User Profile
VanakenJ
Brass Contributor
Joined Mar 30, 2018
User Widgets
Recent Discussions
Best method for configuring EDGE in Enterprise
Hi, we are a large company almost 10.000 devices. Edge is now configured via group policy, but many legacy settings so cleanup and re-engineering is needed. In that context, we also want to switch to a modern configuration method for EDGE. 'Edge Management Service' is modern/cloud way to configure but lacks reporting and diag tools, while Intune Settings Catalog has reporting but may lack settings for CoPilot and other new features. In a hybrid joined or Entra-ID joined scenario, what is the Best Practice for configuring Microsoft Edge taking into account control, reporting and diagnostics ?Evolving Delivery Optimization beyond classic VPNs
Delivery Optimization settings allows to https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-faq#how-does-delivery-optimization-handle-vpns using the policies https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-reference#vpn-keywords and https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-reference#disallow-cache-server-downloads-on-vpn. However the era of classical VPN's is ending with solutions like ZScaler Private Access where these policies become useless. In my opinion Delivery Optimization lacks alternative mechanisms to control use of (avoid access to) MCC Cache Host servers. How can we avoid use of the MCC Cache Host servers over solutions like ZScaler Private Access?Security Center Dashboard: how to split servers and workstations ?
In our company, we are joining servers and workstations into Defender. Workstations are co-managed and onboard via ConfigMgr/MEM, servers onboard via MDE. They will both report into Security Center. However, we want a separate view/dashboard for our workstations and servers (management, KPI's etc.) Is this possible ? If yes, how ?Re: Delivery Optimization fails for 99% of the company
Pardu1 Hi, I understand you are using ConfigMgr in combination with DO. Looks like your peer-to-peer over port 7680 TCP/UDP is working properly. 1) delta download should be enabled in ConfigMgr client settings; this is local port 8005. See ConfigMgr console > Administration > Client Settings > Default client Settings > Software Updates > 'Ports that clients use to receive delta content = 8005' (details: Https://docs.microsoft.com/en-us/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910) 2) There is also a parameter for DO to help it avoid to fall back too quickly to CDN: see https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference#delay-background-download-from-http-in-secs. We set it to 1 hour. 3) You can also check DO logs on client which gives very clear and detailed info: Get-DeliveryOptimizationLog | select Message -Last 250 | Out-GridView Hope this helps. JohanRe: Co-Management for patching
Hi Andreas, Just moved to co-management a year ago for 10.000 clients, now moving workloads to Windows Update for Business. Below a summary of the work done. A goo start and recommended, is (if you have the required subscription) to ask help from Microsoft FastTrack engineers to guide you through the process: https://www.microsoft.com/en-us/fasttrack. It is an excellent service! Johan * Step 1: Enable Hybrid AAD Join (AAD connect) --> brings your devices to Azure AD https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains * Step 2: Enable co-management in ConfigMgr --> configMgr client will do the work for you https://docs.microsoft.com/en-us/mem/configmgr/comanage/tutorial-co-manage-clients#enable-co-management-in-configuration-manager *Step 3: Tenant/Cloud Attach --> recommended for enhanced device management * Step 4: you can now start moving workloads to Windows Update for Business.Is Windows.old directory automatically removed?
We are preparing OS upgrade from 1709 to 1809 for >5000 workstations. After upgrade Windows.old takes between 5-10 GB of disk space. In the MS doc is stated you can use DISM /Set-OsUninstallWindow to defile how long user can roll back. https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-uninstallos-command-line-options But after this period (default=30 days), does Windows also *automatically* clean up Windows.old?Re: Bug in latest ADMX templates for Office ProPlus (outlk16.admx)
Great, but a missed opportunity to correct this bug in Outlk16.admx that now celebrated its 6th anniversary :-( See https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-ph%2Fhelp%2F2479719%2Foutlook-policy-template-deploys-disablecrossaccountcopy-as-reg-expand&data=02%7C01%7Cm365pmr%40microsoft.com%7C6700d414c7c74a0064d808d690228940%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636854875351603622&sdata=4K%2FFG5r8cQnUsPNf7jTl3H47dU5fFv2I22yak1RSKCA%3D&reserved=0 thanks for follow-up!Bug in latest ADMX templates for Office ProPlus (outlk16.admx)
https://www.microsoft.com/en-us/download/details.aspx?id=49030 Version: 4768.1000 / Date published: 1/18/2019 It seems that the latest Outlook ADMX template has an error in the XML structure: at the end after the closing </policies> tag, there is another child item with tag <policy> that should included IN the <policies> structure - see below. ... </policy> </policies> <policy name="L_DisableOnlineModeAuthDiagnostics" class="User" displayName="$(string.L_DisableOnlineModeAuthDiagnosticsDisplay)" ...
