Category Archives: Intune

EMS, Intune, OneDrive for Business, Powershell

Deploying the new Onedrive Next Generation Sync client as MSI through Intune to Windows 10

29/05/2017 JosL 6 Comments

Onedrive for Business’s client, the new Next Generation Sync client, is awesome. Obviously.

So you want it on your devices, but Microsoft distributes it as .exe. Nasty, because I want to manage Windows 10 as mobile devices through Intune, and that only allowes me to distribute as MSI.

I created an MSI for Onedrive for Business’s Next Generation Client using Advanced Installer. Because I’m not allowed to redistribute Microsoft’s .exe, this MSI downloads the .exe from Microsoft’s website, it uses /silent and /takeover as installation switches. Continue reading Deploying the new Onedrive Next Generation Sync client as MSI through Intune to Windows 10 →

Intune, Office 365, OneDriveMapper, Powershell

EMS Case: Running a Powershell Logonscript like OnedriveMapper on AzureAD joined machines through Intune

21/09/2016 JosL 20 Comments

NOTICE: it is easier to use Device Configuration Scripts now that this feature has been released in Intune.

A second case, comparable to EMS case: distributing Office templates and macro’s to your users on Windows 10 mobile managed Azure AD Joined devices.

In this case I will show you how to package and distribute a Powershell script (OnedriveMapper in this case) through Intune to MDM enrolled Windows 10 devices.

Continue reading EMS Case: Running a Powershell Logonscript like OnedriveMapper on AzureAD joined machines through Intune →

Intune

EMS case: distributing Office templates and macro’s to your users on Windows 10 mobile managed Azure AD Joined devices

19/09/2016 JosL 1 Comment

Azure AD, Intune and Windows 10 offer an incredibly nice light management option, where your users can use any Windows 10 Pro or higher device and simply join it to your Azure AD on their own.

Intune then allows you to enforce your security policies on those devices, and to distribute AppX and MSI packages to those devices.

Traditionally, IT used to manage devices using GPO’s or more, allowing a very high degree of granular configuration and remediation. Intune or the Enterprise Mobility Suite don’t offer good alternatives for Group Policy, and don’t allow scripts to be deployed natively, this greatly limits us.

However, the ability to deploy an MSI can be leveraged to still offer any of the granular management we used to do. I would very, very strongly advocate only using this as a last resort, don’t swim against the current, let users manage their own device and move to a services based architecture for your organisation’s IT.

Today’s case for a global NGO with a fully EMS licensed user base covers the distribution and installation of a large number of templates for Microsoft Word, including a normal.dot, macro’s and the required group policy settings to make word use these templates. Continue reading EMS case: distributing Office templates and macro’s to your users on Windows 10 mobile managed Azure AD Joined devices →

Automation, Intune

Killing and reinstalling the Intune Client without user interaction

24/03/2016 JosL 1 Comment

So, recently a customer installed the Intune client in an image, as my previous post details, causing the client to enter a bricked state.

Reinstallation of the client can fix this, but we wanted minimum user interaction as a large number of machines was already distributed.

For those who remember Winrar, it is a fantastic ZIP tool that can create a self-extracting archive (.EXE) which auto-self elevates (admin rights) and can automatically start a file from the archive after extraction.

Include the Intune setup file and the certificate Microsoft includes, and this script (as .bat), and your Intune installation will be ‘cleaned up’. Note that you may see some file protection dialogs.

Source code: Continue reading Killing and reinstalling the Intune Client without user interaction →

Intune

Intune Client does not appear in console and displays error 0x80070005 when updating

23/03/2016 JosL 1 Comment

If you want to deploy the Intune Client using a (golden/generalized) image with System Center Configuration Manager or any other tool, make sure you haven’t already installed the Intune Client on that machine and follow the correct procedure.

The Intune Client generates a machine specific certificate in the Personal Store of the machine. This certificate is only valid for that machine. If you then base your image on this machine, all installations using that image will fail, Intune will report error 0x80070005 when trying to update. The full log of Updates.log in c:\Program Files\Microsoft\OnlineManagement\Logs will look like this below log.

EDIT: if you want to ‘reset’ / ‘fix’ the Intune Client with a script / automatically, read here

Continue reading Intune Client does not appear in console and displays error 0x80070005 when updating →

Liebensraum