Month: December 2018
I was recently setting up some different scenarios and tests using a VM with Windows Autopilot for Windows 10 1803 vs 1809 . Being lazy, and thinking that I was being “smart”, I just reused the same VM but had a different VHDX disks for 1803 and 1809. Each Windows instance had a unique hardware hash (see below snipet).
However, the import failed with message “Device is already registered to the same Tenant. Error code: 806 – ZtdDeviceAlreadyAssigned”.
The error message gives a hint to the problem about the device already being registered. But when you delete the system from within the Autopilot profiles section, it seems to NOT actually delete it. Such that the device isn’t removed and subsequent imports fail with the same error. This is caused because the delete was triggered to remove the device from the Microsoft Store for Business, but the change hasn’t yet synchronized back into Intune.
My experience has been that there are variance on how quickly the delete is reflected. So if you need to expedite the scheduled sync cycle, just simply click the Sync button. Then that should get it back into a position where you can import the new Autopilot hash CSV file successfully.
|Windows 10 news you can use, December 2018 edition
Providing insights into Windows 10 deployment & management, security & compliance, and productivity. Also see other news related to Windows 10.
If you’re in IT, make sure you join us Thursday, December 13th from 9:00-10:00 a.m. Pacific Time to get up to speed and get your questions answered about Windows 10, version 1809. We’ve assembled a group of engineers and product managers from the Windows, Window Defender ATP, System Center Configuration Manager, Microsoft Intune, Microsoft Edge, and Microsoft 365 teams—and we’ll be answering your questions live during what promises to be an exciting and informative “Ask Microsoft Anything” (AMA) event.
Windows 10 quality approach for a complex ecosystem. In November, Microsoft re-released the October 2018 Update after pausing to investigate a small but serious issue. This is the first time in Windows 10’s “Windows as a Service” history that we have taken such an action, and as such it has naturally led to questions about the work we do to test and validate Windows quality before we begin rolling it out broadly.
|Deployment & Management|
- Now live! Follow the steps outlined in Microsoft’s Modern Desktop Deployment Center to plan and carry out your large-scale deployment of Windows 10 and Office 365 ProPlus. Each step is part of the overall planning and deployment process with steps typically running in parallel to each other in a phased deployment.
- Understanding the differences between servicing Windows 10-era and legacy Windows operating systems. https://docs.microsoft.com/en-us/windows/deployment/update/waas-servicing-differences
- Windows Autopilot: Hybrid Azure AD join and automatic registration.
- Windows 10 Enterprise LTSC 2019 is now available on the Volume Licensing Service Center (VLSC).
- KB4347075 Update to extend KMS support upcoming Enterprise LTSC and Windows Server products.
- When you purchase any of the Windows 10 or Microsoft 365 services (as detailed in the following Eligible plans section), FastTrack Specialists provide advisory and remediation guidance if you encounter app compatibility issues as you deploy to Windows 10 and Office 365 ProPlus and stay up-to-date at no additional cost (with an eligible subscription). To get help, complete the Desktop App Assure service request. https://docs.microsoft.com/en-us/FastTrack/win-10-daa-assistance-offered-and-plans
- Windows 10 Long-Term Servicing Channel (LTSC): What is it, and when should it be used?
- Today is an exciting day for Windows 10 on ARM. With the official release of Visual Studio 15.9, developers now have the officially supported SDK and tools for creating 64-bit ARM (ARM64) apps. This news comes at a great time as Qualcomm Snapdragon 850 processor second-generation ARM64 devices provide even more computing power for developers to tap into while continuing to deliver the beyond-all-day battery life customers expect from Windows 10 on ARM. Like the first-generation ARM64 devices, they are also thin, light, fast, and designed with instant-on 4G LTE connectivity in mind, while able to run the wide ecosystem of Windows applications thanks to an x86 emulation layer.
|Security & Compliance|
- Our analysis of a targeted attack used malicious InPage document and outdated VLC media player to give attackers backdoor access to targets. Historically, malware payloads like the stage 2 malware in this attack are used to steal credentials and other sensitive information, install more payloads, or move laterally in the network. However, because the malware opens a backdoor channel for remote attackers to execute arbitrary commands of their choice, there’s a wide range of possibilities.
- Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks. The WDATP team uncovered a new cyberattack that targeted several high-profile organizations in the energy and food and beverage sectors in Asia. Given the target region and verticals, the attack chain, and the toolsets used, we believe the threat actor that the industry refers to as Tropic Trooper was likely behind the attack. Read more about how the attack was determined, protected by Conditional access, and automatically remediated on threatened networks.
- Microsoft is excited to share with you some of the latest significant enhancements to Windows Defender ATP. We added new capabilities to each of the pillars of Windows Defender ATPs unified endpoint protection platform: improved attack surface reduction, better-than-ever next-gen protection, more powerful post-breach detection and response, enhanced automation capabilities, more security insights, and expanded threat hunting. These enhancements boost Windows Defender ATP and accrue to the broader Microsoft Threat Protection, an integrated solution for securing identities, endpoints, cloud apps, and infrastructure.
