Tim D'Annecy

intune

#Windows #Azure #AVD #Intune

UPDATE: On April 18, 2023, Microsoft released a Public Preview of the new Azure Virtual Desktop app in the Microsoft Store. This should fix the issues noted in this post. Download the new app here: http://aka.ms/AVDStoreClient

I recently had an issue with an Azure AD Joined host pool in Azure Virtual Desktop where users could not successfully login using their Azure AD credentials.

In our environment, both the client computer and the Azure Virtual Desktop host computer are Azure AD Joined. The user was able to log in to their Azure AD Joined computer, but when they tried to log in to the Azure Virtual Desktop host computer, they would get an error message:

Couldn't connect. Something went wrong when we tried to connect. If this keeps happening, ask your admin or tech support for help. Error code: 0x9735 Extended error code: 0x0 Activity ID: {e194ae11-b2ed-4d33-9520-c1d5ed140000}

Screenshot of error message

Read more...

#Windows #Intune

A company I'm working with requested an Application Deployment of Word LTSC using a Multiple Activation Key (MAK) purchased through Volume Licensing in their Intune/Endpoint environment.

To deploy Office LTSC, I needed to have the MAK key in hand before starting this process, as you'll need it when zipping up the .intunewin package.

To keep things clean, I'm building my package at C:\temp\package

Create an XML configuration for installation using the Office Customization Tool

Open the Office Customization Tool page and begin defining your settings for deployment:

Screenshot of the Office Customization Tool

  • Products and releases

    • Architecture: 64-bit

    • Products: Select the products that you want to deploy.

    • Office Suites: I selected Office LTSC Standard 2021 - Volume License

    • Update Channel:

    • Select the update channel: Office LTSC 2021 Perpetual Enterprise

  • Language

  • Installation

    • Installation options

    • Where do you want to deploy Office from? Office Content Delivery Network (CDN)

    • Show installation to user: Off

    • Shut down running applications: Off

  • Update and upgrade

    • Update and upgrade options

    • Where do you want to deploy updates from? Office Content Delivery Network (CDN)

    • Automatically check for updates On

    • Upgrade options

    • Uninstall any MSI versions of Office, including Visio and Project Off

    • For uninstalled MSI versions of Office, install the same languages Off

    • Automatically upgrade to the selected architecture On

  • Licensing and activation

    • Automatically accept the EULA On

    • Product Key

    • Office LTSC Standard 2021 – Volume License MAK and paste in your 25-character key value here.

    • Product activation

    • User based

  • General

    • Customize as needed.
  • Application preferences

    • Customize as needed.

Save this XML file at C:\temp\package\install.xml

Here is the contents of my file to just install Word and allow regular updating:

<Configuration ID="f42ea3d0-d7a4-46bf-8a49-594df9549b6f">
  <Add OfficeClientEdition="64" Channel="PerpetualVL2021" MigrateArch="TRUE">
    <Product ID="Standard2021Volume" PIDKEY="XXXXX-XXXXX-XXXXX-XXXXX-XXXXX">
      <Language ID="en-us" />
      <ExcludeApp ID="Excel" />
      <ExcludeApp ID="OneDrive" />
      <ExcludeApp ID="OneNote" />
      <ExcludeApp ID="Outlook" />
      <ExcludeApp ID="PowerPoint" />
      <ExcludeApp ID="Publisher" />
      <ExcludeApp ID="Teams" />
    </Product>
  </Add>
  <Property Name="SharedComputerLicensing" Value="0" />
  <Property Name="FORCEAPPSHUTDOWN" Value="FALSE" />
  <Property Name="DeviceBasedLicensing" Value="0" />
  <Property Name="SCLCacheOverride" Value="0" />
  <Property Name="AUTOACTIVATE" Value="1" />
  <Updates Enabled="TRUE" />
  <Display Level="None" AcceptEULA="TRUE" />
</Configuration>

Create an XML configuration for uninstallation

Open Notepad or another text editor like VS Code and create an XML file at the location C:\temp\package\uninstall.xml

Add the following information:

<Configuration>
    <Display Level="None" AcceptEULA="True"/>
    <Property Name="FORCEAPPSHUTDOWN" Value="True"/>
    <Remove>
        <Product ID="Standard2021Volume"> </Product>
    </Remove>
</Configuration>

Be sure to change your Product ID to match what you have in your install.xml file that was generated by the Office Customization Tool:

Screenshot of VS Code

Create an .intunewin package

To perform the next steps, you will need to download two apps, the Office Deployment Tool (ODT) and the Microsoft Win32 Content Prep Tool.

