How to create a custom Address Lists in Exchange Online

Introduction

A lot of people are using the Address Book in Outlook or their web mail to find people, but sometimes it can be a hard time filtering on company or departments.
Therefore we will go thru how to create custom Address Lists, and in this case only users with a mailbox that have something typed into the Office-attribute will appear in these lists.



Deploy separate Intune workloads to different collections (Co-management)

I was looking for a way to be able to deploy a Co-management policy with only Windows Update policies workload to a specific collection. This in order to transition a smaller amount of computers (who are not a member of the already existing Pilot group) to be controlled via Intune instead. In the Configuration Management console I was not able to create multiple Co-management policies so I thought that this was not possible to do. But then I found this great article describing the exact scenario I had and so I went ahead and tried it in my environment which worked like a charm.

All the credits goes to Cody Mathis and his original article about this topic.

Co-management – Multiple Pilot Policies


So what do I need to do this make this possible?

We need to use Powershell to create a new Co-management policy with the cmdlet New-CMCoManagementPolicy. We can then rename and deploy the policy to whatever collection we want. Isn’t that awesome?

In this example we will create a policy with the WufbWorkloadEnabled which will only activate the Windows update policies on the specific collection of our choice.

Other Workloads can be set be using the following parameters.

  • CAWorkloadEnabled = Compliance policies
  • RAWorkloadEnabled = Resource access policies
  • WufbWorkloadEnabled = Windows Updates Policies
  • EPWorkloadEnabled = Endpoint Protection
  • Office Click-to-Run apps = Doesn’t have it’s own parameter so you need to create that via an XML instead. Very well described in Codys article (link above) so I won’t write about that in this post.

Start Powershell from within the console and run the following commands (please note that there is different commands depending on the version you are running):


If done correctly the policy should now be deployed to the collection you defined in the commands above and you should see it like on the picture below.

On the computer you can now see that the new Co-management policy (CoMgmtSettingsPilot-WUFB) has been applied in configurations tab (control smscfgrc). Please note that you can see multiple CoMgmtSettings depending on your configuration.

We can also see that the Intune policies have been applied to the computer (Settings > Update & Security > View configured update policies > Policies set on your device).


If you have any questions, feel free to email me at tobias.sandberg@xenit.se or comment down below. I will try to answer you as soon as possible.


Other articles about Configuration Manager and Intune.

Move Software Updates to Intune with Co-management

Device cleanup rules for Microsoft Intune

Intune – Administrative Templates (Preview) are here

App Protection Policies for managed and unmanaged devices in Intune

 



Palo Alto VM-Series with active/passive HA support in Azure

Since the latest release of Palo Alto Network PAN-OS 9.0.0 the VM-Series firewall now supports the VM-Series plugin, a built-in-plugin architecture for integration with public clouds or private cloud hypervisors, with the plugin you can now configure VM-Series firewalls with active/passive high availability (HA) in Azure. I will cover some of the requirements in short which is needed to setup HA in Azure.



Windows 7 licens key is “not genuine” and activation failes after installing KB971033.

INTRODUCTION

After installing KB971033 update some clients has issue with the KMS licens key is not genuine.  It is a known issue for Microsoft. You find more information here.  https://support.microsoft.com/en-us/help/4480970/windows-7-update-kb4480970

SOLUTION

The solution from Microsoft to be able to activate Windows again is to uninstall the patch, rebuild the Activation related files and then activate Windows.

  1. Start with uninstall the patch from Control Panel > Windows Update > View update history > Installed Updates, right-click Update (KB971033), and select Uninstall.
  2. Restart the computer.
  3. Now when the patch is no longer installed, we should rebuild the activation related files and activate Windows. Start CMD as administrator and run following commands:

net stop sppuinotify

sc config sppuinotify start= disabled

net stop sppsvc

del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 /ah

del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 /ah

del %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

del %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\cache\cache.dat

net start sppsvc

cscript c:\windows\system32\slmgr.vbs /ipk <edition-specific KMS client key>

cscript c:\windows\system32\slmgr.vbs /ato

sc config sppuinotify start= demand

 

You can find the KMS-keys in the following link. https://docs.microsoft.com/sv-se/windows-server/get-started/kmsclientkeys

 



mixed authentication methods added for Global Protect

In Palo Alto Networks latest release 9.0.0, a new feature was added that allows you to have mixed authentication methods to the same Global Protect portal and/or gateway.

When this feature is enabled it will basically allow your users to authenticate with user credentials and/or client certificates. The options are to either to require both user credentials and client certificates or you can allow user credentials or client certificates.

On top of this you can also set different requirements depending on what OS the user connects from. Below are the current list for available operating systems you can set policies on:

  • Andriod
  • Chrome
  • iOS
  • Linux
  • Mac
  • Satellite
  • Windows
  • WindowsUWP
  • X-Auth

With this you could create an authentication-profile that requires Windows-users to authenticate with both user credentials and client certificates.

Then create another that allows your Android-users to authenticate with either user credentials or client certificates.

This feature could be used in some different cases, for example if you already have two different portals and one of them only requires user credentials for authentication. In that case you could put the two configurations together and save the public IP that was used for the other portal/gateway.

More information can be found on: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/globalprotect-features/mixed-authentication-method-support-for-certificates-or-user-credentials.html 

If you have any questions, feel free to email me at petter.vikstrom@xenit.se or comment down below.



Citrix Virtual Apps and Desktops 1903

Citrix announced their new release Virtual Apps and Desktops 1903 on 28th of March and it contains a lot of interesting changes in all categories along with a long list of fixed issues. I will cover two of the changes in this blog-post which I found extra interesting, and that I would recommend you looking into as well!

Director

Citrix Director has been given some love and has received a few changes in the user interface. It has also been announced that similar changes to improve the user experience, are to be expected in the coming releases.

Also a profile processing duration counter has been added on the logon duration chart. This for making troubleshooting easier on profile related matters.

Virtual Delivery Agent

DPI matching on Windows Server 2016/2019, which allows your session to match your clients DPI. Requires minimum Citrix Workspace App on your client.

Pen functionality support with Windows Ink-based applications on Microsoft Surface products. Requires Windows 10 and Citrix Workspace App 1902 for a minimum.

Deprecation and removal

With change comes deprecation, and Virtual Apps and Desktops release 1903 is not an exception. In this release Citrix announced and removed the following components:

  • Announced in 1903 – To be removed
    • Smart Check for Virtual Apps and Desktops
  • Removed in 1903
    • Linux VDA – Support on Red Hat Enterprise Linux/CentOS 7.5
    • Citrix Receiver for Web classic experience
    • Support for Framehawk – Also removed option to enable from VDA installation
    • Delivery Controller options for end-of-life products (VDI-in-a-Box, and XenMobile < 9.0)

A full list of changes can be found here:
https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/whats-new.html

If you have any questions regarding Citrix Virtual Apps and Desktops, feel free to email me at robert.skyllberg@xenit.se or comment down below.



Microsoft Teams devices

So maybe you’ve read my article on Microsoft Teams Rooms? These solutions are just a part of Teams devices which offer smarter ways to connect and work together in the ever-changing workplace.

First of all, the Teams devices are certified to work with Teams and Skype for Business for that matter. Then they offer the best-in-class performance and crisp sound and picture that the certification requires.

Room Systems – check this article out.

Room phones – These are for smaller rooms which don’t need a complete Room System. These devices actually run Android and have the Teams client installed so essentially, the device and room is actually logged into a room. This way you can quickly book a room and join the meeting from the room phone. You don’t have to login with your personal credentials but it can also be a shared room which is always logged on. Here’s a sneak peek how it looks:

Personal devices – these devices are your personal ones. For example the Jabra 710 which has a Teams button/LED which will flash if you have a missed call and when you press it, it will get you to the missed calls list in the Teams client.

Desk phones are still used by many. For example the left one below is Plantronics Elara 60 which is a mobile dock. Just put your mobile phone in the dock for wireless charging and it will pair itself with the dock. You will get hard puttons for calling and also a Teams button which will flash if you have missed calls in Teams and will bring you to the missed calls list on your mobile phone and remind you when you have meetings.

The right is a Yealink phone which has a large touchscreen which is running Android and the Teams app. This means you can easily perform and receive Teams calls directly on the phone. You can have it as a companion to your computer where you have your daily meeting schedule open on the device at all times. For the IT-pro, this also means you will be able to manage these phones from the Teams admin center since the device itself is actually enrolled into Azure AD as Azure AD registered.

And of course, the headsets which comes in various models and sizes. At Xenit, we use Jabra which have a large portfolio of different models.

But seriously, what’s wrong with any-high-quality Bluetooth headset out there, won’t it work? Well, to be honest – it might. My personal experience is that you can definitely pair your headset to your phone and Windows 10 client. You might miss out on some special functionality like busy-light on, call control functionality but you might not get the crisp sound quality you otherwise get because to be honest, the built-in Bluetooth in some laptop devices are simply not manufactured with sound quality in mind. But when I tried to use a high-quality Jabra Bluetooth headset with the built-in Bluetooth in my laptop did not work well. It worked 9 out of 10 times but I experience some unplanned disconnections during some meetings which I didn’t with the Jabra dongle.. that’s sad since the USB dongle really annoys me.

So before you go shopping, make sure you check out the list of certified devices at http://office.com/teamsdevices.



Printix – The Secure Cloud Print Management Solution

Are you looking for a new print solution that will work for a modern workplace? A solution that will let you get rid of those nasty on-premise print servers? A solution that will make print management more easy and fun? Look no further, you just found one!

With Printix solution you will get a serverless, simple, cloud service that integrates with Microsoft or Google which gives you a single sign-on experience. Printix will provide a centralized management portal with support for all USB and network printers, mobile and secure printing, high document security and Print Anywhere at any time. The setup is easy and you will be able to use it almost instantly.

So how does this work? 

Instead of dedicated print servers, you will leverage the Printix Cloud together with the Printix client from a device of your choice (Windows, Mac, Chrome OS, Andriod, iOS). Once you installed the Printix Client it will detect your existing printers on your network and automatically configure these in the Printix Cloud and even upload the current drivers(!). You can also manually add printers from the Printix dashboard if you want. Once your printers are configured in the Printix Cloud you don’t need your on-premise servers anymore since the document will be (re)directed to the printer either directly to the printer on your network or via the Printix Cloud through the installed Printix Clients on your computers.

There is a number of ways to print your documents.

From the Printix dashboard, which you will be provided, you can configure everything related to your printing environment, like print queues, user settings, network settings, cloud storage, analytics, downloading the Printix client and much more.

The license method is per user-based which can be setup on a monthly or annual year subscription. An active user is any user that logged into Printix (client and admin interface) at least once during the monthly billing cycle.

Please note that this solution also works with Citrix and RDS environments.


Does this sound interesting for your organisation? Maybe you want to try it out and feel how easy it is to setup and get going? If so, please let me know at tobias.sandberg@xenit.se and I will get you a trial right away since Xenit is a partner of Printix.

If you have any other questions, feel free to email me at tobias.sandberg@xenit.se or comment down below. I will try to answer you as soon as possible.



What is FSLogix Cloud Cache?

Background

Last year FSLogix released its award winning (at Citrix Synergy) technology Cloud Cache, and I for one was very curious about what this meant and what I could use it for. The fact that is was included in the license for Office 365 Container and Profile Container was a really nice surprise, but I was somewhat confused about what it actually does, I mean, have FSLogix developed their own cloud service? It sure sounds like it, that was however not the case. First off, this is a technology that will make your profiles or Outlook cache easily available cross-platform and a kind of built in High Availability so you don’t have load or create a fail-over file-cluster. But there are some things you should take in consideration before implementing this to your environment, but first let me explain what Cloud Cache really is and what the target benefits are!

What is Cloud Cache, really?

As I mentioned you might think that is has something to do with the cloud, or the cloud services, that’s wrong, or at least regarding the technology. Cloud Cache contains primarily 3 features:

  1. Automatic Replication
  2. Cache of “hot” data from your container
  3. Use of Azure blob storage as VHD location

Automatic Replication

Before Cloud Cache you could in FSLogix set multiple paths for the VHD-files and it would automatically check the second path specified if the first was unavailable, the problem was that you needed to set up the replication between the two file locations yourself, and that was complicated since the VHD-disks will be locked during use, and it was hard to do an incremental copy since the changes in data resides within the VHD file, the replication would potentially take a lot of time and load the network considerably.

