anyweb

hi Alex can you verify that you meet these requirements when creating the ANC ? as you are just doing AAD the first line is what you need Intune Administrator, Windows 365 Administrator, or Global Administrator role. and... once created, if you need to edit it... you'll also need > to have the Subscription Reader role in the Azure Subscription where the VNET associated with the ANC was located. for more info > Azure network connection overview | Microsoft Learn cheers niall Permissions required for Azure network connections The ANC wizard requires access to Azure and, optionally, on-premises domain resources. The following permissions are required for the ANC: Intune Administrator, Windows 365 Administrator, or Global Administrator role. An Active Directory user account with sufficient permissions to join the AD domain into this Organizational Unit( (Hybrid Azure AD Join ANCs only). To create or edit an ANC, you must also have the Subscription Reader role in the Azure Subscription where the VNET associated with the ANC was located. For a full list of requirements, see Windows 365 requirements.

IT compliance is a critical aspect of modern business as it refers to the adherence to policies, regulations, and government laws protecting IT systems and processes. IT compliance ensures businesses and organizations operate under strict security requirements, guidelines, and industry best practices for data protection and governance. IT business leaders, CIOs/CTOs/CISOs, MSPs, system administrators, and other roles within IT must understand the importance of implementing stricter compliance requirements to protect valuable data. Here are a few reasons why modern businesses and organizations must become IT-compliant: Ensuring Data Privacy and Security Businesses that handle sensitive information, such as customer data and financial and medical information, must comply with industry-specific frameworks like HIPAA, PCI-DSS, GDPR, and others. These frameworks provide guidelines for protecting the most sensitive of information a business handles, including data encryption, access controls, and vulnerability assessments. Mitigating Security Risks IT Compliance standards, such as ISO 27001, NIST, and CIS, provide guidelines for identifying, assessing, and mitigating security risks. These standards enable businesses to implement best practices for security and ensure that their IT infrastructure is secure against cyber threats. Avoiding Legal and Financial Fines IT compliance can help businesses avoid legal and financial penalties. However, non-compliance with industry-specific regulations can result in hefty fines, legal suits, and loss of reputation in case of data breaches and general loss of sensitive information. Providing Competitive Advantage Compliance with industry-specific regulations demonstrates to customers the willingness and seriousness businesses take toward data privacy and information security. Compliance can also help businesses improve their reputation, build customer trust, and enhance brand value. Take the Hornetsecurity IT Compliance Survey now! Feel free to participate and get a chance to win!

can you show me how you originally configured SCCM other sources ? maybe that was the issue

hi Joe, do you still have this problem ?

point the server role to the right IP address.. that should do it

are these devices domain joined or not ? if not, then you'll need to do some things on each computer (including approving them in SCCM) before they work correctly see this post for more details

ok i've shared the new code with you @TomBlack please read the instructions in the ZIP (7zip)

hi TomBlack, i have a new version (not released yet) with several fixes/changes/enhancements, if you want to try it, pm me and i'll make it available to you, blog coming later...

did you assign this to your Windows Autopilot users or ?

check how you deployed it, is it like so ?

do you know what software is installed on this cloud pc, probably one or more apps are slowing things down, that's my guess, but it's hard to tell without more info about whats running on the cloud pc, do you know ?

this looks like a Windows 365 Cloud PC (business), based on the 'please wait' I wonder is it getting updated by any chance, it looks like it needs a restart, if you browse to https://www.windows365.com do you see an option to restart your Cloud PC there ? if that doesn't help when you see 'please wait' then you'll need to troubleshoot on the Cloud PC itself to see what is causing it to be in this state,

hi @Wizu I've now finished updating the changes and testing to the new release (1.5.28) I plan on blogging about the changes shortly, if you'd like to try it before I blog it then please pm me and i'll make the code available,

