Bye Bye Skype for Business Connector.

Bye Bye Skype for Business Connector.

As Microsoft starts to contine to wind down Skype for Business Online, there is no longer a need to install the seperate module using the .exe file for the Skype Connector. The module has been in beta release of the Microsoft Teams module which has now been published to general availability (GA).

Update your MicrosoftTeam module to version 1.1.6 and you will find the cmdlet “New-CSOnlineSession” available to use. To make life easier, check out my Get-InstalledModulesUpdate.ps1 from my GitHub. This PS1 file will look at all installed modules on your client machine and update according.

Here is the current versioning information for MicrosoftTeams module.

DateVersionUpdates
September 20201.1.6Skype for Business Online Connector integration
September 20201.1.5-previewSkype for Business Online Connector integration
July 20201.1.4Added group policy assignment cmdlets
June 20201.1.3-previewSkype for Business Online Connector integrationGet-Team optimizationsEnhanced reliability
June 20201.0.7Added Cmdlet preloading.Net Framework optimizations
April 20201.0.6Authenticode and assembly signingAdded Get-CsPolicyPackageAdded Get-CsUserPolicyPackageAdded Get-CsUserPolicyPackageRecommendationAdded Grant-CsUserPolicyPackageAdded New-CsBatchPolicyPackageAssignmentOperationAdded Set-TeamArchivedStateAdded Set-TeamPictureRemoved Get-TeamHelp
March 20201.0.5Added New-CsBatchPolicyAssignmentOperation
Feb 20201.0.4Get-Team optimizations

Regards
The Author – Blogabout.Cloud

When was the last time you updated your PowerShell modules?

When was the last time you updated your PowerShell modules?

So how often do you check for PowerShell updates? My guess would be not at all as its hard to keep up to date to ensure you have the latest and greatest module available.

So as an example I have two module installed on my client device which I have updated for a while.

Check out my Get-InstalledModuleUpdate script available on Github aimed to help in this situation. It puts all the installed module into an array and check for the latest versions available on the PowerShell Galley.

https://github.com/TheWatcherNode/blogaboutcloud/blob/master/Get-InstalledModulesUpdate.ps1

Regards
The Author – Blogabout.Cloud

Changing the Channel on Microsoft Apps for Enterprise using PowerShell

Changing the Channel on Microsoft Apps for Enterprise using PowerShell

Hello,

In this video I demonstrate how to change the Channel on Microsoft Apps for Enterprise using a PowerShell script that I created.

Or you could do this manually using the following commands;


1
2
3
4
5
6
7
8
9
10
11
12
#region Channel Names
  $CurrentPreview = 'CurrentPreview'
  $Current = 'Current'
  $MonthlyEnterprise = 'MonthlyEnterprise'
  $SemiAnnual = 'SemiAnnual'
  $SemiAnnualPreview = 'SemiAnnualPreview'
#endregion

$path = 'HKLM:\Software\Policies\Microsoft\office\16.0\common\officeupdate\'
$updatebranch = 'updatebranch'

Set-ItemProperty -Path $path -Name $updatebranch -Value "Insert Channel Name"

Regards
The Author – Blogabout.Cloud

Installing PowerShell modules using Microsoft Endpoint Manager

Installing PowerShell modules using Microsoft Endpoint Manager

In this video I show how I install all the common PowerShell modules that I use when building/provisioning Windows 10 devices that are registered in MEM.In this video I show how I install all the common PowerShell modules that I use when building/provisioning Windows 10 devices that are registered in MEM.

Regards
The Author – Blogabout.Cloud

Troubleshooting PowerShell script delivered by Microsoft Endpoint Manager

Troubleshooting PowerShell script delivered by Microsoft Endpoint Manager

Delivering PowerShell scripts to Windows 10 devices using Microsoft Endpoint Manager is one of my favorite features but what do you do if the delivery of the script fails? There are two ways of checking for troubleshooting purposes

Using the Registry

By browsing the following location you able to see all the PowerShell script that has been applied to your Windows 10 device. With this, you will see Result/ResultDetails which provide if the execution was successful and any error message if not successful.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Policies\

Using the Log File

The other option is using the CMTrace.exe tool which is apart of the 2012 Configuration Manager Toolkit. The link has been provided https://www.microsoft.com/en-us/download/confirmation.aspx?id=50012

This allows you to open the IntuneManagementExtension log file which is located in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs.

It highlights all the relevant warning and error messages in either Yellow or Red depending on the severity of the issue.

When you click on the failure you will receive details about the known issue that is causing the script to fail.

Regards
The Author – Blogabout.Cloud

Making your PowerShell script self elevate to run as an Administrator

Making your PowerShell script self elevate to run as an Administrator

I have been recently running a number of PowerShell scripts where I required to elevate the session to Administrator. Ideally I didnt want to have to provide logon details everytime, so the following script removed the need to provide Admin credentials.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# Original Script located at:
# http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/09/23/a-self-elevating-powershell-script.aspx

# Get the ID and security principal of the current user account
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)

# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator

# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))

   {
   # We are running "as Administrator" - so change the title and background color to indicate this
   $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
   $Host.UI.RawUI.BackgroundColor = "DarkBlue"
   clear-host

   }
else
   {
   # We are not running "as Administrator" - so relaunch as administrator

   # Create a new process object that starts PowerShell
   $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";

   # Specify the current script path and name as a parameter
   $newProcess.Arguments = $myInvocation.MyCommand.Definition;

   # Indicate that the process should be elevated
   $newProcess.Verb = "runas";

   # Start the new process
   [System.Diagnostics.Process]::Start($newProcess);

   # Exit from the current, unelevated, process
   exit

   }

Regards
The Author – Blogabout.Cloud

Delivering your favourite configuration, tweaks and PowerShell modules to all of your Microsoft Endpoint Managed Windows 10 devices.

Delivering your favourite configuration, tweaks and PowerShell modules to all of your Microsoft Endpoint Managed Windows 10 devices.

In recent times I have had to rebuild a number of my Windows 10 devices and reinstall my favourite scripts, applications and tweaks. Which got me thinking there must be a better way of rebuilding my devices, so heres my approach.

Azure Blob Storage

After transitioning from a very UC focused role I have been learning an appreciation for the whole M365 stack and how Microsoft Azure can work hand in hand with potential problems or scenarios. Microsoft have done a very good job in providing a platform to enable businesses and organisations to leverage their subscriptions in more power ways, so with that being said lots looks at Azure Blob Storage.

First of all we need to log into the Azure Portal as this is where all the required work will now take place. Once logged in you will need to search for Storage account as this is where all files will need stored. In my case, I have already created a Storage Account but you can complete this by using the Add button.

Storage Accounts

As you have now created the Storage Account, you will need to go to Containers as shown below.

Containers

Again in my case I already have a container called intuneblogaboutcloud but you can create your container by clicking + Container

New / Existing Containers

We can now upload all required PowerShell scripts, installers, images etc.. depending on what you are attending to achieve. In my container, I have created folders to structure the data.

Structure to the container

One of the key things to understand with each file uploaded it has a unique URL, please keep this in mind as later in this post I will be demostrating how I use this URL to deliver customizations to my Windows 10 devices.

Example of the blob uploaded

PowerShell Scripts

So Microsoft Endpoint Manager has the ability to deliver PowerShell scripts to any and all Windows 10 enrolled devices. As I was getting annoyed in having to reinstall PowerShell customizations and tweaks I like to perform on my client machines. I created several scripts that do the hard work for me.

Now we will need to connect to Microsoft Endpoint Manager portal. Once logged in browse to Devices –> PowerShell Scripts.

PowerShell Scripts

As you can see from the above I am curently delivering 3 scripts to my Windows 10 endpoints so lets look at them a bit closer.

Microsoft Teams – Custom Backgrounds

Please refer to my dedicated post about publishing custom backgrounds for Microsoft Teams.

PowerShell – Common Modules

In my line of work, I use a number of PowerShell modules to help me achieve the required outcomes to complete a project or ad-hoc work for customers.

The below script installs the following PowerShell modules

One of the unique features of this script is to check for updated versions of the module from the PSGallery. However, this feature isn’t effective using MEM for delivery unless a modified script is upload to the MEM.

https://github.com/TheWatcherNode/blogaboutcloud/blob/master/Get-CommonModules.ps1

PowerShell – Custom PowerShell Tweaks

While working on a customer engagement there was a requirement to deliver customization to Windows 10 endpoint and to be able to achieve this via a “Cloud First Approach”.

