ConfigMgr – 2 Minute Microwave Style

Genesis – I posted a tweet about someone I know getting stressed at learning Configuration Manager in order to manage 50 Windows devices.  All desktops.  The background is basically that his company had planned on 1000 devices running Windows.  But the end-users, who wield more purchasing power, opted to buy mostly Macbooks.  So the total Windows device count was capped at 50, BUT…. they already approved the purchase of ConfigMgr.  It’s worth noting that the end-users also purchases JAMF (formerly Casper) and set it up in their own secret underground lab, complete with a diabolical German scientist in a white lab coat.  Ok.  That last part isn’t really true, but the JAMF part is true.

So, the “discussion” slid into “okay mr. smarty-pants skatter-turd-brainz, what would you want in a ‘perfect’ ConfigMgr world to address such a scenario?” (again, I’m paraphrasing a bit here)

MC DJam, aka DJammer, aka David the Master ConfigMaster Meister of ConfigMgr, popped some thermal verbals in front of the house and the room went Helen Keller (that means quiet and dark, but please don’t be offended, just stay with me I promise this will make sense soon…)

Yes, I’ve had a few beers.  Full disclosure.  I had to switch to water and allow time for the electric shock paddles to bring my puny brain back online.  That was followed by a brief gasp,”oh shit?! what have I started now?”  Then some breathing exercises and knuckle crackings and now, back to the program…

So, Ryan Ephgrave (aka @EphingPosh) stepped in and dropped some mic bombs of his own.

And just like having kids, the whole thing got out ahead of me way too quick.

So, I agree with Ryan, who also added a few other suggestions like IIS logs, Chocolatey package deployments (dammit – I was hoping to beat him to that one).

So the main thing about this was that this person (no names) is entirely new to ConfigMgr.  Never seen it before, and only gets to spend a small portion of their daily/weekly time with it, due to concurrent job functions.  This is becoming more and more common everywhere I go, and I’ve blogged ad nauseum about it many times (e.g. “role compression”)

What do most small shop admins complain about?

  1. Inventory reporting
  2. Remote management tools
  3. Deploy applications
  4. Deploy updates
  5. Imaging
  6. Customizable / Extendable

These are the top (6) regardless of being ConfigMgr, LANdesk, Kace, Altiris, Solarwinds, or any other product.  All of them seem to handle most of the first 4 pretty well, with varying levels of learning and effort.  But Imaging is entirely more flexible and capable with ConfigMgr (or MDT) than any of the others I’ve seen (Acronis, Ghost, etc. etc. etc.)

ConfigMgr does an outstanding job of all 6 (even though I might bitch about number 6 in private sometimes, it is improving).  ConfigMgr is also old as dirt and battle-tested.  It scales to very large demands, and has a strong community base to back it up in all kinds of ways.  In some respects it reminds me of the years I spent with AutoCAD and Autodesk communities and the ecosystems that developed around that, but that’s another story for another time.

The challenge tends to come from just a few areas:

  1. Cost and Licensing – ConfigMgr is still aimed at medium-to-large scale customers.  The EA folks with Software Assurance, are most often interested and courted into buying it.  Some would disagree, but I set my beer mug down and calmly say “Walk into any major corporate IT office and ask who knows about ConfigMgr.  Then walk into a dentist office, car dealership, or small school system and ask that same question.”  I bet you get a different response.
  2. Complexity – ConfigMgr makes no bones about what it aims to do.  The product sprung from years of “Microsoft never lets me do what I want to manage my devices” (say that with a nasally whiny tone for optimum effect).  Microsoft responded “Here you go bitch.  A million miles of rope to hang yourself.  Enjoy!”  It’s an adjustable wrench filled with adjustable wrenches, because it was designed to be the go-to toolset for almost any environment.  And it’s still evolving today (faster than ever by the way)
  3. Administration – Anyone who’s worked with ConfigMgr knows it’s not really a “part-time” job.  But that’s okay.  It’s part of the “complexity” side-effect.  And rarely are two environments identical enough to make it cookie cutter.  That’s okay too.  Microsoft didn’t try to shoehorn us into “one way”, but said “here’s fifty ways, you choose“.  The more devices you manage with it, the more time and staff it often demands in order to do it justice.  I know plenty of environments that have scaled to the point of having dedicated staff for parts of it like App deployments, Patch Management, Imaging and even Reporting.

