Category Archives: Windows Autopilot

Azure, Microsoft Endpoint Manager, Windows 10, Windows Autopilot

Deploying BGInfo using Azure Blob Storage and Microsoft Endpoint Manager

Delivering your corporate applications can be a nightmare if you dont have a enterprise delivery solution like System Center or 3rd party mechanism.

So let’s see how Azure Blob Storage and Microsoft Intune can address this issue by using a storage location and PowerShell script.

Azure Storage Account

One of the requirements for this solution is an Azure Storage Account within your Azure subscription, this account will be used for storing the applications which you would like to roll out to your Windows 10 desktops that are managed using Microsoft Intune.

Storage Account

Specify the required settings within the Basic tab for creating a Storage Account.

Basic Properties

Using the default settings as shown below

Advanced Properties

Click Review and Create
Click Create

Configuring Storage Account with required Applications

Click Container
Specify the Name
Select Conditioner (anonymous read access for containers and blobs) under Public Access Level

Blob – Container

Select your container
Select Upload
Select the files you want to upload
Modify the block size if it’s less than the size of the files you are uploading
Select Upload

Once the files are upload they all have a unique url which is used to identify the file as shown below. This will be required later for the PowerShell script.

The PowerShell Script!!!

This script has been made available on GitHub, you will need to modify the following;

$bginfo64 and $layout to reference your Azure Blob Storage for each file

Download Script

https://github.com/TheWatcherNode/blogaboutcloud/blob/master/Get-BGInfo.ps1

Publish script via Microsoft Endpoint Manager

Launch Microsoft Endpoint Manager https://endpoint.microsoft.com

Browse to Devices –> Scripts –> Click Add –> Select Windows 10

Provide a name and description (optional).. Press Next

Provide your script and select Run script in 64 bit PowerShell Host. Press Next

Press next on Scope Tag, unless you utilize them within your environment

Select the group(s) you wish to target.. Press Next

Press Add to complete

Once the script has applied to the required workstations, at the next reboot the BGInfo will be presented on the desktop wallpaper

Regards
The Author – Blogabout.Cloud

GitHub, Microsoft 365, Microsoft Endpoint Manager, Windows 10, Windows Autopilot

Deploy Win32 Apps with Endpoint Manager (Intune) MSI Edition.

1 Comment

In this post, we will detail how to deploy Win32 Apps with Endpoint Manager. We’ll deploy GitHub with the MSI installer as an example.

Win32 Apps Endpoint Manager Prerequisites

Intune Win32 Application

Prepare Endpoint Manager Win32 application

First, you need to “wrap” all the required files into an Endpoint Manager (Intune) format. To do so, Microsoft has a tool that will “convert” your application into a .intunewin file at the end of the process. The generated .intunewin file contains all compressed and encrypted source setup files and the encryption information to decrypt it.

Important Info
  • To view help, run IntuneWinAppUtil.exe -h.
  • Download the Microsoft Win32 Content Prep Tool and have the desired application source files.
  • Open a command prompt as admin and browse to the folder of IntuneWinAppUtil.exe
  • Run the following command line
    • IntuneWinAppUtil.exe -c <source folder> -s <source setup file> -o <output folder>
    • In this example we used an HP Driver: IntuneWinAppUtil.exe -c D:\Intune -s GitHubDesktopSetup.msi -o d:\intune

Create Microsoft Endpoint Manager Win32 Application

Endpoint Manager Win32 Apps
  • Select Windows app (Win32) from the App type drop list
  • On the App Information pane click Select App package file and select the previously created .intunewin file and click Ok
  • Complete the missing App Information. Click Next
  • Depending on the application format, install and uninstall command lines will be auto-completed. Adjust the parameter if needed. Click Next
  • On the Requirement pane, OS architecture and minimum OS are required. Click Next
Endpoint Manager Win32 Apps
  • Detection rules work the same way as in ConfigMgr application model. In the case of an MSI, it is simple. Select Manually configure detection rule, select rule type MSI and the MSI Product Code should be auto-populated. Click Next
  • On the Dependencies tab: Software dependencies are applications that must be installed before this application can be installed. Adjust if needed. Click Next
  • On the Assignment tab, select the group of users or computer to deploy the Win32 App
Endpoint Manager Win32 Apps
  • Review your Win32 App setting and click Create
  • At this point, it will upload the.IntuneWin file and soon after, a notification will display to say it’s ready to go!

Regards
The Author – Blogabout.Cloud

Microsoft Endpoint Manager, Windows 10, Windows Autopilot

Decrapifing your Windows Autopilot devices

If you anywhere like me, you will share a pet hate for Windows 10 Bloatware new brand new devices. In the “good old days” you would get an image without the crap installed and that would be it but with Windows Autopilot deployments the bloatware is preinstalled so how do we deal with this challenge today?

The Script

First of all, we need a script that will remove the Windows 10 Bloatware, here a script that I have modified to make it a bit smoother for what we are trying to achieve.

https://github.com/TheWatcherNode/blogaboutcloud/blob/master/Get-Windows10_Bloater.ps1

Microsoft Endpoint Manager Console

Log into your Microsoft Endpoint Manager Dashboard using the https://endpoint.microsoft.com portal. Then select Devices –> Scripts and Add

Select Windows 10 not macOS then provide the name of the script and a brief description

Under script location browse to the required PowerShell script on your client device.

Understanding this section

Run this script using the logged on credentials: Select Yes to run the script with the user’s credentials on the device. Choose No (default) to run the script in the system context. Many administrators choose Yes. If the script is required to run in the system context, choose No.

Enforce script signature check: Select Yes if the script must be signed by a trusted publisher. Select No (default) if there isn’t a requirement for the script to be signed.

Run script in 64-bit PowerShell host: Select Yes to run the script in a 64-bit PowerShell (PS) host on a 64-bit client architecture. Select No (default) runs the script in a 32-bit PowerShell host.

Specify Tags if you are utilizing them in your environment and once you completed that section, select the groups where you want the scripts applied.

Review your settings and press Add

This script will now apply to your Windows 10 device and remove all the unwanted Windows 10 Bloatware.

Regards
The Author – Blogabout.Cloud