Thursday, August 13, 2015

Microsoft Intune Managed Apps – Multi-identity

As of today, there are total of 18 Microsoft Apps (iOS + Android)  that you can use with Microsoft Intune mobile application management (MAM) policies. Some apps support multi-identity, some not. What is multi-identity? shows you the list of Microsoft Apps that support MAM.


You’ll notice behind some of the apps have the * labelled, which means it is a multi-identity apps. Let me explain my experience on that:

I’ve deployed Word and OneNote to my IPad. Both applied with the default MAM policy.

First example, I did the testing with OneNote on iOS, without * labelled. It pops up for pin for using the apps and restrict copy and paste to local apps like notepad.

Second example, I test with Word on iOS. It doesn’t pops me pin for using the apps and never restrict me from copy and paste to local apps. BUT!!! After I saved or open a document from corporate drive like OneDrive or Sharepoint, it will restrict me to copy and paste to local drive.

I hope the examples above help to clarify what’s multi-identity.

Tuesday, June 23, 2015

SCCM Client Push Error: Unable to access target machine for request

My customer called me for support due to client push failure. It is working fine the last time they performed client push. I checked out the ccm.log in the SCCM Primary Site, and I found majority failure is due to unable to access target machine for request. Back to the basics, I check the admin$ connection with one of the failure machine using windows explorer. It prompted for username and password, I entered the client push username and password. It doesn’t went through, and I entered again, and of course it failed again. Something wrong here, the client push account was granted with Domain Admin permissions. I asked my customer to enter another username and password that has the permission, and it went through. I suspected the Domain Admin permission was removed from the client push account, and asked the AD team to investigate. Yes, the Domain Admin permission was removed by someone. After the AD team configured back the Domain Admin permission, the client push is working fine. CHEERS!!!

Tuesday, June 9, 2015

MBAM Error Code: 0x80310004

I bumped into the error below. The error says the TPM is missing, but the TPM is enable on that machine, it is double confirmed.


To resolve the issue, I restart the machine, boot into startup repair, press F8 during the machine starting up.


Click on the Command Prompt, and enter the following command, “bootrec /fixbmr”.


Exit the command prompt and reboot the system.

I hope this helps you too.

Tuesday, May 19, 2015

My SCCM 2012 R2 UNIX Linux notes

Download Putty and PSCP from

Putty allows you to perform remote terminal.

PSCP allows you to copy files to the UNIX and Linux machines

To create new directory in UNIX Linux named sccmclient, mkdir /sccmclient

To copy files to UNIX Linux machine, launch command prompt and change directory to the SCCM client source folder. Then Enter path_to_pscp\pscp.exe * root@ The IP is the UNIX Linux IP

Before install the SCCM client, enter chmod +x install

SCCM client installation command ./install –mp –sitecode abc ccm-Universalx64.tar

Add –ignoreSHA256validation switch for:
  • RHEL Version 4 (x86/x64)
  • Solaris Version 9 (SPARC) and Solaris Version 10 (SPARC/x86)
  • SUSE Linux Enterprise Server Version 9 (x86)
  • HP-UX Version 11iv2 (PA-RISH/IA64)
To read installation and operation log, tail –f /var/opt/microsoft/scxcm.log

To stop the ccmexecd, /etc/init.d/ccmexecd stop

To start the ccmexecd, /etc/init.d/ccmexecd start

To perform machine policy refresh, /opt/microsoft/configmgr/bin/ccmexec –rs policy

To perform inventory scan, /opt/microsoft/configmgr/bin/ccmexec –rs hinv

To install rpm package, rpm –i rpmpackage.rpm

To check the existence of rpm packages, rpm -qa | grep rpmpackage

To uninstall SCCM client, /opt/microsoft/configmgr/bin/uninstall

Monday, May 18, 2015

Exploring on Mobile Devices Settings in Office 365

In fact, it detects you have subscribed to Intune services and it will direct you to the Microsoft Intune administrator console. I’ll have to setup a new E3 trial again. Ouch… :)


Tuesday, May 12, 2015

Working on a custom Reporting User Role and Custom Security Scope???

Working on a custom limited Reporting User roles with new custom security scope?

Viewing report from Web is working fine but Reports node in Configuration Manager Console showing No items found?

Working on a new custom reporting user role and assign with All/Default security scope to the user/user group would not give you any problem to view the report in Configuration Manager Console. However, if you are also creating a new security scope and limited the user/user group to the new security scope, you would most probably hit the problem of No items found.


Most likely you will have the configuration similar to the screen captured above. Limiting the user/user group to a collection and also with a new Security Scope.

Click on Associate assigned security roles with specific security scope and collections. Then select your custom Reporting user role and click Edit

Click on Add, and add the Default Security Scope

The Default security scope will then link to the custom reporting user role

Not to forget, most of us could forget this. When we creating a custom reporting user role, we copy the Read-only Analyst and removing all settings except Run Report. Please remember that it still require minimum Read permission on Site else you will hit the problem of No items found.

Bye bye No items found!!!!!