- 158
- 455 677
Intune & Vita Doctrina
France
Приєднався 4 вер 2006
Welcome to my UA-cam Channel, Intune & Vita Doctrina. Intune is a cloud device management platform by Microsoft and Vita Doctrina is Latin and means "Life Learning/Teaching" which this UA-cam channel is a lot about.
Most videos will be about Microsoft Intune and things around that.
There will also be some videos about learning, memory techniques, the fantastic fantasy world of Magnamund, and retro gaming. Basically, anything that I'm interested in.
Thank you so much for watching!
Most videos will be about Microsoft Intune and things around that.
There will also be some videos about learning, memory techniques, the fantastic fantasy world of Magnamund, and retro gaming. Basically, anything that I'm interested in.
Thank you so much for watching!
Reply to a YouTube Comment - "How to use Remediation Script to start BitLocker service if stopped?"
Replying to a comment with a video on how to use Remediation Scripts (Detection & Remediate) to check if a device's BitLocker service is stopped and if it is stopped, start it!
We will create two PowerShell scripts, one to check the status of the service and one to start the service if the first script says the service isn't started (eg give exit code 1)
Follow this video, and you get step-by-step how to implement this or something similar that you require in your environment, by the way, here are the scripts!
#########CheckBitLockerServiceRunningDetection.ps1###########
# Check if BitLocker Service is stopped, if it is, call remediation script to fix it
# Author: John Bryntze
# Date: 9th June 2024
$JBNBitLockerService = get-service -Name BDESVC
if($JBNBitLockerService.Status -eq "stopped")
{
write-host "BitLocker Service is stopped"
exit 1
}
else
{
write-host "BitLocker service is not stopped"
exit 0
}
######CheckBitLockerServiceRunningRemediation.ps1############
# Script to start BitLocker Service
# Author: John Bryntze
# Date: 9th June 2024
#Start BitLocker Service
Start-Service -Name BDESVC
We will create two PowerShell scripts, one to check the status of the service and one to start the service if the first script says the service isn't started (eg give exit code 1)
Follow this video, and you get step-by-step how to implement this or something similar that you require in your environment, by the way, here are the scripts!
#########CheckBitLockerServiceRunningDetection.ps1###########
# Check if BitLocker Service is stopped, if it is, call remediation script to fix it
# Author: John Bryntze
# Date: 9th June 2024
$JBNBitLockerService = get-service -Name BDESVC
if($JBNBitLockerService.Status -eq "stopped")
{
write-host "BitLocker Service is stopped"
exit 1
}
else
{
write-host "BitLocker service is not stopped"
exit 0
}
######CheckBitLockerServiceRunningRemediation.ps1############
# Script to start BitLocker Service
# Author: John Bryntze
# Date: 9th June 2024
#Start BitLocker Service
Start-Service -Name BDESVC
Переглядів: 353
Відео
Send Remote Commands (actions) to iOS devices with Microsoft Intune (8/8)
Переглядів 177Місяць тому
We go through some of the Remote Actions you can remotely send from the Microsoft Intune Admin Portal to the Apple iPhone/iOS devices. We test a few such as remote lock, sync, reset code, etc and we speak about a few others. If you followed along with the whole series, well done, thank you! Playlist: ua-cam.com/play/PL1JNh3sw_QydISe9c6lim22ZzfjacwPGE.html
Configuration Profiles for iOS/iPhone with Microsoft Intune (7/8)
Переглядів 307Місяць тому
We create a few Configuration Profiles in Microsoft Intune for iOS/iPhone devices. Here a limitation hits us, due to enrolling as a personal BYOD and not Enterprise way so the device is supervised, we have limited profiles that will apply to our device. We still show how it is done. Links: learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-ios Playlist: ua-cam.com/play/PL1JN...
