Jump to content

Phillip Helmling

Employee
  • Posts

    187
  • Joined

  • Last visited

  • Days Won

    9

1 Follower

About Phillip Helmling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Phillip Helmling's Achievements

  1. I'm biased, but from my point of view: Workspace ONE can do everything that Intune and SCCM together can do. Neither SCCM or Intune by themselves compare to Workspace ONE, that is why Microsoft still sells both. Workspace ONE can leverage WORKGROUP, ADDS Domain Joined, Hyrid Domain Joined or AzureAD/EntraID joined devices Workspace ONE also supports other Directories Workspace ONE provides the ability to deploy EXE, MSI, MSIX and applications within a ZIP without conversion, and leverages CDN and Peer Distribution (BranchCache) out of the box Workspace ONE also provides a Workflow capability called Freestyle Orchestrator that can check conditions, deploy apps, scripts and profiles Workspace ONE can leverage in many inbuilt profiles, including best in class (IMHO) Bitlocker management, Microsoft CSP and Custom Profiles that can write registry keys, run powershell commands or send Custom SyncML to the OMADM client on a device Workspace ONE also has Smart Groups that allow for dynamic grouping of devices or collections Workspace ONE has great DEX capabilities Workspace ONE has great visualization and reporting interface Workspace ONE is best in class for all platforms (iOS, Android, Chromebook, Windows Desktop and macOS) and more to come ....
  2. Nope, just deploy with either the Windows Update profile or use a Custom Profile depending on your use case. Happy to connect to discuss further if you need. Bitlocker is provided by our Encryption profile Windows AI - yup we normally would deploy a Custom Profile (see attached example - https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowsai) News and Interests not sure LAPS - same as Windows AI Local Policies - ? Like what? Would you use baselines for this? Win 11 personalization and start - probably Custom Profile. I've not tried ;) This probably needs an SR logged with Support. I've only seen one issue and it was actually related to the particular setting that wasn't applicable to ARM/or ARM handled it differently. Please bear in mind that Baselines are a security and compliance tool. Whilst it sets configuration, it does so to be compliant and allow you to report on the compliance. Profiles just set and forget. Also the reason Baselines ask to reboot is they apply user context settings. Profiles do too, but don't ask to reboot so they may not actually be applied. What I would do if you need compliance or you want to leverage the industry standard settings like MS Baseline or CIS L1 Benchmark, is to apply the Baseline, apply your profiles via a Workflow and have the Workflow test for the existence of a setting that Baseline applied. I'll also check on if there is a way to determine if Baselines have deployed successfully and then you can execute a reboot (via Script right now) via the Workflow. Hope that makes sense. WindowsAI.xml
  3. Where about mate I can't find them. Did you fork the repo and push a PR?
  4. try deploying a profile to set the TZ, this is one that sets it by powershell: Profile Template - https://github.com/helmlingp/WS1UEM_Profiles/blob/master/WS1Profile_RunPS_Template.xml script to add into the profile: https://github.com/helmlingp/WS1UEM_Profiles/blob/master/Set_TZwithPowershell.xml This method allows a user to override it if users reside in other TZs. If you want to lock it down then create a Custom Profile and paste in https://github.com/helmlingp/WS1UEM_Profiles/blob/master/Set_TZwithCSP.xml
  5. Hey @Scott Gardiner this is a known issue and we are working toward resolving it by consolidating and updating our application sampling. You should see both the assigned and the actual version in the Device Details > Apps tab and these are also reported in the Intelligence Console. Vuln wouldn't help here IMHO
  6. Hi @Matthew Slatosky no it is not really at this time, but a great feature request! I assume you would only write when there is a failure as returning info is what sensors is for and that does display in the Device Details > Sensors tab
  7. what would you like to know about those uninstall registry paths @Daisuke Yajima? We look in those registry entries on a reference machine or packaging machine for the uninstall command needed to configure an app to deploy. You can see some examples of these in this spreadsheet, although it is very old now it will give you a pointer to the info you need to deploying Win32 apps. https://github.com/euc-oss/euc-samples/blob/main/UEM-Samples/Utilities and Tools/Windows/Software Distribution Templates/Validated App Templates.xlsx
  8. You can deploy with a ZIP so that you leverage Peer Distribution but you can also use the Office Deployment Tool to install from the Cloud https://learn.microsoft.com/en-us/microsoft-365-apps/deploy/plan-microsoft-365-apps#step-1---choose-how-to-deploy. If you did, your ZIP containing the ODT and config file would be the only things included.
  9. fantastic work @Mathieu Beaugrand, you could also submit this to https://github.com/euc-oss/euc-samples/tree/main/UEM-Samples if you like
  10. have you checked the Audit Log to see if Azure is complaining of no license? https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Audit You need to assign a P1 license minimum to the user
  11. Hi @ZombieKiller, yes we are getting ready to replace this profile type with a new version that will look similar and operate much "better". Details coming soon. I know you were hoping to utilise this profile type for Windows Update control, but I'm interested to know what settings are missing from the current profile? As far as the reliability of the existing Windows Update profile when running on machines with a CIS L1 Baseline, this is nearly always because CIS L1 Baselines have a Windows Update control configured by default. If you are using the Baseline and profiles, then disable that part within the Baseline. You should never deploy conflicting configuration.
×
×
  • Create New...