HOWTO: Deploy PrintNightmare fix with Intune and Windows Update for Business

I have had several customers the last week asking how to fix the PrintNightmare and patch it when using Intune and Windows Update for Business. So this is just a short and quick HOWTO on using expedite updates feature in Intune.

First create a group with all Windows 10 devices

Go to Microsoft Endpoint Manager portal: and go to Groups.

Continue reading

Allow Samsung Smart Switch with Android Enterprise Fully Managed devices on Microsoft Intune

Recently I migrated a customer from old devices to new Samsung devices. Both are enrolled using KME . The customer experienced they were not able to use Samsung Smart Switch after the new devices was enrolled and setup. That was a requirement from them, that their users needed to be able to migrate data from their old devices to their new devices.

We can always discuss if this is a good idea or not, anyway this was a requirement and here is the fix 🙂

The error the user is seeing is this:

Get Samsung Smart Switch from Managed Google Play

Go to, click Apps, Android, Managed Google Play app and click OK.

Search and find Samsung Smart Switch, approve it and start a sync.

And soon as the apps is available in the tenant, we can continue with the next step.

Creating an App Configuration policy to allow Smart Switch

Go to and go to Apps and App configuration policies. Click Add and then Managed devices.

Give it a name, select Android Enterprise and Fully Managed in profile type, select the Samsung Smart Switch app and continue.

In Configuration Settings select “Use configuration designer” and click +Add. Check “Allow SmartSwitch Run” and Click OK

Be sure to check the checkbox in “Configuration value”.

Click next and assign the policy to an group appropriate group and the apps will now work for the users.

Packaging and signing macOS apps for distribution with Intune

Disclaimer: I’m by no means a macOS guy, I’m a Windows guy and have always been :-). There might be things in this post that can be done smarter or in another way – if so, please let me know.

As stated on, in order to distribute apps to macOS, they need to be in .pkg format and converted to the .intunemac format. Furthermore the .pkg file needs to be signed with a Apple Developer certificate.

 Quote from docs:

The .pkg file must be signed using “Developer ID Installer” certificate, obtained from an Apple Developer account. Only .pkg files may be used to upload macOS LOB apps to Microsoft Intune. Conversion of other formats, such as .dmg to .pkg is not supported.

But what if we need to distribute an app there’s is not in the AppStore or is not in a signed .pkg file? Then we’ll have to repackage it with a packaging tool. I’m using an app called packages. Let me show it and explain.


Continue reading

KB2894518 October 2014 new updates that breaks the TS

New updates was releases on yesterdays patch Tuesday, and again one of them breaks the Task Sequence.
Sadly, Task sequence fails in Configuration Manager if software updates require multiple restarts – has not been updates yet, so i had to troubleshoot a little bit.

Continue reading

Kernel Mode Driver-Framework 1.11

If you’re experiencing problems deploying Windows 7 images to newer hardware such as Lenovo T440 or X240, it might be due to the drivers for those models, are requiring a newer version of Kernel Mode Driver-Framework.
The problems i have seen is when Windows setup tries to install component, and error message pops up and saying something like “Windows could not configure one or more system components”

Continue reading