3 Aug.

Windows 10 Anniversary Update (1607) Editions Now Available On MSDN

For those of you with the appropriate MSDN subscriptions you can now grab the 1607 builds for Home, Pro, Enterprise and Education from subscriber downloads. Take a look at the image below to get an idea of what’s available.



^ Scroll to Top
 3 Aug.

Windows ADK for Windows 10 version 1607 available for download

The updated ADK for 1607 is available here. I always recommend to download it locally for installation just in case you need to install it on multiple PCs, especially if you have a slow internet connection.

For those of you just getting started with Windows 10, here are some of the changes that the ADK introduced since Windows 8.1 was released.

What’s new in the Windows ADK

The Windows ADK now includes Windows Imaging and Configuration Designer, the Windows Assessment Toolkit, the Windows Performance Toolkit, and several new and improved deployment tools that can help you automate a large-scale deployment of Windows 10.

Windows Imaging and Configuration Designer (ICD)

  • Quickly create a provisioning package that you can use to customize devices without re-imaging.
  • Build a customized Windows 10 image for specific market segments and regions.

See Getting started with Windows ICD for more information.

Push-button reset incorporates system updates by default

Users can now refresh or restore their PCs to the updated version of the system files, instead of having to reinstall each update individually.

Partial language packs now available

Want to add more languages for users when they turn on their device? Instead of adding full language packs, save space by adding just the base user interface files for a language. Later, if your user needs handwriting or voice recognition capabilities, Windows can download them as needed.

For more information, see Language Packs (lp.cab).

New package type: Capabilities

This new Windows package type lets you request services like Microsoft .NET or languages without specifying the version. Use the DISM tool to search multiple sources like Windows Update or your corporate servers to find and install the latest version.

Save space by running Windows from compressed OS files

You can now run Windows directly from compressed files. This is similar to WIMBoot, introduced in Windows 8.1 Update 1. This new process uses individual files instead of a static WIM file. When updating system files, Windows now replaces the old files instead of keeping both copies.

Windows Performance Analyzer Sharing and Collaboration

Developers can package and share their trace in a zip file along with their trace session, annotations, and (optionally) loaded symbols with Windows Performance Analyzer.

See What’s New in the Windows Performance Toolkit for more information.

Windows Performance Recorder Query Providers

Windows Performance Recorder now supports querying providers. ProcessExeFilter is an optional attribute, allows providers to filter specific processes by their corresponding executable name.

See What’s New in the Windows Performance Toolkit for more information.

ailable for Windows 10 build 1607, perhaps the most important one for SBC/OEM is the new ADK…

^ Scroll to Top
 1 Aug.

Windows 10 Anniversary Update Resources

As we are now on the final days before the Anniversary Update rolls out to non-Windows Insiders, it’s worth visiting, or even revisiting, some of the resources that cover what’s new and what’s changed. I’m going to start with one of the topics that has received a bit of attention, which are the changes to Group Policy and MDM settings for Pro versus Enterprise/Education, which started appearing with 1511, but are continuing to change.

Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education

Manage Windows 10 Start layout options

Telemetry levels (the applicability to Enterprise and Education is mentioned about half way through the post, this link should take you straight there.

Changes to Group Policy settings for Windows 10 Start – again, there is a note in here about settings that do not apply to Pro

Manage connections from Windows operating system components to Microsoft services

With the future introduction of the Windows 10 E3 and E5 SKUs in the CSP program, there is going to be a more flexibility for smaller customers to get an Enterprise subscription, versus only being able to currently get it via some type of volume licensing agreement. We will need to see how this pans out, but from a technology perspective the demonstrations of this technology at Microsoft’s recent Worldwide Partner Conference was something that caught my attention.

^ Scroll to Top
 12 Jul.

WPC2016 and Related EMS Announcements

This week at WPC Microsoft have been discussing some of the most recent changes to EMS, which has now been rebranded from Enterprise Mobility Suite to Enterprise Mobility + Security to take into account some of the recent additions that focus heavily on security. Over the coming weeks I’ll have time to dig into these in more detail, but for now here are the related blog posts for the announcements.

Introducing Enterprise Mobility + Security

Learn about the rebranding and the EMS E3 and EMS E5 SKU options.

Azure Information Protection: Available in public preview now!

This initial preview comprises two components:

  • An Azure management portal for the configuration and management of information protection policies, rules and labels.
  • An Azure Information Protection client for the consumption and enforcement of classification, labeling and protection policies across Word, Excel, PowerPoint, and Outlook (2010/13/16).

New in Intune: Conditional access for browsers, Dynamics CRM Online and Cisco ISE

With the latest Intune service update, there is a further expansion of the conditional access capabilities, which allows you to manage access to corporate email, files and other resources based on customisable conditions that ensure security and compliance, including location, risk, user, device, and app compliance. As conditions shift, access policies which are defined by IT are triggered to ensure that your corporate data is protected. And all this is done without on-premises gateways or appliances.




^ Scroll to Top
 30 Jun.

