SCCM is device management tool for Windows devices. This is a client server application by Microsoft. How to manage devices with this tool for Windows devices? 90% of corporate Windows devices are managed by the this tool.
SCCM video posts in this blog will help you to understand in a better way. Most of the videos shared in this post are real time experience of this Windows Device managment.
SCCM is the short for System Center Configuration Manager. This tool is a software management suite provided by Microsoft that allows users to manage a large number of Windows based computers.
This tool features remote control, patch management, operating system deployment, network protection and other various services. Device management solution like has a great tech community.
Core infrastructure, Updates for Configuration Manager, Supported configurations for Configuration Manager, Cloud-attached management of CM, Co-management for Windows 10, Manage clients on the internet, Windows as a service, CMPivot, Application management, Manage apps from the Microsoft Store for Business, OS deployment, Introduction to OS deployment, Upgrade to Windows 10, Phased deployments, Software update management, Introduction to software updates management, Manage Office 365 ProPlus updates
Let’s understand Windows 10 Major Minor Build Rev | Where Can I Get Details? I have been struggling to understand what is this “major.minor.build.rev” for Windows 10. As an Intune admin, this version of Windows 10 is referenced in many places. The following is one of the places where this Windows 10 Major Minor Build Rev is referenced.
Device Type RestrictionsPolicies
Specify the platform configuration restrictions that must be met for a device to enroll. Use compliance policies to restrict devices after enrollment. Define versions as major.minor.build.
Version restrictions only apply to devices enrolled with the Company Portal. Intune classifies devices as personally-owned by default. Additional action is required to classify devices as corporate-owned.
Some of the references to Windows 10 version numbers and Device Type restrictions:
Special version numbers for major.minor.build.rev of Windows 10 structure is as follows. Let’s take two examples here:
Windows 10 2004 👉 major.minor.build.rev for 2004 = 10.0.19041.329
Major = 10
Minor = 0
Build = 19041
Rev = 329
Windows 10 version 1909👉 major.minor.build.rev for 1909= 10.0.18363.900
Major = 10
Minor = 0
Build = 18363
Rev = 900
major.minor.build.rev for Windows 10
Let’s find out the details of major.minor.build.rev for Windows 10 in the below table:
Windows 10 Details
major.minor.build.rev for Windows 10
Windows 10 version 2004
Windows 10 version 1909
Windows 10 version 1903
Windows 10 version 1809
Windows 10 version 1803
Windows 10 version 1709
Windows 10 version 1703
Windows 10 version 1607
Windows 10 version 1511
Windows 10 version 1507
Intune Admin Requirement
As you can see in the below screen capture, we should use this version while creating enrollment restriction policies using Intune. This might help in configuring the details under the minimum version details for Windows 10 devices.
In this post, I will try to explain OneDrive Outlook Security Policies Troubleshooting with Event Logs Registry. The easiest and best way to configure Outlook security policies using Intune administrative template policies.
The following are the three policies that I configured to prevent the users from configuring personal account sync with OneDrive.
Prevent users from syncing personal OneDrive accounts
This policy setting lets you block users from signing in with a Microsoft account to sync their personal OneDrive files. More details about enabling or disable options of this policy.
If you enable this setting, users will be prevented from setting up a sync relationship for their personal OneDrive account.
Users who are already syncing their personal OneDrive when you enable this setting won’t be able to continue syncing (and will be shown a message that syncing has stopped), but any files synced to the computer will remain on the computer.
If you disable or do not configure this setting, users can sync their personal OneDrive accounts.
Prevent adding non-default Exchange account
This policy allows you to prevent users from adding non-default Exchange accounts to existing Outlook profiles.
If you enable this policy setting, you will prevent users from adding non-default Exchange accounts via the Add New E-mail Account wizard.
If you disable or do not configure this policy setting, users can add non-default Exchange accounts to existing Outlook profiles.
Prevent users from adding e-mail Account Types
Disables/Enables the option for adding an e-mail account of the associated type in the Server Types page of the E-mail Accounts dialog box. The following are the policy settings which I used to prevent users from adding personal email account types.