Compliance Policies for iOS with Microsoft Intune (6/8)
Переглядів 208Місяць тому
We create a few Compliance Policies for Apple iPhone/iOS devices in Microsoft Intune. We check if a device is jailbroken and needs to have a specific minimum OS version to be compliant. Playlist: ua-cam.com/play/PL1JNh3sw_QydISe9c6lim22ZzfjacwPGE.html
Install Apps on iOS/iPhone devices with Microsoft Intune (5/8)
Переглядів 491Місяць тому
In this video, we push/deploy three apps to the previously enrolled Apple iPhone/iOS device with the help of Microsoft Intune. The apps are Microsoft Company Portal, X (Twitter), and Microsoft Outlook. Playlist: ua-cam.com/play/PL1JNh3sw_QydISe9c6lim22ZzfjacwPGE.html
Enroll iPhone/iOS device into Microsoft Intune (4/8)
Переглядів 512Місяць тому
In this video, we enroll an iPhone/iOS as a personal device (BYOD) with the help of the Company Portal in Microsoft Intune. We speak a bit about the different enrollment paths. Playlist: ua-cam.com/play/PL1JNh3sw_QydISe9c6lim22ZzfjacwPGE.html
Introduction to manage iPhone/iOS devices in Microsoft Intune (1/8)
Переглядів 291Місяць тому
This video series will give you a good understanding of how to manage Apple iPhone iOS (and iPads) with Microsoft Intune. It doesn't cover all you need to know to manage iOS in an Enterprise since I'm missing an Apple Business Manager account, but we still cover all the features so if you follow along with all the videos you have a solid understanding of how and what you can manage with Microso...
Deploy Browser Extensions - SquareX, with Intune & Google Admin
Переглядів 5302 місяці тому
In this video, we look at how we can easily deploy Browser Extensions with the help of Configuration Profiles in Microsoft Intune for Microsoft Edge and Google Admin policies for Google Chrome. We look at a security extension named SquareX and its many features, but you can use this video to deploy any extension you want. Links: intune.microsoft.com admin.google.com SquareX Browser Chrome Exten...
Learn Excel VLOOKUP function to display data from multiple reports
Переглядів 2824 місяці тому
Excel's VLOOKUP function is valuable when you export reports from, for example, Microsoft Intune in CSV format. Often, you need to combine data from other systems, and then VLOOKUP comes in and saves the day :) In this video, we show an example of a Microsoft Intune report data gets added to another report with the help of VLOOKUP. You don't need any previous experience with Excel functions/for...
Configure Windows LAPS in Intune
Переглядів 2,5 тис.4 місяці тому
Configuring Windows LAPS in Intune is pretty easy and good if you want unique passwords for local (admin) accounts on your devices. We start by creating a location account with the help of PowerShell. We use Intune to ensure that this account is a local administrator and end with configuring LAPS so the password for the created account is unique per device and rotating password every 7 days. Th...
Intune Enterprise App Catalog - Win32 Apps pre-created for you!
Переглядів 1,7 тис.4 місяці тому
Intune Enterprise App Catalog is a feature that has about 100 pre-packaged apps ready for you to deploy quickly. It does require an extra add-on license. This video shows how you can request 250 trial licenses for 90 days. There are about 100 applications to choose from, and in this video, we test Snagit 2024, quickly add it to Intune Apps, and deploy it successfully. It has an extra cost and c...
2024 - Learn package Apps in Microsoft Intune like an expert - become a hero at work!
Переглядів 3,9 тис.5 місяців тому
You will learn how to package any application in the Winget.exe repository (and there are many) to always have the latest version without repackaging each new release. No previous skills are needed. Just need to follow along! This is a skill you must know about in 2024. We will be writing PowerShell scripts called Winget.exe to install and uninstall our software of choice, in this video, we cho...
Civilization 1 - Full Earth Game Play (Emperor Level)
Переглядів 1,4 тис.5 місяців тому
Playing Civilization I as the Romans (Emperor/hardest level) and choosing the Earth map! Earth map is huge, but as a player, you have a huge advantage of knowing exactly the earth, which in a way makes a game less fun as one of my favorite things about Civilization is to explore the map and be surprised. This game went fairly quick, playing the classic mass chariots and taking over the others a...
Reports on Windows Updates in Intune
Переглядів 2,4 тис.6 місяців тому
This video reviews how to get reports/stats on Microsoft Windows Feature Updates (such as Windows 11 23H2) in Microsoft Intune. It is pretty straightforward, but there is a catch: if you have not enabled Windows Updates data collection in a Configuration Policy, you will never see any stats in the reports. This video shows how to enable this and read the report with all status data. Link: learn...
