Tuesday, June 30, 2015

Intune - Remote Lock and Passcode Reset


 
I was asked recently why you would need Remote Lock as seen below in Intune:
 
 
 
 
I sent the Remote Lock to my device and below is the result of which is seen below: 
 
 Before I go any further, not all commands are available on all devices. 
 
 
Problem: I left my device at the Restaurant, I am going to get it but it won't lock automatically.
Solution: Remote lock so that no one can access the device
 
Problem: User is set to be fired from the company.
Solution: When the user is brought into HR, the Passcode can be reset and then the device can be locked.  Later the Remote wipe (Full or Selective ) can be performed.
 
Problem: Board meeting (or Corporate Examination) is about to begin, devices are collected or placed on the conference room table. 
Solution: To prevent members from watching their phones a remote lock can be performed as the icon is visible and can easily be seen if a user unlocks their device. 
 
Problem: User forgets their PassCode
Solution: Reset the code for the user.
 
  
 
 
PlatformRemote Lock
iOSSupported
AndroidSupported
Windows Phone 8 and Windows Phone 8.1Supported
Windows RT 8.1 and Windows RTSupported if the current user of the device is the same user who enrolled the device.
Windows 8.1Supported if the current user of the device is the same user who enrolled the device.
 
 
 
 

PlatformPasscode Reset
iOSSupported for clearing the passcode from a device. Does not create a new temporary passcode.
AndroidSupported and a temporary passcode is created.
Windows Phone 8 and Windows Phone 8.1Supported
Windows RT 8.1 and Windows RTNot Supported
Windows 8.1Not Supported



More information on Remote Lock and Passcode Reset can bee seen here:
https://technet.microsoft.com/en-us/library/jj676679.aspx

Tuesday, June 23, 2015

Intune updates for June 2015

Intune 2015 updates:

https://technet.microsoft.com/en-us/library/dn292747.aspx?f=255&MSPPError=-2147217396

Windows 10 is about to arrive for everyone and this includes the Enterprise.  This will now give you the ablilty to manage that.

Speaking of which, did you know you can download the Windows 10 Preview for your certain phones?

Join the insider program:
http://windows.microsoft.com/en-us/windows/preview-download-phone

We are slowly seeing an up swing in IOS and Android capabilities much like in May.  This is expected as Microsoft slowly takes over the competitors in the market.  Look for greater abilities to come.  Every month Microsoft is pushing out small improvements based on the market and community requests. 

GeoFencing:
http://download.microsoft.com/download/7/8/2/7820BD07-28E3-4B06-8E11-FB55AC07CB83/4-WindowsPhone81.pptx

This is a brilliant concep that is gaining market ground in many devices.  In this previous PPT we see the use of GeoFencing with triggers.  When a device enters an area an application executes something. 
This can also be used to inhibit applications or features.  Say you have a corporate building that doesn't allow cameras, then when you enter the building perimeter the phone, which is corporeate owned, will lock down the camera. 

Or maybe want to disable certain programs when someone travels outside the US. The possibilities are endless and with Intune we slowly see many of these abilities come to life. 


Thursday, June 18, 2015

Blank Distriuion Point Usage Summary Report

Problem:
  • The DP Usage Summary Report is not showing data.
  • You are running a custom website and possibly a custom port
Investigate your DP or Secondary to determine if the logs are pulled correctly

Review the server side log: Smsdpusage.log




Check the log.  Notice the folder the system is pulling: 
 Gathering statistics from C:\inetpub\logs\LogFiles\W3SVC1\ex150612.log
 This indicates a Site ID of 1 for the IIS Site

 W3SVC + [Side ID]

At first glance it appears everything is working correctly until you check the Site ID for your custom Website

 To access your Site ID, Select the Website and Open the Advanced Settings for the site






Default Website
Custom Website




























The default behavior is to create a new website ID for the custom Website. 

