Modern Device Management

I have come across many instances online where people have struggled dealing and working with multiple csv files. If you have to upload multiple rows or simply add an attribute, then it is not a straight forward task. Formatting of Autopilot csv files is highly sensitive. If you try to edit them directly in Excel and then save them as .csv, the file will be rendered useless.  By the way, if you are looking for a quick way to create the .csv files then here is the code - New-Item -Type Directory -Path "C:\HWID" Set-Location -Path "C:\HWID" Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted Install-Script -Name Get-WindowsAutoPilotInfo Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv You can use -append parameter to add multiple rows, but if you want to do it using a GUI or add additional attributes, then you can use the method below which I have found to be effective. 1. Rename the exported .csv file to .txt 2. Open Excel and open the .txt fil...

When Microsoft announced the  Settings catalog  feature in February this year, it opened a whole new world to endless possibilities of managing various Windows 10 device settings. The settings are generated directly from Windows Configuration Service Providers (CSP), and the experience in the catalog is dynamically generated based on the type of setting and its metadata. While still in preview, one can see that Microsoft is trying to standardize settings throughout Microsoft Endpoint Manager. Then in May this year, Microsoft released another feature in preview known as  Filters  which is another game changer in how apps and policies can now be assigned at a granular level on specific devices. While the feature does not support all workloads and has some  known issues  (understandably considering it is still in Preview), in my experience the feature works well and has reduced the use of Azure AD Dynamic device groups. Now that we have some background on...

Every now and then it so happens that BitLocker recovery keys do not escrow in AAD. The usual culprits are incorrect BitLocker policies and\or the device hardware configuration failing to meet the minimum requirements. The other scenario and something I recently experienced is when everything is setup right and still the recovery key doesn’t escrow in AAD. As I understand, this can happen if the escrow process got interrupted the first time due to network or local devices related issues and the process could not resume. To circumvent this issue, one can simply push a PowerShell script to the devices to force the escrow of the recovery keys to AAD. Here is a script to do so. try{ $BitlockerVol = Get-BitLockerVolume -MountPoint $env:SystemDrive         $KPID=""         foreach($KP in $BitlockerVol.KeyProtector){             if($KP.KeyProtectorType -eq "RecoveryPassword"){              ...