Civ 1 - The Great Library Destruction Bug
Переглядів 2076 місяців тому
In Sid Meyer's Civilization 1, from the 90s, you can encounter a bug. It happens when the Wonder of the World, called the Great Library, is built in a city that later gets destroyed (or taken over by the Barbarians). All destroyed Wonders of the World gets owned by the Barbarian, and the Great Library starts to give out knowledge, even advanced stuff. It for me, always crashes soon thereafter, ...
Windows 11 23H2 Upgrade with Intune
Переглядів 2 тис.7 місяців тому
Windows 11 23H2 Upgrade with Intune
Intune - Package Apps with help of ChatGPT - Create Win32 App and Deploy (3/3)
Переглядів 1,5 тис.8 місяців тому
Intune - Package Apps with help of ChatGPT - Create Win32 App and Deploy (3/3)
Intune - Package Apps with help of ChatGPT - Modify Install Script/Test (2/3)
Переглядів 9679 місяців тому
Intune - Package Apps with help of ChatGPT - Modify Install Script/Test (2/3)
Intune - Package Apps with help of ChatGPT - Create Install Script (1/3)
Переглядів 2,7 тис.9 місяців тому
Intune - Package Apps with help of ChatGPT - Create Install Script (1/3)
Create & Apply Android Compliance Policies in Intune (7/7)
Переглядів 2,4 тис.9 місяців тому
Create & Apply Android Compliance Policies in Intune (7/7)
Create & Apply Android Configuration Profiles in Intune (6/7)
Переглядів 3,4 тис.9 місяців тому
Create & Apply Android Configuration Profiles in Intune (6/7)
Install Android Apps with Intune (5/7)
Переглядів 6 тис.9 місяців тому
Install Android Apps with Intune (5/7)
Create Android Device & Enroll into Intune (4/7)
Переглядів 8 тис.9 місяців тому
Create Android Device & Enroll into Intune (4/7)
Create Google Play Business Account & Link to Intune (2/7)
Переглядів 5 тис.9 місяців тому
Create Google Play Business Account & Link to Intune (2/7)
Learn to master and manage Android devices with Microsoft Intune - Intro (1/7)
Переглядів 7 тис.9 місяців тому
Learn to master and manage Android devices with Microsoft Intune - Intro (1/7)
Automatically Free Up Disk Space - Storage Sense - Intune
Переглядів 1,2 тис.9 місяців тому
Automatically Free Up Disk Space - Storage Sense - Intune
Open Hyperlinks From Outlook in Default Browser
Переглядів 1,8 тис.10 місяців тому
Open Hyperlinks From Outlook in Default Browser
Run Remediation (Script) On Demand in Intune
Переглядів 2,2 тис.11 місяців тому
Run Remediation (Script) On Demand in Intune
Somehow the /S doesnt work for me. I run the cmd file and nothing happens, as soon as I remove the /S from the script, it starts the installation process. REM Purpose: Install Mozilla Firefox 64-bit REM Author: Osman Gedik REM Date: 06.07.2024 REM Install Mozilla Firefox "%~dp0FirefoxInstaller.exe" /S /DesktopShortcut=false /PreventRebootRequired=true REM Copy configuration files if Firefox is correctly installed IF EXIST "C:\Program Files\Mozilla Firefox\defaults\pref" ( copy "%~dp0autoconfig.js" "C:\Program Files\Mozilla Firefox\defaults\pref\" /Y ) IF EXIST "C:\Program Files\Mozilla Firefox\" ( copy "%~dp0mozilla.cfg" "C:\Program Files\Mozilla Firefox\" /Y )
Hi mate, many thanks for your video. Its old but gold. I did the same but now have a failes status details 0x80070001. I couldn't fix that yet
I found the problem, I had a exe file and didn't download yours. Chatgpt Made me aware of the possibility, that the exe file isn't a full version. So I downloaded the file again and o voila it worked.
Hi, oh getting that error, pretty generic error, I would look at the program that runs what is specified there and also the content of the intunewin file. You will find more in "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log" file, not always so helpful but it will tell you what command it executed at least. Also check if the program is there? sometimes it is just the detection method that is incorrect etc...
How do I upload that in Intunes and make sure that the script runs on all devices? And what happens if someone already installed an older version of Firefox? How can I do an automated update through Intune rules?