None of these are noted with the intention of being negative.  They are realities.  It’s like saying an NHRA dragster is loud and fast.  It’s supposed to be.

Now, add those three areas up and it makes that small office budget person lose control of their bowels and start munching bottles of Xanax.  So they start searching Google for “deploy apps to small office computers” or “patching small office computers cheap as hell” and things like that.

So, ConfigMgr already does the top 6 functions pretty darn well.  So what could be done to spin off a new sitcom version of this hit TV show for the younger generation?

  1. Simpler – It needs to be stupid-simple to install/deploy and manage.  This reaches into the UI as well.  Let’s face it, as much as I love the product, the console needs a makeover.  Simplify age-old cumbersome tasks like making queries and Collections, ADRs and so on.
  2. Lightweight – Less on-prem infrastructure requirements: DPs, MPs, SUPs, RPs, etc.  Move that into cloud roles if possible.
  3. Integrate/Refactor – Move anything which is mature (and I mean really mature) in Intune, out of ConfigMgr.  Get rid of Packages AND Applications, make a hybrid out of both.  Consider splitting some features off as premium add-ons or extensions, like Compliance Rules (or move that to Intune), OSD, Custom Reporting, Endpoint Protection, Metering, etc.
  4. Cheaper – Offer a per-node pricing model that scales down as well as up.  Users should be able to get onboard within the cost range of Office 365 models, or lower.

Basically, this sounds like Intune 3.0, which I’ve also blabbered about like some Kevin Kelly wanna-be futurist guy, but without the real ability to predict anything.

Some of the other responses on Twitter focused on ways to streamline the current “enterprise” realm, with things like automating many of the (currently) manual tasks involved with installation and initial configuration (SQL, AD, service accounts, IIS, WSUS, dependencies, etc. etc.), all of which are extremely valid points.  I’m still trying to focus on this “small shop” challenge though.

It’s really easy to stare at the ConfigMgr console and start extrapolating “what would the most basic features I could live with really come down to?” and end up picking the entire feature set in the end.  But pragmatically, it’s built to go 500 mph and slow down to push a baby stroller.  That’s a lot of range for a small shop to deal with, and they really shouldn’t.  That would be like complaining that the Gravedigger 4×4 monster truck makes for a terrible family vehicle, but it’s not supposed to be that.  And ConfigMgr really isn’t supposed to be the go-to solution for a group of 10-20 machines on a small budget.  Intune COULD be, but it’s still not there yet.  And even it is already wandering off the mud trail of simplicity.  It needs to be designed with a different mindset, but borrowing from the engine parts under the ConfigMgr hood.

Maybe, like how App-V was boiled down and strained into a bowl of Windows 10 component insertions for Office 365 enablement, and dayam that was a weird string of nouns and verbs, they could do something similar with a baked-in “device management client” in a future build of Windows 10.  Why not?  Why have to deploy anything?  They have the target product AND the management tool under the same umbrella (sort of, but I heard someone unnamed recently moved from the MDT world into the Windows 10 dev world, so I’m not that far off).

Does any of this make sense?  Let me know.

 

Advertisements

Random Stuff, Part 42

Between work, studying, tinkering and trying to have something close to being considered “a life”, I haven’t been blogging much lately.  And every time I get close to having that magical, mythical thing called “a life”, I have to travel.  I can’t complain, since it gives me new perspectives on “life”, which help me to feel like I have “a life”.

And speaking of travel, here’s a cheap diagrammatic view of how I roll (literally, since my suitcase does in fact have wheels)…

packing.png

This is just the backpack.  I also didn’t include tampons, whips, chains, hand grenades, latex gloves, surgical masks, or bags of unmarked pills.  Those tend to slow me down with TSA, and I’d rather they spend most of their time with their hands around my privates.  If I touch myself in public it looks unsettling, but when they do it for me, it’s professionalism at its best, and they love it when I smile during the procedure.