Windows 10 Deployment and Management Lab Kit Update Now Available

One of the downloads I regularly recommend from the TechNet Evaluation Center is the Windows 10 deployment and management lab kit. It’s a self contained virtual machine environment that lets you run through several different Windows 10 deployment and management technologies and scenarios so you can get hands on in a live environment. Following are the full details, and you can download the rest here.

A complete lab environment*

The kit includes a pre-configured virtual lab environment with evaluation versions of:

  • Windows 10 Enterprise, Version 1511
  • System Center 2012 Configuration Manager 1511 (including upgrade guidance for Configuration Manager 1602)
  • Windows Assessment and Deployment Kit for Windows 10
  • Microsoft Deployment Toolkit 2013 Update 2
  • Microsoft Application Virtualization (App-V) 5.1
  • Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 Service Pack 1
  • Windows Server 2012 R2

*Lab environment requires 32 GB of available memory and 300 GB of free disk space. Lab expires August 30, 2016. A new version will be published prior to expiration.

Step-by-step labs

Illustrated lab guides take you through multiple deployment and management scenarios, including:

  • Image creation
  • Lite-touch and zero touch deployment
  • Managing Windows 10 with Configuration Manager
  • Code integrity
  • Windows 10 provisioning
  • In-place upgrade
  • Application compatibility
  • Application virtualization
  • BitLocker administration and monitoring
  • Credential Guard

^ Scroll to Top
 28 Jun.

Azure Active Directory Enterprise State Roaming Generally Available

I’ll do a more detailed post on this in an upcoming series of tutorial focused posts, but for now it’s worth mentioning one of the things I haven’t had a chance to post about yet – Enterprise State Roaming is now GA. This continues the trend of Windows 10 and Azure Active Directory based capabilities that are really helping to eliminate the need for a consumer Microsoft Account. This is something that has been problematic for many organisations in the past, and this new capability, combined with Windows Store for Business (more posts on this to come) were very well received at a national series of roadshow events I just wrapped up with the Microsoft Education team on Windows 10 Anniversary Update (yes, I know, I need to post more about that too).  This doesn’t mean that the Microsoft Account requirement for organisational related purposes completely disappear for everyone, but it’s definitely getting closer.

The way I was able to easily demonstrate this feature was using a new Windows 10 Education virtual machine that I would perform an OOBE AAD Join, and within a short timeframe we would see the background image change, a very easy visual way to highlight activity, as well as showing Internet Explorer home page changes. Obviously there are more, but this was just to give a quick idea of the change. The other important thing to note that is the device that does the initial settings synchronisation needs to be activated, but non-activated devices can receive the changes, even though you can’t make some of the same customisations locally.

To get you going, here are some of the Azure team’s links for Enterprise State Roaming and closely related topics.

Enterprise State Roaming

Enable Enterprise State Roaming in Azure Active Directory

Settings and data roaming FAQ

Group policy and MDM settings for settings sync

Windows 10 roaming settings reference

Azure Active Domain Join

Connect domain-joined devices to Azure AD for Windows 10 experiences

Extending cloud capabilities to Windows 10 devices through Azure Active Directory Join

Learn about usage scenarios for Azure AD Join

Windows 10 for the enterprise: Ways to use devices for work

Set up Azure AD Join

^ Scroll to Top
 9 Jun.

Windows Store For Business Resources

Recently I’ve been involved in a series of events that have included content on Windows Store For Business, and there are some useful resources that I point people back to which are worth sharing here.

If you are using Intune standalone or as part of the Enterprise Mobility Suite, take a look at these two blog posts to begin with.

Silently push the Microsoft Intune Company Portal to Azure AD Joined Windows 10 devices

Block Windows 10 Public Store using Microsoft Intune (but still allow the business store)

Other pages you should take a look at are the following.

For App Developers looking to submit apps

Organizational licensing options

For those looking to deploy apps from the Windows Store For Business

Windows Store for Business overview

Distribute apps with a management tool

Distribute offline apps – this one explains the different files that need to be downloaded and the different license options

Project Centennial aka Windows Bridge For Desktop

These cover what’s involved in moving traditional Win32 apps to the Windows Store.

Bring your desktop app to the Universal Windows Platform

Converting your desktop app to use the Universal Windows Platform

Converting your desktop app to use the Universal Windows Platform (Project Centennial)

Desktop App Converter Preview (Project Centennial)


^ Scroll to Top
 21 May.

May 2016 Updates For Microsoft Intune

This month the Intune documentation got quite a bit of exposure by moving over the docs.microsoft.com platform, so they were getting splashed all over tech blogs around the world.  The changes that are most relevant for my focus are the MAM without enrollment for policies for Skype for Business on iOS and Android, Teamviewer support for Remote Assistance on Intune agent based PCs, and notice around upcoming changes in the support of versions of iOS earlier than 8.0

May 2016

All of these features are also supported for hybrid deployments (Configuration Manager with Intune). For more information about new hybrid features, check out the Hybrid What’s New page.+


Welcome to the preview version of docs.microsoft.com! This is a completely new, modern content platform designed to make it easier for you, our customers to understand and use Intune. To read about all of the new features, see Introducing docs.microsoft.com+