Hi, great questions, you target the EntraID group but if you want all, you put under Assignment, the requirement to "All Devices" Firefox will upgrade existing. I usually set a detection method so it checks firefox.Exe and version, if older then run, if the system already have a newer version than packaged, then the detection sees that and just says all is good without running it (detection comes later in the course and goes through all the ways)
@@IntuneVitaDoctrina many thanks. I already watched the detection course as well. I like how you explain things step by step with different methods as well. Are you only doing UA-cam video or is there any courses which I could attempt?
@@IntuneVitaDoctrina evrytime a new Firefox version is published, I must download it and upload the new file to intune, is that correct? Isn't there a way which the system is pulling the new update by itself?
Hi, Thanks for the video. In my case, all our students' iPads are managed by School Manager and Intune, and there is no Company Portal installed on the devices. Can I still push apps from the Intune portal? Thank you.
Thanks for comment, Yes you can totally do it without Company Portal, I did it because I don't have an Apple School Manager or Apple Business Manager for my UA-cam video environment so I must do it by Company Portal, but not you :) If you have Apple's Volume Purchase Program (VPP) you can deploy it there also.
I am struggling with one issue at the user level App prompt for the admin password to upgrade for standard user.Thanks for the detailed video.
Hi, interesting. Is the app itself installed under c:\progam files? or under user profile or elsewhere? If you let me know which app it is the wingetID, I'll take a look. You could do the upgrades for them, by running a remediation script every day, and have SYSTEM update it, unless like you say it is a user app, but user apps normally doesn't require local admin as it is installed in the users own space. please give me more info and I'll do my best to help you
@@IntuneVitaDoctrina I am pushing through MDM Jump Cloud with all use able switches it downloaded the required updates at the installation ask for non admin users to provide password like I update Adobe Acrobat Reader
great gaming! i still play :) keep streaming more games! :)
Thanks, within a few days publish one more game play :) thanks
Awesome videos but No clarity sir
Thanks, this is one of my oldest videos on my channel, what wasn't so clear? (so I can do better next time)
Do you think you could win the game in any way playing EEE7? Emperor, Earth, England, 7 civs? The ultimate challenge
Oh I have waited for this comment :) thanks, I already have one game to publish, it is more or less ready, so my next game will the one you mention above here :) I actually often wins, it is difficult, but I go quickly to north America and establish myself there, and yes you be late in all, but in the end usually win :)
Why didn't you knock out Kiev?
I would have needed to put all Battleships on it and even then not sure to take it. The game was to send up a space ship and not be so aggressive (even then I think I was pretty aggressive also at some parts of the game :)
@@IntuneVitaDoctrina Oh but you took the other Russian cities so easily. It would have made the game too easy if you took it I think
yeah you are right, I thought also keeping Battleship in previous taken city as defense but it ended that I lost all so probably should have continue attack
Thank you! For anyone wondering it is indeed necessary to select user instead of system. If you let it stay on system, company portal wil say it is installed but you cant find it anywhere.
good comment, thanks a lot!
i wonder how to set the Intune to force all iPhone device to use the UPN or the First name of the user as device name ?
Very good question, hmm, I don't know actually, is it even possible? if you import into ABM, you don't know who the user will be until it is enrolled.
Why don't you take out Kiev?
Don't remember, relooked, maybe was afraid Battleship would die and then lose the other Russian cities I took, but yeah I should have taken all Battleship and try take it. The goal of this game wasn't to be so aggressive and do space ship but I guess I could do both :)
Amazing as usual ! I love your videos !
Thank you so much!! love to read comments like this, thanks
hellow, thank you so much for the video, one I want to install the profile, it says verification failed, your apple id or password is incorrect, but I tested many times and am sure the password is correct.
Difficult one, and it is the same appleID/password you used to setup in Intune? if you reset the password and try again?
I was screaming at you to research gunpowder, and build musketeers, but you wanted to research democracy, and industrialization and everything. It would have been a one stop detour for much added protection
true, Musketeers got 3 defense, if veteran (barrack) adds 50% and fortified another 5%, so in total 6 in defense which is high, maybe that would have been smarter, yeah I really want railroad and factory :D
It's all good. You're way better than me. I learned a lot of new tricks
happy you learnt something, there are so many strategies and ways to win, so hard to tell which one is the best to use
would you know issues if its enrolled and not deploying to company portal?
if you are Enterprise enrolled, and you deploy directly to client? or issue to deploy Company Portal? normally that should work fine, did you experience something else?