Speaking of TSA, I’ve found that the passive aggressive score follows the scale of the airport, at least in the U.S.  Meaning, the bigger the airport, the less humor they tolerate.  The friendliest bunch I’ve encountered would be Medford, Oregon (MFR), and the other end of the scale would be Boston (BOS).  I love Boston.  The TSA have a consistent and warm way of welcoming travelers to bean town with that glaring “I’ll stomp your face in if you make eye contact for more than 5 seconds!”

I’ve also been updating some PowerShell-related projects.  I have always maintained personal project time to keep my sanity.  It also makes my dog want my attention more.  She leaves me little gifts to express how much she misses my attention.  And at 95 lbs, the size of those gifts can almost clog the toilet.

Here’s a few examples of what too much caffeine, too much vlog watching, and access to PowerPoint will do to someone like me, a latent marketing student.  I’m just kidding, I would’ve gone into statistics as a “statistician” but it’s too difficult to pronounce after 3 or 4 beers, and the pay doesn’t come close to most IT related jobs.

fudgepop.pngFudgePop

 

cmhealthcheck.pngCMHealthCheck

gpodoc.pngGPODoc

cmbuild.pngCMBuild

They almost look professional.  And almost as if I know what I’m doing.  Cooked up with only a frying pan, a little butter, some chunks of PowerPoint and sprinkled with Paint.Net.  All four took a whopping hour to create.  The pencil was the most fun.  I highly recommend the shape tools (Boolean stuff, like Union, Subtract, etc.), you can spend hours immersed in that strange world, forgetting to shave and bathe too.

You can find the rest of this exciting stuff at https://www.powershellgallery.com/profiles/skatterbrainz/ – where I publish things I almost know how to do.  CMBuild is still in beta, so if you get really, really, reeeeeeally bored, and you have a lab environment in which to try things like this – feel free to post angry, hurtful, mocking and demoralizing comments and bug reports.  The more condescending the better. My doctor enjoys this too.  The visits for medication help his kids through another semester at medical school, and I don’t want to let him down.

Travel

I forgot to mention that MFR, while being a very small airport, also has some really nice artwork on the walls around baggage claim…

20171105_213501.jpg

Approaching Norfolk (ORF), the most dynamic and interesting place for underpaid IT professionals…

20171111_102616.jpg

Leaving San Fran (SFO).  The most dynamic and interesting place for well-paid IT professionals who can’t afford to live there…

20171110_193714.jpg

Getting ready to board my next flight.  I have the window seat just behind the wing…

20171110_204509_Burst01.jpg

Back in my office…

20170902_231019.jpg

Technical Stuff

In the past month, I’ve been dunked into projects involving a variety of different beatings, I mean challenges.

  • 2 involving MDT+Windows 10 with distributed/replicated MDT deployment shares.  One using DFS and the other using Nasuni, for the replication service.  Both worked out very well.
  • 2 involving Office 365 ProPlus.  One mixing C2R Office with MSI Visio and Project.  The other mixing C2R Office using O365/AzureAD licensing, with C2R Visio/Project using KMS licensing.  Neither was that difficult, but I did come away with a continued wonder and amazement at how something so simple (C2R deployments) could be left half-baked by Microsoft and nobody seems to care.
  • 3 involving Configuration Manager.  1 focused on SUP strategies for servers.  1 focused on being a crying shoulder for an overloaded admin and under-give-a-shit managers.  1 focused on replacing some horrific mess some other (independent) consultant attempted while in between binges of drinking and glue sniffing.

The rest of the time has been Azure, Intune, O365, PowerShell, PowerShell with Azure AD, PowerShell with Intune, PowerShell with System Center, System Center with PowerShell, PowerShell with PowerShell, and a little bit of PowerShell. I’d think by now I’d know something about PowerShell, but I’m not going to pat myself on the back just yet.

User Groups

Our geographic region seems to have very few IT-related user groups with regards to the population of professionals.  We do have a few, such as groups for Docker, SQL Server, .NET, Machine Learning/AI, and a few others.  So, I’ve been trying once again (third time) to get a Microsoft-related group off the ground.  And I’m happy to say it’s actually starting to get off the ground!  It’s called Hampton Roads Cloud Users Group.  “HRCloudGroup” on Slack, and Facebook.

