FIX: CMG stuck on Deleting? Check SQL permissions for the public server role!

Have you ever had the need to delete a Cloud Management Gateway (CMG) deployment from ConfigMgr? If so, did it work as intended? 🙂 I've personally come across a few issues on the Azure side of things, where resources wouldn't get deleted. Most times that was due to granular permissions on Resource Groups and was fixed by asking the appropriate administrator to remove the resources. This time though, the Azure resources did get removed. But the status of CMG in the ConfigMgr Admin console showed "Deleting" First thought was to give it some time. And then some more. A weekend has passed, and the CMG still seems stuck on deleting. What's going on? (more…)...
Read More

Cleaning up (b)admin accounts in ConfigMgr

Recently, I overheard a conversation between IT staff members at one of my customers… One colleague to another: "… maybe we should reboot those servers first, because there might still be processes running as the badmin account that we renamed." Me, with sparked interest since I heard the badmin account referenced: "Oh, good to know you renamed that account. You do know that account is used in your SCCM environment, don't you?" Customer, thinking it, but not saying it: "I didn't think of that. But I haven't noticed all hell breaking loose on us so we're good. I'll just nod yes in a reassuring way…" (more…)...
Read More
A use case for CMPivot: look for installed software FAST!

A use case for CMPivot: look for installed software FAST!

This is an extensive explanation on how CMPivot can help you pull information from clients in Configuration Manager. Specifically, we'll lookup an MSI Product Code for use with the Detection Method for an Application Deployment Type. But it covers some technical background and hints I hope you'll find useful. TL;DR If you already know about CMPivot and remote PowerShell and WMI, skip ahead to the CMPivot queries. If not, read on! What is CMPivot? If you're on Configuration Manager CB 1806 or later, you have access to the CMPivot feature. If you've never used it, just select a Device Collection in the CM Console and click Start CMPivot in the Actions Ribbon. You can't go wrong playing around with it as it only queries devices for stuff in a read-only fashion. But maybe start with a limited collection to avoid high resource impact. When you open the CMPivot tool, the Welcome message has a good description of what it can be used for: Note that...
Read More

Microsoft Defender ATP & Configmgr CMPivot with a CMG (Cloud Management Gateway) better together; How we saved the customer from Emotet related malware

In September 2018, one of our customers was targeted by a phishing attack in attempts to infiltrate malicious code on their systems. These attempts were successful and a widespread Emotet-related malware attack followed. This is the story on how we countered and contained it with the use of Configuration Manager CB 1806 and CMPivot. One of the tricky parts was that most workstations where still Windows 7 and Windows 7 embedded. Only 20% was native Windows 10 1709. The phishing email was well disguised and was made to believe it originated from a corporate director. The content of the email suggested that invoices had not been paid and requested the addressee to open attached Excel or PDF file and follow up. This was convincing enough to some, who indeed opened the files and clicked on whatever links or “Enable content” messages held within. This triggered the seemingly random creation of executables on the local system, which in turn contacted Command &...
Read More

Attending MVP summit 2019

For those who don’t know the MVP summit. This is the annual gathering of all MVP’s at the Microsoft campus in Redmond. For those who KNOW the MVP summit they know that you are under strict NDA not to tell anyone outside of the MVP program where we are heading with different aspects of Microsoft products. What I can show though how awesome it is to connect with so many people around the globe and meet them here at Microsoft to discuss different topics regarding the technologies we work with every day. ...
Read More
Events Notice: Trying to access array offset on value of type bool in /customers/5/1/0/obvus.be/httpd.www/wp-content/themes/square/inc/template-tags.php on line 138

How to query custom logs data in Log analytics

This post is a follow-up on how to SCCM custom data into your log analytics environment. As soon as you have your SCCM custom logs, or any other logs, in log analytics they get indexed under the type you have specified. In this particular case I used SCCMLOG_CL (note that the CL is mandatory). So lets jump into the log analytics query window to find out what’s in the logs at this time: Browse to Log analytics => Logs The log analytics query window will open and will give you the opportunity to start your query journey: Remember our custom type: SCCMLOGS_CL. Note the autosuggest feature which will help you to create your own queries If you run this query you will get all the results within the type. This is a great way to check whether data is flying in. So now we’ll start finding more in detail patterns. If you type where in the next line you’ll get all the fields in your data: Let’s select...
Read More
Azure, Loganalytics Notice: Trying to access array offset on value of type bool in /customers/5/1/0/obvus.be/httpd.www/wp-content/themes/square/inc/template-tags.php on line 138