@IntuneVitaDoctrina so i am using company portal to enroll the mac book pro. it enrolls successfully i am able to remotely restart/ shutdown device. but configuration/conpliance policys and app deployment do not get pushed to the laptop. i look at the managed apps inside the device section of the specific laptop, and it says waiting on installation status . ( Also, i tried most trouble shoot steps you can think off lol)
@IntuneVitaDoctrina the only thing i found was a specific agent that gets downloaded with company portal (intune management agent) that is scoped around apps(possibly configs/policies) to be deployed from intune --> company portal ?
If enrolled from Company Portal, possible, I always go to this page (the PDF on it, shows the limitation) but what you mentioned here deploy apps and so should work flawless: learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-macos
Scrolls of ancient wisdom? Are they dropping hints that there was a great civilization before? Possibly before the younger dryas?
Sorry don't understand the reference? you mean when you take a hut and get a knowledge? :)
Hi, question about deploying Apps within Intune directly or through Apple VPP apps, i know there are very few app choices for MacOS apps on the Apple VPP Store, but i was on a call with Microsoft and they were helping me with an issue and said this was the best way to do it.. Thoughts?
That is a really good question, one I'm fighting with right now myself. I think Apple VPP apps have pretty much software, like 365 apps, however their version of OneDrive doesn't support Folder Redirect so I don't use that version. It installs good, updates good when it works, the problem is when it fails to update, I got no extra tools to fix it. I think it is pretty good for self service software that not so many use, so you don't have to package it, since it auto update from store, but still most software I prefer PKG/DMG and manage updates, either with the built-in auto update or package a newer version and push.
Great video thanks very much.
Thank you very much for this nice comments, those gives me energy to do more videos
Are you German?
Close, Swedish :)
Hi John, Hope you are doing great! I got one more interesting question for you 🤭- I want to block USB access for windows devices either from Intune or Defender for Endpoint but allow the basic USB devices like Mouse and Keyboards to work. I have tried creating policy from Configuration Profile (Administrative Template) and from Device Control (ASR) but nothing seems to work the way it should be. As per the MS documents it is simple but in practical it is not working. Either it is blocking all USB or Allowing all. I have gone through many youtube video but could not find a easy and best way which work. Have you tried this scenario and did it work, if not then could you add this to your list as it will be very helpful for others as well, since this is the basic requirement of every organization which is using Defender for Endpoint but achieving the desired result seems quite difficult.
Hi, all good here, hope with you too. Back in the days I tried to block USB storage with GPO, and had to work with a lot of hardware ID, don't think I got it to work so well. I have seen this exact question on a few forums, so it interest me a bit. I'll see if I can try it out and if it works I'll do a video about it, thanks for a good suggestion.
@@IntuneVitaDoctrina thanks John for your reply, what i don’t understand is since this is the most basic requirement for any Endpoint protection solution and it works well with other solutions but why Microsoft Defender is not able to provide a simple and easy way to achieve it 🙄.
This was a nice trip down the memory lane. I remember playing it in early 90's on my Amiga 500. As a kid, the exploit I found, was building United Nations first. Then I would nuke highly protected cities to destroy all troops in them in one go, take the city, and immediately sue for peace which they had to accept due to the Wonder. I would do this over and over again each turn, until victory.
that is a pretty cool tactic, they are forced to take peace with you and they always want to speak after you captured a city (or lost one) :) you can even sell buildings in their cities you take over to buy a new nuke :) They will break peace deals after 1AD if you are the strongest player of all, they break it very easy but you are just one turn a<ay from another nuke and another city anyway :) specially if they have railroad you can use that to take next city, plus you can make the troop follow the nuke to go around the blocking zone a troop has
Thank you for your video. May I ask how to get outputs to: - Pre-remediation detection error - Pre-remediation detection output - Remediation error - Post-remediation detection error - Post-remediation detection output - explain whet "filters" is? Thank you
Thanks! those column in Admin Web Portal aren't visible by default and you had to re-add them each time you are there. Pre-remedition output is what ever you put in Write-host command in detection script and Post-remediation is the Write-host in remediation script. The error is the error for each part. Filter, did I use that, you can target a EntraID group, but then have a filter, didn't go through those, but you can have a filter that finds all with manufacture "Dell" and then target all Sales users but exclude filter Dell devices hope that helps!