For those not familiar with this interesting little area, it’s officially comprised of 7 cities in the southeastern corner of Virginia, at the North Carolina border.  Mouth of the Chesapeake Bay.  But the actual list of surround municipalities include Norfolk, Virginia Beach, Portsmouth, Chesapeake, Hampton, Newport News, Williamsburg, Yorktown, Suffolk, Surry, and Smithfield.  There’s also a large number of people who commute from North Carolina to jobs in this area, so it extends beyond Virginia.

Some call it “Tidewater”, which is a stupid name.  Some call it “Hampton Roads”, which is a less stupid name.  Some call it “that shitty place I hated being stationed at while in the Navy/Marines/Air Force/Army/Coast Guard/CIA/FBI/NSA/DEA/NATO…” eh, you get the idea.  I would venture to say it is the most militarized area of land in the United States, maybe in the world.  Every branch of military, intelligence, logistics, special operations, tactical operations, is located within a small enough radius to be a ridiculously appealing target for Russian satellites.  My house, is under the flight path between Little Creek JEB (SEAL team 6 or DEVGRU), Fort Story and Oceana NAS.  I can name the fighter jet, cargo plane, or helicopter models by sound alone. I just haven’t found a way to earn a living doing that yet.

Enough Rambo talk. Our group is still very small, at about a dozen members, with about 4 or 5 people attending the monthly meet-ups so far, we’ve been fortunate to get some very skilled, very creative members, so I couldn’t be happier.  I feel like my role is more of a facilitator than a leader.  The others have way more experience than I at this point, so I’m happy to just connect the wires and keep the engine running, and learn what I can along the way.  We’ve only had 2 meet-ups so far, but I’m optimistic.  Our next one is December 14, 2017 at 6pm.  If you live in the area, hit us up.

Miscellaneous

As if the entire blog post isn’t already “miscellaneous”.  Shit, my whole life is “miscellaneous” when I get down to it.  But who’s complaining? Okay, I do from time to time.  Anyhow, shotgun blast…

  • PlatyPS is cool.  Once you remember to actually put comments in the right places and import the module before running New-MarkdownHelp for fifth time and cursing at the monitor for not reading my my mind.
  • Carbon is still cool.  Even cooler.
  • The Tesla semi is freaking awesome.  The Roadster is obviously cool as well.  I can afford neither.
  • I had my first MSATA failure today.  A Lite On 256 GB card in my HP Elitebook.  RIP.  It was nice having you while you lasted.
  • Shout out to Whitner’s BBQ in Virginia Beach.  Still the best I’ve had anywhere I’ve traveled, and it’s right in my backyard.
  • Shout out to the group of kids who yelled across the busy street “I like your chocolate dog!!”  She loved it too.
  • I need fish food for the aquarium.  Off to the stores on a Saturday.  Wish me luck.

Chocolate dog.  Aka “Dory”

20171117_131721.jpg

CMHealthCheck is now a PowerShell Module

What is it

CMHealthCheck is a PowerShell module filled with bubble wrap, Styrofoam peanuts, and 2 possibly useful functions, aimed at collecting a bunch of data from a System Center Configuration Manager site server, and making a pretty report using Microsoft Word.  But doing so without needing to manually download and store a bunch of script files and so on.

It’s still based on the foundations laid by Rafael Perez, with quite a bit of modification, prognostication, prestidigitation, and some coffee.  Special thanks to Kevin (@thenextdotnet) for helping point me in the right direction to move it all from scripts into a module.

Why is it

I get asked (okay, told) to help customers find out why their site servers are running slow, showing red or yellow stuff, or just to get them ready to upgrade from whatever they’re on to whatever is the latest and greatest version of ConfigMgr.  They also like a pretty Word document with a spiffy cover page.

How to use it

  1. Install the module on the ConfigMgr CAS or Primary server you wish to audit –> Import-Module CMHealthCheck
  2. Run the Get-CMHealthCheck function (see documentation on Github – linked below)
  3. Install the module on a Windows computer which has Office 2013 or 2016 installed (hopefully NOT the same computer which was audited)
  4. Run the Export-CMHealthCheck function (see documentation on Github – linked below)
  5. Save the Word document and mark it up.

