Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V


Windows 10

Deploy your App to Windows Store for Business

In the new Windows Store for business you can deploy any number of apps to your own private windows store for business.


  1. Developer account here:
  2. Linked developer account to windows store for business organization here:

The deployment will be handled by our Windows Store agent and is mostly self service.

Here is how you deploy to Windows Store for Business:


Click Dashboard



Create a new submission
Start the submission of your app
Place it in the Windows Store for Business



Select organization and deploy



From this guide:

MDM enrollment with Azure AD Join

This is how you both join Azure AD and enroll for MDM. Your admin need to have configured Automatic MDM enrollment into intune over at for this to work.
1 - system2 - aad join

3 - notification
Disclamer from Windows
4 - login
Note how my icon and text have been pulled Down from Office 365
5 - mfa loading
Azure MFA gateway
6 - custom policy approvment screen
Customizable Policy template for Your org

7 - org check

8 - spell check
Despite the translation error, all is okay now.



Azure MFA on Windows 10 Native Mail Client

If you enable Azure MFA in Office 365 and try to sync mail using the native Windows 10 Mail client, this is what the user will see:

(Sorry for the Language. Just the buttons and boxes are all the same)

1 - add mail account
User needs to Select Office 365 for Azure MFA
2 - add user
User needs just now to enter his UPN, it can not be username
3 - autodiscover looks for your account
If it fails here then Autodiscover is broken.
4 - enter password
Observe that the mail app has pulled Down my Company details including logo and custom text
5 - Azure AD MFA calls
Right now yor phone would ring or you would get a sms/app challenge
6 - account added
Thats it
7 - policies
Your Company Security settings will now be Applied. Usually you get this Box regardless just to tell you that it might tighten security
8 - mail recieved
You recieve mail. If you do not see mail, mabye the mail is older than a month. Then you need to change the sync settings to enable all mail to sync down



Azure AD password reset Windows Phone 10 behavior

What happens on your Windows Phone when you reset your Azure AD Password?

This happens on Windows Phone 10 Outlook:

You get a settings out of date notification
There is a triangle next to your account. Click it
Password dialog box
Type your password



Forgot login credentials and need to reset Windows 10 – Use Advanced Startup

If you are stuck on this screen and forgot your login there is a simple way to reset your device.

Logon screen and you can not log in.



Hold the “SHIFT” key and keep holding it while tapping/clicking on the power button and select restart



Advanced startup. Press troubleshoot and then press “Reset this PC” 

Thanks to:



Azure AD join on Intune MDM classic agent channel *UPDATED

You can join Azure AD and use the Intune device agent for MDM and not the MDM channel when you enroll. It is a bit tricky and require manual touch on the device.

The best experience is to include the Intune agent in the Windows Image. If can not do this then here is how:

You need this:
  1. Azure AD Enrollment Administrator
  2. Microsoft Intune Agent on USB
  3. Windows 10 clean install (OOBE)
  4. Configure Azure AD to only MDM enroll
  5. Create a group for Security Group with all students
  6. Target Intune to only do MDM for that Group
Optional: Passport for Work registry disable script

Here are the steps:

In Azure AD:

  2. Go to Active Directory
  3. Select your Domain
  4. Select Applications
  5. Select Microsoft Intune
  6. Select Configure
  7. Under manage devices for these users, select Groups then browse and select the all students group. Select it and click on the check mark. Click Save down on the bottom bar.
appsconfigureselect eleverset groups

In Intune:

  1. Create an enrollment administrator in the Intune Console
  2. Go to ->Admin->Administrator->Device Enrollment Administrator Enter an Azure AD user as a device enrollment admin e.g.
  3. *Create group for the devices that the Device Enrollment Administrator is a part of so that all his devices get targeted for a script.
  4. *Disable Passport for Work by pushing a Script to that group. This script Disables Passport for Work on the local machine so that you do not need to enter a pin.
  5. *Here is how you create the script: Create script
  6. *Here is how you package the script: Script Deployment
  7. *Here is how you deploy the script: Deploy custom script
  8. *One client is visible in Microsoft Intune you need to either distribute the software on all clients or on a client that you manually move into a specific group.
  9. That software will be pushed down in time. you may force the install on the device by pressing install on the client or refreshing the policy in Intune.
  10. Get the Intune agent from Admin->Download Client Software and save it to a USB stick.
*Only nessecary if you want to disable the “Create PIN promt” on login.


deployment admin
Enrollment Admin Creation

On the Device:

  1. Boot the clean device.
  2. Under the OOBE experience Select “My company owns this Device”
  3. Log on with that enrollment administrator and complete the setup.
  4. As the admin you will be challenged with a PIN prompt and you need to verify so bring your phone.
  5. Plug in USB and run the EXE file. Remember you need both the EXE and that small certificate file to be in the same folder for the enrollment to be toward your account.
  6. Let the machine sit if you can. The longer it sits, the more stuff will be downloaded so your next user do not have to wait.
  7. Log of your enrollment admin and give the PC to the students and let them log in with their user that is in the Student security group.
  8. The next user that logs on will be a standard user.
  9. He/She will be prompted for a pin but it can be bypassed by doin this:

Why you should have the taskbar on top

If you are getting or own a Surface Pro 3 or Surface 3 its much better to have the taskbar on top.

Here are the two reasons I do it:

  1. Better Ergonomics – You lift your gaze instead of looking down you look up.
  2. (Most important) Easier to touch the taskbar when the keyboard is clipped on


Activate Windows 10 Enterprise

Testing the Windows 10 Enterprise image from MSDN or VLSC?

If Your machine is not domain-joined or you do not have a KMS server, you can activate Your enterprise installation With a MAK-key. This is usually if you have a MSDN or VLSC account.

Activation it easy:<

Win key
Right Click on Command Promt and Select “Run As Administrator”
Then type:
slmgr.vbs /ipk <windows key>

Your machine is now activated and configured as a KMS (Key Management Service) host
kms aktivering

Blog at

Up ↑

%d bloggers like this: