SharePoint Stuff



Azure AD DS Hybrid with Azure AD and Intune MDM Q&A

Written by Luke Smith. Posted in Microsoft

Q1: Why can’t I “factory reset” my Windows 10 device even though it’s listed in Intune under “Azure AD Devices”, however the device is not listed in All Devices
A1: Azure AD Join devices don’t allow you to factory reset. Your device needs to be enrolled with Intune MDM before the device can be “factor reset”. To enable Intune MDM run though the following
1. Enable Intune MDM integration with Azure AD: https://docs.microsoft.com/en-us/intune/windows-enroll
2. License user for EMS (AD Premium and Intune required): https://docs.microsoft.com/en-us/intune/licenses-assign
3. Device Enrolment: https://docs.microsoft.com/en-us/intune-user-help/enroll-your-w10-phone-or-w10-pc-windows
4. To force intune MDM enrolment you can install the company portal app from the Microsoft Store: https://www.microsoft.com/en-gb/store/p/company-portal/9wzdncrfj3pz
NB: if joining windows AD DS and Azure AD see Q3:

Q2: Can I factory reset a Windows 10 device which is Windows AD DS Joined, Azure AD Joined and Intune MDM Managed
A2: Yes, to configure please see Q3

Q3: can I automatically enrol a windows 10 windows AD DS joined device into MDM and Azure AD
A3; Yes, however you need to be using build 1709 or above, for more information please see : https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup and
https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy

Q4: Is it possible to add the BitLocker Protector key to AzureAD? even if you enabled BitLocker before the device was Azure AD Join?
A4: Yes, the following PowerShell will need to be executed:

Add-BitLockerKeyProtector -MountPoint “C:” -RecoveryPasswordProtector
$BLV = Get-BitLockerVolume -MountPoint “C:”
BackupToAAD-BitLockerKeyProtector -MountPoint “C:” -KeyProtectorId $BLV.KeyProtector[1].KeyProtectorId

Further information:

Intune make sure the DNS CNAMEs are created: https://docs.microsoft.com/en-us/intune/windows-enroll#simplify-windows-enrollment-without-azure-ad-premium
Intune Factory reset\Remove company data descriptions: https://docs.microsoft.com/en-us/intune/devices-wipe
Intune Non-windows updates: https://docs.microsoft.com/en-us/intune/whats-new
Intune device compliance policies: https://docs.microsoft.com/en-us/intune/device-compliance-get-started
BitLocker Management: https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-management-for-enterprises

Kemp Load Master Template Creation Error

Written by Luke Smith. Posted in Microsoft

Issue

You download a Kemp Template such as the Exchange 2016 Templates, then uploaded into the virtual service template gallery on your Kemp device. When you then try and create a Virtual Service using the Template you receive error:
“cannot create VIP”

Resolution

It’s likely the template you have download is using a feature not supported by your device such as Edge Security Protection (ESP), Web Application Firewall (WAF) or your Device is not on the supported Firmware version.

Delete the templates installed on the Kemp and Download the Templates support by your Device and Firmware revision.
OR
Update the Firmware to support the Templates downloaded.