Featured

Unleash your Azure CSP subscription for Cloud Management Gateway deployments

The cloud management gateway (CMG) provides a simple way to manage Configuration Manager clients on the internet. By deploying the CMG as a cloud service in Microsoft Azure, you can manage traditional clients that roam on the internet ‘without’ additional (on-premise) infrastructure.

Merged_Azure_CSP_and_Visual_Studio_subscription

Create & deploy cloud services with an associate Azure subscription.

However, there is a limitation when deploying CMG using Azure CSP subscription.

This capability does not enable support for Azure Cloud Service Providers (CSP). The CMG deployment with Azure Resource Manager continues to use the classic cloud service, which the CSP does not support. For more information, see available Azure services in Azure CSP.

As CSP model is becoming more and more popular as Azure subscription, this scenario is a potential blocker for many customers having a CSP subscription which wants to deploy a CMG. The Microsoft product teams are aware of this situation and I’m sure they will solve this the sooner or later.

Converting your CSP subscription to an eligible Azure subscription is no option here (managed by CSP Partner). Therefore I would like to take you how to deploy a CMG while you’re on a CSP subscription. Yes it’s possible! In this blog I’ll describe what it takes to achieve this. Continue reading “Unleash your Azure CSP subscription for Cloud Management Gateway deployments”

Advertisements

Windows Defender ATP updates including BitLocker & Firewall security controls

Alongside the announcement of down-level support for Windows 7 and Windows 8.1, there is more exciting news in regards to Windows Defender ATP. Since today Windows Defender ATP Security Analytics is extended with two new security controls; BitLocker and Firewall.

Windows Defender ATP Security Controls: BitLocker & Firewall

Continue reading “Windows Defender ATP updates including BitLocker & Firewall security controls”

MBSA 2.3 Preview Release is available for download!

MBSA 2.3 Preview has been released on the Client Management Connect site to the ConfigMgr Open Beta community.

image

MBSA 2.3 release adds support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 2000 will no longer be supported with this release. The final release of MBSA 2.3 is expected to be available in Fall 2013.

You can download MBSA 2.3 Preview here.

Windows Intune: required Firewall & Proxy Configuration

 

windows_intune_logo

Implementing Windows Intune might be for the most of us an ease approach because it is uses commonly used standards like http and https. Nevertheless, in organizations where internet access is controlled using firewall(s) and proxy servers this might be a challenge.

Specific services or websites has to be disclosed to work properly. The same applies to Windows Intune. For those who have to implement in such environments where internet access is limited the overview below outlines the required domain and ports in order to let Windows Intune work like a charm.

Required domains for documentation, online Help, and support

Domain Ports
*.livemeeting.com 80 and 443
*.microsoftonline.com 80 and 443
onlinehelp.microsoft.com 80
*.social.technet.microsoft.com 80
blogs.technet.com 80
go.microsoft.com 80
http://www.microsoft.com 80

 

Continue reading “Windows Intune: required Firewall & Proxy Configuration”

Rollup 1 for Forefront Unified Access Gateway (UAG) 2010 Service Pack 3

February this year Microsoft has released Service Pack 3 for Forefront UAG 2010. Today Microsoft Forefront Unified Access Gateway (UAG) product team has released Rollup 1 for Forefront UAG 2010 Service Pack 3.

Issues that are fixed in Rollup 1

The issues that are fixed in Rollup 1 are listed in the following articles. To view the issues, click the article number to view the article in the Microsoft Knowledge Base.

  • 2810229 FIX: You cannot redirect local computer resources in an RDS session after you disable the client endpoint components in Forefront Unified Access Gateway 2010
  • 2831570 FIX: "The URL you requested cannot be accessed" error message may be returned when a client sends an HTTP POST request to a portal in Forefront Unified Access Gateway 2010
  • 2831573 FIX: Traffic is not forwarded or you receive an error message about ADVAPI32.dll when you use a Windows XP client to start an application from a Forefront Unified Access Gateway 2010 Service Pack 3 portal
  • 2831865 FIX: The endpoint policy expression "Any Personal Firewall (Windows)" is incorrect for Windows 7 and Windows 8 in Service Pack 3 for Forefront Unified Access Gateway (UAG) 2010
  • 2831868 FIX: Endpoint policies for existing trunks are not updated after you install Forefront Unified Access Gateway 2010 Service Pack 3
  • 2832679 FIX: You receive a 500 Internal Server error when you run the File Access application from the Forefront Unified Access Gateway 2010 Service Pack 3 portal trunk
  • 2832681 FIX: You receive a script error that prevents file access configuration in the Management Console in Forefront Unified Access Gateway 2010
  • 2832685 FIX: The Forefront Unified Access Gateway 2010 portal may intermittently become unresponsive to clients after Service Pack 2 is installed

Rollup 1 for Forefront UAG 2010 Service Pack 3 can be requested here

Forefront UAG 2010 Service Pack 3 is available for download from the Microsoft Download Center, as an upgrade from UAG 2010 Service Pack 2.

 

Offline Servicing: Failed to install update with error code 5 #sysctr

In general and more specific for Configuration Manager there Antivirus Exclusions lists available in order to let Configuration Manager function optimally thorough security level from anti-malware and antivirus perspective.

During a Configuration Manager implementation I was running into an issue with Offline Servicing. Scheduled Offline Servicing ended up in unpredicted results like not all Windows Updates (randomly) were applied of even images which got corrupted.

image

Continue reading “Offline Servicing: Failed to install update with error code 5 #sysctr”

Windows 7 and Windows Server 2008 R2 KMS hosts to support Windows 8, Windows Server 2012 and Office 2013 (KB2691586)

This update extends the Key Management Service (KMS) for Windows 7 and Windows Server 2008 R2 to allow enterprise licensing of Windows 8 and of Windows Server 2012. KMS provides support for the following KMS activations:

  • Windows Server 2008 R2 and Windows Server 2008 R2 Service Pack 1 (SP1)
  • Windows Server 2008 and Windows Server 2008 Service Pack 2 (SP2)
  • Windows 8
  • Windows Server 2012
  • Windows 7 and Windows 7 Service Pack 1 (SP1)
  • Windows Vista and Windows Vista Service Pack 2 (SP2)
  • Office 2013 (Preview)