Recast’s Endpoint Management Recap – May 2021

Welcome to the Recast Endpoint Management Recap, May 2021 – by Gary Blok.

We’re going to start something new in the Endpoint Management Recap for May 2021, we’ll be dedicating a section to a specific topic. This month we are highlighting Microsoft and community content centered around Cloud Management Gateway (CMG).

That’s the idea, a high-level overview of things going on that you’ll want to be aware of and you can dig into them further on your own. By the way, if you’re new to this monthly post, you’ll want to look back at previous months to catch up on the latest. Below are quick links to other sections of this post.

• Events / Conference News
• Microsoft Product Announcements
• Hardware Vendor Updates (Tools / Security / Features)
• Community Tools / News
• Recast Updates

Cloud Management Gateway (CMG)

In the latest technical preview for Configuration Manager, version 2105, you now have the ability to select a VM’s size for CMG.

Already, Niall Brady has published a couple of posts about this feature:
More CMG changes with Technical Preview 2105
How to change the CMG (VMSS) size after it is deployed

If you are looking for guides on how to setup CMG, here are a couple of good ones:

• Jan Ketil Skanke’s How to set up Cloud Management Gateway with Enhanced HTTP.
• Prajwal Desai’s #1 Guide to Setup SCCM Cloud Management Gateway (SCCM CMG) – Easy and Detailed.

Last year, Garth Jones published a post about how to get a PFX cert for CMG and another post about how to determine the Azure tenant ID.

I also published a series about building a ConfigMgr lab and using CMG last year, so if you’re interested in managing your clients with CMG, take a look! Building a CM Lab – Cloud Management Gateway (CMG)

In mid-April, Microsoft published a list of FAQs about co-management, Frequently asked questions about co-management. I recommend you read this list. One of the FAQs asks about the need for CMG. You don’t need CMG with co-management and the two shouldn’t be confused. Co-management helps attach your ConfigMgr clients to the cloud, whereas CMG is a way to manage ConfigMgr clients over the internet.

I’m only scratching the surface of what’s available, but this information should help you get started on the right track.

• Microsoft Build – May 25 – 27
• ConfigMgr Problems You Didn’t Know You Had (And how to fix them) Recast Webinars – May 26 and May 27
• Cleveland Microsoft Endpoint Manager User Group – June 3
• Cloud Management User Group – June 8
• Northwest System Center User Group – July 16
• Workplace Ninja Virtual Edition 2021 – Aug 31 – Sept 2
• MMS Miami – Oct 25 – 28

Microsoft has posted a page with a lot of great resources during this time, to help IT professionals, educators, families, and remote businesses, along with how Microsoft is helping in the battle against COVID-19 on their Responding to COVID-19 together page.

‍Products:

Microsoft Edge Browser (Based on Chromium Engine): [Landing Page][What’s New Page][RoadMap Portal]‍

Microsoft Defender Advanced Threat Protection – [Landing Page] [Resource Hub]

Microsoft 365 [Landing Page] [Roadmap] [Tech Community] [Youtube Channel]

• Tech in 5 minutes: M365 Universal Print (Kelvin Tegelaar @KelvinTegelaar)

‍ConfigMgr [What’s New Page] [Tech Community] [Virtual Hub][MS Q\A][Reddit]

• CM 2103 – 2000+ bugs fixed, along with new features.
• Hotfixes for Early Ring: KB9603111 &  KB9833643

ConfigMgr Tech Preview [What’s New Page]

• TP 2105
• [Blog] ConfigMgr 2105 Technical Preview New Features (Jitesh Kumar @jitesh8092)
• [Blog] How to change the CMG (VMSS) size after it is deployed (Niall C. Brady @ncbrady)

Intune [What’s New Page] [Tech Community]

• Use Microsoft Endpoint Manager filters to target apps and policies to specific devices
• Expedite Windows 10 quality updates in Microsoft Intune
• Announcing the Windows Update for Business deployment service (Updated)

Windows 10 [Landing Page] [Tech Community][Release Information][PowerToys]

• How to get the Windows 10 May 2021 Update
• IT tools to support Windows 10, version 21H1
• Updated SetupDiag to 1.6.1.0
• Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022, for certain versions of Windows 10
• Deploy Windows 10 21H1 Upgrade using SCCM – Benoit Lecours
• Windows 10 – ReleaseID Property in Registry is deprecated

Windows Server

• Windows Server comparison doc

Security Alerts [Microsoft Security Portal – Security Update Guide]

I’m only listing changes. If you want a more complete list of their tools, check out the previous month’s posts.

For a full list of tools, blog posts, and information about the vendors, check out the ConfigMgr Manufacturers page.

** Much of this information is provided directly from the vendor, so when you see “we” think of it as, “Vendor Name,” and not Recast Software.

HP  [Enterprise Tools Landing Page] [Community / Blog Site] [Outlet Site]

HP Released HP Patch Assistant, a new Manageability Integration Kit module for Microsoft Endpoint Manager Configuration manager (MEM CM). Working similarly to the current HP Image Assistant application, HP Patch Assistant is designed to automate the functions of reporting on the status of, or updating collections of, HP Windows endpoint devices

HP Patch Assistant is designed to

• create configuration policies for obtaining the health of the hardware, including BIOS, drivers, and HP software
• apply the configuration to one of more MEM CM collections, on a schedule, and optionally trigger a CM inventory
• report on the current status of the collection, utilizing the extensive reporting features of CM
• automate the updating of all BIOS, drivers, HP Software (if already installed) and report on its success/failure
• support the installation from hp.com’s cloud or from local, company-hosted repositories

HP Patch Assistant relies on an updated version of HP MIK for the MEM CM console, as well as an updated MIK client, and is available at the HP Client Management site: www.hp.com/go/clientmanagement

Dell  [Enterprise Tools Landing Page] [Refurbished Sale Site] [Outlet Site]

• DSA-2021-088: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell dbutil Driver
  • Detect and remove Dell CVE-2021-21551 with Proactive Remediations – MSEndpointMgr (Maurice Daly @modaly_it)

‍Lenovo  [Enterprise Tools Landing Page][Blog Site]

We would like to let everyone know that we have a new release of Commercial Vantage which has added the following new features:

• Can enable CV to populate a custom WMI table with the Lenovo Odometer data available on our newest ThinkPad products.
• Can also enable it to populate a custom WMI table with Warranty Data for the device.
• The battery Threshold can be controlled by policy now.