Install the Office Deployment Tool (ODT)

  1. Download the ODT from Microsoft's website and run the application: https://www.microsoft.com/en-us/download/details.aspx?id=49117
  2. You will need to select a destination to extract the files. I'm using C:\temp\
  3. When the extraction is complete, you should have 5 files in the folder: Windows File Explorer, Office Deployment Tool files
  4. Move the setup.exe file to C:\temp\package\setup.exe

Use the Win32 Content Prep Tool

  1. Navigate to the Microsoft Win32 Content Prep Tool from Microsoft's Github site: https://github.com/microsoft/Microsoft-Win32-Content-Prep-Tool
  2. Click on the Code icon and select “Download Zip”: Github page for Microsoft Win32 Content Prep Tool
  3. Unzip the file in a location like C:\temp
  4. Open Powershell or the Windows Terminal and navigate to the location by typing: cd C:\temp\Microsoft-Win32-Content-Prep-Tool-master
  5. Run the app “IntuneWinAppUtil.exe”
  6. Make sure you have the 3 files in your C:\temp\package directory before proceeding: Screenshot of Windows File Explorer with 3 files
    • setup.exe
    • install.xml
    • uninstall.xml
  7. Fill in the prompts with the following information:
    • Please specify the source folder: C:\temp\package
    • Please specify the setup file: C:\temp\package\setup.exe
    • Please specify the output folder: C:\temp\package
    • Do you want to specify catalog folder (Y/N)? N
  8. The package will begin to build and you'll see a file created at C:\temp\package\setup.intunewin : Windows Terminal running Win32 Content Prep Tool

When the process is complete, you are ready to upload the package to Intune and configure your Application Deployment.

Create an Application Deployment in Intune

  1. Navigate to the Intune/Endpoint dashboard: https://endpoint.microsoft.com/

  2. Navigate to Apps > Windows and click the “Add” button. Select “Windows app (Win 32)” from the dropdown list and click the “Select” button: Screenshot of Intune dashboard, Windows App Deployment creation

  3. On the App Information tab, click “Select app package file” and upload your setup.intunewin file from C:\temp\package. Click the OK button:Screenshot of Intune dashboard, Windows App Deployment creation, App package file tab

  4. Back on the App Information tab, begin by filling in some basic information about the package and click the “Next” button when finished: Screenshot of Intune dashboard, Windows App Deployment creation, App information tab

  5. On the “Program” tab, configure the Install Command and Uninstall Command fields and leave the rest default. Click “Next” to continue: Screenshot of Intune dashboard, Windows App Deployment creation, Program tab

    • Install command: setup.exe /configure install.xml
    • Uninstall command: setup.exe /configure uninstall.xml
    • Install behavior: System
    • Device restart behavior: App install may force a device restart
  6. On the “Requirements” tab, set the following options and click Next to continue: Screenshot of Intune dashboard, Windows App Deployment creation, Requirements tab

    • Operating system architecture: Set this value based on your Office Customization Tool setting.
    • Minimum operating system: Windows 10 1607
  7. On the “Detection rules” tab, set the following options and click Next to continue: Screenshot of Intune dashboard, Windows App Deployment creation, Detection rules tab

    • Rules format: Manually configure detection rules
    • Rule type: Registry
    • Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\
    • Value name: 16.0
    • Detection method: Key exists
    • Assocated with a 32-bit app on 64-bit clients No
  8. Leave the “Dependencies” and “Supersedence” tabs unconfigured.

  9. On the “Assignments” tab, select the group you want to target for deployment or uninstallation.

  10. Double check the options on the “Review + create” tab and then click “Create” to begin uploading your package.

After the application is uploaded, your deployment will begin: Screenshot of Intune Application Deployment

The setup.exe package will always pull the latest version of Office from Microsoft, but your install.xml file determines whether the applications will be automatically updated. If you need to push a new version or a different version (e.g. Standard or ProPlus), you may need to repackage and deploy again.

I hope this is helpful to someone and I wanted to write my steps down in case I have to go back and fix something later.

Discuss...

#Intune #Windows

A company I'm working with requested an Intune deployment of Adobe Acrobat Pro DC to users on machines running Windows 10 or 11.

I wasn't able to find great documentation about how to deploy this using Intune, so I wanted to write all of this down. There are some guides going around about MSP transforms, but that's not necessary for a simple deployment.

