Intune & PowerShell: Creation of Email accounts automation on Outlook

Hey guys and girls, hope you all are having a good day. Today’s topic has a relation of 3 platform.

  • Intune/Microsoft Endpoint Manager
  • PowerShell
  • Outlook App (Windows)

This topic is more related to migration situations, so basically the environment is running IMAP and are on the stage of migrating to Office 365. Hence, to allow users to able to proceed to make use of the new mailbox and having to receive latest emails without disruption or downtime, would need to create the office365 email account on their Outlook profile.

If you notice that you have an email account, user@abc.com with the type “IMAP” on your outlook default profile, but you would like to also add the user@abc.com with the type “Microsoft Exchange” on the outlook default profile too. This is where the issue happen, majority would just proceed to try to add the account from the Outlook app but it will never let you successfully add the new account in and return with the message saying “This account has been added.” It seems to me that the Outlook App unable to differentiate TYPES. If you dig into Google Search you will only get articles, guiding you to create a new Profile just for the Office 365 account.

Wait…there is a solution to this. Please don’t bother raising case to Microsoft Support from Intune, if you’re lucky you will meet a support that willing to go extra miles for you. Usually the support would recommend you to turn on this feature from Intune “Automating the creation of outlook profile for Exchange Accounts” this only applies to new profile not existing profile.

So basically the solution is simple but I’m still unable to find an automation way to perform this. Hence, manually, but luckily is was just a small business organization, else I’m poof of words. Just type organization that is not willing to spent other migration products such as BitTitan and etc..

Anyway, to create an email account o the default outlook profile we would need to

  1. Launch your Start/Windows button
  2. Search for “Control Panel”
  3. Search for “Mail” in Control Panel
  4. Select the Mail > select “email accounts”
  5. Then select “New”
  6. Enter the following details and click Next
  7. Wait for the establish processing…
  8. You will now have 2 user@abc.com accounts in the default Outlook Profile with different types, IMAP and Microsoft Exchange.

If you are still wanting to go with having 2 profiles in Outlook to serve each types here is a simple PowerShell Script that you can upload to Intune;

#This is to create new Profile with the new Profile name
New-Item -Path "HKCU:\Software\Microsoft\Office\16.0\Outlook\Profiles\<Profile Name>" -Value ""

#This is to allow the prompt to users to choose which Outlook profile
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Exchange\Client\Options" -Name "PickLogonProfile" -Value "1"

Intune is Group Policy Management

Hey guys and girls, sorry about not updating my blog because I have been occupied with work. I feel so bad to break this goal, which is to write every once a week.

So I think my title caught your attention right? You thought that this post is going to be talking nonsense? Hahaha…No! I do still receiving people having misunderstanding what is Intune, its capability and its limitations. I do see quite a lot of blogs are only talking about the wins and lose of Intune and Group Policy Management,  not many in explaining.

Familiar questions that I usually get;

“I thought Intune is a replacement of GPO?”

“Why do we still need to rely on GPO?”

“No,  you are wrong, I saw there is administrative templates in Intune”

I am here to explain it to you properly.

If you took your time to look closely on Intune’s Device configuration categories, you will notice their settings are actually not as complete as GPO for Windows. So seeing something half does not mean it gives you full understanding of Intune capability and limitations until you put yourself and it into experiment or lab testing.

The journey I had with Intune, I would say it was a roller-coaster, I experience its limitations, behavior and good part. Yes, technology keeps changing to ease our daily challenges.

Throughout my experience, I would say that Intune does their job but still not stable enough. I usually have to combine other technology to achieve the work. You might thought of this “Urgh…is lots of work and to keep track on.”, well, if you are creative person, these are your possibilities to your resolutions from stopping you to get that work done.

In conclusion, Intune is not Group Policy Management, but Intune and Group Policy Management can be one (combine) to get your work done.

 

 

 

Intune Autopilot: Troubleshoot RDP access prompt

So I am testing Autopilot in my lab environment, consist a Hyper-V with its Virtual Machines. Well I am doing a manual registration, so how do I export the device information that is required my VM to be register for Autopilot?

I already have a VM running Windows 10 Pro, and I ran this script to export and automatic import the device information to be register into autopilot. However, I wasn’t running the script before Out-of-the-box-experience (OOBE) happen, so to make Autopilot work on my VM, I had to reset my VM.

Once the VM has reset,  it ask for region, language of my keyboard and next it shows a welcome page with the Display name and the company name. So I key in the email address and password of the user and also setup the PIN. However, I just notice that I set this user with the Standard permission only. Thus, the administrator account is disabled and I keep getting the RDP permission error prompt due to the user account is not in the RDP group in the VM.

Example of the prompt;

To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you’re in doesn’t have this right, or if the right has been removed from the Remote Desktop Users group, you need to be granted the right manually.

050317_1039_Tosigninrem1

How I troubleshoot this;

  1. Is to run MMC as administrator > File > Add/Remove Snap-in
    • Capture
  2. Key in your Office 365 admin account (an account with permission that can manage device)
  3. Select Local Users and Groups > Add
    • Capture
  4. Select Local computer > Finish > Ok
  5. Expand the local users and groups > Users > Right click Administrator  > Uncheck Account is disabled
    • Capture
    • Capture
  6. Reset the local Administrator password too
  7. Select Groups > Right click on the remote desktop users > Add > Authenticated users > Ok
    • Capture
  8. Close MMC
  9. Sign out and Sign in again

 

These steps should help you from getting the prompt again.

Please take note that I am doing this in Lab environment. In production, by right not to enabled administrator account and not to do any changes to the local users and groups.