Windows Update for Business

Windows Update for Business

Windows Update for Business allows you to perform maintenance on Windows devices. The post has the latest security features. Updates are retrieved directly from Windows Update Service. The different Windows 10 and Windows 11 workstations can be configured using a group policy or via Microsoft Endpoint Manager (MEM) With Windows Update for Business, the IT department no longer needs to manage the approval of updates. The workstations automatically retrieve the patches from the Microsoft servers. However, it is possible via…

Read More Read More

Send Event log to Sentinel

Send Event log to Sentinel

Why send Event log Security is an important issue these days. Sending security event logs to Sentinel provides an additional level of security for onPrem servers. For this, we rely on Azure Sentinel, the SIEM from Microsoft. However, this operation has an Azure cost, so it is preferable to limit the events sent to the necessary logs (security, defender, etc.) In this post we will first set up the transfer of events on a collector via WinRMS and then configure…

Read More Read More

Migrate ADCS

Migrate ADCS

In Best practice, it is important to have an offline root certificate authority and an Subordinate certificate authority that distributes certificates. We will look at how to migrate these two server (Windows Server 2012 R2 servers to Windows Server 2019).

Convert CMG

Convert CMG

Microsoft Endpoint Configuration Manager 2107 permit to convert the CMG (Cloud Management Gateway) with classic cloud service to virtual machine scale set. I write a post few month ago here for configure CMG with virtual machine scale set. Change parameter When you convert to virtual machine scale set, you can proceed to change some parameters.

Migrate your sccm server to a newer server

Migrate your sccm server to a newer server

After several years of use, it is necessary to migrate the SCCM infrastructure to one or more other servers. It is possible to migrate the server to another server or to migrate role by role. If the infrastructure remains the same, the first solution is preferable because it is faster. In the case where the roles are redistributed, it is preferable to use role by role.

CMG – VM Scale set

CMG – VM Scale set

Customers with an Azure subscription through a CSP (Cloud Solution Provider) could encounter a lot of problems to set up the CMG. Since the 2010 version of Configuration Manager, it is possible to set up the functionality Cloud management gateway with Azure VM scale set.

Task Sequence over Internet

Task Sequence over Internet

The deployment of a task sequence to customers can be done via the Internet. This scenario, which has already been present for several versions of Configuration Manager, has been improved with the 2010 version. It is now possible to start the update or installation of a Windows 10 workstation from a boot media.

Orchestration groups

Orchestration groups

Orchestration groups start with Configuration Manager 2002. This features permit to create a group for control the deployment of Software update. With this orchestration group, you can update devices based on percentage, explicit order, etc…. The member can be any Configuration Manager client. You can apply rules to any collections and all software update groups.

Change Krbtgt password

Change Krbtgt password

Recently one of my customers want to change KRBTGT password for security reason. This account present in Active Directory is used by Key Distribution Centre. He is disabled and he can’t be deleted or enlabled. It’s recommanded to change his password two or four times by year.

Microsoft Connected Cache

Microsoft Connected Cache

Since version 1906 of Configuration Manager, it is possible to install a Microsoft Connected Cache server on distribution points. This functionnality has been renamed Microsoft Connected Cache with version 1910 of Configuration Manager. This server is a Transparent on-demand caching server for uploaded content through distribution optimization. It is possible to limit the use of this server using client settings. So it is easy to limit access to this feature only to the local Configuration Manager client.