@@IntuneVitaDoctrina for the error, how do you write your script? With a Try and Catch?
yes that i the best way, honestly I don't often use that, I just use detection script and if it exit with 1, then run remediation script and use that none-error output, but if troubleshooting then yes
When I saw your smiling face I immediately clicked on like. Civ 1 is a game of people of culture.
Thank you so much :) I got another game but so lazy so edit, a 5 hours game play, but it should be published within 2 weeks. I have so much fun playing this game :)
@@IntuneVitaDoctrina Yeah, no argument there. I can clearly see how much you enjoy yourself.
Hi another great video. Could you please do one video on network printer deployment through powershell in intune.
Thanks! would that be printers on-prem, such as \\server\print01 installation?
not abel to install edge on Ubuntu
Did you download the .deb file here www.microsoft.com/en-us/edge/business/download?form=MA13FJ ? (not RPM) then you run it. There are other ways, this page explains different ways, one even use terminal only, hope that helps www.omgubuntu.co.uk/2021/01/how-to-install-edge-on-ubuntu-linux
Hi John, i got stuck with one situation and need your guidance in solving it. We have our own .apk file for android devices, these are custom in-house developed applications, i want to deploy the application to Android Fully Managed devices (Since the device belongs to company). I did it before with publishing them to google play store as a private app but now the size is the problem as it exceed 200MB, so i cannot use this option. I tried with deploying them as Line of Business application but its been 2 days nothing shows on device and even in intune portal it neither failed or success. Question: How to deploy your custom .apk files to android fully managed devices if the file size se more than 200MB? Appreciate your advice and guidance on this matter as i got stuck here from last one week.
Hi, excellent question, I don't have that experience unfortunately, I did a search and you can do this: While the Google Play Store has a size limitation for direct uploads, you can host the APK file on an external server or a cloud service and then reference it in the Managed Google Play. So you can host the over 200mb apk file in Amazon Web Services S3 bucket or alike, and then reference it in the Managed Google Play, I would try that, not sure how easy it is
@@IntuneVitaDoctrina thanks John for your reply, i am opening a case with Microsoft and will update you with their recommendation.
thank you, I'll be interested to hear what they recommend and I hope in the future they increase this limit of the file also.
Hey, when i run the Install Skript via Powershell as Admin, i get this Error: Error browsing source: winget Unexpected error while executing the command: 0x8a15000f: Data required by the source is missing When i run it as non Admin, it works.
So winget.exe can exist in some different places, in user profile, so the admin one probably got a path to a bad winget. The admin account, if you locate winget path, check path, try to run this command from that path winget source reset --force and winget source update You can be sure you done it right and it is a local profile/file issue,. is it Windows 11?
@@IntuneVitaDoctrina yes its win 11. i couldnt start it from my local PC but the rollout with intune worked. now, after 2 weeks, my package doesnt work anymore, but i did no changes there. Any ideas?
Hello John - Are there any Ios devices emulator or Simulator that I can use for testing as I go through this video series? Thank you.
Hi, excellent question, and unfortunately I don't know of any. I used an old iPhone X and used free TeamViewer to remote in. Apple normally isn't so supportive of virtual OS since they do most of their money on the hardware they sell. Search around, maybe this one works if you request a trial to use it for free.? www.corellium.com
Can you remote lock with a new passcode? To stop a thief who knows the passcode.
That is an excellent question, I don't think you can remote lock with a new passcode, you can lock but then it is still same passcode and as you said the thief know the passcode :( You can wipe or reset which is the normal action for stolen device.
Great , thanks mate :)
Thanks for your comment :)
Man, those Battleships could not come soon enough. You were getting wrecked by all these enemy ships.
true story, probably would go under without those. I have had games where the computer is so advance... drop a settler on my land, built a city.. I took the city and stolen "Steel", built one battle ship, bring a boat with a militia or something, take a coast city with battleship and the militia dropped, get more technology and advance from there :) Battleships are really too good :)
Excellent videos 💯🎉
thank you so much for this comment :)
Hello - Why do we need to create group for Deployment Profile and Enrollment status page?
