Category Archives: Windows Autopilot

Azure, Microsoft Endpoint Manager, Windows 10, Windows Autopilot

Deploying BGInfo using Azure Blob Storage and Microsoft Endpoint Manager

May 13, 2021 Author Leave a comment

Delivering your corporate applications can be a nightmare if you dont have a enterprise delivery solution like System Center or 3rd party mechanism.

So let’s see how Azure Blob Storage and Microsoft Intune can address this issue by using a storage location and PowerShell script.

Azure Storage Account

One of the requirements for this solution is an Azure Storage Account within your Azure subscription, this account will be used for storing the applications which you would like to roll out to your Windows 10 desktops that are managed using Microsoft Intune.

Specify the required settings within the Basic tab for creating a Storage Account.

Using the default settings as shown below

Click Review and Create
Click Create

Configuring Storage Account with required Applications

Click Container
Specify the Name
Select Conditioner (anonymous read access for containers and blobs) under Public Access Level

Select your container
Select Upload
Select the files you want to upload
Modify the block size if it’s less than the size of the files you are uploading
Select Upload

Once the files are upload they all have a unique url which is used to identify the file as shown below. This will be required later for the PowerShell script.

The PowerShell Script!!!

This script has been made available on GitHub, you will need to modify the following;

$bginfo64 and $layout to reference your Azure Blob Storage for each file

Download Script

https://github.com/TheWatcherNode/blogaboutcloud/blob/master/Get-BGInfo.ps1

Publish script via Microsoft Endpoint Manager

Launch Microsoft Endpoint Manager https://endpoint.microsoft.com

Browse to Devices –> Scripts –> Click Add –> Select Windows 10

Provide a name and description (optional).. Press Next

Provide your script and select Run script in 64 bit PowerShell Host. Press Next

Press next on Scope Tag, unless you utilize them within your environment

Select the group(s) you wish to target.. Press Next

Press Add to complete

Once the script has applied to the required workstations, at the next reboot the BGInfo will be presented on the desktop wallpaper

Regards
The Author – Blogabout.Cloud

GitHub, Microsoft 365, Microsoft Endpoint Manager, Windows 10, Windows Autopilot

Deploy Win32 Apps with Endpoint Manager (Intune) MSI Edition.

November 25, 2020 Author Leave a comment

In this post, we will detail how to deploy Win32 Apps with Endpoint Manager. We’ll deploy GitHub with the MSI installer as an example.

Win32 Apps Endpoint Manager Prerequisites

Download the Microsoft Win32 Content Prep Too l from GitHub

Prepare Endpoint Manager Win32 application

First, you need to “wrap” all the required files into an Endpoint Manager (Intune) format. To do so, Microsoft has a tool that will “convert” your application into a .intunewin file at the end of the process. The generated .intunewin file contains all compressed and encrypted source setup files and the encryption information to decrypt it.

Important Info

To view help, run IntuneWinAppUtil.exe -h.

Download the Microsoft Win32 Content Prep Tool and have the desired application source files.
Open a command prompt as admin and browse to the folder of IntuneWinAppUtil.exe
Run the following command line
- IntuneWinAppUtil.exe -c <source folder> -s <source setup file> -o <output folder>
- In this example we used an HP Driver: IntuneWinAppUtil.exe -c D:\Intune -s GitHubDesktopSetup.msi -o d:\intune

Create Microsoft Endpoint Manager Win32 Application

Go to the Endpoint Manager portal
Browse to Apps / All Apps and click Add

Select Windows app (Win32) from the App type drop list

On the App Information pane click Select App package file and select the previously created .intunewin file and click Ok

Complete the missing App Information. Click Next

Depending on the application format, install and uninstall command lines will be auto-completed. Adjust the parameter if needed. Click Next

On the Requirement pane, OS architecture and minimum OS are required. Click Next

Detection rules work the same way as in ConfigMgr application model. In the case of an MSI, it is simple. Select Manually configure detection rule, select rule type MSI and the MSI Product Code should be auto-populated. Click Next

On the Dependencies tab: Software dependencies are applications that must be installed before this application can be installed. Adjust if needed. Click Next

Modify the Scope tags if needed

On the Assignment tab, select the group of users or computer to deploy the Win32 App

Review your Win32 App setting and click Create

At this point, it will upload the.IntuneWin file and soon after, a notification will display to say it’s ready to go!

Regards
The Author – Blogabout.Cloud

Microsoft Endpoint Manager, Windows 10, Windows Autopilot

Decrapifing your Windows Autopilot devices

November 24, 2020 Author Leave a comment

If you anywhere like me, you will share a pet hate for Windows 10 Bloatware new brand new devices. In the “good old days” you would get an image without the crap installed and that would be it but with Windows Autopilot deployments the bloatware is preinstalled so how do we deal with this challenge today?

The Script

First of all, we need a script that will remove the Windows 10 Bloatware, here a script that I have modified to make it a bit smoother for what we are trying to achieve.

https://github.com/TheWatcherNode/blogaboutcloud/blob/master/Get-Windows10_Bloater.ps1

Microsoft Endpoint Manager Console

Log into your Microsoft Endpoint Manager Dashboard using the https://endpoint.microsoft.com portal. Then select Devices –> Scripts and Add

Select Windows 10 not macOS then provide the name of the script and a brief description

Under script location browse to the required PowerShell script on your client device.

Understanding this section
Run this script using the logged on credentials: Select Yes to run the script with the user’s credentials on the device. Choose No (default) to run the script in the system context. Many administrators choose Yes. If the script is required to run in the system context, choose No.

Enforce script signature check: Select Yes if the script must be signed by a trusted publisher. Select No (default) if there isn’t a requirement for the script to be signed.

Run script in 64-bit PowerShell host: Select Yes to run the script in a 64-bit PowerShell (PS) host on a 64-bit client architecture. Select No (default) runs the script in a 32-bit PowerShell host.