Category Archives: Microsoft Endpoint Manager

Avoid conflicts with Group Policy and Microsoft Endpoint Manager – Identify Group Policy settings not supported by MDM.

When integrating your Windows 10 devices into Microsoft Endpoint Manager, you may encounter policy conflicts where the same setting is configured both on-premises via GPO and Intune. When this happens it can be a complete nightmare, so in this post I will show you how to identify GPOS not supported by MDM.

To run this tool follow the instructions below:

Install Remote Server Administration Tools. Windows 7 – https://www.microsoft.com/en-us/download/details.aspx?id=7887 Windows 8 – https://www.microsoft.com/en-us/download/details.aspx?id=28972
Window 8.1 – https://www.microsoft.com/en-us/download/details.aspx?id=39296
Windows 10 – https://www.microsoft.com/en-us/download/details.aspx?id=45520

Install this MMAT tool zipped Folder to your PC and unzip the folder.

Open a PowerShell Window running as an Admin.
Change directory to MMAT-master folder which contains all the scripts and exe inside.

Run the following script:

Set-ExecutionPolicy -ExecutionPolicy Unrestricted 

./Invoke-MdmMigrationAnalysisTool.ps1 -collectGPOReports -runAnalysisTool

When Invoke-MdmMigrationAnalysisTool.ps1 is completed,it will generate:

MDMMigrationAnalysis.xml: XML report containing information about policies for the target user and computer and how they map, if at all, to MDM.

As you can see from below you will have report defining what is and isnt supported

Regards
The Author – Blogabout.Cloud

Avoid conflicts with Group Policy and Microsoft Endpoint Manager – Make your MDM Policies Win

When integrating your Windows 10 devices into Microsoft Endpoint Manager, you may encounter policy conflicts where the same setting is configured both on-premises via GPO and Intune. When this happens it can be a complete nightmare, so in this post I will show you how to configure Microsoft Endpoint Manager so that your MDM policies rein over GPO.

Lets get to it and launch Microsoft Endpoint Manager dashboard –> Go to Devices –> Configuration Profile –> Create Profile

Platform – Windows 10 and later
Profile – Custom

Click Create

Click Add and enter the below

Name: ConflictPolicyConflict
Description: Enter value if required
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP
Data type: Integer
Value: 1

Click Save –> Press Next

If you are using Scope Tags – Define your tags and Press Next

Define your selected groups of machines for the profile and Press Next

Define applicability rules if in use and Press Next

Press Create

This will now force MDM Policies to win over Group Policies assigned to a Windows 10 device.

Regards
The Author – Blogabout.Cloud

Decrease the delay of administratively assigned OneDrive libraries with Proactive remediations

There is a registry key that decreases the delay for end-users to see their administratively assigned libraries via the OneDrive sync client.

Important Note

The purpose of this Proactive Remediation profile is so that the reg key is set everytime a user reboots the client device. As this key is removed at reboot. Proactive Remediation is a solution that detects if this registry key exists and if not, create it, on a recurring schedule.

So lets get creating the Proactive Remediation profile

Navigate to Reports –> Endpoint Analytics 

Proactive Remediations; Click Create Script Package

Provide Name and Description

Now it’s time to upload the scripts, for the detection script, copy and paste the below PowerShell code

 Clear-Host
 <#Information
 
    Author: thewatchernode
    Contact: author@blogabout.cloud
    Published: 5th January 2021
    
    .DESCRIPTION
    This script is designed remediate OneDrive Flag 
    
    Version Changes            
    
    : 0.1 Initial Script Build
    : 1.0 Inital Release
     
    Credit:
    
    .EXAMPLE
    .\Detect_OneDriveDelayFlag.ps1
    
    Description
    -----------
    Runs script with default values.
    
