Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V

Tag

Windows 10

Deploy your App to Windows Store for Business

In the new Windows Store for business you can deploy any number of apps to your own private windows store for business.

Prerequsites:

  1. Developer account here: http://developer.microsoft.com
  2. Linked developer account to windows store for business organization here: https://businessstore.microsoft.com

The deployment will be handled by our Windows Store agent and is mostly self service.

Here is how you deploy to Windows Store for Business:

 

1-dashboard-link
Click Dashboard

 

 

create-new-app
Create a new submission
start-submission-to-windows-store-for-business
Start the submission of your app
windows-store-submission
Place it in the Windows Store for Business

 

 

publis-to-windows-store-for-business
Select organization and deploy

 

 

From this guide:

https://technet.microsoft.com/itpro/windows/manage/working-with-line-of-business-apps

MDM enrollment with Azure AD Join

This is how you both join Azure AD and enroll for MDM. Your admin need to have configured Automatic MDM enrollment into intune over at http://manage.windowsazure.com for this to work.
1 - system2 - aad join

3 - notification
Disclamer from Windows
4 - login
Note how my icon and text have been pulled Down from Office 365
5 - mfa loading
Azure MFA gateway
6 - custom policy approvment screen
Customizable Policy template for Your org

7 - org check

8 - spell check
Despite the translation error, all is okay now.

 

 

Azure MFA on Windows 10 Native Mail Client

If you enable Azure MFA in Office 365 and try to sync mail using the native Windows 10 Mail client, this is what the user will see:

(Sorry for the Language. Just the buttons and boxes are all the same)

1 - add mail account
User needs to Select Office 365 for Azure MFA
2 - add user
User needs just now to enter his UPN, it can not be username
3 - autodiscover looks for your account
If it fails here then Autodiscover is broken.
4 - enter password
Observe that the mail app has pulled Down my Company details including logo and custom text
5 - Azure AD MFA calls
Right now yor phone would ring or you would get a sms/app challenge
6 - account added
Thats it
7 - policies
Your Company Security settings will now be Applied. Usually you get this Box regardless just to tell you that it might tighten security
8 - mail recieved
You recieve mail. If you do not see mail, mabye the mail is older than a month. Then you need to change the sync settings to enable all mail to sync down

 

 

Azure AD password reset Windows Phone 10 behavior

What happens on your Windows Phone when you reset your Azure AD Password?

This happens on Windows Phone 10 Outlook:

wp_ss_20160523_0003
You get a settings out of date notification
wp_ss_20160523_0002
There is a triangle next to your account. Click it
wp_ss_20160523_0004
Password dialog box
wp_ss_20160523_0001
Type your password

 

 

Forgot login credentials and need to reset Windows 10 – Use Advanced Startup

If you are stuck on this screen and forgot your login there is a simple way to reset your device.

IMG_20160229_094507
Logon screen and you can not log in.

 

 

IMG_20160229_094527
Hold the “SHIFT” key and keep holding it while tapping/clicking on the power button and select restart

 

 

IMG_20160229_095023
Advanced startup. Press troubleshoot and then press “Reset this PC” 

Thanks to: http://www.tenforums.com/tutorials/2294-advanced-startup-options-boot-windows-10-a.html

 

 

Azure AD join on Intune MDM classic agent channel *UPDATED

You can join Azure AD and use the Intune device agent for MDM and not the MDM channel when you enroll. It is a bit tricky and require manual touch on the device.

The best experience is to include the Intune agent in the Windows Image. If can not do this then here is how:

You need this:
  1. Azure AD Enrollment Administrator
  2. Microsoft Intune Agent on USB
  3. Windows 10 clean install (OOBE)
  4. Configure Azure AD to only MDM enroll
  5. Create a group for Security Group with all students
  6. Target Intune to only do MDM for that Group
Optional: Passport for Work registry disable script

Here are the steps:

In Azure AD:

  1. https://manage.windowsazure.com
  2. Go to Active Directory
  3. Select your Domain
  4. Select Applications
  5. Select Microsoft Intune
  6. Select Configure
  7. Under manage devices for these users, select Groups then browse and select the all students group. Select it and click on the check mark. Click Save down on the bottom bar.
appsconfigureselect eleverset groups

In Intune:

  1. Create an enrollment administrator in the Intune Console
  2. Go to ->Admin->Administrator->Device Enrollment Administrator Enter an Azure AD user as a device enrollment admin e.g. deployment@yourdomain.com
  3. *Create group for the devices that the Device Enrollment Administrator is a part of so that all his devices get targeted for a script.
  4. *Disable Passport for Work by pushing a Script to that group. This script Disables Passport for Work on the local machine so that you do not need to enter a pin.
  5. *Here is how you create the script: Create script
  6. *Here is how you package the script: Script Deployment
  7. *Here is how you deploy the script: Deploy custom script
  8. *One client is visible in Microsoft Intune you need to either distribute the software on all clients or on a client that you manually move into a specific group.
  9. That software will be pushed down in time. you may force the install on the device by pressing install on the client or refreshing the policy in Intune.
  10. Get the Intune agent from Admin->Download Client Software and save it to a USB stick.
*Only nessecary if you want to disable the “Create PIN promt” on login.

 

deployment admin
Enrollment Admin Creation

On the Device:

  1. Boot the clean device.
  2. Under the OOBE experience Select “My company owns this Device”
  3. Log on with that enrollment administrator and complete the setup.
  4. As the admin you will be challenged with a PIN prompt and you need to verify so bring your phone.
  5. Plug in USB and run the EXE file. Remember you need both the EXE and that small certificate file to be in the same folder for the enrollment to be toward your account.
  6. Let the machine sit if you can. The longer it sits, the more stuff will be downloaded so your next user do not have to wait.
  7. Log of your enrollment admin and give the PC to the students and let them log in with their user that is in the Student security group.
  8. The next user that logs on will be a standard user.
  9. He/She will be prompted for a pin but it can be bypassed by doin this:

Why you should have the taskbar on top

If you are getting or own a Surface Pro 3 or Surface 3 its much better to have the taskbar on top.

Here are the two reasons I do it:

  1. Better Ergonomics – You lift your gaze instead of looking down you look up.
  2. (Most important) Easier to touch the taskbar when the keyboard is clipped on

WP_20150911_20_35_20_Pro

Activate Windows 10 Enterprise

Windows-10-Logo
Testing the Windows 10 Enterprise image from MSDN or VLSC?

If Your machine is not domain-joined or you do not have a KMS server, you can activate Your enterprise installation With a MAK-key. This is usually if you have a MSDN or VLSC account.

Activation it easy:<

Press:
Win key
Type:
CMD
Right Click on Command Promt and Select “Run As Administrator”
Then type:
slmgr.vbs /ipk <windows key>

Your machine is now activated and configured as a KMS (Key Management Service) host
kms aktivering

Blog at WordPress.com.

Up ↑

%d bloggers like this: