User Profile
VanakenJ
Brass Contributor
Joined Mar 30, 2018
User Widgets
Recent Discussions
Best method for configuring EDGE in Enterprise
Hi, we are a large company almost 10.000 devices. Edge is now configured via group policy, but many legacy settings so cleanup and re-engineering is needed. In that context, we also want to switch to a modern configuration method for EDGE. 'Edge Management Service' is modern/cloud way to configure but lacks reporting and diag tools, while Intune Settings Catalog has reporting but may lack settings for CoPilot and other new features. In a hybrid joined or Entra-ID joined scenario, what is the Best Practice for configuring Microsoft Edge taking into account control, reporting and diagnostics ?195Views0likes1CommentEvolving Delivery Optimization beyond classic VPNs
Delivery Optimization settings allows to https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-faq#how-does-delivery-optimization-handle-vpns using the policies https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-reference#vpn-keywords and https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-reference#disallow-cache-server-downloads-on-vpn. However the era of classical VPN's is ending with solutions like ZScaler Private Access where these policies become useless. In my opinion Delivery Optimization lacks alternative mechanisms to control use of (avoid access to) MCC Cache Host servers. How can we avoid use of the MCC Cache Host servers over solutions like ZScaler Private Access?237Views0likes0CommentsEdge Management Service: 'Customization Settings' tab / Enterprise secure AI settings confusing
In Edge Management Service when you create a new Configuration Profile, the 'Customization Settings' tab is available. On the 'Enterprise Secure AI' page of this tab, all settings are blue/checked giving the impression that these settings are enabled and active. But they are not. For a new Configuration Profile the related settings are not available/present in the Policies tab. This gives the impression that (from the 'Enterprise Secure AI' perspective) the settings are enabled but in reality they are not because the policies are not present in the Policies tab. This is confusing. This behavior-by-design could be changed, suggestion: Check box = Grey/unchecked: Not configured = setting not in Policies tab (Edge defaults apply) Check box = Blue/unchecked: Configured = setting in Policies tab = 'disabled' Check box = Blue/checked: Configured = setting in Policies tab = 'enabled' A consideration to take by the Development team for Edge Management Service. All comments welcome 😉Solved385Views0likes1CommentRe: EdgeSidebarAppUrlHostBlockList policy is not available in Edge Management Service
Kelly_Y Hi thanks for the info! In fact I would expect the Edge Management Service to be serviced before group policy, since I presume Microsoft's strategy is still 'Cloud-First'. A reflection point for the Dev team 😉285Views0likes0CommentsEdgeSidebarAppUrlHostBlockList policy is not available in Edge Management Service
This (group) policy is available from Edge version 127 but is not available in the new Edge Management Service (it is there in Group Policy). Anyone knows why ? https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-sidebar#block-sidebar-apps-except-search-using-urlsSolved416Views0likes2CommentsEdge Management Service: Enterprise Secure AI tab/settings
The Enterprise Secure AI tab appears in every configuration profile. It is impossible to remove the tab or set te settings to 'Not configured'. Think about the scenario where we want one global configuration profile for the company (including the AI settings), but in other profiles (with higher priority) we do not want to configure the AI settings again. Not clear in the doc how to handle this. How can this be managed ?Solved490Views0likes1CommentEdge Management Service: reporting and roadmap ?
The Edge Management Service (https://learn.microsoft.com/en-us/deployedge/microsoft-edge-management-service) is a great new way to configure EDGE settings in the enterprise. However, it lacks features like reporting (graphs on nr of users in scope, settings applied, settings conflicts...) and analysis features (like Group Policy Results for GPO's). Unfortunately a roadmap for Edge Management Service is not available (anyway, CoPilot cannot find any 😉 ). Are any features like mentioned above foreseen for Edge Management Service in the future? Can you say anything on the roadmap of Edge Management Service?Solved1.8KViews0likes1CommentSecurity Center Dashboard: how to split servers and workstations ?
In our company, we are joining servers and workstations into Defender. Workstations are co-managed and onboard via ConfigMgr/MEM, servers onboard via MDE. They will both report into Security Center. However, we want a separate view/dashboard for our workstations and servers (management, KPI's etc.) Is this possible ? If yes, how ?721Views0likes0CommentsBest Practice for targeting Configuration Policies in MEM
Moving our Windows client platform to Modern Management, we are looking at configuring more settings with MEM and moving away from Group Policies. Note: we are hybrid Joined + Co-Managed for all our clients. What are the Best Practices (technical efficiency) to target Configuration Policies to Devices in MEM? - Static AAD groups - Dynamic AAD groups ? - Filters etc. ... and in what order should they be used (for example, first use a Dynalic group, the refine using filter)Solved707Views1like1CommentRe: Delivery Optimization fails for 99% of the company
Pardu1 Hi, I understand you are using ConfigMgr in combination with DO. Looks like your peer-to-peer over port 7680 TCP/UDP is working properly. 1) delta download should be enabled in ConfigMgr client settings; this is local port 8005. See ConfigMgr console > Administration > Client Settings > Default client Settings > Software Updates > 'Ports that clients use to receive delta content = 8005' (details: Https://docs.microsoft.com/en-us/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910) 2) There is also a parameter for DO to help it avoid to fall back too quickly to CDN: see https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference#delay-background-download-from-http-in-secs. We set it to 1 hour. 3) You can also check DO logs on client which gives very clear and detailed info: Get-DeliveryOptimizationLog | select Message -Last 250 | Out-GridView Hope this helps. Johan3KViews1like3CommentsRe: Co-Management for patching
Hi Andreas, Just moved to co-management a year ago for 10.000 clients, now moving workloads to Windows Update for Business. Below a summary of the work done. A goo start and recommended, is (if you have the required subscription) to ask help from Microsoft FastTrack engineers to guide you through the process: https://www.microsoft.com/en-us/fasttrack. It is an excellent service! Johan * Step 1: Enable Hybrid AAD Join (AAD connect) --> brings your devices to Azure AD https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains * Step 2: Enable co-management in ConfigMgr --> configMgr client will do the work for you https://docs.microsoft.com/en-us/mem/configmgr/comanage/tutorial-co-manage-clients#enable-co-management-in-configuration-manager *Step 3: Tenant/Cloud Attach --> recommended for enhanced device management * Step 4: you can now start moving workloads to Windows Update for Business.1.2KViews0likes0CommentsIs Windows.old directory automatically removed?
We are preparing OS upgrade from 1709 to 1809 for >5000 workstations. After upgrade Windows.old takes between 5-10 GB of disk space. In the MS doc is stated you can use DISM /Set-OsUninstallWindow to defile how long user can roll back. https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-uninstallos-command-line-options But after this period (default=30 days), does Windows also *automatically* clean up Windows.old?1.7KViews0likes1CommentRe: Bug in latest ADMX templates for Office ProPlus (outlk16.admx)
Great, but a missed opportunity to correct this bug in Outlk16.admx that now celebrated its 6th anniversary :-( See https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-ph%2Fhelp%2F2479719%2Foutlook-policy-template-deploys-disablecrossaccountcopy-as-reg-expand&data=02%7C01%7Cm365pmr%40microsoft.com%7C6700d414c7c74a0064d808d690228940%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636854875351603622&sdata=4K%2FFG5r8cQnUsPNf7jTl3H47dU5fFv2I22yak1RSKCA%3D&reserved=0 thanks for follow-up!1.6KViews0likes0CommentsRe: Bug in latest ADMX templates for Office ProPlus (outlk16.admx)
There is an additional bug that has not been fixed since Office 2010 (!) related to DisableCrossAccountCopy: https://support.microsoft.com/en-ph/help/2479719/outlook-policy-template-deploys-disablecrossaccountcopy-as-reg-expand1.7KViews0likes0CommentsBug in latest ADMX templates for Office ProPlus (outlk16.admx)
https://www.microsoft.com/en-us/download/details.aspx?id=49030 Version: 4768.1000 / Date published: 1/18/2019 It seems that the latest Outlook ADMX template has an error in the XML structure: at the end after the closing </policies> tag, there is another child item with tag <policy> that should included IN the <policies> structure - see below. ... </policy> </policies> <policy name="L_DisableOnlineModeAuthDiagnostics" class="User" displayName="$(string.L_DisableOnlineModeAuthDiagnosticsDisplay)" ...1.9KViews0likes4Comments
Recent Blog Articles
No content to show