Hi, Very good question! ESP a la Enrollment Status Page we know who have authenticated, and we can group per user, Deployment Profile is assigned to a device before it really exists, and anyone have authenticated so therefor you cannot assign it to a user or a device in Intune, it doesn't know that yet. Hope that clears it up a bit more
But if I do that microsoft will have access over my device? Or just few segments of my device or how? Thanks
Good question! when you enroll, adding a MDM profile to your iOS device you can see WHAT it can access on your device. If it is Personally Enrolled as in my video, you cannot see or do much. Mostly device info, maybe free space, model, apps installed by Intune (not your personal apps) etc.. Here is a link showing some more: learn.microsoft.com/en-us/mem/intune/user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune
@@IntuneVitaDoctrina Thanks !
Thank you for the video! Very clear presentation!
Glad you enjoyed it! Thanks a lot for your comment, that gives me energy to do more videos :)
This is very good John I recently had to disable a very important service manually but later I created a powershell script to start the services back on as it’s deployed to every devices I didn’t need a detection script I just pushed out the single script and it worked fine … saves me time and made the manager happy I got the job done so quick haha …. I love powershell :).
Well done! yeah a normal PowerShell script that runs once works also. With Remediation script you can get output back and stats and re-run if it stops again. PowerShell is nice! :) thanks
Hi John, Do you have a detectionn & remediation script to remove / disable quick assist? Thank you! ❤❤ ❤
Hi, it doesn't run as a service, but there is a registry key that can be added to disable Quick Assist, if you want I can post a remediation script for that? let me know and I try to write it down during the day. Doing it without remediation script would be these steps: For users on any edition of Windows 10/11, you can disable Quick Assist through the Windows Registry. Open Registry Editor: Press Win + R, type regedit, and press Enter. Navigate to the Key: Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Quick Assist. Create a New DWORD Value: If the Quick Assist key does not exist, you may need to create it. Within the Quick Assist key, create a new DWORD value named RestrictQuickAssist. Set the value of RestrictQuickAssist to 1 to disable Quick Assist. Close Registry Editor: Close the editor and restart your computer for the changes to take effect.
@@IntuneVitaDoctrina Anything will be helpful. Remediation script, csp, or Just a powershell script that can run from Intune. I tried but didn’t work for me. I need it for both windows 10 & 11. The path seems to be different in both cases. In win 10, it is in system32 but in win 11, program files\windows app. Thanks a lot!
@@IntuneVitaDoctrina I wanted to deploy it from Intune to all devices. How can i do that?
You can assign it to all devices, detection script picks only those that really needs it anyway
Not tested, so please do, but this should do the job: # Define the path to the registry key $registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Quick Assist" # Check if the Quick Assist key exists, if not, create it if (-not (Test-Path $registryPath)) { New-Item -Path $registryPath -Force } # Define the name and value for the new DWORD $dwordName = "RestrictQuickAssist" $dwordValue = 1 # Create or update the DWORD value New-ItemProperty -Path $registryPath -Name $dwordName -Value $dwordValue -PropertyType DWORD -Force # Output the result to confirm Write-Output "Registry key updated successfully. Quick Assist is now restricted."
Hi John, sorry to trouble you again 🤭, as a pre-requisite for our Bitlocker deployment we need to have Bitlocker service running (thanks to you it is now done) and Windows Recovery Environment (WinRE) set to enable, since it is not a service so i cannot use your bitlocker script to enable it. I made a detection and remediation script which is based on your bitlocker script but it is not working. Is this a correct approach or do i need to create a task scheduler with batch file. --------Detection Script--------------- $info = reagentc /info if($info -match ".*Windows RE status:.*Disabled.*") { write-host "WinRE Service is stopped" exit 1 } else { write-host "WinRE service is not stopped" exit 0 } -------------Remediation Script------------------------ #Enable WinRE reagentc /enable
Tested your script just in PowerShell ISE, and the Detection Script works fine for me. Does it work also for you when you run it manually and just fails when running it through Intune Remediation scripts?
Great video! And how can I get screen sharing without enabling the privacy and sharing option in the settings? for example by Teams ?
