Tuesday, June 21, 2016

Enterprise Mobility Suite instruction video's

Hi All,

it has been a little while since my last post. This time I want to share my experience of a project I worked on recently.
For a large IT distributor a couple of my colleagues and me have been working the past months on getting the EMS suite on track. As many as 14 countries around Europe needed to get the knowledge and tools, both in a Business and Technical perspective, on how EMS works and how to go to market with it to benefit for their partners and resellers.
My job was to provide technical skills on how to deploy and configure the various components of EMS being
  • Azure AD Premium
  • Microsoft Intune
  • Azure Rights Management Services
  • Advanced Threat Analytics
The main focus was on the first three components being completely Online Services where as Advanced Threat Analytics is an on-premises solution for identifying and reporting known malicious attacks, security issues, and risks.

The way we shared the knowledge and insights to both the distributor and the resellers was to do lots of sessions on EMS, attending and presenting on different events, organizing webinars and creating technical how-to video's to easily show how to configure certain solutions and both seeing it from an IT admin and End user perspective. This way the product came to life and made sense to both the decision makers as well as the technical people.
Of course there is already lots of material on EMS in forms of video's and slide decks, but our goal was to make it more personal and approach it from the distributors point of view. So we made our own content and shared it with the intended people which they could make a head start with.

Hopefully these technical how-to video's can be beneficial to you too, so I'm happy I can share them with you.

Azure Active Directory Premium:
Microsoft Intune:
Azure Rights Management Services:

I have learned a lot doing this project and figuring out the basics and essentials of the EMS suite. I'm happy to use and share this knowledge with you and in future projects.

Friday, March 25, 2016

Enterprise Mobility Suite discovered

Not a technical blog this time, but an introduction to EMS.

For a current project I dived diving into EMS. Digging into the background, finding and showing added values to businesses in all sorts of disciplines. What makes EMS a strong competitor compared to other Mobile solutions is that it integrates multiple management and security solutions into one suite. Combining these EMS products together creates a unique opportunity for business to manage identity, mobility, security and analysis from a single solution.
Recently I did a demo on all the products to show from a users perspective what it can offer and what it means to their end customers.

Microsoft EMS is recently extended with a new on-premises solution called Advanced Threat Analytics (ATA). Which makes the fourth pillar next to Azure AD Premium, Microsoft Intune and Azure Right Management Services.
Microsoft Advanced Threat Analytics (ATA) provides a simple and fast way to understand what is happening within your network by identifying suspicious user and device activity.
ATA leverages deep packet inspection technology, as well as information from additional data sources (Security Information and Event Management and Active Directory) to detect advanced attacks in near real time in your on-premises or hybrid environment.
I hear you thinking, what is an on-premises solution like that doing between these cloud products? As far as the perimeter is protected by means of a firewall, many companies expect to be safe because malicious attacks are kept outside, but (and this is not new) also trusted people and devices enter the network on the other side of the perimeter, bringing their personal devices and unaware of what's actually installed on it, or might even have exploited on the device. With ATA creating insights into the processes makes the IT department aware of what's actually going on inside the network and have the ability to respond.

Getting better
EMS will get increasingly better when the different management consoles integrate into one dashboard. However finding your way around can take some time, eventually it makes sense, but it is more difficult to sell.

In coming posts I will get more into the technical side of EMS and provide real life scenarios to make it vivid.

Tuesday, September 8, 2015

ConfigMgr Install .NET Framework during OSD Task Sequence

There is already a lot of information on this topic. Building a reference image including .NET Framework features installed. The thing is, there is no real one way to go. So combining some solutions together I came up with the following.

For installing the .NET Framework features, Windows needs additional sources located on the Windows installation media (ISO). Look for a folder called sxs. (drive:\sources\sxs)

Copy this sxs folder and create a ConfigMgr Package, with no program and distribute the content.

In the Task Sequence go to Add - General - Run Command Line

The most important is to add the Package and specify the source option in the command.

DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:"."

Bacause the working folder will default to the package location a dot (".") is sufficient to specify.

This will save me a lot of time in future deployments.

Happy deploying...

Friday, August 28, 2015

System Center Universe Europe 2015

System Center Universe Europe is a community conference with a strong focus on systems management and virtualization topics such as cloud, datacenter and modern workplace management. In this post I do a small recap of the sessions I attended and my personal experience.

