How to use the same USB NIC Dongle for multiple devices with SCCM

Today my colleague (who have been working with SCCM for the last 15 years) asked how to handle USB dongles when they are shared between multiple Surface Pro devices in a staging facility. I was a bit surprised that he didn’t know, so I thought I’d put together a quick post about it, even though it’s pretty old news 🙂

Continue reading

Deploy multiple Office 365 ProPlus languages with Intune

By default, if we want to install multiple languages of Office 365 ProPlus on the same device, it is only possible if we create one package with all the desired languages. This is also the best practices from Microsoft on how to deploy additional languages with Office 365 ProPlus.

But what if we want to have one package for every language?

I know the same can be achieved by letting Office setting the install language to follow the OS language, but if the OS is always English and not localized, this doesn’t help.

An example could be if we always install English Office for all users, but want to provide the users an easy way to install another Office language. Or if we simply want to minimize the footprint and diskspace, by only installing the desired language or let the user decide what language of Office 365 ProPlus they want.

This can be done if we create the Office package as a Win32 app in Intune. Because we can specify Detection Rules, we can specify a different rule for each language. Using this method also lets you add an Image that fits and looks better in Company Portal. I’d recommend using the following image:

How to do it?

Here’s the XML file i always start with:

<Configuration ID="ba28e355-69e8-490a-ba64-1ca58c928a8b"&gt;
  <Add OfficeClientEdition="32" Channel="Broad" AllowCdnFallback="TRUE" ForceUpgrade="TRUE"&gt;
    <Product ID="O365ProPlusRetail"&gt;
      <Language ID="en-us" /&gt;
      <ExcludeApp ID="Groove" /&gt;
      <ExcludeApp ID="OneNote" /&gt;
  <Property Name="SharedComputerLicensing" Value="0" /&gt;
  <Property Name="PinIconsToTaskbar" Value="TRUE" /&gt;
  <Property Name="SCLCacheOverride" Value="0" /&gt;
  <Updates Enabled="TRUE" /&gt;
  <RemoveMSI All="TRUE" /&gt;
    <Setup Name="Company" Value="" /&gt;
    <User Key="software\microsoft\office\16.0\common\general" Name="shownfirstrunoptin" Value="1" Type="REG_DWORD" App="office16" Id="L_DisableOptinWizard" /&gt;
    <User Key="software\microsoft\office\16.0\common" Name="qmenable" Value="0" Type="REG_DWORD" App="office16" Id="L_EnableCustomerExperienceImprovementProgram" /&gt;
    <User Key="software\microsoft\office\16.0\common\general" Name="ShownFileFmtPrompt" Value="1" Type="REG_DWORD" App="office16" Id="L_ShownFileFmtPrompt" /&gt;
    <User Key="Software\Microsoft\Office\16.0\Outlook\Options\General" Name="DisableOutlookMobileHyperlink" Value="1" Type="REG_DWORD" App="office16" Id="L_DisableOutlookMobileHyperlink" /&gt;
    <User Key="Software\Policies\Microsoft\Office\16.0\Outlook\Options\General" Name="DisableOutlookMobileHyperlink" Value="1" Type="REG_DWORD" App="office16" Id="L_DisableOutlookMobileHyperlink2" /&gt;
    <User Key="software\microsoft\office\16.0\excel\options" Name="defaultformat" Value="51" App="excel16" Id="L_SaveExcelfilesas" /&gt;
    <User Key="software\microsoft\office\16.0\powerpoint\options" Name="defaultformat" Value="27" App="ppt16" Id="L_SavePowerPointfilesas" /&gt;
    <User Key="software\microsoft\office\16.0\word\options" Name="defaultformat" Value="" App="word16" Id="L_SaveWordfilesas" /&gt;
  <Display Level="Full" AcceptEULA="TRUE" /&gt;
  <Logging Level="Standard" Path="C:\Temp\Office365Logs" /&gt;

First create the XML files needed, change the language in the configuration.xml to match what you want.

<Language ID="da-dk" /&gt;

Create the Intune Win32 app

Download the content prep tool from GitHub.

Follow these instruction on how to use Win32 app in Intune:

When you reach the point on where you can create the detection rule, use the following rule:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\O365ProPlusRetail – da-dk
key exist

Change da-dk to whatever language specified in the XML.

Deploy and assign the application.

Done 🙂

How to setup Android Zero Touch Corporate-owned, fully managed user devices with Intune

Just a quick step-by-step guide on how the configure Android Zero Touch with Intune.


Why do we want to use Corporate-owned, fully managed user devices? In order to give the user an out-of-box experience that automatically enrolls devices into our MDM solution, just like Apple DEP but for Android Enterprise devices. Also, it gives a less confusing user experience, as we only have a work profile and not a private AND work profile, like we do with personal owned android devices.

Of course this is still a preview feature in Intune, and context is subject to change.


  • A compatible device running Android Oreo (8.0) or Pixel phone with Android Nougat (7.0), purchased from a reseller partner
  • Intune licenses
  • A Login to the Android Zero Touch portal provided by your reseller (
Continue reading

Issue with setting up Azure MFA in Microsoft Authenticator. Activation failed.

The issue:

I had a customer who called about a single user had issues with setting MFA up to use text, Phone call or even Microsoft Authenticator via. The call or text message was never received. In the Authenticator App, when they scanned the QR code, they got the following error pop up:

“Activation failed. Make sure that push notifications are enabled on the phone and your Activation Code is not wrong, expired or formerly used.”

Continue reading

Logon scripts in Intune

Quick and simple tip on how to get a Logon script like experience with Intune. On Azure AD joined devices, there’s currently no option to create Logon/Logoff or Startup/Shutdown script like we can with GPOs. I had a customer that needed a solution to start a command file as admin everytime the user signed on to the device.

There’s a workaround – Use Scheduled Tasks to create tasks that runs on Log On, and runs with Administrator rights / Local System if needed. It’s a very simple Powershell script, that created a scheduled task:

  • Create the scheduled task
  • Runs at Logon
  • Runs with Local SYSTEM account
  • Runs a command specified (in this example it runs a .cmd file that requires administrative rights. The .cmd file is already present on the devices – a software vender has placed it here)
Continue reading

How to connect SCCM to Windows Analytics Upgrade Readiness

In order to start using all the data in the Upgrade Readiness solution in Windows Analytics, we need to connect ConfigMgr to Upgrade Readiness. Once that is done, we can create dynamic collection based on what devices are ready to start upgrading to the next Windows 10 Feature Update.

This blog will not go into details on how to monitor and resolve issues in the Upgrade readiness solution. That might come in a later post.


Why is this cool? Because we can leverage the data available in Windows Analytics, to make sure our devices only gets upgraded once we’ve confirmed they are ready to upgrade in the Upgrade readiness solution.


  • Global Admin in Azure AD
  • Owner on the Log Analytics Workspace Resource group
  • Log Analytics Workspace with Upgrade Readiness Solution
  • ConfigMgr Infrastructure
Continue reading

KB2894518 October 2014 new updates that breaks the TS

New updates was releases on yesterdays patch Tuesday, and again one of them breaks the Task Sequence.
Sadly, Task sequence fails in Configuration Manager if software updates require multiple restarts – has not been updates yet, so i had to troubleshoot a little bit.

Continue reading