sccm

  • February 17, 2020
    PowerApps Flow ConfigMgr Integration

    Microsoft Endpoint Manager Application Approvals using Microsoft Power Automate (Flow)

    The native application approval functionality within Microsoft Endpoint Configuration Manager, (which is still often referred to as SCCM, ConfigMgr, and Configuration Manager) originally only allowed defined admins to approve application requests from the Application Catalog and Software Center using the ConfigMgr administrator console. Starting with ConfigMgr 1810, you could also begin making pre-approved machine based requests with no user required, allowing you to install applications in real-time. Additionally, e-mails could be sent to a defined approver, or a list of approvers for each application that is deployed by entering e-mail addresses of each approver(s) into each application deployment at deployment type. This feature is coming along nicely. One thing that I often hear from customers regularly is “I want to have my users’ managers approve the applications, since they are going to ultimately be the ones responsible for covering the additional licensing costs out of their cost center.” Unfortunately, since you can only set one or more static e-mail address or DLs on each application deployment, this isn’t really possible today without having someone receive the e-mails, look up the requester’s manager, and manually forwarding them the ConfigMgr generated approval e-mail. This isn’t a very productive use of anyone’s time IMHO. As many of you know, I’ve been diving head-first into any and every chance to create PowerApps and Power Automate (Flows) to harness the power of these ultra powerful low-code/no-code application creation platforms. This small gap in ConfigMgr led me to come up with the following idea which may suit the need for many who are waiting for the application approval functionality in the ConfigMgr product to further mature. First, I had my customer make and choose an “Application approval” e-mail account to use. All applications requiring approval would be set to automatically e-mail this mailbox any time an...
    More
  • March 4, 2019
    ConfigMgr

    Looking at PKI certificates using ConfigMgr (SCCM) Compliance Settings

    I once had request for a way to determine if a specific PKI certificate was installed on some Windows OS machines.  To accomplish this task, I decided the easiest method would be to create a simple PowerShell script which would check for the existence of the certificate, and then use the infinitely powerful Compliance Settings feature of Configuration Manager to run the script and report back the results. While on the topic, I also decided to create a CI that checks for Server Authentication intended purpose PKI certificates that are about to expire in 90 days, so that someone can be alerted and hopefully avert an outage caused by an expired certificate. First, for finding machines with a specific certificate installed, here’s a snip of the details of a sample certificate I’m looking for. Notice in my example that the Issuer is “russrimmerman-DC1-CA”. You could check the certificates Issuer, Subject, expiration date, or any other property of choice, but in this example, I’m going to look for the Issuer. You have two options for running PowerShell scripts on clients, one is to sign the script with a trusted certificate, and the other is to set the PowerShell execution policy to “Bypass”.  In my example, I won’t be signing my PowerShell script, so I will go into Administration->Client Settings and select the default or create a new Client Settings.  Then go into the “Computer Agent” section of the client settings and set the PowerShell execution policy to “Bypass”.  This allows unsigned PowerShell scripts to execute when executed by the ConfigMgr client.  If you don’t use the default client settings, you’ll also need to make sure the custom client settings you created are also deployed to the collection you will be checking compliance on. Now, go to Assets and Compliance->Compliance Settings->Configuration Items...
    More