Thursday 11 March 2021

Troubleshooting in MEM/Intune (p1).

Basic Troubleshooting.

When IT admins are first presented with a problem it normally comes in a user centric form.

For instance;

William Gates can't access the finance package from his new laptop.

Probably 90% of all tickets are made up of users complaining that they can’t access a resource or something linked to their logon account is not working as they expected.

Unfortunately most management consoles (and MEM is no exception) are organised from an application or service centric viewpoint which can make it hard to get an overview from a users perspective. You can end up ping-ponging around the console opening up one service dialogs after another trying and get a handle on the issue but getting nowhere.

There is however, an excellent resource that should be the first port call for all help desk operatives - the well named but rarely visited Troubleshooting + support tool.

This might sound obvious but there is a tendency to drive straight into the detail without first gaining an general overview. The advantage of the Troubleshooting + support tool is that it organises information from the user perspective, summarising a wealth of information in an easy to read manner. Since most issues are caused by something stupid this can reveal the problem straight away. 

The top level dialog shows basic account information including whether the user has an Intune licence, a list of group memberships, application allocations, registered devices, application protection status and enrolment failures.

The drop down provides data on a number of other key areas such as compliance and configuration policies and enrolment restrictions and a number of other key areas.  Selecting the information takes you directly to the service configuration dialog page which is a real time saver.

A good approach would be to find a user that works and then use the summary features of the Troubleshooting tool to find the difference between the two user states.  It’s not going to work all the time but it's a recommended first step.

Part 2: Accessing the Local Log files.

Monday 1 March 2021

Universal Print Revisited.

The print subsystem is one of the last hurdles that a school or business needs to overcome to remove the dependence on on-premise servers.

Ideally the collaborate workflow and document sharing mechanisms of platforms such as Microsoft 365 and Google Workspace will eventually replace the traditional method of transferring data using wood pulp but that may be a little way off yet.

In the interim, Microsoft has introduced  Universal Print, a system similar in architecture to the now defunct Google Could Print that allows Windows 10 users to print to a device anywhere on the network through a cloud based connector.

A number of excellent blogs and video resources have been created that explains how Universal Print works but it's worth repeating a couple of points.

Universal Print (UP) is still in development and is missing some key features. The most obvious being that native hardware support is missing from most printer ranges. In fact, at the time of posting I can only find one manufacturer Lexmark that supports UP through a firmware update.  The models are listed here.

Licencing for Universal Print is bundled as part of the Microsoft E3 licence. Schools looking to move to Modern Management should be adopting Microsoft E3 as standard. If your school subscribes to Office 365 with Enterprise Mobility + Security this is not enough to get Universal Print. For each user that accesses a printer you'll also need Windows 10 E3, E5, A3 or A5. The client also needs to be running Windows 10 version 1903 or later.

Universal Print doesn't currently support 'Follow-Me' or ID card management. You'll need a bolt-on service like Paper-Cut to provide that. This feature is pretty much top of the product roadmap as it's absence is a show-stopper for any type of enterprise deployment. 

Lastly, the mapping of printers through Intune (Endpoint Manager) is a little clunky. I'm pretty sure this is by design, Microsoft doesn't want you to be printing or mapping local drives in the future. However it can be done and this useful post shows how.

   Deploying Universal Print Printers With PowerShell & Intune

So work in progress. If you need a simple system that supports basic print functions without the inconvenience of a local print server Universal Print, even in the preview form might be for you.