Windows Autopilot Video Starter Kit

I covered end to end process to provision Windows 10 devices with Windows AutoPilot service with Intune.  I already have four to five posts to explain different scenarios in Windows Autopilot. In this WIndows Autopilot Video Guide, you can see the overall process to provision Autopilot devices.

  • How to start testing Windows Autopilot
  • Prerequisites for Windows Autopilot
  •  How to build a Lab environment for testing
  • How to take a trial version of Intune and Azure AD
  • How to user Hyper-v to test

What is Windows Autopilot?

Windows Autopilot is a collection of technology used to provide modern provisioning experience to end users. Windows Autopilot is a collection of technologies used to simplify the Windows 10 OOBE experience.

Windows Autopilot is also a group technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows Autopilot to reset, repurpose and recover devices. This is what I explained in the WIndows Autopilot Video Guide above.

More details available –

What is Repurposing Existing Devices into Windows Autopilot?

How to repurpose existing Windows 7 and Windows 10 devices in your environment to Autopilot. So that your business can avoid the cost of managing the golden images and OSD infra. And also Autopilot gives better end-user experience if you are connected an open internet. I have seen Autopilot giving problems and end-user experience going for a toss because of enterprise Firewall and proxy issues.

All the details about repurposing existing devices are also given in the following posts and the video guide tutorial.

Previous Posts on WIndows Autopilot – WIndows Autopilot Video Guide above.

I have spent several time testing and deploying Autopilot in my lab environment. I also have more than four posts to help you with Autopilot implementation.

I presented a session on Windows Autopilot at Bangalore IT Pro event. I covered end to end process to provision Windows 10 devices via Windows AutoPilot service with Intune. It was great to have feedback from fellow IT Pros on modern management and Windows AutoPilot topics. This is what I explained in the WIndows Autopilot Video Guide above.

Helpful Post

Intune Certificate Deployment Step By Step Guide

Fix SCCM Updates and Servicing Issue with CMUpdateReset Tool

CMUpdateReset.exe is in build Tool provided by Microsoft SCCM to fix download issue. In this video post, you will get more details about how to SCCM updates and Servicing issue.  You can find the CM Update Reset tool in the following folder \cd.latest\SMSSETUP\TOOLS.

Run the CMUpdateReset.exe tool from?

  1. CAS/SQL server
  2. standalone primary/SQL server

The SCCM download reset tool (CMUpdateReset.exe) must be run on the top-level site (CAS or standalone primary) of the hierarchy. When you run the tool, use CM Update Reset tool command-line parameters to specify:

    • The CAS/Primary SQL Server at the top-tier site of the hierarchy
    • The CAS/Primary site database name at the top-tier site
  • The GUID of the update package you want to reset

What are the SCCM Update Reset Options?

There are two options to fix SCCM Updates and Servicing Issue using the CMUpdateReset.exe tool.

  1. Reset an update and restart the download
  2. Force deletion of the problematic update package

What is Next SCCM Updates and Servicing issue is not Fixed?

What if CMUpdateReset.exe didn’t help to fix SCCM Updates and Servicing? The following are the steps to download SCCM updates. You can check this download status from SCCM monitoring workspace. More details in the log file ConfigMgrSetup.log.

  1. Process update package
  2. Download update package cab file
  3. Extract update package payload
  4. Download redist
  5. Report package as downloaded

SCCM Updates and Servicing Issue

Fix SCCM Updates and Servicing with REDIST Files?

You can fix the issue with downloading SCCM redist prerequisite files using the following method.

  • When you have an issue with downloading SCCM REDIST prerequisite files,  you can try to use the old method to download prerequisite files.
  • Once the prerequisite files are downloaded with the old way, then you can copy those files to D:\Program Files \Microsoft Configuration Manager\EasySetupPayload\<Update PackageGUID >\Redist folder. This can be used a workaround.

All the above steps will ensure that you will fix the SCCM Updates and Servicing Issue.


Fix to SCCM CB Redist Download Issue

CM Update Reset Tool Fixes SCCM CB Update Download Issue

SCCM Restore and Recovery Guide

Intune Certificate Deployment Step by Step Guide

The first before deploying SCEP certificate is to check the prerequisites of Intune certificate deployment. I’m going share the details of Microsoft PKI related certificate deployments in this video post. If you have a non-Microsoft PKI environment, you need to check the supportability of Intune.

SCEP does not support all third-party Certificate Authority (CA), providers.  In the recently Ignite Microsoft announced new 3rd party certificate authority partners. Recently, Intune included support for Device based SCEP deployment. Intune already supported User-based SCEP certificate.

Newly Announced Certificate Authority Partners

Intune Certificate Deployment

  1. Entrusted Datacard
  2. GlobalSign
  3. EJBCA
  5. Digicert

The above is the list of  3rd party CA partners supported by SCEP. Hence you can deploy SCEP Certificate from these CAs via Intune. If you have a customer looking for any of the other third part CA to support SCEP, you can contact Microsoft and they will able to help you with the onboarding process.

Prerequisite for SCEP Certificate Deployment via Intune

Following are the Prerequisites for Intune Certificate Deployment. SCEP Certificate deployment to users and devices.

  1. PKI or CA infrastructure
  2. NDES Server
  3. Azure AD App Proxy Connector
  4. Microsoft Intune Certificate Connector:

I would recommend reading Microsoft documentation to get more details about SCEP or Intune certificate deployment prerequisites.

How to Create a SCEP certificate Certificate

Before deploying SCEP Certificate, you need to deploy PKI or CA chain of certificates to your devices or users.

  1. Root CA Cert
  2. Intermediate or Issuing CA cert 1
  3. Intermediate or Issuing CA cert 2
  4. Intermediate or Issuing CA cert 3 etc..
  5. SCEP Certificate issuing from CA

You need to make sure all the intermediate or Issuing CA certs have already reached the device. Once all the required certs are already there in the machine, you can deploy SCEP Certificate to the user or device. The device certificate can be secured using TMP chip.

As I mentioned in the above video, you can log in to the Azure portal with correct Intune RBAC access and create a SCEP certificate deployment profile.

  1. Azure portal
  2. Intune Blade
  3. Device Configurations – Profiles
  4. Create Profile
  5. Platform – Windows 10 or later
  6. Profile Type – SCEP Certificate
  7. SCEP Certificate Type – User or Device
  8. More details available

Intune Certificate Deployment SCEP Certificates

Troubleshoot on Intune Certificate Deployment Issue?

I have already shared a post about the Intune application, certificate or profile deployment troubleshooting options. I would recommend readin that post for more troubleshooting details from Intune side.

Other part of troubleshooting is done from CA, NDES, NDES Intune connector, Azure App Proxy connector etc…

Troubleshoot Intune Deployments – Applications Policies Profiles Intune Issues

Troubleshooting Intune deployments are challenging for new admins in device management world. The above video will help you to troubleshoot Intune deployment issues.

Phases of Intune Troubleshooting

There are FOUR (4) phases in Intune Deployment Troubleshooting. All these four steps are explained in this videos. You can find more details below.

  • Server/Cloud Console Side – Intune Health check
  • Server/Cloud Console Side – Intune Troubleshooting Blade
  • Server/Cloud Console Side – Deep dive into Intune App Deployment Troubleshooting
  • Client Side (Device Side) – Troubleshooting Logs/Events etc

It was far more difficult to troubleshoot on Intune issues at the time of Silverlight console. But after migrating to Azure portal Intune troubleshooting became more easy.

How to Start Intune Troubleshooting

  • Login to Azure portal –
  • Navigate to Intune Blade
  • Click on Troubleshoot node
  • Click on Select User button
  • Search and select the user id which you want to troubleshoot
  • Click Select to start Intune troubleshooting
  • Troubleshooting blade will give you all the details of selected user
  • Drill down each part of troubleshooting guide get into the root of the Intune issue

Troubleshoot Intune Issues

Most of us know how to start troubleshooting with Intune Silverlight console. Intune troubleshooting made easy after the migration to Azure portal. More details Troubleshooting on Windows 10 MDM issues are pretty new for most of us. The importance of MDM policies are getting increased day by day. In this blog post you will see tips to start MDM way of Windows 10 troubleshooting.