    .INPUTS
    None. You cannot pipe objects to this script.
#>
 #region Shortnames
$Path = "HKCU:\SOFTWARE\Microsoft\OneDrive\Accounts\Business1"
$Name = "Timerautomount"
$Type = "QWORD"
$Value = 1
#endregion Shortnames

#region Function
Function Set-OneDriveRegKey {
Try {
    $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
    If ($Registry -eq $Value){
        Write-Output "Compliant"
        Exit 0
    } 
    Write-Warning "Not Compliant"
    Exit 1
} 
Catch {
    Write-Warning "Not Compliant"
    Exit 1
}
}
#endregion Function

#Script Block
Set-OneDriveRegKey

For the remediation script, copy and paste the below PowerShell code

 Clear-Host
 <#Information
 
 
    Author: thewatchernode
    Contact: author@blogabout.cloud
    Published: 5th January 2021
    
    .DESCRIPTION
    This script is designed remediate OneDrive Flag 
    
    Version Changes            
    
    : 0.1 Initial Script Build
    : 1.0 Inital Release
     
    Credit:
    
    .EXAMPLE
    .\Remediate_OneDriveDelayFlag.ps1
    
    Description
    -----------
    Runs script with default values.
    
    .INPUTS
    None. You cannot pipe objects to this script.
#>


#region Shortnames
$Path = "HKCU:\SOFTWARE\Microsoft\OneDrive\Accounts\Business1"
$Name = "Timerautomount"
$Type = "QWORD"
$Value = 1
#endregion Shortnames

#region Script Block
Set-ItemProperty -Path $Path -Name $Name -Type $Type -Value $Value
#endregion Script Block

Ensure that the Run this script using the logged-on credentials is set to Yes. The Settings should look like so

Assign the custom script to your require groups

As the default schedule is Daily, you may have a require to edit the schedule.

This concldues this post.

Regards
The Author – Blogabout.Cloud

Syncing of OneDrive Shared Librabies automatically using Microsoft Endpoint Manager

First of all, we need to create Configuration Profile within Microsoft Endpoint Manager, you’ll need to gather the SharePoint document library ID or ID), for all the locations you would like to publish to your Windows 10 Devices. In this blog I am going to publish the Blogabout Cloud Library to all my devices.

A window will now appear, (if you receive any prompts to open OneDrive ignore it), click Copy library ID, keep this handy.

Creating the Configuration Profile

In order to apply the configuration to your Windows 10 devices that are enrolled into Microsoft Endpoint Manager. Launch Microsoft Endpoint Manager go to Devices –> Configuration Profiles –> Create Profile

Select Windows 10 and Administrative Templates

Press Next

Provide a Name for the profile and brief description as shown below

Under Computer Configuration and OneDrive, look for the setting Configure team site libraries to sync automatically

Click Enable
Enter the name you would like to be displayed and the Library ID as shown below

I am now going to recommend a number of other Microsoft OneDrive settings

SettingConfiguration
Silently sign in users to the OneDrive sync app with their Windows credentialsEnabled
Silently move Windows known folders to OneDriveEnabled
Use OneDrive Files On-DemandEnabled
Require user to confirm large delete operationsEnabled
Convert synced team site files to online-only filesEnabled

That completes the Configuration Profile setup, deploy this to your test users before deploying to production.

In my next post I am going to be looking leverage Proactive Remediation to decrease the synchronization time of assigned libraries to the Windows 10 device. The Microsoft default is 8 hours before the assigned libraries are published.

Regard
The Author – Blogabout.Cloud

-2016345712 (Syncml(400): The request command could not be performed because of malformed syntax in the command

I have been recently important ADMX templates and been generating potential errors that IT Administrators may encounter. This post is one of the errors you may receive if you don’t configure the Custom Profile correctly.

So as you can see from below I am receiving an Error Code 0x87d10190, the cause of this error is due to the string being incorrect.

When typing, copying or pasting in the string for the ADMX template you need to ensure you copy everything. Making sure there is no additional characters or spaces in the string. In my case, I missed a full stop at the start of the string as shown below.

Once adding in the full stop, the profile was successfully applied to the targeted devices.

Regards
The Author – Blogabout.Cloud

Improvements for PowerShel scripts in Microsoft Endpoint Manager – Good or Bad?

As a big adovcate of PowerShell Scripts in Microsoft Endpoint Manager, I definitely welcome the recent changes which Microsoft have implemented. This will have some positive effects on most organisations but maybe not as welcomed by others and heres why?

In my experience some organisations like to leverage PowerShell to modify applications that have been installed using Win32 apps. An example I have experience within this space is Java ( Oh the horror ). This organisation still required a fat install of java to run a legacy application and Java was inserted using GPO with reg hive modified to prevent the regular and annoying pop up for updates.

So to address this we installed Java via W32 apps and used a PowerShell script from Microsoft Endpoint Manager to modify the key.

What you will probably need to do is allow your script to fail. Once the script has failed, the Win32 apps will then be installed, and If the script fails, the Intune management extension agent retries the script three times for the next three consecutive Intune management extension agent check-in. The check in period is every 60 minutes so in that time you should have succesfully installed all Win32 apps.

Here is the new channges for PowerShell scripts.

PowerShell scripts execute before apps, and time out reduced

There are some updates to PowerShell scripts:

  • Microsoft Intune management extension execution flow is reverted back to processing PowerShell scripts first, and then running Win32 apps.
  • To resolve an Enrollment Status Page (ESP) time out issue, PowerShell scripts time out after 30 minutes. Previously, they timed out after 60 minutes.

For more information, see Use PowerShell scripts on Windows 10 devices in Intune.

Regards
The Author – Blogabout.Cloud

HowTo: Ensure your end user are prompted for MFA when enrolling Windows 10 devices. Conditional Access to the rescue

Sometimes you may come across special cases where either your customer or your own organisation might need to implement a solution which increases your security footprint. This post is no different and inspired from the MS-100 exam which I have recently taken and passed.

During the lab question I was asked how you would implement MFA for end user who want to enroll Windows 10 devices. So lets get to it…

Launch http://endpoint.microsoft.com and select Device + Conditional Access

Select New Policy

Provide your policy a “Name”
Select the user(s) or group(s) you want to apply the policy to
Click Cloud apps and actions – Click Select Apps and search then select Microsoft Intune Enrollment.

Under Grant – Select Require multi-factor authentication

Select on to enable the policy

Heres the process I had to go through to join a Windows 10 device to my tenant with MFA.

In the below screenshot is a configuration setting I have in my tenant for defining if devices are Corporate or Personally owned

All my corporate apps are now available for install.

Regards
The Author – Blogabout.Cloud

Installing SCCM Current Branch – SQL Server Installation (Part 2)

In this part we will go through the complete installation of SQL 2017 and configure SQL before installing SCCM Current Branch 1806 or higher.

Important Info

If you are planning on installing an older version of SQL, please follow our previous post here

Click the following link to see all supported SQL versions. For this post, I am going to install SQL 2017 on a separate server. (DB01)

Execute Setup.exe from the SQL installation media, select New SQL server stand-alone installation

SCCM SQL 2017 Install Guide

Provide the product key and click Next

SCCM SQL 2017 Install Guide

Review and Click Next

SCCM SQL 2017 Install Guide

Check Use Microsoft Update to check for updates and click Next

SCCM SQL 2017 Install Guide

Select SQL Server Feature Installation

Please Note

Some steps following steps in the wizard are automatically skipped where no action is required. For example, Products Updates, Install setup Files and Install Rules might be skipped.

Select the Database Engine feature and specify the SQL installation directory. This is the directory for the program files and shared features

  • Select Default instance and ensure that your instance is created on the SQL Volume

Set all services to run as the SQL Server Account that you created previously and set the services startup type to Automatic

On the Collation tab, set the Database Engine to use SQL_Latin1_General_CP1_CI_AS

In the Server Configuration tab, set the authentication mode to Windows Authentication and in the SQL Server Administrators add your SCCM Admins group

In the Data Directories tab set your drive letters correctly for your SQL databases, Logs, TempDB, and backup

On the TempDB, complete the various information based on the Database sizing section below.

  • Click Install

Complete the installation by clicking Close

Install SQL Server Management Studio (SSMS)

Back in the SQL Server Installation Center, click on Install SQL Server Management tools.

SCCM SQL 2017 Install Guide
  • This will redirect you to the Download page of SQL Server Management Studio. SSMS is no longer tied to the SQL server installation in terms of version.
  • Adjust the installation path if need, then click Install

Install SQL Reporting Services

  • Back in the SQL Server Installation Center, click on Install SQL Reporting Services.