- At Microsoft, we take your device and account protection seriously, which is why we’ve been on a mission to eliminate passwords. Passwords can be difficult to remember, are often reused and can be used to hack your account anywhere, anytime, from any device. Windows Hello is a key component in our effort to finally saying goodbye to passwords. Using facial recognition, a fingerprint, or PIN, Windows Hello is a fast, secure and password-less way to unlock your Windows 10 PC.1 We’ve been busy bringing the latest and greatest features to Windows Hello and account protection and wanted to take some time to update you on what’s new.
- Secure password-less sign-in for your Microsoft account using a security key or Windows Hello. We just turned on the ability to securely sign in with your Microsoft account using a standards-based FIDO2 compatible device—no username or password required! FIDO2 enables users to leverage standards-based devices to easily authenticate to online services—in both mobile and desktop environments.
- Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 October 2018 Update (a.k.a., version 1809, “Redstone 5” or “RS5”), and for Windows Server 2019.
- Windows 10 Tip: Five ways filling out forms online just got easier in Microsoft Edge. You may have already noticed that it’s easier than ever to fill out form details in websites, thanks to several improvements in Microsoft Edge via the Windows 10 October Update. This builds on the multi-field autofill launched in April that gave users the ability to fill out multiple related fields in website forms, such as contact info and credit card details, with one click.
- When we released Windows 10, version 1803, we introduced Local Experience Packs (LXPs), which are modern language packs delivered through the Microsoft Store or Microsoft Store for Business. The biggest advantage to LXPs is that we no longer have to wait for feature update releases to deliver improved translations to you. Instead, translation improvements can be delivered via LXPs as a Microsoft Store application update. Local Experience Packs, available in more than 100 languages, makes Windows speak your language. Windows engineer Pankaj Mathur explains that it’s easier than ever to get and install one in the Windows 10 April 2018 Update. (Subtitle available in 86 languages)
- Windows 10 Tip: Find out how to setup and use Surface Headphones.
- Save money and time with Microsoft Shopping Assistant. Microsoft Shopping Assistant, first released in 2016 through The Garage, is a browser add-on that helps you get the best deals at more than 50,000 online stores, from top retailers like Amazon and Walmart to your favorite boutique shop on Etsy.
|In other news related to Windows 10…|
- Assessing Microsoft 365 security solutions using the NIST Cybersecurity Framework.
- Enterprise security resources from Microsoft – includes whitepapers, training, blogs, and more!
- A step-by-step demo guide for provisioning Microsoft Surface devices using Windows Autopilot – without the need to reimage them. See how Microsoft Surface provides the first and best experience for first run user provisioning and ongoing device driver and firmware management and how you can register devices to your org and customize devices with apps and policies to make them business-ready right out of the box.
- November update on the evolution of Microsoft Threat Protection, which revisits some of the solution capabilities announced at Ignite and provide updates on significant enhancements made since September. Engineers across teams at Microsoft are collaborating to unlock the full, envisioned potential of Microsoft Threat Protection. Throughout this journey, we want to keep you updated on its development.
- Secure your privileged administrative accounts with a phased roadmap. There are few things more important to a secure posture than protecting admins. This is because a compromised admin account would cause a much greater impact on the organization than a compromised non-privileged user account. If you are working on initiatives to secure your privileged accounts, this post is designed to help. I’ve shared some of the principles and tools that Microsoft has used to guide and enhance our own security posture, including some prescriptive roadmaps to help you plan your own initiatives.
- Reduce your potential attack surface using Azure Advanced Threat Protection (ATP) Lateral Movement Paths. The purpose of lateral movements within a cyber-attack kill chain are for attackers to gain and compromise your sensitive accounts towards domain dominance. Azure ATP provides invaluable insights on identity configurations and suggested security best-practices across the enterprise. A key component of Azure ATP’s insights is Lateral Movement Paths or LMPs. Azure ATP LMPs are visual guides that help you quickly understand and identify exactly how attackers can move laterally inside your network. Azure ATP LMPs provide easy to interpret, direct visual guidance on your most vulnerable sensitive accounts, assists in helping you mitigate and close access for potential attacker domain dominance.
- Intune’s journey to a highly scalable globally distributed cloud service; Part 2 explains the three proactive actions Microsoft took to prepare for immediate future growth.
- Windows Machine Learning is out of preview and ready to become part of your AI toolbox. The Windows ML inference engine evaluates trained models locally on Windows devices, removing concerns of connectivity, bandwidth, and data privacy. This video series will help you understand how you can get started with Windows ML and explore the new APIs through the lens of Rufus the robot.