Microsoft Outlook users advised to urgently apply the security patches provided by Microsoft Hannover, Germany – 16 March 2023 – A severe security vulnerability has been discovered in Microsoft Outlook, which is currently being exploited by cybercriminals. The vulnerability, identified as CVE-2023-23397 with a CVSS score of 9.8, permits a remote, unauthorized attacker to compromise systems simply by transmitting a specifically crafted email. This malicious email enables the attacker to gain unauthorized access to the recipient’s credentials. More widespread attacks that target this vulnerability are expected Umut Alemdar, Head of the Security Lab at Hornetsecurity, said, “We expect that the likelihood of more widespread attacks targeting the CVE-2023-23397 vulnerability to increase, as public proof-of-concepts have already been released. We therefore highly recommend that all users of Microsoft Outlook apply the security patches provided by Microsoft as soon as possible.” He confirmed that Hornetsecurity detects emails that exploit the vulnerability and quarantines them to prevent emails from reaching the victim’s inbox, and added, “The Security Lab at Hornetsecurity is continuing to monitor the threat landscape to ensure that customers are protected from the latest cyber threats.” Exploitation occurs even before the email is displayed in the preview pane The exploit is initiated by fetching and processing a malicious email by the Outlook client, potentially leading to exploitation even before the email is displayed in the preview pane. It triggers a connection from the victim to a location controlled by the attacker. This results in the leakage of the victim’s Net-NTLMv2 hash, a challenge-response protocol used for authentication in Windows environments. The attacker can then relay this information to another service and authenticate as the victim, further compromising the system. The complexity of the attack is low, and it has been seen in the wild according to Microsoft, with the exploit being used to target the European government, military, energy, and transportation organisations. It was initially reported to Microsoft by CERT-UA (the Computer Emergency Response Team for Ukraine). A proof-of-concept created by the Hornetsecurity’s Security Lab team demonstrates that the exploit is hard-to-detect since all anti-malware and sandbox services incorporated into VirusTotal were unable to recognize it as malicious. Recommended actions For a list of affected versions, and recommended action to secure your organization, please click here.