The SQL reporting services is just like the Management console, it requires a

Click on Install Reporting Services

SCCM SQL 2017 Install Guide

Provide the Product key

SCCM SQL 2017 Install Guide

Accept License terms

SCCM SQL 2017 Install Guide

Click Next

SCCM SQL 2017 Install Guide

Select the installation path, click Install

SCCM SQL 2017 Install Guide

A reboot is required after the installation

SCCM SQL 2017 Install Guide

Apply SQL 2017 CU22 or higher

At the time of this writing, the latest SQL Cumulative Update is CU22. We will install it in order to have an updated SQL Installation. Note that CU2 is the minimum requirement

Download and execute SQL 2017 CU22
Accept the license terms and click Next

Leave default values, click Next

Wait for Check File in Use and click Next

Click Update

Update completed, might require a reboot

SPN Creation

When you configure SQL Server to use the local system account, a Service Principal Name (SPN) for the account is automatically created in Active Directory Domain Services. When the local system account is not in use, you must manually register the SPN for the SQL Server service account.

Since we are using a domain account, we must run the Setspn tool on a computer that resides in the domain of the SQL Server. It must use Domain Administrator credentials to run.

Run both commands to create the SPN, Change the server name and account name in each commands.

setspn -A MSSQLSvc/db01:1433 officec2r\svc.sql
setspn -A MSSQLSvc/db01.officec2r.com:1433 officec2r\svc.sql


To verify the domain user SPN is correctly registered, use the Setspn -L command

setspn –L officec2r\svc.sql

SQL Configuration

SCCM setup verifies that SQL Server reserves a minimum of 8 GB of memory for the primary site. To avoid, the warning, we’ll set the SQL Server memory limits to 8GB-12GB (80% of available RAM). Open SQL Server Management Studio

Right click the top SQL Server instance node

Select Properties

In the Memory tab define a limit for the minimum and maximum server memory. Configure and limit the memory to 80% of  your server available RAM. In my case I have 16GB available.

Minimum 8192

Maximum 12288

SQL Communications

To ensure proper SQL communication, verify that settings are set accordingly in SQL Network configurationOpen SQL Server Configuration Manager

Go to SQL Server Network Configuration / Protocols for SCCM

On the Right Pane, right-click TCP/IP and select Properties

In the Protocol tab

Enable: YES

Listen All : NO

In the IP Addresses tab

IP1 (which should have your Server IP)

Active : YES

Enabled : YES

All other IP and IP ALL

Active : YES

Enabled : NO

TCP Dynamic Ports : Blank value

TCP Port : 1433

Once the modification has been made, restart the SQL Server Service.

The server is now ready for the SCCM installation. We will now run the prerequisite checker and proceed to the complete SCCM Installation. We will install a stand-alone Primary site.

In the next part we will look at installing SCCM

Regards,
The Author – Blogabout.Cloud

Installing SCCM Current Branch – Installation Prerequisites (Part 1)

Operating System

For this post, our servers run Windows 2016 with latest security patches

Make sure that your OS is supported, see the SCCM Current Branch Technet Documentation

Disks

Disks IOs are the most important aspect of SCCM performance. We recommend configuring the disks following SQL Best practice. Split the load on a different drives. When formatting SQL drives, the cluster size (block size) in NTFS must be 64KB instead of the default 4K. See the previously recommended reading to achieve this.

LetterContentSize  
C:\Windows100GB
D:\SCCM200GB
E:\SQL Database (64K)40GB
F:\SQL TempDB (64K)40GB
G:\SQL Transaction Logs (64K)
SQL TempDB Logs
40GB

Showing 1 to 5 of 5 entries

Primary Site server prerequisites

Once your hardware is carefully planned, we can now prepare our environment and server before SCCM Installation.

Active Directory schema extension

You need to extend the Active Directory Schema only if you didn’t have a previous installation of SCCM in your domain. If you have SCCM 2007 already installed and planing a migration, skip this step.

  • Logon to a server with an account that is a member of Schema Admins security group
  • From SCCM ISO run .\SMSSETUP\BIN\X64\extadsch.exe
sccm 2012 r2 installation prerequisites
  • Check schema extension result, open Extadsch.log located in the root of the system drive
sccm 2012 r2 installation prerequisites

Create the System Management Container

Configuration Manager does not automatically create the System Management container in Active Directory Domain Services when the schema is extended. The container must be created one time for each domain that includes a Configuration Manager primary site server or secondary site server that publishes site information to Active Directory Domain Services

  • Start ADSIEdit, go to the System container and create a new Object
sccm 2012 r2 installation prerequisites
  • Select Container
sccm 2012 r2 installation prerequisites
  • Enter System Management
sccm 2012 r2 installation prerequisites

Set security permission

  • Open properties of the container System Management created previously
sccm 2012 r2 installation prerequisites
  • In the Security tab, add the site server computer account and Grant the Full Control permissions
sccm 2012 r2 installation prerequisites
  • Click Advanced, select the site server’s computer account, and then click Edit
  • In the Applies to list, select This object and all descendant objects
  • Click OK and close the ADSIEdit console

SCCM Accounts

Create the necessary accounts and groups created before installation. You can use a different name but I’ll refer to these names throughout the guide.