How to Troubleshoot Windows 10 Event Logs

Windows 10 MDM Issues Troubleshooting using registry WMI and Event Logs. More detailed discussions are available in the following blog post –

Intune Error Codes Table

Intune error codes can find the details of Intune Apps, Intune Policies, and Intune compliance policies.  you’ll be able to review applications installation status and enrollment status for devices. Here’s a list of user details you can view for each user in the Troubleshooting portal:

  • User status
  • Group assignment
  • Application and policy Assignments
  • App protection Status
  • Compliance issues
  • Device status
  • Device details such as OS type and version


How to Delete Azure AD Device

SCCM Admin Console Walkthrough Video Guide

Device Management training videos to start learning SCCM device management technology. SCCM is managing more than 70% corporate Windows PCs in the world. I call this series of video posts as SCCM Educational post series. I would love to cover the basic things of SCCM in this series of posts. In case you are a newbie to SCCM Admin Console then this is the helpful guidelines for you.

The Above video explains the details of SCCM Admin Console nodes. SCCM console buttons will give you an overall idea about UI capabilities. This post will help to learn and understand SCCM in a better way. I always think about a teaching technique which starts from the SCCM console. Do you think it would be ok to start SCCM learning with SCCM console overview?

SCCM Admin Console – More Details

SCCM console gives admin access to manage and monitor all the policies, applications, OD deployments, etc.. for the devices you manage with SCCM. Administrators use the SCCM Admin console to manage the SCCM environment. Each SCCM console can connect to a CAS or a primary site. You can’t connect an SCCM console to a secondary site.

An SCCM admin sees objects in the console based on the permissions assigned to their user account. For more information about role-based administration, see Fundamentals of role-based administration.

When you install the site server, you can install the SCCM Admin console at the same time. To install the console separate from site server installation, run the standalone installer. You can run the console from Windows 10 machines and manage the devices which you want to manage. You can install the SCCM console by using the standalone installer.

If you like to read more about this in a documentation format, I would recommend reading my previous post from the following link


More Blog posts related to SCCM/Intune/Windows 10/Hyper-V/Cloud/IT Pro/Azure –

Learn SCCM Read

Learn Intune Read –

Learn Windows 10 Read –

Learn Hyper-V Read –

Learn About Cloud Read –

Learn about Azure Read –

Learn About IT Pros Events –

Learn about me –

Another Blogs related to SCCM Videos (now related to SCCM Admin Console ) –

PWA Windows Desktop and Mobile Experience

PWA is Progressive Web Application. is my new blog and this blog is PWA enabled website. This blog is more for video blogs than text content. In this video post, you will see PWA Windows Desktop video experience. I will also cover PWA iOS and Android Mobile experience.

Google announced Desktop progressive web apps support for Chrome 70 or later. Once your website is PWA enabled, it (web site) can be ‘installed’ on the user’s device much like native apps. They’re fast.

PWA Windows Desktop apps provide more integrated, reliable experience because they launched in the same way as other apps, and run in an app window, without an address bar or tabs.

Advantages – PWA Windows Desktop

  • Fast
  • Integrated
  • Reliable
  • Engaging

PWA for Windows Devices

In this section, you will see how to install app (PWA) on Windows 10 desktop using Chrome 70 or later. PWA Windows Desktop experience is exaplained also in the video tutorial above.

  • Update your Chrome version to 70 or later on Windows 10 device
  • Launch (Re Launch) Chrome
  • Open or anyother PWA enabled website
  • Click options button as you can in the below picture
  • Click on Install “How to Manage Devices” button. How To Manage Devices is the name which I provided for this website.
  • Click on Install button from Install App popup
  • Launch the Desktop or Start menu shortcut to launch the PWA Windows Desktop app for HowToManageDevices blog
PWA Windows Desktop and Mobile Experience 3
Click on Install How To Manage Devices option
PWA Windows Desktop and Mobile Experience 4
Click on Install Button from Install App popup 
PWA Windows Desktop and Mobile Experience 5
Here is the PWA Windows Desktop Experience

PWA for iOS Devices

The following are the steps which we need to follow to get PWA iOS experience for you. The PWA Windows Desktop experience is different from this iOS experience. You can use Safari (default browser) on your iOS device.