Day 1:

After arriving at Sunday I met up with people I met last year and had a beer and diner with them. Good start of the event.
Monday 24th of august at 8:45 Marcel Zehner @marcelzehner kicked off with his keynote, as enthusiastic as always. Even more people than last year from over 15 different countries. The buzz of this year, or hype if you like is IoT , The Internet Of Things. It's the network of physical objects or "things" embedded with electronics, software, sensors, and connectivity to enable objects to exchange data with the production. (source: Wikipedia).
Cool, so how does this work in real life? Sascha Corti @TechPreacher takes us along the way with some real life examples on how this integrates in our processes. E.g. by real-time sending information from the Microsoft Band to Azure based services and dynamically create charts out of it, or send alerts when certain limits are met. Of course this is a funny example, but the same can be done for cctv camera information, detection ports at a train station, actually everything that registers data and can connect to an external source can be used as input. The sky is the limit and we will see more of these developments in the near future. Business Intelligence and Analytics are key.

I closed off the day at an Irish pub with some other people and watched Arsenal - Liverpool on a big screen, while enjoying diner and a Guinness. However watching soccer isn’t my main way of relaxation I had a good time and good company.

Day 2:

  • Starting with an early morning discussion about Windows 10, what was turning out more like a Q&A session. Johan Arwidmark and Jason Sandys got the technical answers to in-place migration and difficulties experienced during upgrade scenarios. Seems like Windows 10 does a really good job at restoring to Windows 7 or 8 when something seems to be wrong after migration. You can decide to go back for 30 days. After that the old information is removed completely.
  • Nico Sienaert presented about Microsoft Enterprise Mobility Suite. Two hours of Cloud/Hybrid Identity, Intune and Azure RMS. That's a lot to cover and even more to store in my head. He also had some news about Microsoft ATA (Advance Threat Analytics) an new product for fast detection of abnormal behavior, malicious attack detection and alerting inside the (hybrid) network.
  • Wally Mead showed the new stuff what is to come in ConfigMgr vNext, no official release name yet. The current version is in Technical Preview 3. OSD Windows 10 enhancements, Software Updates ADR enhancements, Cluster aware patching and support for SQL Always On Clusters is in there. The product is not really multi-tenant, however it can be tailored that way to make it work as desired.
  • Thomas Maurer and Carsten Rachfahl told about what's new in Hyper-v 2016. While this is not my daily work some nice new features were introduced. Thomas wrote his own blogpost in this, which covers it all. http://www.thomasmaurer.ch/2015/05/whats-new-in-windows-server-2016-hyper-v/
  • Kent Agerlund and Mirko Colemberg about Visualizing ConfigMgr Data
    They showed different ways to enrich the reporting possibilities in ConfigMgr. Power queries, Dashboards and scripting to get just the information you want and presented in a way that fits your needs. Besides the default 400+ reports already in ConfigMgr, this can be very useful if your just looking for a specific tailored report.
  • Networking party
    This was nice again, a DJ playing some funky music and a beatboxer who showed off his skills. While drinking a beer and a good glass of wine the conversations came loose and as far as I could tell people had a great time.

Day 3:

  • Early morning discussion
    Pete Zerger and Jakob Gottlieb Svendsen led a discussion about Automation. On-boarding and off-boarding of users and devices and Azure automation as a central point for managing these resources. What about government, securing/encrypting credentials that are synced to and used in Azure. Many people are suspicious, but a lot of them already use e.g. Office 365 were credentials are already managed and stored with Microsoft, or other Saas applications.
  • IT Pro to IT Scientist
    Lee Berg and Samuel Erskine showed how a simple breadboard with sensors can instantly make collected data like temperature and humidity available and presented online in Azure tables and graphs. Cool stuff, also because Sam runs his mobile datacenter of a couple of Intel NUC's. Nice duo presentation with a lot of laughing, Sam could go for standup comedian.
  • Samuel Zürcher showed real life solutions of Hybrid computing. Exchange, O365, Sharepoint, Identity Management, AD sync to Azure. What needs to be in place to really go hybrid? Technical session with lots of deep dive information and scenarios.
  • Johan Arwidmark showed troubleshooting tips with the tools provided in Windows 10 ADK. Which deployment log shows what information, loading drivers in WinPE, create custom ISO's and unattended files to make a deployment act the way you need it. No deployment is standard and every organization has it’s own challenges and wishes. With these tools in hand the sky is the limit in deployment world. You can make it all possible.
  • In this last official time slot session Jason Sandys showed us some Advanced Data collection with ConfigMgr. How to Include AD property information in ConfigMgr using WMI and Powershell. Or use your own set of variables to assign custom information to assets in the database. Also pretty deep dive, but luckily more than enough information available.

Closing note
Marcel Zehner and his colleague Michael Rüefli did a nice presentation by managing their Tesla Model S vehicles using Powershell and Operations Manager. Very cool to see what can be done connecting IoT devices to cloud management. Afterwards all sponsors had some raffles and gave away presents to the winners.
SCU has been a great event this year and ITNetx did a great job organizing it for the third time. I've spoken to a lot of interesting and nice people and I'm looking forward to next year in Berlin.

