User Profile
JamieHosley
Brass Contributor
Joined May 05, 2017
User Widgets
Recent Discussions
Re: Group Policy Analytics - error migrating site to zone assignment list
Sure, what I'm seeing is when I run the Migrator the Value is displayed as the JSON starting like this [{"Name":"*.cookeschool.fastclass.com","Data":"1"},{"Name":"*. But then when I go on to the Configuration piece the setting JSON begins like this Site to Zone Assignment List/Enter the zone assignments here. - [{"Name":"*.cookeschool.fastclass.com","Data":"1"},{"Name":", note the text now included before the starting bracket, that text is also included Settings detail on the Review and deploy page before attempting the migration which then fails. I was thinking that if that initial text (Site to Zone Assignment List/Enter the zone assignments here. -) were removed it may then work on the migration.1.2KViews0likes2CommentsGroup Policy Analytics - error migrating site to zone assignment list
I've imported our site to zone assignment list from our GPO and the setting is green for migration to MDM, but when I run the migration it fails. Looking at the console I think the issue may be that the JSON is malformed but I don't see a way for me to fix it manually and try the migration again. Is there any way to get help with this item?1.3KViews0likes5CommentsWhen is the AgentExecutor.exe first installed and where does it get updates from?
Does anyone know when the AgentExecutor.exe (the MicrosoftEndpointManagementExtension) first gets installed, would be with co-management being set? Or if Endpoint Analytics was introduced? Also, where does this app get it's updates from, straight from our Intune tenant? If anyone has any info on this subject it would be greatly appreciated.Solved34KViews0likes2CommentsRe: Logging into Azure AD only computer with on-prem AD based certificate on smart card
Hey Roy, Yes we've been working a case with Azure Identity support since October and haven't got anywhere. That's what spurred me to reach out here on the office hours because it seems we may not have the right people engaged and if I needed to I could request our TAM to reach out to other resources that might be able to provide us with more specific help on the options here.1.8KViews0likes0CommentsRe: Logging into Azure AD only computer with on-prem AD based certificate on smart card
and we could push for whatever changes (or additions) might be needed to get this working on our config but we don't know what to ask for to be able to get it working (or to get some acceptable alternative put in place).1.8KViews0likes2CommentsRe: Logging into Azure AD only computer with on-prem AD based certificate on smart card
Hey Jason, So our user accounts are also synced to Azure AD but for authenticating to anything in our Azure tenant we pass through ADFS using our x509 certs from our cards and that seems to be where this runs into an issue and we're having a real problem even getting a declarative statement from anyone that this just isn't possible unless that usage changes.1.8KViews0likes3CommentsRe: Logging into Azure AD only computer with on-prem AD based certificate on smart card
Hey Roy, Thanks for this, that might be what we need, this has ended being a real difficult hurdle for us to get over. Authenticating/logging into the Azure AD only device works fine with an Azure AD only user account, but using our existing on-prem accounts has not been something we've been able to get to work at all and we're also moving forward with some special projects that utilize HoloLens's so it's a growing need for us to figure this out. I really appreciate the info.1.8KViews1like5CommentsLogging into Azure AD only computer with on-prem AD based certificate on smart card
We're making the move to deploying Azure AD only devices but we're running into real issues getting authentication to work using our smart cards (we're a federal gov agency) for our user accounts which come from on-prem AD. While we do have MS resources we're working with we seem to be having a hard time finding the right MS resources that can assist us in getting all the components configured correctly (in Azure AD etc) for this to work (or determine if it is even possible). So I wanted to see here if there may be some recommendations on resources that we might be able to leverage to get this effort moving forward? Any help is appreciated. Also all on-prem devices are Hybrid AD joined and everything is co-managed and there are no issues there. Thanks, Jamie2.1KViews0likes7CommentsRe: Blocking chrome extensions but whitelist specific ones
AB21805 For our extension management in Edge (and Chrome) we use the "Configure extension management settings" option containing a JSON with the all extensions blocked and then the individual ones we want available listed with either "force_installed" for those we want installed and not touchable by the user, "allowed" for those that user can go and install from the Edge store (and/or Chrome store) and "normal_installed" for those that we pre-install but the user can enable/disable as needed. We've found this handles extensions overall better than using the separate settings entries. Below is our JSON as an example and here's the documentation link (and this is also included in Intune): https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#configure-extension-management-settings {"*":{"installation_mode":"blocked","blocked_install_message":"Installation of Edge extensions requires approval"},"jmfbfggikgbdccejjilikgnfdjnpmlfe":{"installation_mode":"normal_installed","update_url":"https://clients2.google.com/service/update2/crx"},"lfmcehohgifnaodaogknapedjiaoebgo":{"installation_mode":"allowed"},"ekhagklcjbdpajgpjgmbionohlpdbjgc":{"installation_mode":"allowed"},"pjjladfifbaokjdckiedipnkaemnjffa":{"installation_mode":"allowed"},"oiigbmnaadbkfbmpbfijlflahbdbdgdf":{"installation_mode":"allowed"},"mooikfkahbdckldjjndioackbalphokd":{"installation_mode":"allowed"},"ddaloccgjfibfpkalenodgehlhkgoahe":{"installation_mode":"allowed"},"jbbplnpkjmmeebjpijfedlgcdilocofh":{"installation_mode":"allowed"},"fjgncogppolhfdpijihbpfmeohpaadpc":{"installation_mode":"allowed"},"glnpjglilkicbckjpbgcfkogebgllemb":{"installation_mode":"allowed"},"dpncpimghfponcpjkgihfikppbbhchil":{"installation_mode":"allowed"},"dkgencfabioofgdmhhjljpkbbchbikbh":{"installation_mode":"allowed"},"bomfdkbfpdhijjbeoicnfhjbdhncfhig":{"installation_mode":"allowed"},"ikdddppdhmjcdfgilpnbkdeggoiicjgo":{"installation_mode":"normal_installed","update_url":"https://edge.microsoft.com/extensionwebstorebase/v1/crx"},"nffeahffadlikbdfgngjocbcicdbikpa":{"installation_mode":"normal_installed","update_url":"https://clients2.google.com/service/update2/crx"},"pbnfcaobikkbealhienfilklacghhgoi":{"installation_mode":"allowed"},"hdgegmlancchhhlkkddoiedlklgocffm":{"installation_mode":"allowed"},"lhdoppojpmngadmnindnejefpokejbdd":{"installation_mode":"allowed"},"inahogkhlkbkjkkaleonemeijihmfagi":{"installation_mode":"allowed"},"elgalmkoelokbchhkhacckoklkejnhcd":{"installation_mode":"allowed"},"pbjjkligggfmakdaogkfomddhfmpjeni":{"installation_mode":"allowed"},"hbfacnnpimgddoojjaonnnbeljegicfl":{"installation_mode":"normal_installed","update_url":"https://edge.microsoft.com/extensionwebstorebase/v1/crx"},"maafgiompdekodanheihhgilkjchcakm":{"installation_mode":"normal_installed","update_url":"https://outlook.office.com/owa/SmimeCrxUpdate.ashx"},"mbcgpelmjnpfbdnkbebdlfjmeckpnhha":{"installation_mode":"allowed"},"llnckjibglpbknibkglkapgkcioabomp":{"installation_mode":"allowed"},"jaleebmaoohbjjohjlfmihkkopgfibne":{"installation_mode":"allowed"},"cdgjgpahklmdkojkkdgmckgmbnheolnl":{"installation_mode":"allowed"},"mbopgmdnpcbohhpnfglgohlbhfongabi":{"installation_mode":"allowed"},"ghbhpcookfemncgoinjblecnilppimih":{"installation_mode":"allowed"},"jalhapcnkijacfbnbcicimhafnllongh":{"installation_mode":"allowed"},"gpphkfbcpidddadnkolkpfckpihlkkil":{"installation_mode":"allowed"},"nnkgneoiohoecpdiaponcejilbhhikei":{"installation_mode":"allowed"},"gjpfobpafnhjhbajcjgccbbdofdckggg":{"installation_mode":"allowed"},"ggknodeapenofhidkfgfncfoeclcfoom":{"installation_mode":"allowed"},"ifoakfbpdcdoeenechcleahebpibofpc":{"installation_mode":"allowed"},"ndaciljfdnekbnmcpjidoebejglcjidc":{"installation_mode":"allowed"},"ogcgkffhplmphkaahpmffcafajaocjbd":{"installation_mode":"allowed"},"pmapbmihblakhgodloklimjbaoohkiop":{"installation_mode":"allowed"},"gmhjclgpamdccpomoomknemhmmialaae":{"installation_mode":"allowed"},"lajjpilliikppcbaghjehndpfdiiphbe":{"installation_mode":"allowed"},"pjocddipjlkokifpnnbmjemienmelhak":{"installation_mode":"allowed"},"feolagkacappiaieohahjkeaikhjjcfa":{"installation_mode":"allowed"},"ildbfpaelempeokjfldpclbfggjkhdhl":{"installation_mode":"allowed"},"nhdogjmejiglipccpnnnanhbledajbpd":{"installation_mode":"allowed"},"hicljaeiiajaecppcpfphnibmddpehlk":{"installation_mode":"allowed"},"kpjldaeddnfokhmgdlmpdlecmobaonnj":{"installation_mode":"allowed"},"banejkelfpdmmmfobepfdnbmbbnecnol":{"installation_mode":"allowed"}}13KViews1like0CommentsShared PC Mode: Account Management enabled with Account Deletion
Hi Everybody, We're looking at enabling Shared PC Mode with Account Management on some of our Windows devices, I've taken some existing machines and applied the shared pc configuration to them, so far I'm seeing that most are running through the new rule set (many had upwards of 500 user profiles and those number on each are dropping), but I have a couple that seem to have not run any processing of the new rules, everything in Intune for the machines looks good, all of succeeded in getting the config etc. Does anyone know of where I could look to get some troubleshooting detail from the machines that have seemed to not run any of the rule set? For example did it apply the account management rule but fail, or did it run it and then determine that it shouldn't have removed any accounts, or were there too many account for it too process. I've pulled diagnostic from the machines and was going through what was gathered but didn't see anything where this type of information was captured. Any info anyone may have on this area would be appreciated. Thanks, Jamie3.3KViews0likes0CommentsRe: Multi-app kiosk configuration
Sorry for the delay in coming back to the thread. As far as the start layout in the multi-app kiosk config there's a default option to have the app tiles on a full-page start menu so I went with that and didn't do a customized layout. I also followed up on this with a Microsoft resource and according to them for that built-in Edge option to work Edge has to be assigned to the machine in Intune (something I'm unable to do currently because the client apps workload in our environment is still Configuration Manager only). One small bug I found is that if the show taskbar option is selected File Explorer will sometimes be displayed on the taskbar, seems to show up randomly after reboots.5.2KViews0likes1CommentRe: Multi-app kiosk configuration
Nathan Blasac So I was able to get this working finally, using the Microsoft Edge option that's built-in when configuring the kiosk (I've circled it in the attached image) doesn't seem to work as Edge never launches when clicking on its tile. Instead I added Edge as a Win32 application and that is working.5.5KViews0likes4CommentsMulti-app kiosk configuration
Has anyone had success with configuring a multi-app kiosk with Intune. I'm especially having problems with Edge, for a quick test I've done Calculator and Edge as the two apps allowed to run, running Calculator seems to work as expected, Edge however will not launch, click on the tile and nothing happens. If I build a single-app kiosk using Edge that seems to work. Anyone have experience in this area? Thanks, Jamie5.7KViews0likes8CommentsRe: Deploying custom meeting backgrounds to all users
we created an msi package and install.cmd with the image files that placed them in "C:\ProgramData\OurTeamsFolder\Software\TeamsBackgrounds", then Active Setup was used to copy the files from "C:\ProgramData\OurTeamsFolder\Software\TeamsBackgrounds" to "%appdata%\Microsoft\Teams\Backgrounds\Uploads\" then it performed a reboot.71KViews1like1CommentDeploying custom meeting backgrounds to all users
We're looking to deploy a set of custom meetings backgrounds to all of our users, what's the bets method for that? Looking at using the file copy option via a GPO but wanted to see if there might be some other ways of doing it. Has anyone done this in their orgs?Solved76KViews0likes14Comments
Recent Blog Articles
No content to show