  1. First, download the Adobe Acrobat Pro single app package and select the 64 bit Windows installer:

Screenshot of Adobe Acrobat Pro installer download page

  1. Then, download the Microsoft Win32 Content Prep Tool.

  2. Unzip all of the files to that they're in a format as follows:

    • C:\temp\Microsoft-Win32-Content-Prep-Tool-Master
    • C:\temp\Adobe Acrobat
  3. Now that you have the prereqs, we need to build the .intunewin package for Intune. Open Command Prompt and cd into the C:\temp\Microsoft-Win32-Content-Prep-Tool-Master folder and run .\IntuneWinAppUtil.exe

  4. Step through the prompts to build the package:

    • Please specify the source folder: C:\temp\Adobe Acrobat
    • Please specify the setup file: C:\temp\Adobe Acrobat\setup.exe
    • Please specify the output folder: C:\temp\Adobe Acrobat
    • Do you want to specify catalog folder (Y/N)? n

Screenshot of Windows Terminal running the Microsoft Win32 Content Prep tool for Adobe Acrobat Pro

Now that the intunewin package is built, it's time to upload it on the Microsoft Endpoint and create an app package. You can close the Win32 Content Prep tool.

  1. Log into the Intune/Endpoint dashboard and navigate to Apps > Windows > Add. Set the “App type” to Windows app (Win32):

Screenshot of Intune dashboard, Windows app creation wizard

  1. On the “App information” tab, upload the file you created at C:\temp\Adobe Acrobat\setup.intunewin and fill out the required fields to continue:

Screenshot of Intune dashboard, Windows app creation wizard, App information tab

  1. On the “Program” tab, enter the following values:
    • Install command: setup.exe /sAll
    • Uninstall command: msiexec /x "{AC76BA86-1033-FFFF-7760-BC15014EA700}" /q
    • Install behavior: System
    • Device restart behavior: App install may force a device restart
    • Specify return codes to indicate post-installation behavior: Leave as default.

Screenshot of the Intune dashboard, Add App wizard, Program tab

  1. On the “Requirements” tab, enter the following values:
    • Operating system architecture: 64-bit
    • Minimum operating system: Windows 10 1607

Screenshot of the Intune dashboard, Add App wizard, Requirements tab

  1. On the “Detection rules” tab, set “Rules format” to Manually configure detection rules, then click the “+ Add” button. Change the “Rule type” to MSI and set the “MSI product code” field to {AC76BA86-1033-FFFF-7760-BC15014EA700}. Set the “MSI product version check” to No:

Screenshot of the Intune dashboard, Add App wizard, Detection rules tab

  1. On the “Dependencies” and “Supersedence” tabs, just leave the defaults.

  2. On the “Assignments” tab, target your deployment group or users for installation. You may want to hide the “End user notifications” so that it's completely silent, but this is optional:

Screenshot of the Intune dashboard, Add App wizard, Assignments tab

After uploading the file, your application deployment will be complete:

Screenshot of the Intune dashboard, Add App wizard, file upload

Machines will begin to check in and pick up the app assignment. I find that installation can take up to 30 minutes, so be patient!

Screenshot of a Windows 11 desktop notification for Intune/Endpoint application deployment

Screenshot of a Windows 10 desktop notification for Intune/Endpoint application deployment

Discuss...

#Windows #Intune

On Windows, to allow Quick Assist to display UAC prompts to a remote user, you need to make a few quick changes.

Microsoft Endpoint (Intune)

Older instructions are here: https://www.cloud-boy.be/portfolio/run-as-admin-gives-black-screen-in-quick-assist-teamviewer-intune-fix/ [A]

New instructions are:

  1. Open the Endpoint management dashboard

  2. Click on “Devices” and select “Configuration profiles”. Click on “Create profile”. Change Platform to “Windows 10 and later” and the Profile type field to “Settings catalog (preview)”. Click the “Create” button.

  3. Give it a basic name and navigate to the “Configuration settings” page.

  4. Click the “Add settings” button. Double click on the “Local Policies Security Options” entry in the Settings picker pane on the right. Check the box for the option “User Account Control Switch To The Secure Desktop When Prompting For Elevation”. Back on the main settings area to the left, change the dropdown to “Disabled” and click the “Next” button. Screenshot of Endpoint management policy configuration page

  5. Enable the policy to all devices (as needed) and then test.

Discuss...