Thanks, that is a GREAT question, unfortunately Apple restrict this setting, so you can create a PPPC setting to change "Screen Sharing" (think the setting is called Screen Recording from disabled (in Sonoma, previous had that as default), to allow user to allow it for Teams, but no supported way to force that setting. I think that is sad that Apple doesn't use as Administrator of a device we own force these settings, but they seems to put privacy to the end user higher. I got same issue for TeamViewer on macOS, I have to have the techs apply the PPPC and then manually enable/allow screen recording :(
Very informative and much needed one. Thanks. Can we also add “if and” to run the remediation when the service is disabled as well..?
Thanks and yes the IF for service is disabled is a great idea. The detection script can look both and exit out on 1 if any of the if statements are true and the remediation script can change service from Disabled to Manual startup and then set it to running.
Your video is very informative, that is helpul for us, Keep it up.
Thank you so much for this nice comment, it is comment like these who makes me keep going and do more videos, thanks!
Very helpful in checking the status of any windows services and making it start with the remediation script...thanks John for your time and effort! ❤❤❤
Thank you so much for commenting. There is often a reason why a service isn't running, maybe it is crashing, then it is better to solve that, but sometimes you just need to start a service on multiple devices (or one) then this could be useful
This video is perfect. I love it ❤
Thank you very much for this nice comment!
remediation script requires any license ti run windows 10 or 1indows 11
You are correct, it dies require a special license, mentioned here: learn.microsoft.com/en-us/mem/intune/fundamentals/remediations#prerequisites Remediations requires users of the devices to have one of the following licenses: Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
Hi John, thank you so much for your support in learning new things. I have one scenario just need your guidance on how to achieve it. We implemented bitlocker from Intune and its working fine now some machines have Bitlocker service not running, how can i create a detection and remediation script to see if the service is not running then start the service. Appreciate your early response 😊
Thanks, if things goes as planned I'll do a video response to this question today, then you get a full solution you can just copy and paste but I will explain in the video also, hope to get it done today :)
Done a video that explains this today :) ua-cam.com/video/Owc56Zu2ONI/v-deo.html&ab_channel=Intune%26VitaDoctrina
@@IntuneVitaDoctrina thanks a lot John, really appreciate your effort. Big thank you once again 😊
Ah happy to hear! thanks for taking time to comment.
@ @IntuneVitaDoctrina Your device is not applicable is because it's your personal device right?
yes it is exactly that. Personal devices can enroll but you can only manage a few things, if it is Corporate enrolled you can do a lot more. Unfortunately I don't have a private Apple Business Manager account to show that part
Thank for clear and easy explanation Mr. Bryntze, still learning while watching your videos.
Thank you so much! this last series about Apple iOS isn't my proudest work, it goes through everything but missing an Apple Business Manager account to show the real cool stuff. Got some ideas for next videos that will be pretty interesting :)
Its cool when sometimes you start with 2 settlers
yes! it is pretty rare but it happens, it is not random, it calculates your starting point and if it thinks you have a disadvantage it gives you an extra settler and technology, here is the calculations for it :) forums.civfanatics.com/threads/number-of-starting-settlers-and-techs.494994/
@@IntuneVitaDoctrina Oh my god I always thought otherwise I feel I was dumb for 40 years lol
hahaha please don't (dumb) I also have played for 35 years playing this and learnt like a year ago thanks to a comment on one of these videos how to calculate which grasslands give shields and which doesn't, this game surprises me still after all these years :)
Hi, I'm having a problem updating an application. I managed to install version n of an application with its plist file, but when I want to update this application with the new version n+1, I get an error message and the application doesn't update. The message reads as follows:The file provided is not supported. Check the requirements for deploying the selected app type. (0x87D30143) If I manually uninstall version n, then version n+1 will install. I've tried in the script to uninstall application n before installing version n+1, but I get a request for the administrator password when executing the script. Any ideas? Thanks for your videos!
Hi, is it a Silicon mac or Intel? the package you deploy is it a DMG or PKG or something else?. Script shouldn't ask for password if it runs as root and not as the user? Interesting that it works if no software is installed, just upgrade fails, please let me know a bit more of the format etc and see if I can help.
@@IntuneVitaDoctrina Hello, I find out. I removed the "sudo" command in my installation script and it worked. Sorry for the late response, but I'm on a big issue with a multiple feature PKG package on Mac (M3 Pro Mac, Silicon I presume). Maybe you already solve this, with Cisco anyconnect, I only want to install the VPN.
@@petere8971 well done! yeah sudo is great for testing but in Intune it runs as "root", thanks for sharing