Server Account / GroupNameDescription
svc.sqlSQL Server Services Account
svc.sccmnaaSCCM Network Access Account
svc.sccmcpDomain account for SCCM client push install
svc.sqlrepDomain account for use with reporting services User
svc.sccmdjDomain account used to join machine to the domain during OSD
SCCM Admins GroupDomain group containing all SCCM Admins Group
SCCM Site ServersDomain group containing all SCCM servers in the hierarchy Group

When creating these services accounts I use a push script utilizing a CSV file. You CSV file will need to contain the following heading;

Then use the script below

Function Create-BulkADUsers {
# Import active directory module for running AD cmdlets
Import-Module activedirectory
  
#Store the data from ADUsers.csv in the $ADUsers variable
$ADUsers = Import-csv C:\_build\bulk_users.csv

#Loop through each row containing user details in the CSV file 
foreach ($User in $ADUsers)
{
	#Read user data from each field in each row and assign the data to a variable as below
		
	$Username 	= $User.username
	$Password 	= $User.password
	$Firstname 	= $User.firstname
	$Lastname 	= $User.lastname
	$OU 		= $User.ou #This field refers to the OU the user account is to be created in
    $email      = $User.email
    $streetaddress = $User.streetaddress
    $city       = $User.city
    $zipcode    = $User.zipcode
    $state      = $User.state
    $country    = $User.country
    $telephone  = $User.telephone
    $jobtitle   = $User.jobtitle
    $company    = $User.company
    $department = $User.department
    $Password = $User.Password


	#Check to see if the user already exists in AD
	if (Get-ADUser -F {SamAccountName -eq $Username})
	{
		 #If user does exist, give a warning
		 Write-Warning "A user account with username $Username already exist in Active Directory."
	}
	else
	{
		#User does not exist then proceed to create the new user account
		
        #Account will be created in the OU provided by the $OU variable read from the CSV file
		New-ADUser `
            -SamAccountName $Username `
            -UserPrincipalName "$Username@officec2r.com" `
            -Name "$Firstname $Lastname" `
            -GivenName $Firstname `
            -Surname $Lastname `
            -Enabled $True `
            -DisplayName "$Lastname, $Firstname" `
            -Path $OU `
            -City $city `
            -Company $company `
            -State $state `
            -StreetAddress $streetaddress `
            -OfficePhone $telephone `
            -EmailAddress $email `
            -Title $jobtitle `
            -Department $department `
            -AccountPassword (convertto-securestring $Password -AsPlainText -Force) -ChangePasswordAtLogon $True
            
	}
}
Write-Host "Info: User Accounts created" -ForegroundColor Green

For the required groups I use the following PowerShell cmdlet

New-ADGroup -Name "RODC Admins" -SamAccountName RODCAdmins -GroupCategory Security -GroupScope Global -DisplayName "RODC Administrators" -Path "CN=Users,DC=Fabrikam,DC=Com" -Description "Members of this group are RODC Administrators"

Network Configuration

Make sure that the server has a static IP as this is critical for the success of this deployment.

Firewall Configuration

If your Firewall is configured then you will need to run this script in an elevated command prompt order to open the necessary ports needed for SCCM.

Please Note: This script is designed based on using the default ports, if you are using custom ports. Change the values before running the script.