With Cloud Cache they solved that issue, it is now built in to the product. It will automatically copy the data between the two locations. The pretty neat part of their solution is that the replication begins when the user logs on to their environment and copies the incremental part of the container since its now open and happens automatically. As you can figure out, this is also a great way of migrating your containers to a new location. Just add a new location, wait a couple of days and then remove the old path, really smooth, no hassle, no downtime, no late night service-windows.

Cache of hot data from your container

It’s known that FSLogix will solve the high CPU (on the file-server) issue you normally would see if you would redirect the ost-file to a file share, but it will still demand quite fast disks and some network-load. With FSLogix Cloud Cache you will now be able to place your containers in Microsoft Azure, which is cool but there are two fundamental issues with this approach 1. Azure bills in consumption and 2. high latency to access the data. FSLogix has solved this by caching the hottest data from the containers to the actual Server/Client you reside on, this will minimize the cost in Azure and the load of the network, this is ideal if you use your FSLogix container on different platforms (On your client and a VDI-solution) or on a VDI-environment where the cache will be saved and not downloaded again.

Client profile management

Before Cloud Cache, if you want to manage the profiles of a clients with FSlogix you would have some issues, since it will require you to have the client online all the time. Fortunately with Cloud Cache, you will now not be affected by offline sessions, it will continue with the cached data and as soon its online again it will update the original VHD with the new changes that happen offline.

 

What to consider before using Cloud Cache

Now when you know what Cloud Cache is and what’s makes it good you should also know what to consider in some scenarios. First thing to consider is the cached data, how much will it cache? That is a good question, a question I have not yet received an answer to, from what I gathered this cannot be specified, meaning you cannot control the amount of data it cached, therefor you cannot control the size of the cached data on the potential Citrix server, this can in some environment be a really risky approach. I have some examples below when you really need to assess the value against the risk regarding Cloud Cache:

Citrix Provisioning Services with Citrix Virtual Apps and Desktop

When using Cloud Cache in this setup you will have issues, the cache is suppose to be persistent on the location where you are, which it will not be when using PVS and Citrix Virtual Apps and Desktop. Within this setup your cache will download every time you logon to Citrix, if you also are using “Cache on RAM with overflow on disk” you will also potentially fill your page file-disk.

Citrix Virtual Apps and Desktop

You need to be sure how to set it up, the C-drive must be large, to handle the amount of cached data every user will download, and you must set “Delete Cache on logoff” otherwise one user can potentially download his/hers cache to multiple Citrix server during logoff and logon, and that also means your user will download the cached data every time they logon. Wtich might not be the best experience you had in mind when implementing the solution. There is however a solution to this, you can redirect the cached data to another server, but if you do that, it is highly recommended to place it on fast disks and in a High availability-mode.

 

Summary

All in all this is a really nice feature and will add a lot to the product. But you need to assess it before activating Cloud Cache to see if it’s suitable to you and your environment. In the right scenario this could really improve the experience of your users and your IT-department. If you are curious about the product please don’t hesitate to contact me at jonas.agblad@xenit.se, or leave a comment below!

 

You can also find more information about FSLogix with my previous posts here:

Convert Citrix UPM to FSLogix Profile Containers

Teams in your mulit-user environment done right!

Outlook Search index with FSLogix – Swedish

FSLogix Profile Container – Easy and fast Profile management – Swedish

Office 365 with FSLogix in a Multi-user environment – Swedish

 

 



Install OneDrive (and soon Teams) on Local Machine

One of the most requested features for OneDrive and Teams have been to install the programs the local machine instead of in the profile for each user. Microsoft have finally released a OneDrive client to support this. As of version 19.043.0304.0003 OneDrive can be installed to the local machine by installing it with the below handle.

 

 

This makes a huge difference in a multi-user (Virtual Apps and Desktops) environment. If you wanted to use OneDrive before, you had to install the OneDrive client to all users profile. However, this can be very time consuming. Especially if something goes wrong with the installation and/or program files that’s stored in each users profile.

 

It seems that Microsoft have finally caved for the community. Christiaan Brinkhoff on twitter also states that a Teams per-machine is in progress.

 

 

This will be a very welcomed change for us that are passionate about multi-user environments.