Keep Applications Updated with WinGet and Proactive Remediations

Keep Applications Updated with WinGet and Proactive Remediations
The Why In a previous article , I demonstrated how to deploy applications to Intune using WinGet . I recieved a request to demonstrate how to use WinGet to update applications, and more importantly, how to run this on a schedule to keep applications updated. Since then, I found a really handy PowerShell wrapper module for WinGet called WinGetTools by Jeffrey Hicks . I made a small contribution to this module to allow it to work running under SYSTEM context.
Read more →

Update Business Voice to Teams Phone Licenses

Update Business Voice to Teams Phone Licenses
Microsoft has announced the retirement of Business Voice licensing . If your tenant is still using Business Voice with Calling Plan or Business Voice without Calling Plan, you will need to switch to the new equivalent Teams Phone plan. If you take a look at the Microsoft doc linked above, there are examples for how to update the licenses on bulk, however it is baffling Microsoft chose to demonstrate using the Azure AD PowerShell module, when the licensing portion of that module is slated to be retired as of today (6/30).
Read more →

AAD Token Broker Issues

AAD Token Broker Issues
Problem signs Outlook refuses to load, or a sign in window loops, opening and closing quickly. Outlook refuses to connect or send / recieve mail. The Windows store refuses to open. These are the initial symptoms I have seen when the AAD token broker ‘breaks’ for lack of a better term. Event ID 1098 will be logged repeatedly in the Microsoft-Windows-AAD/Operational event log. The fix Microsoft has a couple troubleshooting articles on event 1098 Event 1098 Cannot Create New Profiles and Event 1098 Error 0xcaa5001c .
Read more →

KB5014754 Certificate Authentication Woes with NDES/SCEP and Intune

KB5014754 Certificate Authentication Woes with NDES/SCEP and Intune
About 2 years ago, I configured NDES and SCEP for a client that was moving all of their workstations to AzureAD join only. NDES and SCEP work together to provide certificate enrollment for AzureAD only joined devices for authentication with Wi-Fi / VPN etc. This was the Microsoft techcommunity article I followed to get this configued. Fast foward to May 2022, in typical Microsoft fashion, a patch was released to fix a security vulnerability to “address an elevation of privilege vulnerability that can occur when the Kerberos Distribution Center (KDC) is servicing a certificate-based authentication request.
Read more →

O365 License Report With Friendly Names Using The Microsoft Graph

O365 License Report With Friendly Names Using The Microsoft Graph
In a previous article , I demonstrated how to export a license report for all users withe the ‘friendly’ license names using the AzureAD PowerShell module. Since then, Microsoft has announced the coming retirement of the AzureAD API (and assocaiated PowerShell modules). You should be migrating all scripts over to using the Microsoft Graph PowerShell SDK Here I will provide a sample script to demonstrate how to export a license report for all users in Azure AD utilizing the Microsoft Graph.
Read more →