Is Enterprise Mobility (EMS) and Windows 10 by Microsoft going to make you happy?

Carrying_Can_Enterprise_MobYou may have been reading up on the Enterprise Mobility Suite by Microsoft. Especially now that Windows 10 has been released, it seems like everything is becoming easier and simpler for end users, managers and admins alike while Microsoft is really pushing the Anywhere, Anyplace, Anytime concept.

Let me state first off that I believe these advancements are incredible, and I really feel Microsoft is heading in the right direction, but there are quite a few ‘gotcha’s’ that you probably don’t know about that could hurt your implementation, they may not always apply to you.

In my opinion, as EMS currently stands as a suite, when used to manage Windows 10 laptops / tablets and desktops, is only suitable for very ‘light’ management situations unless there is an additional device management authority such as SCCM fully configured and implemented as Internet Facing for true device and application management.

The Enterprise Mobility Suite as a standalone product for full Windows 10 is NOT suitable for almost all Application Deployment scenario’s.
Continue reading Is Enterprise Mobility (EMS) and Windows 10 by Microsoft going to make you happy?

AutoBuilder, a self restarting Powershell script for orchestration

I was recently asked to build a Powershell script to fully automate building up a server, including detailed configuration and installation of roles and other software.

Some of these actions required a reboot. After a reboot, the Powershell script had to restart itself. When running a script remotely, Workflows can be used, but when running the script locally I could not get this to work properly. Thus, I built a self-restarting script template that will run each phase as you configure it.

This self-resuming Powershell script writes its own run configuration to a Scheduled task that will run at boot time without user interaction, under the SYSTEM account. It will run all the commands you specify, reboot and resume when necessary, and unregister itself when it has completed.

This is awesome for, for example, building up Terminal Servers or Web Servers in a highly virtualized environment. Of course there are many orchestration tools available, and they may be better suited for this task, but those were not available when I was asked to code this.

Download it here: AutoBuilder_v0.3

Or check out the source code:

Continue reading AutoBuilder, a self restarting Powershell script for orchestration

Azure Powershell MFA and Device Commands

As a guy who really likes to script things, I was very happy to read this today:

Firstly, my Powershell scripts / sessions can now be secured using MFA, without having to rewrite my scripts, except those where I built the Credential object with preset credentials….but that’s old anyway.

Secondly, I can now finally manage Registered Devices with the same Module, allowing me to use these commands:

  • Get-MsolDevice
  • Enable-MsolDevice
  • Disable-MsolDevice
  • Remove-MsolDevice

You can use either the owner’s UPN or the device ID with these commands.


Slowly but surely, the Office 365 dev team is adding reporting functionality to their platform, to the delight of admins and managers alike. For admins it means a lot less scripts to write, for managers it means knowing….stuff.

One report I missed was a report that tells me when users last logged on. Because if I have thousands of users, and they all consume licenses….I’d very much like to strip licenses from users that haven’t logged in since x amount of time.

Especially for companies with geographically dispersed users and inefficient exit procedures, this can save a lot of licensing costs over time.

My report was built in Powershell, and will check the last time the mailbox was accessed to determine the last logon date, this is not perfect, as I can image some organisations use specific licenses just for skype or dynamics, they will not benefit as much from this script, but in 99% of the times it should suffice 🙂

The script will list the user UPN, Name, Last Logon, Creation Date, Usage Location, Mailbox Size and Used Licenses.

Download: LicReport365_v0.5


Continue reading LicReport365

Azure Domain Services

Now isn’t this awesome?

Azure finally announces full support for all services that use Domain Controllers, natively! No more building your domain controllers on VM’s in Azure, it’s become an actual service with these (and more) features:

  • Native support (works like a real domain controller) for all protocols (kerberos, ntlm, ldap)
  • Group policies
  • Domain joins for devices
  • Compatible with and linked to Azure AD
  • Priced per hour

If you have your own domain, don’t forget to set up AADConnect with password sync enabled.

And this is a bit inconvenient, but if you’re running on Azure AD only, you’ll have to expire the passwords of all your users first.

But still, a much requested and anticipated feature we can finally start playing with!

Get last logon times for all Exchange Online users

If you want to figure out when your users last logged on, perhaps to clean up licenses in use by dormant accounts, the following Powershell code may help you.

#Copyright: Free to use, please leave this header intact
#Author: Jos Lieben (OGD)
#Company: OGD (
#Purpose: Generate a CSV file with last logon times of all Office 365 users

$csv = "c:\temp\LastLogons_$(Get-Date -format dd_MM_yyyy).csv"
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
$users = get-mailbox -ResultSize Unlimited | select UserPrincipalName
Foreach ($user in $users){
$mbx = get-mailboxstatistics -Identity $($user.UserPrincipalName) | Select LastLogonTime
$upn = $user.UserPrincipalName
if ($mbx.LastLogonTime -eq $null){
$res = "Never"
$res = $mbx.LastLogonTime
$outStr = "$upn,$res"
Out-File -FilePath $csv -InputObject $outStr -Encoding UTF8 -append