Where to Get it

How to Complain About it

Because I know some of you will, but that’s okay.  Without complaints, we have no way of identifying targets.  Just kidding.  I need feedback and suggestions (or winning lottery numbers and free food coupons).  Please use the “issues” link on the GitHub repository to submit your thoughts, gripes and so on.

Invoke CM_Build over the Web

Updated 10/15/2017 – Added -Override example

118057481

First off: WTF is CM_BUILD?

CM_BUILD is a PowerShell script that configures a “vanilla” Windows Server machine into having Configuration Manager Current Branch installed.  This includes ADK, MDT, Server Roles and Features (WSUS, BITS, etc.), SQL Server, ConfigMgr itself, and a few goodies like Right-Click Tools, ConfigMgr Toolkit.  The GitHub repo has a cute readme markdown page filled with overcaffeinated gibberish on how to use it.  CM_SiteConfig is the “part 2” to cm_build, which configures ConfigMgr into a semi-functional site.

Short answer: https://github.com/Skatterbrainz/CM_Build

Okay, why CM_BUILD?

I don’t know.  Why do we do anything?  For the thrills? I could have taken up robbing banks, raising a crocodile farm, or breaking world records of swilling down cans of Four Loco while working on electrical equipment.  But I chose the boring life.  And while I’m bored, I hate clicking buttons repeatedly, so …

I got inspired by Johan and Mikael’s ConfigMgr Hydration Kits and Deployment Fundamentals Vol. 6 book examples, and Niall’s noob scripts, (I know it’s not actually called that, but it sounds cool to say “Niall’s noob scripts“), and after 45 cups of terrible coffee I said “I can shove all that into an XML file and call my JSON friends up and laugh hysterically at them, saying things like ‘You and your snotty little JSON drivel!  Always mocking poor, starving little XML.  Well, I’ll have you know I can still write XML, and probably even a little COBOL! So what do you think of that?!  Hello?  Hello?  Did you just hang up on me?!! WTF!

Anyhow…. Hold on, I need to get my dog outside before she has an accident….

okay, I’m back.

Why Invoke it over the Web?

There are several potential reasons for wanting to do this:

  • I was really bored and it’s been raining all freakin day, and…
  • It’s 3am and I can’t sleep, and…
  • I saw this, and …
  • I wanted to pull this off within Azure, using a VM extension, without having to import any actual files, and it would be cool to tie all this together with a runbook so I can send a text message “new lab configmgr p01“, to fire off a lab build in Azure and have it text me back “your stupid lab is ready, now leave me alone!” then I can forget it’s still running and it runs all my MSDN credits down to $0 until the next monthly cycle, and…
  • I scrolled through Dan Bilzerian’s twitter feed just long enough to hate my boring life, and needed a distraction, and…
  • It seemed like something cool to try

Example

Time to put on a poker face and act serious now.  The example below calls the cm_build.ps1 script from the GitHub master branch URL, converts it into a -ScriptBlock object, and passes in the -XmlFile parameter value using the Github Gist raw URL (you can make your own by copying the cm_build.xml into your own “secret” Gist, so you don’t openly share sensitive information to the whole world)

$ps1file = 'https://raw.githubusercontent.com/Skatterbrainz/CM_Build/master/cm_build.ps1'
$xmlfile = '<your-gist-raw-url>'

$script = Invoke-WebRequest $ps1file
$scriptBlock = [ScriptBlock]::Create($script.Content)
Invoke-Command -ScriptBlock $scriptBlock -ArgumentList @($xmlfile, $True, $True, $True)

But you can also invoke the interactive gridview menu using the -Override parameter, by simply appending one more $True into the -ArgumentList array.

Invoke-Command -ScriptBlock $scriptBlock -ArgumentList @($xmlfile, $True, $True, $True)

Then you get this budget-sized, corner-cutting, hack of a menu to choose from…override-gui

You may see a red warning about “Split-Path : Cannot bind argument to parameter ‘Path’ because it is null.”  I’ll fix that soon.  It only impacts the log output, but nobody reads log files anyway, right?