The below script has designed to action the following;

  • Create a local directory to download all files from Azure Blob Storage (C:\_build)
  • Download all specified files from Azure Blob Storage
  • Run all applications or scripts
  • Remove C:\_build folder directory
  • Run any necessary PowerShell commands to configure applications.

https://github.com/TheWatcherNode/blogaboutcloud/blob/master/Get-AppsfromBlobStorage.ps1

As mentioned in the Azure Blob Storage section the unique URL will have an important part to play. As you can see from the image below, I have highlighted 3 sections

  • 1 – The unique URL with its our unique variable name $chromeinstaller
  • 2 – The download command
  • 3 – The installer command

Even with limited PowerShell experience, you will be able to understand how this script works and customize to your needs. Whether its an .msi, .exe, .ps1 you just modify the script to your needs.

W32 Apps

Finally, delivering applications to Windows 10 using the native W32 App method. Microsoft have already made it easier with Microsoft Apps for Enterprise aka Office ProPlus but as you can see I have leverage MEM to install a number of MSI files that I like on my machines. I will not going into detail on this section as its quite straight forward.

So there you have it, customizing my Windows 10 devices with my tweaks, modules and applications via Microsoft Endpoint Manager + Azure Blob Storage and PowerShell.

Regards
The Author – Blogabout.Cloud

Deploying custom Microsoft Teams Backgrounds with Azure Blob Storage and Microsoft Endpoint Manager

Deploying custom Microsoft Teams Backgrounds with Azure Blob Storage and Microsoft Endpoint Manager

In previous blogs I have mentioned how to install applications and perform customization using Azure Blob Storage. The following process use the same guidelines;

I have uploaded the images to a container within Azure, if you are unsure how to complete this please refer to;

The above post provides detailed information in configuring Azure Blob Storage for your needs.

Once you have the files you would like to push to the client devices.

Download the get-teamsbackgroundfromblobstorage.ps1 script from GitHub.

https://github.com/TheWatcherNode/blogaboutcloud/blob/master/Get-TeamsBackgroundfromBlobStorage.ps1

Modified the URLs to reference your Azure Blob Storage, as shown below

You will need to go to your Microsoft Endpoint Manager Dashboard http://endpoint.microsoft.com –>

Then browse to Devices –> Scripts –> Add

Once you have added the modified script and assigned to the relevant Users or Device or both. At the next check in the PowerShell script will execute against the device to make the new background available.

As you can see from my image below, my 2 new images have appeared as options.

Regards,
The Author – Blogabout.Cloud

Detect, Remove, Update your Windows AutoPilot PowerShell Module

Detect, Remove, Update your Windows AutoPilot PowerShell Module

Sometimes when updating PowerShell modules it doesn’t always remove the previous version in my experience, so let’s do this the PowerShell way.

The script is available at https://github.com/TheWatcherNode/blogaboutcloud

Regards
The Author – Blogabout.Cloud

Encrypting your Windows 10 devices using Microsoft Intune and non-admin users

Encrypting your Windows 10 devices using Microsoft Intune and non-admin users

Microsoft Endpoint Manager is great however, if you want to encrypt Windows 10 device silently with a normal standard user logged in then you might find it difficult to do so via the MEM Portal settings. So this is where this blog post will come in handy 🙂

In order to encrypt the device silent you need to create a Custom Configuration Policy. Browse to your Microsoft Endpoint Manager Portal or Intune Portal –> Go to Device Configurations Profile –> Create New Profile

  • Enter a Name for the Profile
  • Select Windows 10 and later from Platform
  • Select Custom from Profile type
  • Select Configure from Settings
  • Press Add

We will now need to enter the following information to configure encryption.

NameOMA-URIData TypeValue
AllowStandardUserEncryption ./Vendor/MSFT/BitLocker/AllowStandardUserEncryption Integer 1

Once you have created the policy, assign it to your required devices and BitLocker will now encrypt the devices.

Oh but wait!!!

In my experience in performing this procedure have ran into an issue where Intune recognises the device has compliant against “Require BitLocker” but non-compliant against “Encryption of data storage on the device”.

This is due to the device not being able to backup the BitLocker Encryption Key to Azure Active Directory. The workaround for this was to deploy a PowerShell script using Intune that forces the key to be backup up.

So lets add a script to Intune which will execute the required steps; First go to Device Configuration –> Scripts –> Add

Provide a Name which will easily identify the script in the Intune Portal.

Browse to the script location on your local machine or network drive
Tick Yes to Run script in 64 bit PowerShell host.

And save then assign to the required AAD Group to execute on the client macine.

I cannot take any credit for the script but it resolves the issue I encountered and my compliant policy was once again “Compliant” for all devices. I have made this script available via my GitHub account.

https://github.com/TheWatcherNode/blogaboutcloud

Regards,
The Author – Blogabout.Cloud