Troubleshooting Entra Cloud Sync in CIS-Hardened Environments: A gMSA Encryption Odyssey

Troubleshooting Entra Cloud Sync in CIS-Hardened Environments: A gMSA Encryption Odyssey

When deploying Microsoft Entra Cloud Sync in highly secure environments, edge cases are expected in hardened environments, but this one unravelled in ways the docs didn’t prepare me for. But I recently hit a problem that took some carefully structured troubleshooting, lab testing, and plenty of false leads to fully resolve. The culprit? A seemingly innocuous group policy setting buried in CIS benchmarks. This post documents the full journey, from symptoms to root cause, and provides a resolution path for…

Read More Read More

Microsoft Defender PowerShell

Microsoft Defender PowerShell

Today’s quick blog provides some useful PowerShell commands for managing Microsoft Defender for Endpoint preferences. I have found these commands really helpful so I can get applications working on my lab machines and then obtain all the settings ready for deployment. I manage Defender for Endpoint with Intune, but this blog applies to anyone using Defender for Endpoint. You can learn more about Defender in Intune here Manage Microsoft Defender for Endpoint using Intune | Microsoft Learn Background When I…

Read More Read More

Create Teams in bulk from CSV – Microsoft Teams

Create Teams in bulk from CSV – Microsoft Teams

In this quick blog post we are going to look at how to create Teams in bulk from CSV. This can be really handy if you work in an environment where there is a need to create a large number of Teams in one go, such as class teams for Education, or where there is no data sync. Background Here we are looking at how to create Teams in bulk from CSV in their most basic form. We want to…

Read More Read More

Event ID 1121 – Exploit Guard – Microsoft Intune

Event ID 1121 – Exploit Guard – Microsoft Intune

Today I was getting Event ID 1121 in Windows Event Viewer while managing Windows Defender through Microsoft Intune. It took me a little bit of time to track down the exact cause as Microsoft have removed the GUIDs from the descriptions in the policy properties. I thought it would be a good idea to give an overview and include some useful references. Background Firstly, this blog applies to those running Attack Surface Reduction (ASR) through Microsoft Intune. These settings can…

Read More Read More

Device VPP licensing is only applicable for iOS 9.0+ devices. (0x87D13B69)

Device VPP licensing is only applicable for iOS 9.0+ devices. (0x87D13B69)

While taking an initial step into the world of iPadOS management with Intune, I came across an error which I thought would be worth writing about. Simply because, for me, only a tiny part of the error gave any indication as to what the problem was. Device VPP licensing is only applicable for iOS 9.0+ devices. (0x87D13B69). I got this error when trying to push the Office apps to a shared iPad, on iOS 14.5.1. As this was a fresh…

Read More Read More

Intune Group Policy Conflict Resolution

Intune Group Policy Conflict Resolution

This is a short blogpost to tell you how to handle Intune Group Policy conflict. Occasionally, when switching from Group Policy to Intune you will experience issues where the policy setting in Intune are different from the policy setting in Group Policy. This can happen for a number of reasons. Usually its because the group policies are your old design and when creating Intune policies, you refresh your device behaviour. The Problem When the device is presented with two sets…

Read More Read More

Error 0x87d01106 – The software could not be found on any servers

Error 0x87d01106 – The software could not be found on any servers

Today I made a seemingly simple mistake that still took me on a goose chase to find the simple fix. One which caused Error 0x87d01106 in the AppEnforce.log file. To make it slightly more confusing, software center, when deploying this application, threw me the rather generic error “The software could not be found on any servers at this time.” Pretty helpful right? The problem with this error. Previously I have seen it where boundaries have been set incorrectly and where…

Read More Read More

ConfigMgr Error – Error 2168851714 – SQL command failed

ConfigMgr Error – Error 2168851714 – SQL command failed

This afternoon I encountered an interesting issue with ConfigMgr that I have not seen before, ErrorCode = 2168851714 SQL command failed. This happened when trying to add to or change the content of the Configuration Manager database through the console window. I got this error after every attempt The full error: ConfigMgr Error Object:instance of SMS_ExtendedStatus{CauseInfo = “”;Description = “SQL command failed: “;ErrorCode = 2168851714;File = “X:\bt\1216594\repo\src\SiteServer\SDK_Provider\SMSProv\sspfolder.cpp”;Line = 766;ObjectInfo = “Please check SMS Provider log file for details of the…

Read More Read More

Fine Grained Password Policy Setup – Active Directory

Fine Grained Password Policy Setup – Active Directory

This post is all about how to setup Fine Grained Password Policy (FGPP) in On Premise Active Directory. This may sound a little antiquated with the rapid uptake of Azure Active Directory (AAD) and all of its wonderful account security features, but lets not forget, for most organisations a hybrid model is the best they can achieve right now, so its important to make sure you are making the most of the security policies you have available. What is Fine…

Read More Read More

Application Install Error 0x80070005 – EnforceApp Failed

Application Install Error 0x80070005 – EnforceApp Failed

Today I came across an issue I had not seen before so I thought it would be a good idea to write down some ideas of how to resolve the issue, for when I forget what I did next time it happens! I was deploying a routine application for our organisation, one I have deployed and updated 10+ times before so I was surprised to see this error when testing the deployment today. While the error code is quite a…

Read More Read More