Anyhow, it’s 3:33 am, and I’m still typing, which is probably bad for my health, but if two people read this and it actually provide useful information one of you, mission accomplished.  Actually, I know for a fact this is bad for my health.  Regardless, I ran the above snippet (with a real URL in the $xmlfile assignment) in my Hyper-V duct-tape and chewing gum lab at home, and it worked like a charm.  Now I can log into the server, open the ConfigMgr console and proceed with CM_SiteConfig, or apply real world tactics and break the ConfigMgr site entirely and start over.

zzzz

My Favorite Ignite 2017 Sessions

Just a heads-up: Not all of the sessions I attended or enjoyed most are posted yet.  And some sessions might not have been recorded (expo area mostly).  Also, some of the videos have flaky audio.  Enjoy!

[ PLACEHOLDER FOR ASK THE EXPERTS: WINDOWS 10 DEPLOYMENT AND SERVICING SESSION ]

[ PLACEHOLDER FOR BRANCH CACHE SESSION (when it becomes available) ]

[ PLACEHOLDER FOR EXPERT LEVEL WINDOWS DEPLOYMENT SESSION (when it becomes available) ]

5 Myths of Modern IT

hqdefault

These are just five (5) of the most common statements/assertions/quotes I’ve overheard over the years while working in IT.  Every time I hear them, I have to take a deep breath and suppress my inner angst (to put it mildly).  This post isn’t all that funny actually, but I ran out of coffee and it’s too late for bourbon on a weeknight.  So I attached my custom-fit tin-foil hat and henceforth pontificate…

“The goal of Automation is that it frees up employees to focus on other important tasks”

Conceptually, this is plausible.  But, and this is a big BUT (and I cannot lie, all you other brothers can’t, oh never mind…), it depends on the source.  ‘Who’ initiates the push towards automation is what determines the validity of this statement the most.  If the premium placed on automation is cultivated in the ranks, this statement can be, and often is, very real.  However, when it’s initiated from the “top” (usually business, rather than technical ranks) it’s almost always (okay, 99.999999999999999999999999999999999999999999999999999999999% of the time) aimed at reducing staff and employee costs.

I’ve seen various spins and flavors of this, depending upon business culture.  The “reduction” can range from departmental shifts, to demotions, contracting-out, layoffs, and outright terminations (depending upon applicable labor laws).  Indeed, as much as I love (and earn a handsome living on) business process automation, using IT resources, I never allow myself to forget the ultimate goal: to reduce human labor demand.  The more I spend time with non-IT management, the more I see evidence to prove this assertion every day.

With that said, if your particular automation incentives are derived internally, push onward and upward.  Don’t let me talk you out of that (why would I?)

“The value of the cloud is that it enables on-prem expansion with fewer constraints”

This is a contextual statement.  Meaning, taken out of context, it is indeed a valid statement.  However, when inserted into standard sales talk (also commonly and scientifically referred to as “talking shit”) it’s often sold as being the premium value in the over-arching model.  In reality, I have seen only two (2) cases, and only heard of two (2) others, out of dozens of cases, where an infinite hybrid model was the ultimate goal of a cloud implementation project.

The majority of enterprise cloud projects are aimed at reducing on-prem datacenters, often to the point of complete elimination.  There’s nothing inherently wrong with that; it makes good business sense.  But selling it under a false pretense is just wrong.  Indeed, of the last five (5) cloud migration projects I’ve been involved with, the customer stated something akin to “I want to get rid of our datacenters” or “I want all data centers gone“.  The latter quote came from a Fortune 100 company CIO, with a lot of datacenters and employees.

“Who needs sleep?”

Don’t fall victim to this utter bullshit.  If you believe you only need a “reboot” as often as your servers do, you’re putting your own life at a lower value than common hardware.  If you’re a “night owl”, that’s fine, but only as long as you adjust your wake-up time to suit.  Always ask yourself where this inclination to never sleep starts.  Is it coming from management?  From your peers?  From personal habit?  If it’s coming from management, move on to a better workplace.  If it’s coming from your peers, you need to expand your network.  If it’s coming from personal habit, fix it.

A few years ago, I fell into the habit of working myself almost (literally) to death.  Mostly from what I call “code immersion”.  That urge to “get one more line done” and then another, and it never ends.  I was averaging 2-3 hours of sleep over the course of a year.  It finally caught up to me in a very bad way.  I’ve since taken action to prevent that from happening again.  I’ve seen way too many people die from not taking care of themselves.  Way too many.  Don’t be another statistic.