For customers who would like to sideload Commercial Vantage, the package and deployment guide can be found here:  Commercial Vantage – Lenovo Support US

In the next release, we’re targeting to provide some battery information as well that could be collected with Inventory.  We will try to have a new blog article soon on thinkdeploy.blogspot.com to cover the new items in Commercial Vantage in more detail.

Microsoft [Surface]

First, we are releasing with our partner The Joy Factory a Designed For Surface (DFS) C1D2-certified case for Surface Go 2 which should be of interest to customers in heavy industries that rely on devices meeting this certification in North America: Press Release

DFS product page: aXtion Extreme MP for Surface Go 2 – Surface Catalog

Also, Surface Pro X now has the ability to utilize Universal Print, as it is now available for ARM-based Windows devices like the Surface Pro X: Surface Pro X can now take advantage of Universal Print – Microsoft Tech Community

One more note, I do my best to provide Twitter accounts with the blog posts, both to provide credit where credit is due, and so you can then follow them yourselves to stay in the loop as things are coming out and ideas are being discussed on Twitter.

Podcasts / Blog Series / Video Blogs‍

• [Documentation Series] Beyond the MS Docs, a ConfigMgr overview,
  • Task Sequence Steps in depth
  •  Community Tools
• [YouTube Channel] Intune Training Series [@OnPremCloudGuy & @AdamGrossTX]
• [YouTube Channel] Namaste Techies [@anoopmannur & @Hoorge]
• [YouTube Channel ConfigurationManagerTeam] – Endpoint Protection Part 1 & Part 2
• Cloud attach – Endpoint Managers silver lining – part 7 Co-managing Azure AD devices (Niall C. Brady @ncbrady & Paul @SCCMentor)
• Video Tutorial: Endpoint Protection Part 3 – BitLocker Integration and Management

Blog Posts

 Cloud Tech

• Create custom Intune reports with Microsoft Graph, Azure Automation and Power BI (Trevor Jones @SMSagentTrevor)
• Locating lost or stolen Windows 10 devices (Peter van der Woude @pvanderwoude)
• Use PowerShell and MS Graph to locate an Intune device (Damien Van Robaeys @syst_and_deploy)
• Get your Windows Autopilot deployment events in a Teams channel with Logic Apps Part 1 & Part 2 (Peter Klapwijk @inthecloud_247)
• Securing SCEP/NDES for Intune with gMSA – MSEndpointMgr (Michael Mardahl @michael_mardahl)
• Working around NPS limitations for AADJ Windows devices (Andrew Blackburn)
• Where is the report’s data (Kevin Crouch)
• Intune multi app kiosk mode using the new Microsoft edge (Mattias Melkersen @MMelkersen)
• Shared device mode for iOS in Microsoft Endpoint Manager (Tobias Almen @almenscorner)
• Odd Case Of MDM System Center Configuration Manager Instead of Intune in Azure AD. (It’s not Intune) (Nathan Blasac @nblasac)

ConfigMgr

• [Enhansoft Posts]
  • How to Enable WMI Logging in Windows | Enhansoft
• Updated Modern Driver/BIOS Management with CMG Support (Charles @NoRemoteUsers)
• How to Enable and Monitor SCCM BranchCache (Benoit Lecours @benoitlecours)
• Speeding up the MDT integration in ConfigMgr – Creating MDT Lite Packages (Johan Arwidmark @jarwidmark)

 Other SysAdmin Info

• Custom Grouping with PowerShell (Jeff Hicks @JeffHicks)
• Automating with PowerShell: Unifi PowerShell module and creating network maps (Kelvin Tegelaar @KelvinTegelaar)
• Journey To Passwordless: Enable passwordless (Blog Series) (Fabian Bader @fabian_bader)
• Send a mail using the current outlook user account without to provide credentials with PowerShell (Damien Van Robaeys @syst_and_deploy)
• How To Export a RSOP Report Using the CMD (Daniel Engberg @danielclasson)
• Enhance inventory reporting with local administrator information (Peter van der Woude @pvanderwoude)
• Remove Windows 10 built-in apps with Intune & Microsoft Store for Business Apps (Sune Thomsen @SuneThomsenDK

Tool Updates

• WVD Admin – A native administration Gui for Windows Virtual Desktop – Update Post – (Marcel Meurer @MarcelMeurer)

• Sign up for our NEW webinar: ConfigMgr Problems You Didn’t Know You Had (And how to fix them)
• Right Click Tools version 4.6 is available for download now.
• [New Resource Center] You may have noticed, our endpoint management software page has a new look! Check out the new Resource Center for an easier way to navigate to deep dives and helpful guides created by Gary Blok.
• Follow us on Twitter @RecastSoftware to hear the latest.

‍Thanks for checking out this edition of Recast’s Endpoint Management Recap – May 2021, and look forward to more monthly updates of what’s going on.