Introduction If you are new to Windows 365 Cloud PC's please check out our series about Getting Started with Windows 365. Microsoft recently blogged about the ability to use alternate ANCs (Azure Network Connection) when Provisioning Cloud PCs so that if one ANC goes down it can fall over to the next in line according to priority. You can read that blog post here. Lets look at the new feature in detail. But first, what is a provisioning policy. This policy defines what settings you will apply to new Cloud PCs when they are provisioned for your users. When creating a new provisioning policy you have to enter some details, such as join type, network type, and so on. In this case we are interested in the type of network we'll use, it can be Microsoft hosted network Azure network connection as you can see here The reason there are two types of network depends entirely on your needs. If you want minimum fuss and minimum requirements when creating the policy choose the Microsoft hosted network, that way you don't have to create a virtual network or have an Azure subscription tied to your Cloud PCs connectivity. If on the other hand you want to have more control over the type of network settings such as specifying individual DNS servers, IP ranges or address spaces then you need to choose Azure network connection and create those separate virtual networks (vnet) in your Azure subscription. Once you've decided which network join type to use, you are shown active working ANCs in your environment at the time you started creating the provisioning policy. Those ANC's listed are based on the list of healthy ANC's you have at time of creation of the provisioning policy, so at the time I created this provisioning policy, the following ANCs were healthy. Note that it will only list those ANCs based on the join type you select. Note: You should only add an alternate ANC if you fully understand the implications of provisioning Cloud PCs in a different ANC. If any of the above are unhealthy, they won't appear in the drop down list. Select those that you want included in this provisioning policy. You'll notice that a new Network prioritization UI appears behind your choices. Clicking away from the drop down menu allows you to sort your ANCs by your chosen priority. You can click and drag the ANC from one priority to another within your list. After sorting your ANCs by priority your new list is shown UI note: It would be nice if all the information in each of the columns for each ANC was shown, right now you need to scroll right to see what's what. Continue through the wizard to complete your Alternate ANC provisioning policy. The policy is listed below, note how the Azure network connection column shows a + What about existing provisioning policies ? You can also edit existing provisioning policies to add alternate ANCs, however it's not that intuative. To do so, open the properties of an existing policy and click Edit at the General settings. in the Azure network connection section, click the drop down menu to show other healthy ANC's next, make your selection and change priority as shown earlier Verifying alternate ANCs in your provisioning policy Now that I've created an Alternate ANC provisioning policy with three healthy ANCs (listed below), I decided it was time to see this working in a lab. W365Demo1_anc W365Demo2_anc W365 North Europe HAAD ANC For this test I forced one of the three Routing and Remote Access Service (RRAS) servers which host services used in the hybrid azure network connections into an unhealthy state by shutting down the corresponding on premises server. By doing this I basically forced the following ANC offline. W365Demo1_anc Once that ANC was offline I retried the network tests in each respective ANC and then refreshed to see the latest status. You can clearly see that W365Demo1_anc is listed with a status of Checks failed. The next logical step is to provision a Cloud PC for a user targeted with the Alternate networks in windows 365 provisioning policy. I then added a user to the group targeted with the this provisioning policy and waited for it to provision. The provisioning started after a few minutes, but strangely it listed the very ANC that i took offline in the Azure network connection status column. This was not what I expected, but maybe just a UI glitch. According to the priority I specified in my alternate ANC list, I expected W365Demo2_anc to be the ANC used during provisioning as W365Demo1_anc was already offline and marked unhealthy. I've made the Product Group aware of this. I'll update this blog post once they reply back. After completing the provisioning process I could see that it correctly listed the second of three available ANC's from my list (as the first was offline). That's a result ! Great job Microsoft ! Recommended reading Using Alternate ANCs in Windows 365 - https://techcommunity.microsoft.com/t5/windows-it-pro-blog/using-alternate-ancs-in-windows-365/ba-p/3780384 Getting started with Windows 365 - https://www.windows-noob.com/forums/topic/23040-getting-started-with-windows-365-part-1-introduction/ Configuring alerts for Windows 365 Cloud PC's - https://www.windows-noob.com/forums/topic/23164-how-can-i-configure-alerts-for-windows-365-activity-in-intune/ Create and assign provisioning policy - https://learn.microsoft.com/en-us/windows-365/enterprise/create-provisioning-policy#continue-creating-a-provisioning-policy Summary Providing the ability to use multiple/alternate ANC's during provisioning of a new Windows 365 Cloud PC is an important step forward in reducing downtime when provisioning new Cloud PC's. The recommended actions in Matt's blog post do point out that you should keep an eye on the health of your ANC's and while that is nice in theory, the existing methods of doing that are to look at the ANC health in the Azure Network Connections view directly, or read the emails generated by the alerting feature. I'd like to see a report that shows the reliability/health of your ANC's over time, so that it's easy for the admin to pinpoint problem locations (during specific time periods) and fix them. This new feature only applies to the actual provisioning of the new Cloud PC. It does not apply to existing Cloud PC's that may be affected if an ANC goes unhealthy.

Click on the area I marked in yellow

nevermind i figured it out, it was a forum setting you should be able to mark it as solved now

i admit i'm stumped, do you have time to do a remote session with me so I can see exactly what you see ?

hmm i'll keep digging, I've not found the answer yet, but i'll try !

does this help ? https://invisioncommunity.com/news/invision-community/45-marking-as-solved-r1187/ do you see the option by clicking in the top right of a post ?

heh good question, let me try and figure it out, it could be a forum setting that i need to enable, i'll take a look and report back later

@sugarpickle check your pm

did you read the post above it at all ?

glad you got it sorted and that you posted the solution

without logs on a failing client it's hard to understand your problems, so.... can you zip up and attach the smsts.log file from a pxe booted device that has issues ?