How to upload SCCM logs in Log Analytics

One of the great powers and conveniences of having all logs in 1 place is in fact that they are getting indexed and you can query them for different scenarios. Just recently I was working on a project together with SCCM engineers and they basically told me a couple of times “it’s in this or that logfile”, they fire up SCCMtrace and start looking for the specific entry and start troubleshooting from there. “OK” I thought, maybe just maybe there’s a better solution. Because of my monitoring background I don’t like to think reactive as in “it already happened” but love to think proactive. That’s why I proposed to dump all the logs in Azure log analytics to get them indexed and have alerting / reports on them. It took some convincing to get the SCCM engineers to believe this is possible but it is actually quite simple to set it up using log analytics and custom logs. So first up the requirements: You need to...
Read More
Azure, Loganalytics Notice: Trying to access array offset on value of type bool in /customers/5/1/0/obvus.be/httpd.www/wp-content/themes/square/inc/template-tags.php on line 138

Meet the Belgians at MMS DE !

MMS in general, if it's now MMSMOA or MMSDE, one of the best conferences around for me to attend or speak! The reason to be there is that their is no better community focused conference available where you could have a direct interaction during the sessions with MVP's and Product team members. If you know uservoice, well then you have a lot of walking uservoice options as interaction with Product team people like David James (Director of Product Engineering) and that is just priceless! We Belgians are greatly represented at MMS Desert edition : Dieter Wijckmans (MVP Cloud & Datacenter) : Opening with MMS 2018 Desert Edition Welcome Reception - That will be hilarious Monitoring Configmgr Patch management with log analytics! Best of both worlds?   Kenny Buntinx and Tim De Keukelaere (MVP Enterprise Mobility) : Enterprise Mobility Suite Part 1 & 2 But if you really want to go deepdive on technical Configmgr, Modern Management or simply Belgian Beer questions, come...
Read More

Update KB4343909 for Windows 10 1803 kills Windows Defender Application Guard

Update KB4343909 for Windows 10 1803 has broken ‘Windows Defender Application Guard’ (WDAG) after installing the August 2018 KB4343909 update. The Windows Defender Application Guard reports the error code 0xC0370106 as shown below. We confirm that it is a ‘known issue’ if you read the release notes of KBb4343909  : "Launching Microsoft Edge using the New Application Guard Window may fail; normal Microsoft Edge instances are not affected." The workaround is uninstall the KB4343909 update and install updates KB4340917 and KB4343909 in that specific order. Microsoft will fix this in the September release. Kenny Buntinx...
Read More
Uncategorized Notice: Trying to access array offset on value of type bool in /customers/5/1/0/obvus.be/httpd.www/wp-content/themes/square/inc/template-tags.php on line 138

Hybrid Mobile Device Management (MDM) and why you should plan for migration now !

Hi , Microsoft recently  posted a service change announcement in the Office Message Center to customers using Hybrid Mobile Device Management (MDM). Maybe you are one of those type of customers that need to take action as you are using SCCM + Intune in hybrid mode and this impacts you . MC146431 - Plan for Change: Move to Intune on Azure for your Mobile Device Management Since launching on Azure over a year ago, Intune has added hundreds of new customer-requested and market-leading service capabilities, and now offers far more capabilities than those offered through hybrid Mobile Device Management (MDM). Intune on Azure provides a more integrated, streamlined administrative experience for your enterprise mobility needs. As a result, we see that most Enterprise Mobility + Security (EMS) customers choose Intune on Azure over hybrid MDM. The number of customers using hybrid MDM continues to decrease as more customers move to the cloud. Therefore, on September 1, 2019, we will retire the hybrid MDM service offering. Note: This...
Read More