User Profile
SteveThomas
MicrosoftJoined Jun 06, 2018
User Widgets
Recent Discussions
Transitioning state data to the cloud in remote work scenarios
Ensuring reliable access to applications and corporate data is paramount in ensuring end user productivity during the current global health crisis. In addition to managing that application and data access, ensuring the preservation, and roaming of user state data, specifically applications and shell settings is crucial as that state data is often personalized and tailored to individual users. This session discusses the methods of roaming state data via the cloud instead of through on-premises technologies over VPN. Learn more Here are links to the resources mentioned in this session: Enterprise State Roaming Overview Windows 10 Roaming Settings Reference User Experience Virtualization (UE-V) for Windows 10 overview Group Policy and MDM settings for ESR Administering UE-V with Windows PowerShell and WMI Configuring UE-V with Group Policy Objects While not mentioned specifically in this session, here are some additional resources you might find helpful: Microsoft COVID-19 response site Enabling Remote Work Microsoft Endpoint Manager remote work blog Work remotely, stay secure 2 weeks in: what we’ve learned about remote work Frequently asked questions Q: Is the assumption correct that any Win32 app, once converted to MSIX, has to support Enterprise State Roaming instead of local profile storage (AppData/Roaming and UE-V combo)? A: If your application, prior to MSIX conversion was already writing data to the Known Folder %APPDATA% path, the folder is remapped during conversion to the roaming app storage path (i.e. C:\Users\<username>\AppData\Roaming\ to AppData\Local\Packages\<AppName>.AppData_<GUID>\LocalCache\Roaming\ Q: Do you see companies use both UE-V and ESR at the same time? It seems each cover different things. A: Yes. companies can leverage both at the same time for Windows 10 pending the requirements are met. Q: For a completely cloud-managed Windows client (i.e. no AD/hybrid join; pure UEM), we would need to use 2 solutions (ESR and UE-V w/cloud storage such as OneDrive) in order to get full state management? A: Yes, especially for legacy Win32 applications, including most enterprise LOB (Line-of-Business) apps, you would need to leverage UE-V. Q: For UE-V custom templates, is there a recommended size of files that shouldn’t use this solution? For example, a program that has large files like Dragon Naturally Speaking could have large files. Will large files cause performance issues? A: It is recommended to maintain settings package sizes (PKGX) no more than 2-4 MB per application otherwise, application launches, and shutdown times can be adversely affected. You can work with detailed configuration elements to optimize templates. For more information, please refer to the Application Template Schema Reference for UE-V. Q: What would be the best strategy to monitor performance for sync items, so we make sure everything runs smoothly and monitor user’s performance in using UE-V, OneDrive and ESR? A: You can monitor Enterprise State Roaming sync status per-user and device in the Admin Portal. For more information, please see Enable Enterprise State Roaming in Azure Active Directory. You can use Microsoft 365 Reports to view status on OneDrive usage and sync statuses. Feedback We hope you find this session useful. We'd love your feedback and ideas for future sessions so please fill out this short survey. Thank you!2.2KViews0likes0CommentsRe: Network Administrator task
I would recommended the Microsoft 365 Admin Video Hub as most of the tasks you will do will depend on how you leverage the various services: https://docs.microsoft.com/en-us/microsoft-365/admin/admin-video-library?view=o365-worldwide I would also prioritize ensuring your Microsoft environment is secured: https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide1.1KViews0likes0CommentsRe: Azure AD Backup
For disaster recovery purposes, we have put many resiliency measures in place to prevent such a thing from occurring. Mark Russinovich goes into detail about how this works here: https://azure.microsoft.com/en-us/blog/advancing-service-resilience-in-azure-active-directory-with-its-backup-authentication-service/ In situations where users and objects have been accidentally deleted, there are ways you can restore these: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-restore https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/users-bulk-restore713Views0likes0CommentsRe: Best Practice for targeting Configuration Policies in MEM
We talked about this a couple of months back on Unpacking Endpoint Management - our podcast. https://www.youtube.com/watch?v=jzhUVJ8yfaw We also have this excellent post on the Tech Community blog from the MEM support team - https://techcommunity.microsoft.com/t5/intune-customer-success/intune-grouping-targeting-and-filtering-recommendations-for-best/ba-p/2983058683Views0likes0CommentsRe: Does adding new domain affect existing Azure AD joined devices?
I believe the main concern here would be the ramifications of changing the user UPN and what would need to be changed in the AAD Connect configuration. Refer to this documentation on where you would need to make adjustments. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-userprincipalname828Views2likes0CommentsRe: Bitlocker Encryption with AutoPilot Deployment (Non SCCM, Cloud ECM only)
I would also verify that all the devices firmware is up to date. This Customer Success article may also be helpful in gathering additional data - especially if you open a support case, which is also recommended. https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-troubleshooting-bitlocker-policies-in-microsoft/ba-p/8636702.8KViews0likes3CommentsRe: How do I gain access to the System Volume Information\Chkdsk folder?
Avoid doing this through Explorer. Technically, you can view anything under that folder while running in the system context. Most use a an elevated command prompt coupled with PSEXEC from the Sysinternals suite. If this is a server, I would understand why if there have been recent issues where reboots were delayed. But remember, if this is becoming a common occurrence, you likely have a more serious or underlying problem. Also ensure you are doing this for the purpose of viewing information like CHKDSK logs as making modifications to this folder could create problems and is not supported. Also remember, just because you can does not mean you always should - and you should do this via a PAW.3.5KViews0likes0CommentsRe: Update Compliance Query help
I am not 100% sure I understand - but I think you want a count summarization, perhaps? Maybe a query along these lines - WaaSDeploymentStatus | where UpdateCategory == "Quality" | summarize count() by UpdateReleasedDate, DeploymentStatus, DetailedStatus | order by UpdateReleasedDate asc1.1KViews0likes0CommentsRe: Driver Management: What does Microsoft recommend?
Right now, we strongly recommend customers leverage Update Compliance in regards to gaining insights into existing Safeguard Holds. https://techcommunity.microsoft.com/t5/windows-it-pro-blog/access-safeguard-hold-details-with-update-compliance/ba-p/18096522.3KViews1like0CommentsRe: ESENT 642 error
GrandadLex We have investigated this issue and are in the process of resolving it. We are also implementing some additional changes to how that error reports noted here: https://blogs.windows.com/windows-insider/2020/08/21/announcing-windows-10-insider-preview-build-20197/1.4KViews0likes0CommentsRe: Feature update reporting in WufB
Deleted Great question. Device states are NOT on by default and the administrator will need to make sure it is enabled through the Intune device collection policy. After enabling this, Intune can collect windows update data thru its pipeline (and not through regular telemetry) Otherwise, I would recommend you open a support case, as there have been some reports of missing (g:id) causing this problem before.1.1KViews1like1CommentRe: OEM drivers after upgrading to a new Windows 10 release
Lucas As a matter of fact, we are. 🙂 We recently posted in the Windows IT Pro Blog on this very subject regarding the innovations in this space. https://techcommunity.microsoft.com/t5/windows-it-pro-blog/redefining-manual-driver-updates/ba-p/18297151.3KViews0likes1Comment
