ConfigMgr 1802 TP – Report on Windows AutoPilot device information

The following text is from the MS docs site but screen shot from my lab (no need to recreate good document): https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1802#report-on-windows-autopilot-device-information

Windows AutoPilot is a solution for onboarding and configuring new Windows 10 devices in a modern way. For more information, see an overview of Windows AutoPilot. One method of registering existing devices with Windows AutoPilot is to upload device information to the Microsoft Store for Business and Education. This information includes the device serial number, Windows product identifier, and a hardware identifier. Use Configuration Manager to collect and report this device information.

Prerequisites

  • This device information only applies to clients on Windows 10, version 1703, and later
  1. In the Configuration Manager console, Monitoring workspace, expand the Reporting node, expand Reports, and select the Hardware – General node.
  2. Run the new report, Windows AutoPilot Device Information and view the results.


  1. In the report viewer click the Export icon, and select CSV (comma delimited) option.


  1. After saving the file, upload the data to the Microsoft Store for Business and Education. For more information, see add devices in Microsoft Store for Business and Education.

ConfigMgr 1802 TP – Improvements to Windows 10 in-place upgrade task sequence

In 1802 TP, when you create a upgrade Task Sequence, now there will be additional groups created that is based on recommendations what Microsoft and others have seen done in the field. These groups are just recommendations and the actual tasks/scripts to do the checks, installs, etc. will need to be done by you. Several example scripts are out on the next that can help you get started.

Some examples and additional recommendations are available here https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1802

-Jay

ConfigMgr 1802 TP – Microsoft Edge Browser Profiles

In the updated 1802 TP, we now have an option to create Edge policies.

In Assets and Compliance, under Compliance Settings, there is an option for Microsoft Edge Browser Profiles

Highlight that and choose from the Menu (or right click) to Create Microsoft Edge profile

In the Create Microsoft Edge Browser Policy wizard, name your profile/policy just as an example below. You can create multiple profiles to target different collections like any other deployment.

In the next screen, choose the configuration needed based on your corporate policies.

Once done, select next and choose the OS which will always be Windows 10 but you can target between x32 and x64.

Once all done, from the menu bar or right click to deploy the policy to a collection.

Dynamic Lock in Windows 10 (Coming in Creators Update)

We always see computers left unattended and unlocked at the workplace and even worse, public places like coffee shops. In Windows Creators update, Microsoft has introduced Dynamic Lock. When you pair your phone (Bluetooth) with Windows 10, now the option to lock the computer automatically when you walk away will be available.

If you have the Insiders Preview today, you can test this by enabling Dynamic Lock by going to Settings > Accounts > Sign-in options and toggle Dynamic lock to “on”. Make sure you phone is paired to your computer first.

For the Enterprise, Dynamic Lock can also be enforced via Group Policy.

Windows Defender ATP – Onboarding Endpoint with Configuration Manager 1606 or higher

To be able to review Windows 10 endpoints (Anniversary Update or higher) into Windows Defender ATP, you will need to onboard first. There are several ways to do so including scripts, Group Policy, Intune, Configuration Manager 2012 through current branch 1602. With the release of Configuration Manager branch update 1606, it now includes integrated Windows Defender ATP to be able to monitor and deploy the policies.

  1. To get started, login to the Windows Defender ATP site to download the policies https://securitycenter.windows.com/download
  2. Choose the drop down Select your deployment tool, and select the System Center Configuration Manager (current branch) version 1606

  3. This will download a ZIP file with the onboarding package. Unzip it to where you can access it with ConfigMgr.
  4. Under Assets and Compliance, expand Endpoint Protection where you will see Windows Defender ATP Policies. Select Windows Defender ATP Policies , and click Create Windows Defender ATP Policy from the toolbar or right click.
  5. Follow the wizard to import the onboarding file you downloaded from the site. (NOTE: SCREENSHOT SHOWS OFFBOARDING, BUT SHOULD BE ONBOARDING)

  6. Once done, you will see the policies in the console. Right client or from the toolbar, click Deploy.

  7. You can do this for off-boarding as well. From the same site, you can select to download the off-boarding package and then follow the steps above to import into ConfigMgr.

Quick Assist in Windows 10

 

Microsoft in the latest Insider Previews has introduced (or reintroduced) Quick Assist. Quick Assist is a remote desktop tool to assist other users with Windows 10 or apps. This can be very useful for business to help remote users or folks in IT trying to help friends and family.

 

From the Start Menu, go to Windows Accessories and you will see the desktop app called Quick Assist. Currently I have build 10.0.14393 which has this application.

 

  1. Click Quick Assist and click Give Assistant.
  2. You will be asked to sign into your Microsoft Account (MSA, Live, Hotmail, Outlook.com, etc.) that you have registered.
  3. Once you sign in, you will get the Share security code dialog with a code. (* I have crossed out the code here. Even though it will not work after the expiration, I wanted to play it safe).

  4. You can copy to clipboard, send email or provide instructions.
  5. Now tell the user how to use the code so they can let you in to remote in.

Remote User

  1. Open the Start menu and select All apps > Windows Accessories > Quick Assist.
  2. Select Get assistance and follow the instructions.
  3. If User Account Control appears, select Yes to continue.
  4. After the steps are completed, please wait a few minutes for your devices to connect

     

    You will see it connecting and the remote user will need to click
    Allow to give access.

     

     

Configuration Manager 1602 Changes – Part 1

 

Here are few new items in the 1602 branch of Configuration Manager

 

  1. A new option in the Software Center that allows the user to poll the user and machine policies (without going through the Control Paten applet). In Software Center (after the new client push), a Sync Policy button has been added to the Options > Computer Maintenance page.

  1. Windows 10 Device Health Attestation. This can be enabled in Administration > Overview > Client Settings under Computer Agent

To view the device health attestation view, in the Configuration Manager console go to the Monitoring workspace of, click Security node, and then click Health Attestation.

  1. Configuration Manager sites that run version 1602 or later support the in-place upgrade of the site servers operating system from Windows Server 2008 R2 to Windows Server 2012 R2. Before you upgrade to Windows Server 2012 R2, you must uninstall WSUS 3.2 from the server.
  2. New filter options are available for Windows 10 servicing plans that allow you to filter for Language, Required, and Title. Only upgrades that meet the specified criteria will be added to the associated deployment. Prior this change, all upgrades were being downloaded regardless of language or SKU.