“This is cutting edge”

I have another quote (and I’m still trying to identify the true source of it), that runs counter to that: “We live in ancient times“.

Everything we do in IT, and I mean EVERYTHING, will be gone from this Earth long before most of the furniture in your house.  Long before your house is gone.  Statistically speaking, this is a valid statement.  Information Technology is a process, not an end result.  It’s a process of optimizing information access and accuracy, which evolves over time.  The tools and technologies employed to that purpose also evolve.

“The customer is always right”

If they were, then why do they need you?  And more importantly, why are they paying you to help them?  That said, the customer holds the purse strings, and the promise of future work, so don’t ever charge out of the gate with a smug demeanor.  Every new customer engagement should start off deferential.  It should then evolve and progress based on circumstances and communication.   However, anyone who works in IT and insists that the customer is “always right” is misguided or just stupid AF.

Honorable mentions (phrases that annoy the $%^&* out of me)

  • “You can’t afford NOT to!”
  • Excessive use of buzzwords like “holistically”, “literally” and “ummm”
  • “It pays for itself!”
  • “It’s the next ______, only better!”
  • “Why? Because ours is a better solution”
  • “The Cloud is a fad”

Summary

Everything you read above could, quite possibly, be entirely rubbish.  After all, I’m a nobody.  I just call it as I see it.

What Would it Take to Move from SCCM to Intune?

1wearandtear

Every week I’m on a conference call with customers who are using, or interested in using, SCCM and Intune/EMS.  Every single conversation finds its way into the following questions:

  1. “Should I use Intune to manage Windows 10 Surface Pro and Dell/HP laptops outside the network?”
  2. “Should I integrate SCCM and Intune?”
  3. “Can I just move all my SCCM infrastructure into Azure?”

Good questions.  Unfortunately, the answers aren’t yet fully-baked.  The answer to each is “it depends”.

But during one call in particular, we had a bunch of crusty old SCCM engineers discussing the past, present and future of the product.  This wound up in a discussion about “what would it take?” …to switch to Intune as the primary management interface, even for on-prem devices.  The gist of this was not about “eventually” or long-term, but rather, what could be dropped in our lap sooner, and make us say “oh, snap! time to reconsider!”

Anyhow, we came up with the following:

1 – Hybrid Deployments

The ability to configure application deployments in a cloud console, while directing clients to fetch the content from on-prem sources.  The reverse of cloud DPs, if you will.  The application configuration resides in the cloud, and the source content, and deployment content, are hosted on-prem.

This could be handled with the Intune client being equipped to poke for the on-prem location as a means to determine on/off prem status.  If on-prem, download the content from the on-prem DP.  Otherwise, follow the configuration (wait, or download from another source).  The goal would be to support cloud clients, mobile clients and on-prem clients, where each could pull content based on proximity, performance and least cost.

This would also span out to OSD as well.  If the WIM files, driver packages, and other bits were available from an on-prem source (via PXE/WinPE) it could work. Maybe it would require something like iPXE Anywhere, or maybe not.

2 – Expanded Deployment Types

Intune would need to be able to deploy more flexible types of instructions.  Such as EXE files with additional parameters (aka “switches”), MSI’s with MST transforms.  PowerShell scripts would be nice too.

3 – Full Inventory

This is actually two parts combined.  The first being a split inventory detection that pulls a complete (e.g. SCCM-style) WMI inventory data set from a full Windows client, but does the status quo for other clients.  The second part being a means for leveraging that extended inventory to save time/effort in other areas (targeting policies, apps, etc.)

And speaking of inventory, is there a CIM-like equivalent for mobile platforms like iOS, Android, etc.?

Summary

Granted, this is *not* enough for SCCM to throw in the towel and surrender.  But these seem to be the most-used features in SCCM which are not replaceable with Intune, yet.

If this is true, or “accurate”, then it doesn’t seem like such a tall hill to climb.  We were not entirely sober at the time, so it’s quite possible we overlooked something here.  Maybe something embarrassingly obvious, but hey.

Thoughts?  Substance or Garbage?  Let me know.