Microsoft Deployment Toolkit (MDT) 8450 is now available

The latest and new release of Deployment Toolkit (MDT) for Windows is now available for download at ​https://www.microsoft.com/en-us/download/details.aspx?id=54259 This version supports Windows 10 build 1709 (Fall Creator Update) and SCCM current branch (1710), as well as includes some fixes like: Win10 Sideloaded App dependencies and license not installed CaptureOnly task sequence doesn’t allow capturing an image Error received when starting an MDT task sequence: Invalid DeploymentType value "" specified. The…

Read More

Windows Server – Honolulu technical preview

As you may know, Microsoft has announced a new Windows Server management experience to manage on-premises system with the Honolulu project. The Honolulu project delivers a more modern interface for managing on-premises system through a web interface with no cloud footprint (no dependency what so ever with Azure or other clouds services). In this post I will go through the setup of the technical preview – available for download at…

Read More

Windows 10 – Windows Defender Advanced Threat Protection

Windows Defender Advanced Threat Protection (ATP) is a security functionality built in Windows 10 to help detecting, investigating and protecting against threats, introduced with Windows 10 build 1607 (or known as Anniversary Build). In this post, I’m going to implement ATP integrated with SCCM Current Branch (you can request a trial for ATP here http://aka.ms/register-wdatp) Once you have requested the trial and get approved, you will receive an email to…

Read More

SCCM – Identify Azure AD Joined device

UPDATE this post has an updated version here https://t.co/W3AUonuSR9 Following my post to create an SCCM device collection for Windows Core (https://t.co/ZGdL91Vkht), I wanted to do the same to identify all Azure AD Joined device. So the first thing was to find how to identify an Azure AD Joined device; and the answer is with the following registry key which only exist if the device is joined to Azure AD:…

Read More

SCCM – Create a device collection for Core server

There is a lot of resources available on Internet to create System Center Configuration Manager device collection based on the operating system but none are helpful to create a device collection to identify all Windows Core servers, especially Windows Server 2016 Core as there is no more switching between Core and UI. So after digging around I found this MSDN resource which explains how to identify a core server (https://msdn.microsoft.com/en-us/library/hh846315(v=vs.85).aspx).…

Read More

Windows Server 2016 – First Windows Server Insider build available

After announcing last June that Windows Server 2016 will also have his own Insider program and builds, Microsoft has released the first Windows Insider build (build 16237). As for Windows 10, Preview builds are not aimed to be production ready, so you may expect some glitch. To start running your own Windows Server preview you need first to register to the Windows Insider for Business program here or to the…

Read More

ADFS 4 – Enable device authentication method

With ADFS 4, you can easily enable device authentication as authentication method. This authentication method was already available in ADFS 3 but only as additional authentication method; with ADFS 4 this becomes also available as primary authentication method.   Upgrade Active Directory Federation schema This step is required if already have deployed a previous version of ADFS within your Active Directory and/or if your are not yet running Active Directory…

Read More

ADFS 4 – Enable Azure MFA as authentication method and/or multi factor authentication for ADFS

One of the improvements with ADFS 4 (on Windows Server 2016) is the integration of Azure MFA as multi factor authentication method as well as primary authentication method; you can still use the certificate based or the Azure MFA Server (see http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=618) for the multi factor methods. If you want to enable Azure MFA with ADFS 4, you need to follow these steps: generate a certificate for your Azure MFA…

Read More

Windows Server 2016 – ADFS 4 idpinitiatedsignon is disabled by default

As you may know, a quick way to test your ADFS deployment is to access the idpinitiatedsignon sign page. As usual, I tried it after deploying my new ADFS 4.0 server and… got this error message The resource you are trying to access is not available. Contact your administrator for more information.   And the following event is logged Log Name:      AD FS/Admin Source:        AD FS Date:          2/10/2016 7:22:24 AM…

Read More

Windows Server 2016 – ADFS 4.0 now support certificate authentication on port 443

You may already know that ADFS 3.0 (on Windows Server 2012 R2) already supports certificate authentication BUT using a different communication port than 443 (in fact 49443). With ADFS 4.0 (on Windows Server 2016), the certificate authentication can now use the 443 communication port, making thing easier to implement multi factor authentication using user certificate. To be take advantage of this new capability, you need to update your ADFS certificate…

Read More

Windows 10 – BitLocker Recovery Key for Azure AD Joined devices

This procedure applies only for Windows 10 devices which have been configured as Azure AD Joined. From time to time, you may need to access advanced recovery options for your Windows 10 device but these options may failed to work because you are using BitLocker to encrypt your drive. You may already know the procedure to recover BitLocker keys when using your Microsoft Account or when your device is an…

Read More

System Center Configuration Manager – Integrate your Windows Store for Business

The latest update for System Center Configuration Manager 2012 R2 (build 5.00.8412.1000 – released on August 2nd, 2016) has added the ability to integrate your Corporate Windows Store into SCCM. The ability to deploy Universal Apps using SCCM has been introduced some time ago but you were obliged to use the Offline Licensing and create an application in SCCM prior to the deployment. Your client device must run Windows 10…

Read More

Windows 10 – Windows Store for Business

As you know, since Windows 8.x Microsoft has introduced the App Store, which is mainly used with your Microsoft Account. It has been fairly complicated so far to have an efficient way for enterprises to be able to manage their own App Store. This now possible and quite frankly, it is not so bad Create and Configure your Corporate App Store First thing is you need to login to https://businessstore.microsoft.com…

Read More