Tuesday, April 14, 2015

Installing .NET Framework 3.5 during Task Sequence

Have you ever tried enabling .NET Framework during OS deployment in a Task Sequence? Instaling Windows 8.1 this should be enabled easily by running the following command line:
DISM /Online /Enable-Feature /FeatureName:NetFx3 /All

However, it's not as easy as it looks. This task often fails with error 0x800f081f during TS deployment. Also if you try to install .NET Framework offline by mounting the image it fails with the same error, see below.

Searching around I found out that 2 packages are prohibiting the .NET Framework action from succeeding. Package KB2966826 and KB2966826 are both integrated in the default Windows 8.1 installation.

To enable .NET Framework in the first place both packages should be removed. These actions can be run as Command Line action in the Task Sequence.

Uninstall KB2966826
  • DISM /Online /Remove-Package /PackageName:Package_for_KB2966826~31bf3856ad364e35~amd64~~ /quiet /norestart

Uninstall KB2966828
  • DISM /Online /Remove-Package /PackageName:Package_for_KB2966828~31bf3856ad364e35~amd64~~ /quiet /norestart

After removing the packages, the .NET Framework feature can be installed succesfully using the comand line below.
  • DISM /Online /Enable-Feature /FeatureName:NetFx3 /All

The KB updates can be installed afterwards using the Software Updates step. These actions can be run in the Build and Capture phase, so .NET is available in every deployment.

Tuesday, October 14, 2014

SCCM PXE OSD for tablets using external USB NIC adapter

At the client I'm working for at the moment one wants to deploy multiple Dell Venue Pro tablets. The problem, or challenge if you like :), with these devices is the lack of an onboard NIC. Luckily there are multiple suppliers who deliver USB to RJ45 adapters or dockings to overcome this problem. For Dell Venue Pro tablets you have to have a specific build type of this adapter which they write about here.

So once we have a valid USB to RJ45 adapter we are good to go for a PXE deployment. At this moment we only have 1 USB - RJ45 adapter and multiple tablets to deploy, so what to do?
Mark Morowczynski and Neil Potter wrote this very nice article How to Use The Same External Ethernet Adapter For Multiple SCCM OSD which is the basis of this blogpost. The article includes a script for managing deployment on multiple tablets with this single USB - RJ45 adapter.

Bottomline is that the MAC address which is assigned to the connector is unique, but if you deploy multiple devices with it, there wil be some mess in your SCCM database. So we need to ensure the tablet we deployed is registered in the SCCM database, but with another MAC address. This is where the Wifi NIC comes in.
Basically we have to register the MAC address of the Wifi NIC in the SCCM database and overwrite the USB-RJ45 connector mac address. That is what the script exaclty does. But for the script to work we also need an active connection to the wireless network. This is were I had some trouble.

The steps that got me a working Wifi connection during OSD are as follows:

Import Wifi profiles:
Netsh wlan add profile <sourcelocation>\profilename.xml (e.g. c:\Wifi\Wifi_Profile.xml)

Restart computer: speeks for itself

Connect to Wireless network:
cmd.exe /c netsh wlan connect name=Wireless-Network-Name

NB, the steps to create a Wifi profile are explained in Mark Morowczynski article.

So the import profile step went well, I had to restart the computer (maybe a net stop wlansvc & net start wlansvc would suffice also) and then I had to specifically connect to the Wireless network. Only then I got my wireless network config and an IP address. I then could run the powershell script at the end of the Task sequence and succeed.

Before you deploy the next tablet, don't forget to clear the PXE deployment from the device if you used a deployment type of required, otherwise you won't be able to deploy other devices from the same USB-RJ45 connector.

Tuesday, September 23, 2014

ConfigMgr Cumulative Updates

Every now and then Microsoft releases Cumulative Updates. Twitter explodes on the new release, like everyone is going to deploy the update without a doubt.

However: when I read the Microsoft support article I come across the following lines:

A supported update is available from Microsoft Support. However, this update is intended to correct only the problems that are described in this article. Apply this update only to systems that are experiencing the problems described in this article. This update might receive additional testing. Therefore, if you are not severely affected by these problems, we recommend that you wait for the next service pack that contains this update.

So, I found that non of these apply to my customer(s). Should I apply the update anyway, or wait for the Service Pack to come?

The only things I see here are the additional testing and administrative burden that are involved applying the CU.

So what is your advice or way to go? Please leave your comments, just a line will do, I'm curious.