If you're using Windows Update for Business in Microsoft Endpoint Manager you're probably also using Microsoft's Update Compliance solution for reporting. Update Compliance contains some useful data and I know the team are working on additional improvements. A while back I created my own "Update Compliance" solution in part because I wasn't happy with the … Continue reading Enhance Update Compliance Reporting with Microsoft Endpoint Manager
Category: Compliance
Update MEMCM Configuration Item Supported Platform conditions for Windows 11 with PowerShell
Ok, so I'm late to the party but I recently updated MEM Configuration Manager to 2107 and checking the release notes the supported platform conditions for configuration items don't automatically get updated to include Windows 11 where they've been targeted to Windows 10. I've got lots of CIs and I didn't want to manually update … Continue reading Update MEMCM Configuration Item Supported Platform conditions for Windows 11 with PowerShell
Use Proactive remediations to report on or install the Microsoft Update Health tools
Microsoft recently made a download available for their Update Health tools - if you're using Microsoft Endpoint Manager and enrolling or co-managing Windows devices these tools need to be installed to make use of the capability for expediting quality updates. For devices connected to Windows Update or Windows Update for Business these tools should already … Continue reading Use Proactive remediations to report on or install the Microsoft Update Health tools
MEMCM Compliance Item Scripts to Secure PointAndPrint Registry Keys
Microsoft published some updated guidance yesterday for the Windows Print Spooler Vulnerability (CVE-2021-3457) and recommend securing a couple of Point and Print registry keys if they exist, in addition to deploying the security update: After applying the security update, review the registry settings documented in the CVE-2021-34527 advisoryIf the registry keys documented do not exist, … Continue reading MEMCM Compliance Item Scripts to Secure PointAndPrint Registry Keys
A case of the unexplained: Intune password policy and forced local account password changes
Having a password policy is a best practice for security of accounts, whether domain, local or wherever passwords are used. In the Windows world, domain accounts have a default domain password policy. Azure AD accounts have the Azure AD password policy. Accounts local to Windows can have a password policy too, and you can use … Continue reading A case of the unexplained: Intune password policy and forced local account password changes
Get the current patch level for Windows 10 with PowerShell
I was working on some updates to our unified reporting solution for Windows Updates (ie WUfB + MEMCM) and I wanted to figure out simply from the OS build number whether a Windows 10 workstation has the latest cumulative update installed. The only reliable and useable static list I could find for Windows 10 build … Continue reading Get the current patch level for Windows 10 with PowerShell
PowerBI Reports for Windows 10 Feature Update Compliance
This morning I saw an interesting tweet from Sandy Zeng with a Log Analytics workbook she'd created for W10 feature updates based on Update Compliance data. I'd been meaning to create a similar report for that myself in PowerBI for some time, so I took inspiration from her tweet and got to work on something! … Continue reading PowerBI Reports for Windows 10 Feature Update Compliance
Prevent Users from Disabling Toast Notifications – Can it be Done?
Another toast notifications post - this time to deal with an issue where users have turned off toast notifications. In my deployment of Windows 10 feature updates for example, I use toast notifications to inform users an update is available. Once we hit the installation deadline, the notifications become more aggressive and display more frequently … Continue reading Prevent Users from Disabling Toast Notifications – Can it be Done?
Get Previous and Scheduled Evaluation Times for ConfigMgr Compliance Baselines with PowerShell
I was testing a compliance baseline recently and wanted to verify if the schedule defined in the baseline deployment is actually honored on the client. I set the schedule to run every hour, but it was clear that it did not run every hour and that some randomization was being used. To review the most … Continue reading Get Previous and Scheduled Evaluation Times for ConfigMgr Compliance Baselines with PowerShell
Inventory Local Administrator Privileges with PowerShell and ConfigMgr
Any security-conscious enterprise will want to have visibility of which users have local administrator privilege on any given system, and if you are an SCCM administrator then the job of gathering this information will likely be handed to you! However, this task may not be as simple as it seems. Gathering the membership of the … Continue reading Inventory Local Administrator Privileges with PowerShell and ConfigMgr