  • Launch Safari
  • Go to (any website which is PWA enabled)
  • Click on Share button
  • Click on Add to Home Screen button
  • Click on ADD button
  • Click on App button  (HTMD) created on your iOS home screen
PWA Windows Desktop
Click on SHARE button from Safari Browser
PWA Windows Desktop and Mobile Experience 6
Click on Add to Home Screen Button
PWA Windows Desktop and Mobile Experience 7
Click on Add button to add PWA app to home page
PWA Windows Desktop and Mobile Experience 8
Click on the How To Manage Devices (HTMD) Icon
PWA Windows Desktop
PWA Windows Desktop and Mobile Experience 22

PWA Android Experience

PWA Android Experience is better than iOS and PWA Windows experience of obvious reasons.  The following are the steps which we need to follow to get PWA iOS experience for you. I have a video which explains PWA Windows Desktop experience.

  • Launch Chrome browser
  • Launch the PWA enabled website
  • Click options button from chrome browser
  • Click on Add to Home Screen option
  • Click on Add button from the popup
  • Click OK on the next pop screen
  • Click on PWA app (HTMD) icon from home screen
PWA Windows Desktop
Click on Add to Home Screen option
PWA Windows Desktop
Click on ADD button from popup
PWA Windows Desktop
Click on OK button
PWA Windows Desktop
Launch PWA (HTMD) icon from Home Screen


Who helped me to design PWA enabled blog ?

Create Office 365 ProPlus Client Package

I have create this video a year back and there are many changes in the recent months. SCCM client installation wizard has integrated with Office Customization Tool. Office 365 ProPlus Client Package creation made easy in the latest version of SCCM. You need to remember that an internet connection is required to complete the Office 365 ProPlus client package creation wizard.

The office 365 ProPlus client package creation wizard includes an online Office Customization Tool. This tool needs an internet connection as this office customization tool is launched is web-based tool.

If you are looking for solution to update Office 365 ProPlus client with latest patches, then following post shall help you. I have another post which explain about “How to Deploy and Install Office 365 Software Updates (patches) with SCCM ADR“.

Launch Office 365 ProPlus Client Package Creation wizard

 Office 365 ProPlus client package
  • Launch SCCM console from a internet connected machine
  • Navigate to \SoftwareLibrary\Overview\Office 365 Client Management dashboard
  • Click on the + Office 365 Installer from the Office 365 Client Management Dashboard
  • Give the NAME of Office 365 Client Package
  • Browse to a location mostly on the file server or SCCM server package source folder.
  • Click on Next button
  • Click Office Customization tool to customize and import your xml file to SCCM application configuraion engine. Select Office 365 ProPlus Client Package from the menu options. This part is not covered in the above video tutorial.
  • Wait for the Office 365 client Package creation wizard to finish. This wizard will download the source files from the internet and save it to package source folder.
  •  Finish to close the wizard

When Microsoft publishes a new Office 365 proplus client update to the Office Content Delivery Network (CDN), Microsoft simultaneously publishes an update package to Windows Server Update Services (WSUS). Then, SCCM synchronizes the Office 365 ProPlus client update from the WSUS catalog to the site server. SCCM can then download the update and distribute it to distribution points selected by the administrator.


How to Deploy and Install Office 365 Applications via SCCM CB

How to Manage updates to Office 365 ProPlus

SCCM Patch Management Process With WSUS And SUP

Delete Azure AD Devices – AAD Device Management

Azure Active Directory is an identity solution from Microsoft. But Azure AD helps to perform device management actions also. Most organizations use Intune to manage AAD devices. In this video, you will learn how to delete Azure AD Devices.

The Devices registed to Azure AD are visible in Azure portal. You can login to Azure portal with Azure AD admin privileges to delete devices from there. You can also delete Azure AD devices if you have Intune Administrator access.

How to Get Devices into Azure AD Management?

You have two options to get a device under the Azure AD Management.

  • 1.Registering – iOS, Android, and Windows
  • 2.Joining – Windows

In bith the above scenarios Azure AD devices can be managed by MDM Solution like Intune. Registering a device to Azure AD enables you to manage a device’s identity. When a device is registered, Azure AD device registration provides the device with an identity that is used to authenticate the device when a user signs-in to Azure AD. You can use the identity to enable or disable a device. You can also Delete Azure AD devices and remove their identities from AAD.

