User Profile
VanakenJ
Brass Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Evolving Delivery Optimization beyond classic VPNs
Delivery Optimization settings allows to 'tag' a connection as VPN using the policies VPNKeywords andDODisallowCacheServerDownloadsOnVPN. However the era of classical VPN's is ending with solutions like ZScaler Private Access where these policies become useless. In my opinion Delivery Optimization lacks alternative mechanisms to control use of (avoid access to) MCC Cache Host servers. How can we avoid use of the MCC Cache Host servers over solutions like ZScaler Private Access?133Views0likes0CommentsEdge Management Service: 'Customization Settings' tab / Enterprise secure AI settings confusing
In Edge Management Service when you create a new Configuration Profile, the 'Customization Settings' tab is available. On the 'Enterprise Secure AI' page of this tab, all settings are blue/checked giving the impression that these settings are enabled and active. But they are not. For a new Configuration Profile the related settings are not available/present in the Policies tab. This gives the impression that (from the 'Enterprise Secure AI' perspective) the settings are enabled but in reality they are not because the policies are not present in the Policies tab. This is confusing. This behavior-by-design could be changed, suggestion: Check box = Grey/unchecked: Not configured = setting not in Policies tab (Edge defaults apply) Check box = Blue/unchecked: Configured = setting in Policies tab = 'disabled' Check box = Blue/checked: Configured = setting in Policies tab = 'enabled' A consideration to take by the Development team for Edge Management Service. All comments welcome 😉Solved206Views0likes1CommentRe: EdgeSidebarAppUrlHostBlockList policy is not available in Edge Management Service
Kelly_YHi thanks for the info! In fact I would expect the Edge Management Service to be serviced beforegroup policy, since I presume Microsoft's strategy is still 'Cloud-First'. A reflection point for the Dev team 😉241Views0likes0CommentsEdgeSidebarAppUrlHostBlockList policy is not available in Edge Management Service
This (group) policy is available from Edge version 127 but is not available in the new Edge Management Service (it is there in Group Policy). Anyone knows why ? Manage the sidebar in Microsoft Edge | Microsoft LearnSolved333Views0likes2CommentsEdge Management Service: Enterprise Secure AI tab/settings
TheEnterprise Secure AI tab appears in every configuration profile. It is impossible to remove the tab or set te settings to 'Not configured'. Think about the scenario where we want one global configuration profile for the company (including the AI settings), but in other profiles (with higher priority) we do not want to configure the AI settings again. Not clear in the doc how to handle this. How can this be managed ?Solved372Views0likes1CommentEdge Management Service: reporting and roadmap ?
The Edge Management Service (https://learn.microsoft.com/en-us/deployedge/microsoft-edge-management-service) is a great new way to configure EDGE settings in the enterprise. However, it lacks features like reporting (graphs on nr of users in scope, settings applied, settings conflicts...) and analysis features (like Group Policy Results for GPO's). Unfortunately a roadmap for Edge Management Service is not available (anyway, CoPilot cannot find any 😉 ). Are any features like mentioned above foreseen for Edge Management Service in the future? Can you say anything on the roadmap of Edge Management Service?Solved1.2KViews0likes1CommentSecurity Center Dashboard: how to split servers and workstations ?
In our company, we are joining servers and workstations into Defender. Workstations are co-managed and onboard via ConfigMgr/MEM, servers onboard via MDE. They will both report into Security Center. However, we want a separate view/dashboard for our workstations and servers (management, KPI's etc.) Is this possible ? If yes, how ?Best Practice for targeting Configuration Policies in MEM
Moving our Windows client platform to Modern Management, we are looking at configuring more settings with MEM and moving away from Group Policies. Note: we are hybrid Joined + Co-Managed for all our clients. What are the Best Practices (technical efficiency) to target Configuration Policies to Devices in MEM? - Static AAD groups - Dynamic AAD groups ? - Filters etc. ... and in what order should they be used (for example, first use a Dynalic group, the refine using filter)Solved623Views1like1CommentRe: Delivery Optimization fails for 99% of the company
Pardu1 Hi, I understand you are using ConfigMgr in combination with DO.Looks like your peer-to-peer over port 7680 TCP/UDP is working properly. 1) delta download should be enabled in ConfigMgr client settings; this is local port 8005. See ConfigMgr console > Administration > Client Settings > Default client Settings > Software Updates > 'Ports that clients use to receive delta content = 8005' (details: Https://docs.microsoft.com/en-us/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910) 2) There is also a parameter for DO to help it avoid to fall back too quickly to CDN: seehttps://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference#delay-background-download-from-http-in-secs. We set it to 1 hour. 3) You can also check DO logs on client which gives very clear and detailed info:Get-DeliveryOptimizationLog | select Message -Last 250 | Out-GridView Hope this helps. Johan2.9KViews1like3CommentsRe: Co-Management for patching
Hi Andreas, Just moved to co-management a year ago for 10.000 clients, now moving workloads to Windows Update for Business. Below a summary of the work done. A goo start and recommended, is (if you have the required subscription) to ask help from Microsoft FastTrack engineers to guide you through the process: https://www.microsoft.com/en-us/fasttrack. It is an excellent service! Johan * Step 1: Enable Hybrid AAD Join (AAD connect) --> brings your devices to Azure AD https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains * Step 2: Enable co-management in ConfigMgr --> configMgr client will do the work for you https://docs.microsoft.com/en-us/mem/configmgr/comanage/tutorial-co-manage-clients#enable-co-management-in-configuration-manager *Step 3: Tenant/Cloud Attach --> recommended for enhanced device management * Step 4: you can now start moving workloads to Windows Update for Business.1.2KViews0likes0CommentsIs Windows.old directory automatically removed?
We are preparing OS upgrade from 1709 to 1809 for >5000 workstations. After upgrade Windows.old takes between 5-10 GB of disk space. In the MS doc is stated you can use DISM /Set-OsUninstallWindow to defile how long user can roll back. https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-uninstallos-command-line-options But after this period (default=30 days), does Windows also *automatically* clean up Windows.old?1.6KViews0likes1CommentRe: Bug in latest ADMX templates for Office ProPlus (outlk16.admx)
Great, but a missed opportunity to correct this bug in Outlk16.admx that now celebrated its 6th anniversary :-( See https://support.microsoft.com/en-ph/help/2479719/outlook-policy-template-deploys-disablecrossaccountcopy-as-reg-expand thanks for follow-up!1.5KViews0likes0CommentsRe: Bug in latest ADMX templates for Office ProPlus (outlk16.admx)
There is an additional bug that has not been fixed since Office 2010 (!) related to DisableCrossAccountCopy: https://support.microsoft.com/en-ph/help/2479719/outlook-policy-template-deploys-disablecrossaccountcopy-as-reg-expand1.6KViews0likes0CommentsBug in latest ADMX templates for Office ProPlus (outlk16.admx)
https://www.microsoft.com/en-us/download/details.aspx?id=49030 Version:4768.1000 / Date published:1/18/2019 It seems that the latest Outlook ADMX template has an error in the XML structure: at the end afterthe closing </policies> tag, there is another child item with tag <policy> that should included IN the <policies> structure - see below. ... </policy> </policies> <policy name="L_DisableOnlineModeAuthDiagnostics" class="User" displayName="$(string.L_DisableOnlineModeAuthDiagnosticsDisplay)" ...1.6KViews0likes4Comments