Prevent users from adding Exchange e-mail accounts
Prevent users from adding Exchange ActiveSync e-mail accounts
Prevent users from adding POP3 e-mail accounts
Prevent users from adding IMAP e-mail accounts
Prevent users from adding other types of e-mail accounts
Event IDs – 873, 866, 831, & 814 for Disable OneDrive personal sync.
Event ID 873 - MDM PolicyManager: ADMX ingestion starting new Admx ingestion. EnrollmentId (AAB267BF-EBF2-4649-822C-74511A4CC253), app name (OneDriveNGSCv2), setting type (Policy), unique Id (OneDriveNGSCv2).
Event ID 866 - MDM PolicyManager: ADMX Ingestion: EnrollmentId (AAB267BF-EBF2-4649-822C-74511A4CC253), app name (OneDriveNGSCv2), setting type (Policy), unique Id (OneDriveNGSCv2), area (NULL).
Event ID 814 - MDM PolicyManager: Set policy string, Policy: (DisablePersonalSync), Area: (OneDriveNGSCv2~Policy~OneDriveNGSC), EnrollmentID requesting merge: (AAB267BF-EBF2-4649-822C-74511A4CC253), Current User: (S-1-12-1-1245278575-1092210432-2695042466-3045220724), String: (), Enrollment Type: (0x6), Scope: (0x1).
Event ID 831 - MDM PolicyManager: Dedicated non-cached delayed notification (WNF): (0xA3BC10F5, 0xD891E2A) published for Policy: (DisablePersonalSync) in Area (OneDriveNGSCv2~Policy~OneDriveNGSC).
Event IDs 831, 814 for outlook configuration – L_Preventusersfromaddingemailaccounttypes
Event ID 831 - MDM PolicyManager: Dedicated non-cached delayed notification (WNF): (0xA3BC10F5, 0xD891E2A) published for Policy: (L_Preventusersfromaddingemailaccounttypes) in Area (outlk16v2~Policy~L_MicrosoftOfficeOutlook~L_Miscellaneous).
Registry Entry – OneDrive Outlook Security Policies
The following is the registry entry for OneDrive policy configuration. This helps you to validate to troubleshoot the issues related.
I can see the policies got successfully deployed to 2 of the devices (Azure AD joined and Azure AD registered). It got failed on Azure AD Joined device probably because I logged in with local user account to that device.
I have explained in HTMD community weekend learning about Configuration Items of Windows 10 (SCCM Configuration Item Baseline) using Configuration Manager 2002. These CI & Baseline settings for Windows 10 computers that are managed by the Configuration Manager client.
Today we are introducing HTMD Community Forum(https://forum.howtomanagedevices.com/). This is the community build by Device Management Admins for Device Management Admins❤️ Ask your questions!! We are here to help you!
The one-stop-shop for all your device management queries related to ConfigMgr (a.k.a SCCM), Intune, and more!
HTMD Community forums are here to empower the Device Management community by giving a platform to share the skills. And to become superheroes of the Device Management community.
HTMD Community is empowering the Device Management community by giving a platform to share the skills in the community and help to develop their own profile. And to become superheroes of the community.
Profile Follow Question Activities Notification
You can get all the following options to track your growth and reach:
This is the quick post to provide additional tips to ConfigMgr Admins (ConfigMgr Admin Tips) to find out the list of Views, Tables, Functions, and IP addresses view information. Special Thanks to Karthick for all the tips 👇👇!
I have conducted a How To Manage Device CommunityWeekend Teams Live meeting session to share my real-world experience of ConfigMgr SSRS report creation. I have been helping many of my clients to build custom SCCM reports. The recording is available in this post is available in the below section of the post.
I have conducted a How to Manage Devices Community Weekend Teams Live meeting session to share my real-world experience of SCCM application deployment. I have been using ConfigMgr Supersedence for 3rd Party Application Patching without any third-party tool. The recording is available in this post is available in the below section of the post.
Let’s create a custom Intune Helpdesk Operator Role as per your organizational requirement. Once the custom helpdesk operator role is created in Intune portal, you can deploy that to a group of admin users.