Delete Azure AD Devices

How To Disable an Azure AD Devices

  • Login to Azure Portal with required permissions
  • Go to Azure Active Directory blade in Azure portal
  • Select All Devices option
  • Search the devices with Device Name or You can search with User Name
  • Select one device and click on Disable button as shown in the above video

How To Delete Azure AD Devices

  • Login to Azure Portal with required permissions
  • Go to Azure Active Directoty blade in Azure portal
  • Select All Devices option
  • Search the devices with Device Name or You can search with User Name
  • Select one device and click on DELETE button as shown in the above video


Learn How to Delete or Disable Devices from Azure Active Directory

What is device management in Azure Active Directory?

SCCM Patch Management Process with WSUS and SUP

I have recorded this video more than a year back and I don’t have audio explanation in this video. But this video covers end to end Software update or SCCM Patching Process for IT Admins. If you are new to SCCM and wanted to understand the SCCM patch management Process, then this video is your starting point.

Unlike other deployment types, software updates are all downloaded to the client cache. This is regardless of the maximum cache size setting on the client.

High-Level Process of SCCM Patch Management

  • Install WSUS
  • Install SUP & verify Installation log files
  • Software Update Component Configuration – Classifications/Products
  • Software Update Sync – Log file WsyncMgr.log
  • Selection of Patch/Software Update and Creation of Software Update Group
  • Deployment of Software Update Group
  • Client Side Experience Windows 10 device
  • What happened to WindowsUpdate.log? Event Logs ?
  • How to Speed up SCCM policy SCCM Patch Management Process?
  • Windows 10 SCCM Client side logs – Reboot required ? If yes reboot the Windows 10
  • Check the Default compliance reports to confirm the SCCM Patch management compliance percentage of your environment.

Software updates in SCCM provides a set of tools and resources that can help manage the complex task of tracking and applying patches to Windows client computers. An effective software update management process is necessary to maintain operational efficiency, overcome security issues, and maintain the stability of the network infrastructure. However, because of the changing nature of technology and the continual appearance of new security threats, effective software update management requires consistent and continual attention.

SCCM Patch Management

The SCCM Patch Management process is known as Software Updates in SCCM. In this Video, we will see, the components needed for SCCM software update, how to get SCCM synced Microsoft update for Patching, How to select and download a list of patches, How to deploy patches, How to troubleshoot on patching issues, Patching experience at client side, SCCM log files related to patching.


How to Deploy software updates with SCCM

How to Define SCCM CB Patching Process – Implementation Guide

SCCM Blog posts –

SCCM Restore Recovery Guide

I recorded this video few years back. It was one of the first video where I started explaining things while I was showing the steps. SCCM restore process is changed with the release of SCCM CB. Now you have several options to recover SCCM primary server and CAS.

This video is part of the collection of Video tutorials which I made previously. This video tutorial will help to understand the process and that will in tern help to troubleshoot on SCCM CB restore or recovery issues in better way.

What is SCCM CD.Latest Folder

CD.Latest folder is important for SCCM restore or recovery of a standalone primary server. If you do not have the correct CD.Latest folder and its contents available, you cannot recover a site and it must be reinstalled.

The SCCM Installation should be done from CD.Latest folder in a scenario where your SCCM version is not a baseline version. The CD.Latest folder contains a folder named Redist which contains the redistributable files that setup downloads and uses. These files are matched to the version of Configuration Manager files found in that CD.Latest folder. When you run Setup from a CD.Latest folder, you must use files that are matched to that version of Setup. To do so you can either direct Setup to download new and current files from Microsoft, or direct Setup to use the files from the Redist folder included in the CD.Latest folder. This folder backup is important for a successful SCCM restore and recovery scenario.

Prerequisite of SCCM Restore

Hostname of the server Should be same Drive Letters should be same as the previous SCCM primary server Installation Path should be same as the previous Primary server Should have same OS patch level for the server Better to have the same IP to avoid opening up new Firewall ports All the prerequisite apps should be installed (ADK, WSUS etc..) SQL Databased is already restored (manually) – if you are using SQL DB based backup

SCCM Restore and Recover scenarios are explained in the video tutotial.
SCCM Restore – Recover Scenarios


I have some previous posts which explains about the entire SCCM restore and recovery processes in details. I would recommend reading those to get more details.

More details about the importance of SCCM CD.Latest folder is explained in the following Microsoft documentation.

SCCM Related Posts –