Intune service health

Service health information for Intune has been moved to a central location with other Microsoft services. You’ll now find this information in the Office 365 management portal under Service Health. For more information, see this blog post.+

App management

    • MAM SDK: Support PIN length configuration. You will be able to specify the length of the PIN for MAM apps similar to a device PIN. This will require end users to comply with the new restrictions you set. They will see a slightly modified PIN screen to account for the longer input. For details, see MAM policy settings for Android, and MAM policy settings for iOS.
    • Skype for Business for iOS and Android. You can now target Skype for business with MAM without enrollment policies. Once users log in, the MAM policies will be applied.
    • New apps available for management with MAM policies. The Microsoft Word, Excel, and PowerPoint apps for Android can now be associated with MAM policies on devices that are not enrolled with Intune. For a full list of supported apps, go the Microsoft Intune mobile application gallery on the Microsoft Intune application partners page.


Device management


Company portal updates

Android Company portal app

End user toast notifications: End users will now see toast notifications from the Android Company Portal app when they are enrolling their devices or removing their devices from the Company Portal.+

Company Portal website

Company Portal website: Device identification banner will provide more information to end users. End users can now more easily identify the device they’ve selected when they are using the Company Portal website. If the wrong device is selected, they will be able to select the correct device by tapping the Tap here link in the home page banner.+

What’s coming

    • Message center UI onboarding. As part of the migration of Intune into the Office 365 Management portal, we will begin taking advantage of their Message Center to communicate new features and other notifications. Also, by installing the companion Office 365 Admin mobile app, you can receive notifications on your mobile phone and easily forward any messages to users or a distribution alias. We will begin using the Message Center with our May release to notify you when updates are completed and will include information on new and improved Intune features. Check out the Message Center today by logging into the Office 365 Management portal and choosing the MESSAGE CENTER option in the left navigation pane.
    • Changes to Device Enrollment Managers accounts. To improve performance and scale, Intune will no longer show all Device Enrollment Managers (DEM) devices in the My Devices pane of the Company Portal app. Only the local device running the app is displayed, and only if it is enrolled via the Company Portal app. The DEM user may perform actions on the local device, but remote management of other enrolled devices can only be performed from the Intune admin console. Additionally, Intune will deprecate using DEM accounts with either the Apple Device Enrollment Program or the Apple Configurator tool. Both these enrollment methods already support user-less enrollment for shared iOS devices. Only use DEM accounts when user-less enrollment for shared devices is unavailable.


Keep informed about upcoming developments for Intune with the Cloud Platform roadmap.+

Service deprecation

  • Custom Group Targeting of Notification Rules Removal. Intune notification rules define who an email alert will be sent to from Intune. Currently, you can configure notification rules to send emails to all users of devices in an Intune device group that you created. From around June 1st 2016 moving forward, targeting user-created groups will no longer be supported.

    Today, to target a notification rule to a group you created from the Microsoft Intune administration console, you would take the following steps:

    In the Admin workspace, click Notification Rules > Create New Rule

    In step two of the Create Notification Rule Wizard, select the device groups which the rule will target. This step, “select device groups”, is being removed from the Intune Console.

    The preliminary timeline for this change is as follows:

    • In June, 2016, new tenants will not see step two of the Create Notification Rule Wizard. Exiting tenants are unaffected.
    • Around August, 2016, some existing tenants will not see the “select device groups” in the wizard.
    • Around October, 2016, we expect that all tenants will not see the “select device groups” in the wizard.
  • Changes in support for the iOS Company Portal app. In the coming months, there will be an update for the Microsoft Intune Company Portal app for iOS that will only support devices running iOS 8.0 or later. Users won’t be able to enroll new devices running versions below iOS 8.0. Enrolled devices running versions below iOS 8.0 will continue to be managed and will, for a limited time, be able to continue using the Company Portal app. However, devices must be on iOS 8.0 or later to access the latest versions of the Company Portal app. We encourage you to notify users to update to iOS 8.0 or later to take full advantage of new Intune features.
^ Scroll to Top
 17 May.

Deploy Windows 10 in a school

A new guide for schools looking to deploy Windows 10 alongside Office 365 and Azure Active Directory Premium can be found at https://technet.microsoft.com/itpro/windows/plan/deploy-windows-10-in-a-school and it includes the following topics.

For anyone looking to set up a small test environment the instructions here will work equally well outside of a school as inside of a school environment.

^ Scroll to Top
 12 May.

Azure Active Directory Domain Services Preview Now Available In Australia

Since the AADDS preview started I’ve been questioned several times during demonstrations of AAD/AADS/EMS scenarios why my tenants are always in US West, not in AustraliaEast or AustraliaSouthEast, and the primary reason was because the AADDS preview wasn’t available in the local datacenters. In a post on the Active Directory Team Blog they mention Australian DC availability, as well as other enhancements that have rolled into the preview, including…

  • Secure LDAP access
  • Custom OU support
  • Administer DNS for your managed domain
  • Domain join for Linux VM’s (no, that is not a typo!)

Check the links above for more details, but the Aus DC availability is something I’m extremely happy to see.

^ Scroll to Top

%d bloggers like this: