anyweb

hi, I've added it back now, thanks for noticing

All you have to do is set the following registry key via Michael Niehaus on Twitter

Introduction Microsoft has just released System Center Configuration Manager Technical Preview 1709, and that Technical Preview release allows you to configure co-management. Microsoft announced co-management at Microsoft Ignite (September 2017) and now with this release you can begin testing that scenario (however you still need the yet to be released Windows 10 Fall creators update edition, aka Windows 10 version 1709), so for now you'll need to test with a Windows Insider preview release. But what is co-management ? according to Microsoft it is... The graphic below shows you that scenario. Prerequisites The following are general prerequisites for you to enable co-management: Technical Preview for Configuration Manager version 1709 Azure AD EMS or Intune license for all users Intune subscription (MDM authority in Intune set to Intune) Additional prerequisites for existing Configuration Manager clients Windows 10, version 1709 (Fall Creators Update) and later Hybrid Azure AD joined (joined to AD and Azure AD) Additional prerequisites for new Windows 10 devices Windows 10, version 1709 (Fall Creators Update) and later Cloud Management Gateway in Configuration Manager Create some collections In SCCM Assets and Compliance, select Device Collections and create a device collection, called Pilot co-managed devices, and alternatively one called Production co-managed devices, populate them with some devices. Enabling co-management To configure Co-Management, select Administration, Cloud Services, and click on Co-Management. Enter the credentials of your Standalone MDM Intune tenant and click Sign In. Create a Pilot co-management policy To being with, you'll want to do a Pilot configuration of Co-Management. Select your Pilot group of co-managed devices by clicking on Browse and selecting the Pilot co-managed devices collection created above. On the Configure Enablement screen, set the drop down to Pilot Click on Copy to copy that line of text, the text will be something like this: CCMSETUPCMD="/mp:https:// CCMHOSTNAME= SMSSiteCode= SMSMP=https:// AADTENANTID= AADTENANTNAME= AADCLIENTAPPID= AADRESOURCEURI= SMSPublicRootKey=" Next, you can configure the workloads (on or off, there is no middle ground here) and continue the wizard through to completion. Create a Production co-management policy After creating the above policy, and once you've completed your pilot, create a new Production policy (Pilot will be greyed out). Now, the drop down can choose All (or none). and again configure workloads... The created policies are shown here. Recommended reading To get more info about this topic, please review the following blog posts from Microsoft. https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1709#co-management-for-windows-10-devices https://blogs.technet.microsoft.com/enterprisemobility/2017/09/27/whats-new-with-microsoft-intune-and-system-center-configuration-manager-ignite-2017

ping me tomorrow and i can test it in my env, email me at niall @ windowsnoob . com

hi MDT is perfect for doing what you want and there are several PowerShell script here on windows-noob to automate the creation of your first MDT deployment share on Windows Server, here's an example - i'd suggest you use virtual machines to build and capture your images from and then deploy those captured images to your intended targets, good luck, cheers niall

happy to have helped ;-)

Are you planning to deploy Microsoft Intune and looking for straightforward technical guidance to help you accelerate this effort? Please join us as we share our deployment experience working with customers from all over the world, covering Intune pilot planning, deployment and management. At the end of this session, you will have a solid foundation to deliver a successful Intune pilot deployment in your organization. The above is a session I did with Peter Daalmans @ Microsoft Ignite on Friday 29th of September 2017, please check it out especially if you are interested in Microsoft Intune. cheers niall

good point so I've created this https://www.windows-noob.com/forums/forum/120-cloud/ which is where you can post about Azure, Office 365 and Intune

yes it works just fine

what does the cmupdate.log tell you ?

ok then you'd need to look at Azure Information Protection instead and secure the documents themselves and it's based on the identity to decide if you have access or not...

wow, maybe you need Windows 10 v 1703 specific video drivers for that hardware ?

is the user that you are using to browse the data, targeted by the WIP policy or not ?

hi, this topic is about Discovery, please post your boundaries question in a separate thread, thanks

Great article, very clear! thanks ! can you explain what you mean by 'devices which don't use WIP', once you've removed the user account from Access work or school, then the protected data is revoked as shown in my screenshot above

hi we are deploying Windows 10 v 1607 (and v1703) just fine with ADK 1703, don't be afraid to move to the new versions, there's lot of benefits

no problem, glad you identified the issue

has there been any change on the switch level, i.e. have iphelpers been configured ?

hi, this morning I performed a site upgrade (security update to version 4.2.4) which completed successfully (according to the upgrade process), except, it didn't. As a result, new users could not join, and people could not reply to posts or edit posts or start new posts, this affected users throughout Europe, Middle-East and Africa, but was resolved a few hours ago so US users probably didn't notice. I apologize for any inconvenience caused by this downtime, on the plus side, all blog posts (and other posts) were still readable during this time thanks to @hybrid (Peter) for fixing the problem this evening, cheers niall

hi well this is not covering an upgrade, it's a clean install so please raise this as a separate topic, thanks

this is a separate question to this topic right ?

sorry, what i mean is you need to modify the PowerShell script (Install SCCM Current Branch version 1606.ps1), and edit the corresponding section which creates the configuration.ini file.

we are using it in a SCCM 1702 CB environment with 1703 adk boot wims. no problems you have probably made a 'mistake' in the script editing, causing it to fail and reboot, you can test the scripts 'manually' by creating standalone media (usb) and testing that way... over and over

use what Microsoft supports and you should be fine, if in doubt, try it in a lab first

welcome !