Problems existed with the Custom websites and Custom ports but were resolved in SP1 Cu1 and Cu2.  This new report was created and installed with R2.  It doesn't appears the process understood a custom website was on the DP when it was upgraded.

Solution:
To fix this you will need to change the IIS Site ID to 1 which is used by the process to pull the IIS data.

Because no two sites can share the same ID you will need to use a third number in order to flip the IDs. 

Working Default Site on Site #2
Working Custom Website on Site 1



When you change the IDs IIS will stop automatically.  You can stop the Sites before you make the change if you wish.  Post change:










You will need to start each site manually.
When this happens the logs will now start to saved to the Site ID 1 folder
C:\inetpub\logs\LogFiles\W3SVC1




Once this is done, I would recommend that you move the old IIS to the new, correct folder...C:\inetpub\logs\LogFiles\W3SVC1
The next we check the report and now see data:

I have noticed on 2 of my DPs the Bytes Sent is 0, which is wrong.  I haven't determine why this but it is is my next task.

It is possible that because we have this fix in place but it needs have been done before the R2 install.  I find it odd that it pulls in the log, the connections and requests but doesn't read the bytes sent.
 

Monday, June 15, 2015

Make your voice heard

Microsoft has several ways to pull in feedback, MVPs, forums, Microsoft Connect.  Here is another method to interact with Microsoft without having to fill out the complex Design Change Request.

Ask Microsoft what you would like to see or vote (up to 10x) on a topic.  If that topic is already in production or complete then your vote should be turned back to you to use again. 
Remove and change your votes as new ideas are submitted:


Here’s how it will work:

For ideas/DCRs only (no bugs) for Configuration Manager:


 

For Intune standalone, and ConfigMgr+Intune hybrid MDM (Bugs and DCRs):

Friday, June 5, 2015

ConfigMgr 2012 Site Boundary Group Assigmentment

If you have a 2007 and 2012 SCCM site you can't use site assignment because the 2012 machines might try to assign themselves to the 2007 site.  It can be confusing enough to have both infrastructures.  Or maybe you didn't set it before for some reason.  If you have too many to do by hand then here is a script you can modify to use in your enviroment. 

Recall that you cannot assign a boundary group to a Secondary Site code, it must be assigned to the Primary.  Yes, I realize it is in the drop down list because it is a site but you should always assign the site to the Primary just like the client would see in the Site settings.

We have our Boundary Group labled as such:


Location - SiteCode
London1 - SC2
London2 - SC2
Scotland - SC3
Texas - SC1
Washington - SC4

The reason for this is to quickly determine where a bound group is connected in terms of the secondary controlling it.  For this reason we need to look at the Secondary site code and associate it with the Primary.


##PowerShell set the primary for the group.
$SiteServer = "foo.com"
$SiteCode = "PR1"
$WMIConnection = [WMICLASS]"\\$SiteServer\Root\SMS\Site_$($SiteCode):SMS_BoundaryGroup
$BoundaryLIst = $WMIConnection.psbase.GetInstances()
foreach ($Boundary in $BoundaryLIst)
{
    #echo $Boundary.Name
     $SecondarySiteCode = $Boundary.Name.Substring($Boundary.Name.Length-3,3)
     $Primary="CHECK"
    Switch ($SecondarySiteCode)
   {
   SC1 { $Primary="PR1"}
   SC2 { $Primary="PR2"}
   SC3 { $Primary="PR2"}
   SC4 { $Primary="PR1"}
   SC5 { $Primary="PR1"}
   SC5 { $Primary="PR3"}
 
   }

 if ($Primary -eq "CHECK")
 {
   echo $Boundary.Name
 }
 else
 {
  ##boundary group is correct set it
  $Boundary.DefaultSiteCode = $Primary
  $Boundary.Put()
  }
}
################################################

Note that if you want to uncheck the box you can simply blank the DefaultSiteCode
$Boundary.DefaultSiteCode = ""