|
Question for any fellow app packagers. Does anyone deploy third party windows installer patches (.msp) these days? I've worked for a few different companies now and most places seem generally happy enough to just roll an updated version of the app, usually just an MSI with appropriate upgrade codes etc. Was having a discussion with a project manager who believes all his third party patch management issues are going to disappear as soon as SCCM goes in. I tried to explain that it's not that simple and that you're probably still going to need packagers to manage the update and overall application lifecycle process, at the very least to ensure the original MSIs are up to date for new builds etc.
|
# ¿ Jul 28, 2013 02:28 |
|
|
# ¿ May 14, 2024 23:28 |
|
Has anyone got a solution for issuing machine certificates for Azure AD joined devices? You can do user certificates with Intune, there's a uservoice where Microsoft say they're investigating, last updated November 2017.
|
# ¿ Sep 12, 2018 01:16 |
|
anthonypants posted:Client certificates can also be used for authenticating to things that are not AD DS servers, such as wireless access points or websites or VPN endpoints. Yeah, our use case for machine based certificates is wifi and 802.11x wired authentication. We have customers where multiple agencies share the same wired switches and get diverted to different VLANs depending on which machine certificate is presenting. The idea we had was no certificate means you had enough outside access to enroll a device in AzureAD/Intune, with a machine certificate coming down to point it in the right direction after that. That requires a machine certificate though. You can actually still do wifi with a user certificate (when you can deploy through Intune using a connector) but it means you can only log in with cached credentials as you lose the connection when you log out.
|
# ¿ Oct 1, 2018 22:32 |
|
SlowBloke posted:All of our machines are either on win 7 pro or win 10 pro. My higher ups made the call that Microsoft 365 would be cheaper than office 2016 with sa and win 10 ent upgrade with sa. Sadly i have no loving idea on how to get keys to install the os without resorting to enroll the newly formatted pc into azure ad and have it fetch the key on the azure ad dns volume licensing(meaning it won't get our local ad gpo settings). Yeah, you need to use Azure Ad with m365 to assign the licences, we ran into similar problems. If you use hybrid enrolment via adconnect you should be able to keep your gpos.
|
# ¿ Nov 8, 2018 18:48 |
|
Thanks Ants posted:If you are paying for Microsoft 365 then you might as well use the features - do a Hybrid AD Join and then use Intune to bring your Windows Pro machines up to Enterprise. You do need the windows pro key embedded in the firmware for that to work. That being said I did manage to get win 10 to activate on a win 7 pro key just recently, so you might be able to getaway with it. I have found that once a device is activated it'll stay activated with a digital licence between builds/resets.
|
# ¿ Nov 16, 2018 18:54 |
|
Anyone had any luck with Autopilot in a large enterprise? We've run several projects for smaller customers under 300 seats and they've been pretty smooth. Some of our overseas colleagues had a go at a larger enterprise that wanted to jump on the co-management, enrol anywhere bandwagon and judging from the 90 minute conference call I just came from, ran into some issues. Anyone with have any good experiences?
|
# ¿ Feb 14, 2019 08:16 |
|
Yeah, that's the situation we're facing. The device does actually get on the domain, however there's no way of launching a VPN connection before signing into the desktop, and no way for AAD to handle auth with no dc visibility. The Microsoft dream of enrolling anywhere only works if all your apps can authenticate by SAML and you're not on a shared network.
|
# ¿ Feb 14, 2019 23:58 |
|
Potato Salad posted:Hybrid enrollment is going to be phased out in the future What's your strategy for desktop apps that rely on AD, VDI?
|
# ¿ Feb 16, 2019 12:03 |
|
GreenNight posted:Every day I admin Windows file permissions is how often I miss admining a Novell file server. I don't miss ConsoleOne but man Novell was nice. Good technology, poo poo tools. I sometimes wonder if they would have stuck around if they could have made OES pretend it was a domain controller, but still have the Novell features in the back end.
|
# ¿ Feb 16, 2019 22:06 |
|
Works with delivery optimisation. That's good to know, we're seeing quite significant bandwidth savings with that.
|
# ¿ Feb 28, 2019 19:24 |
|
There's actually a use case for booting from a factory image if you're using autopilot. Or at least a light touch image that goes through OOBE.
|
# ¿ May 27, 2019 11:52 |
|
kiwid posted:Does anyone have any recommendations on running IT on an ultra tight budget when it comes to infrastructure, AV, Firewalls, etc.? Defender's actually doing pretty well in the Gartner magic quadrant rankings at the moment. Budget permitting I would however look into Defender for Business, which will get you some decent Endpoint Detection and Response capability. If budget permits I'd look into M365 E3 licenses. Even with poo poo internet, that might reduce your burden on infrastructure.
|
# ¿ May 8, 2022 01:28 |
|
|
# ¿ May 14, 2024 23:28 |
|
Helping a customer with some secure score remediation. Defender for Cloud Apps says "Ensure that mobile devices are set to never expire passwords." The implementation instructions helpfully suggest going into Intune and removing any policies that set a password expiration. This customer has been on Intune for a while, so there's a shitload of policies and I can't see anything in there that looks like it might set that. Is there anything I can query that can tell me what MDfCA has seen in Intune that's generated the recommendation? I've tried advanced hunting and azure monitor but I might be either too dumb for this or the necessary log passthrough might not be enabled.
|
# ¿ Feb 28, 2024 04:24 |