. That can be revealed by our Guaranteed State policies. To test this, killing a service which is checked for (one of the rules above) reveals this in real-time. Below a service is stopped… and reviewing the rules results, you can straight away see that there is non-compliance and drill down to find out more information. This is instantaneous, which means you can see how to control the change management process with ease by gathering data and responding effectively. “So how quick is quick ?” This really depends on what you are looking at, for example disk space might be polled every minute or 30 seconds. But when you are talking about registry changes or config file changes or services, that is real-time. Conclusion Change happens all the time in business and while most companies have their own change management processes to deal with that change, they are very likely contributing to their own workloads by the way they do it. Remember, internal changes that are not correctly monitored pre and post change can cause major problems. Using Tachyon Experience and Tachyon Guaranteed State gives your admins the power to see those results in real-time and allows them to easily tweak the change management process to increase their success rate. DISCLAIMER: The contents of this article are the opinion of the author and have been written from an impartial standpoint; however, 1E may have reimbursed the author for time and expenses for undertaking the findings and conclusions detailed in the article.
  20. I want to setup my own personal Intune subscriptions. When I try to create a pay-as-you-go Azure subscriptions it does not include Intune. The only things I'm really interested in are Intune, AutoPilot, PowerBI (to query data). Does Microsoft offer such a subscription? If so where do you create it all?
  21. Windows 10 21H1 19043.1165 Multi-language: 2 language branches, 3 languages, 5 languages, better with Office http://bbs.wuyou.net/forum.php?mod=viewthread&tid=425855 https://bbs.pcbeta.com/viewthread-1891380-1-1.html It is different from the one issued by our China area. We have perfectly solved the Windows 10 multi-language problem. Meet all the production requirements proposed by Microsoft.
  22. Hi, I have an early release of Windows 11. I am trying to do an OSD with MECM. It fails on the format drive step every time. the SMSTS.LOG file always says it can't find the disk. I have tried Disk 0, Disk 1, I have tried MBR, GPT etc... Yes, I have installed the ADK for Windows 11, both parts. Yes my target system can run Windows 11. Is there something special you need to put in the Format step to make it work with Windows 11?
  23. I have a critical problem with the multicast service point on the site and I have no solution
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...