This weeks blogpost is about collecting ‘custom’ data which is not inventoried by Intune or Windows Analytics in a Windows 10 Modern Management scenario. In a modern management scenario data about the device like Device Model, Installed Applications, Windows Updates Compliance are collected by either Microsoft Intune or Windows Analytics. But at this moment there are some ‘gaps’ when looking to which data is collected and which not, examples are BIOS information and Office365 Pro-Plus deployment information. In this blogpost I’m describing a solution which you can use to collect additional data and create reports based on the collected data.
Continue reading
Powershell
Backup Bitlocker Recovery Key with Intune PowerShell
StandardThis weeks blogpost is about the new PowerShell capabilities we get through the Intune Management Extension. This new capability is released in the latest Intune release from 2 weeks ago. With the ability to run PowerShell on MDM managed devices many scenarios are possible. The scenario I wanted to test is to add an additional Bitlocker Recovery key to the Bitlocker configuration. If you’ve applied an Intune Endpoint Protection policy this key is automatically saved into AzureAD. From the past I know that this is not easy because we need to run the scripts in an elevated PowerShell user session. But I accepted the challenge and I got it working. Credits also to my colleague David Omisi since he helped me developing the PowerShell script.
Continue reading
Creating a Intune Application Deployment Overview – Part 2
StandardLast week I posted the first version of my Intune Application Deployment Overview script. This script exported device deployment information from Intune through the Graph API to a CSV file and a HTML file. The CSV file contained all the device deployment details and the HTML contained a summary of the deployment status for all applications. You can find this first post here. This blogpost is build on top of this first blogpost, this blogpost describes the next version of this script. In this version I’ve added the user deployment information of Intune Application deployments. Before you continue I want to advise you to first read the first blogpost.
Deploy your HA RDS environment through an Azure ARM template
StandardLast week I finally published my first Azure ARM template for deploying a RDS environment. This template was based on a Azure AD Domain Services environment and depends on the Azure AD Application Proxy for publishing the RD Web and RD Gateway role. The good news for this deployment was that no DMZ was necessary. The bad news was that the UPD channel of the RD gateway cannot be used. Today I will publish a template which is based on a existing Azure Active Directory (not specially Azure AD Domain Services) and on publishing the RD Web and RD Gateway roles in the DMZ for publishing the environment. This template is basically re-using 75% of the template and scripts of the Cloud Only Deployment.
Azure RemoteApp: Publish applications to individual users or a group of users
StandardLast week the Azure RemoteApp team introduced the ‘most-voted’ feature in Azure RemoteApp: ‘Publish applications to individual users’. This functionality is now in private preview and can be requested by filling in this survey: http://www.instant.ly/s/AY83p/nav. When it’s enabled for your subscription you can publish applications to individual users. In this blogpost I want to explore this new functionality and look into how it can be activated and configured. I’m also looking into combining this new functionality with publishing applications based on group membership. If you want to try it yourself you can find the documentation here: https://azure.microsoft.com/en-us/documentation/articles/remoteapp-perapp/
Continue reading
Updates to Azure RemoteApp Membership Runbook
StandardBased on announcement that Azure Automation now supports Azure Resource Manager (source) I checked my solution for synchronizing Azure RemoteApp membership through Azure Automation. You can find the original blogpost here. The solution used both Service Management API cmdlets and Azure Resource Manager cmdlets. Based on the testing the Azure Resource Manager cmdlets did fail during the execution of the runbook. I’ve updated the runbook and everything is now working again using the new Azure Resource Manager cmdlets.
Continue reading
Azure RemoteApp Clean-up AD with Azure Automation
StandardYou can deploy Azure RemoteApp in different scenarios. One of the scenarios is a Hybrid Deployment. In a Hybrid deployment the Azure RemoteApp instances are added to your Active Directory. The instances will be added to a dedicated OU in that Active Directory. When you start working with a Hybrid Deployment you will notice after some time that the orphaned AD Computer objects of Azure RemoteApp instances will not be deleted. This blogpost will focus on using cleaning up this computer accounts with using a new Azure RemoteApp cmdlet and Azure Automation.
Continue reading
Azure RemoteApp: App-V Support Part 3
StandardThis is the last part in the blog series about App-V support in Azure RemoteApp. In the first part I discussed the use of a standalone App-V deployment with Azure RemoteApp. The second part discussed the use of the full App-V infrastructure in combination with Azure RemoteApp. This last part will focus on deploying App-V applications through System Center Configuration Manager (ConfigMgr). This blogpost will describe the steps needed to add your RemoteApp instances to ConfigMgr and the steps needed to deploy the App-V applications.
Sync Azure RemoteApp Collection Membership with Azure Automation Part 2
StandardUpdated version with blogpost can be found here: http://wp.me/p5avG1-va
Last month I created an Azure Automation workflow which will add and remove members from an Azure Active Directory to a Hybrid Azure RemoteApp collection. With this runbook you get an automated sync solution between an AD Group and an Azure RemoteApp collection. The first version was not complete in terms of reporting what it actually did; which users were added and which were removed. I have now developed a second version of this runbook which will send an email with the results of the runbook to an email address.
Sync Azure RemoteApp Collection Membership with Azure Automation
StandardGranting user’s access to Azure RemoteApp is done by adding them as a user to an Azure RemoteApp collection. There are 2 ways to do this, the first option is by adding single users through the Azure portal or the second option is to use the bulk user import functionality based on a csv file. Both options need to be executed from the Azure Portal. Unfortunately out-of-the-box it’s not possible to use an Active Directory group for granting access to Azure RemoteApp. There is a PowerShell solution made by Freek Berson which you will give this functionality through a PowerShell Script. You can find the link at the end of this blogpost. In this blogpost I want to focus on syncing an Azure Active-Directory group with Azure RemoteApp through Azure Automation. Since in a Hybrid scenario AD Sync is enabled you can also use an on premise AD group which will be synced to Azure Active Directory and use this group as your source. I like the idea of using Cloud technology where possible so this is why I created this solution.
Continue reading