@echo ========= SQL Server Ports ===================
@echo Enabling SQLServer default instance port 1433
netsh advfirewall firewall add rule name="SQL Server" dir=in action=allow protocol=TCP localport=1433
@echo Enabling Dedicated Admin Connection port 1434
netsh advfirewall firewall add rule name="SQL Admin Connection" dir=in action=allow protocol=TCP localport=1434
@echo Enabling conventional SQL Server Service Broker port 4022
netsh advfirewall firewall add rule name="SQL Service Broker" dir=in action=allow protocol=TCP localport=4022
@echo Enabling Transact-SQL Debugger/RPC port 135
netsh advfirewall firewall add rule name="SQL Debugger/RPC" dir=in action=allow protocol=TCP localport=135
@echo ========= Analysis Services Ports ==============
@echo Enabling SSAS Default Instance port 2383
netsh advfirewall firewall add rule name="Analysis Services" dir=in action=allow protocol=TCP localport=2383
@echo Enabling SQL Server Browser Service port 2382
netsh advfirewall firewall add rule name="SQL Browser" dir=in action=allow protocol=TCP localport=2382
@echo ========= Misc Applications ==============
@echo Enabling HTTP port 80
netsh advfirewall firewall add rule name="HTTP" dir=in action=allow protocol=TCP localport=80
@echo Enabling SSL port 443
netsh advfirewall firewall add rule name="SSL" dir=in action=allow protocol=TCP localport=443
@echo Enabling port for SQL Server Browser Service's 'Browse' Button
netsh advfirewall firewall add rule name="SQL Browser" dir=in action=allow protocol=TCP localport=1434
@echo Allowing Ping command
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow

No_sms_on_drive.sms

To prevent SCCM from placing content on hard disks where you don’t wish for it to be held. Place a file name no_sms_on_drive.sms on the root drive.

Windows Server Features

On the Primary site server, the following components must be installed before SCCM installation. We’ll install all these components using a PowerShell script.

  • .Net Framework 3.51 SP1
  • .Net Framework 4
  • IIS
  • Remote Differential Compression
  • BITS Server Extension
  • WSUS 3.0 SP2
  • Report Viewer
  • ADK for Windows 8.1

Roles and features

On the Site Sever computer, open a PowerShell command prompt as an administrator and type the following commands. This will install the required features without having to use the Windows Server GUI.

Get-Module servermanager
Install-WindowsFeature Web-Windows-Auth, Web-ISAPI-Ext, Web-Metabase, Web-WMI, BITS, RDC, NET-Framework-Features, Web-Asp-Net, Web-Asp-Net45, NET-HTTP-Activation, NET-Non-HTTP-Activ

Ensure that all components are showing as SUCCESS as an EXIT Code. It’s normal to have Windows Update warnings at this point.

sccm 2012 r2 installation prerequisites

Report Viewer

You will now require the Report Viewer, please download and install – here

ADK for Windows 10

You will now require the ADK for Windows 10, please download and install – here

  • Select the default path
sccm 2012 r2 installation prerequisites

Select No and Press Next

sccm 2012 r2 installation prerequisites

Click Accept the License Agreement

sccm 2012 r2 installation prerequisites

Select
– Deployment Tools
– Windows Pre-Installation Environmet
– User State Migration ToolInstall the following components

Press Install

sccm 2012 r2 installation prerequisites

Active Directory

  • Add the computer account of all your site servers in the SVC.SCCMSS AD group
  • Ensure that the group has Full Control on the SYSTEM Container in Active Directory

Local Admin accounts

Add both SCCM computer account and the SCCM Admin account to the local administrator group on the site server.

  • SCCM-Admins
  • SCCM-SiteServers

SCCM Client

If applicable, uninstall SCCM 2007 client and FEP if present on the server before the installation. If the client is present, the 2012 SCCM Management Point installation will fail.

Windows Updates

Run windows update and patch your server to the highest level

In part 2 we will look at the installation process for SQL Server.

Regards
The Author – Blogabout.Cloud

QuickTip: Unable to see available applications for Windows 10 device in Company Portal

When enrolling new or existing Windows 10 devices into Microsoft Endpoint Manager, the user may not be able to see the available straight away as shown below;

Screenshot of no device shown.

The resolution for this is a very simple one from the Company Portal

http://portal.manage.microsoft.com go to ‘Devices’

Select Tap here.

Screenshot of my devices.

On the next screen, select your device to enroll it.

Screenshot of selecting which device.

You are returned to My Devices. The device should show a green check, as shown in the following screenshot.

Screenshot of my devices.

Return to the Apps screen. The applications should now be visible.

Screenshot of apps displayed.

Regards
The Author – Blogabout.Cloud