Skip to main content

Written by Brian Mason.

MNSCUG April 2014 Meeting Notes

Fred Bainbridge is turning out to be the best VP of all time! Thanks for these notes, Fred.Date 4/21/2014
Sponsor - Now Micro
Speaker - Kent Agerlund

Changes in 2012 R2 collections -

  • Never update the all systems collections, this will cause a snowball affect updating all collections that limit to that collection. This is specific to R2 release.
  • Try to have as few collections as possible limit to the all systems collections.
  • CEviewer (Collection Evaluator Viewer is a nice tool in the R2 Toolkit to the look at what collections may be doing at any given time and to look at what is scheduled for them in the future. The tool doesn't use the collection evaluator, it instead doing direct sql queries. (much faster and more accurate).
  • For reference, tables collections_L and collections_G are the primary tables to get this information from.
  • Using powershell is awesome to create collections, however be aware that they will not be placed into folders once created.
  • The limit of 200 collections with incremental updates is no more. Use CEViewer to see what collections are updating and when.
  • Scripts were shows to disable all incremental updates on all collections and then to enable incremental updates according to a custom schedule on all collections in a single folder. These scripts will be given to Brian and shared on the mnscug site.
  • Coretech has a lot of neat tools. One to import and export collections using simple excel and powershell (with membership queries) will be released after teched.

InTune -

  • Easy to setup, you get it working in ½ a day.
  • For POC and other small lap setups, it is very cheap. 5 users is around $4/mo
  • You need a public domain name for intune to function, if you have office 365 you can use that.
  • The user needs to be a member of an intune collection in order to enroll, this will won't prevent them from enrolling different types of devices but it will prevent unwanted users from enrolling at all.
  • For Android Devices the intune client can be downloaded directly from google play.
  • Devices can be assigned as personal or corporate in the console. Personal devices only collect a subset of data that the corporate devices collect.
  • GPS information is never recorded, by design. (not the case with mobile iron)
  • Can't do optional advertisements on devices (this may be exactly opposite, I can't recall)

Most people use as such...

  1. They have no management at all for mobile devices.
  2. During phase #1 they use intune to just gather information on what is in the environment
  3. Phase #2 they use it to deliver compliance settings
  4. Phase #3 they use it deploy iOS apps. (this can be very tricky as it is challenging to deploy certificates, especially so if the PKI is a mess or non-existent)
  • InTune major drawback - it only checks in every 8 hours. This is bad. If a major setting is changed, using could take 15+ hours to get new policies. This is expected to be changed soon.
  • InTune will not work in conjunction with other MDM providers.
  • Windows phones get policies faster than iOS
  • VPN profiles can be managed with CM12 (include Cisco AnyConnect)
  • Same with WiFi
  • Deploying trusted root certificates is very simple with CM12.
  • SCEP certs require internet facing certificate server. There is a low adoption rate of this and poor documentation.
  • Completely silent install of applications is not available on windows 8.1 phones as of yet.
  • Mac software deployments are also not silent.

Things people wanted to see in future meetings:

  • CM12 troubleshooting tools (like the CM12 toolkit or coretech tools)
  • AD/GP - this was met with the most fanfare by far
  • Cloud - This was met with outright disdain! (there was no adoption and no desire to adopt)
  • Orchestrator/SMA - medium response on this
  • App-V (MDOP) - medium response on this, but Brian had both of his hands up.

For reference, probably only 10 people were participating in this entire discussion. Two guys in the middle really just wanted free beer. (I empathize)

Just 3 people from the group are attending TechEd and most were OK with having a session during or close to TechEd. I (Fred) am the exception as I will be one of the few attending TechEd. (which is now sold out!)

MNSCUG member Daniel Day has a nice camera and took a shot of some of us there. He had intended to get Nash in there since he just made MVP, but alas, Nash was out making money instead.

In this shot is Fred Bainbridge (VP), Steve Jesok (P), Brian Mason and Kent Agerlund (MVPs):

MNSCUG Board
  • Created on .