Sequencing Google Chrome using App-V 5.1
Build your first MSIX Package using DAC
The steps to create MSIX are pretty same like how we create .appx using DAC. You can follow the below link to create your first MSIX package.
Project Centennial - First hands on Converting desktop apps to Universal Windows Platform (UWP)
There are some changes that needs to be followed regarding to requirements in the above link. Instead of writing those changes I have decided to share a link where it has been already well explained by Pascal Berger.
https://blog.basevision.ch/2018/07/how-to-create-an-msix-right-now-in-the-insider-preview-a-step-by-step-tutorial/
So why wait? Try out your first MSIX creation.
MS Ignite 2018 : MSIX inside and out - BRK2467
MS Ignite 2018: MSIX – Accelerating Windows 10 and app deployment - BRK3220
Adobe Acrobat DC App-V & Windows 10 Issue - Resolved
https://www.logitblog.com/app-v-application-was-unable-to-start-correctly-on-windows-10/
The solution was to restart the machine and try again earlier. Now this is fixed with the release of new updates for windows 10.
1703 fixed in 2018.10 - KB4462939
1709 fixed in 2018.10 - KB4462932
1803 fixed in 2018.10 - KB4462933
Thanks to Tim Mangan for sharing this update information.
MSIX Packaging Tool- 0x80131500 when building
When checked for the msix log file it showed error stating duplicate ID's in the Appx manifest file.
[3/7/2019 6:38:14 AM] [Error] ERROR: PRI191: 0x80080204 - Appx manifest not found or is invalid. Please ensure well-formed manifest file is present. Or specify an index name with /in switch.
[3/7/2019 6:38:14 AM] [Error]
[3/7/2019 6:38:14 AM] [Error] error C00CE1A1: App manifest validation error: The app manifest must be valid as per schema: Line 20, Column 2554, Reason: 'f26e2640-0cff-43dc-8325-575a3261d885' is a duplicate key for the unique Identity Constraint '{http://schemas.microsoft.com/appx/manifest/foundation/windows10}Class_Id'.
[3/7/2019 6:38:14 AM] [Error]
Since there was no output generated other than the log file, it was hard to find a solution. So when checked in MSIX Techcommunity it seems it is an issue with MSIX tool build v1.2019.110.0. This issue is resolved in latest insider build v1.2019.304.0.
Thanks to JamesPike & Tim Mangan for confirming this issue and its resolution.
Release Notes : https://docs.microsoft.com/en-us/windows/msix/packaging-tool/release-notes/history
Download Free MSIX Packaging Insider Tool : https://docs.microsoft.com/en-us/windows/msix/packaging-tool/insider-program
Join MSIX TechCommunity : https://techcommunity.microsoft.com/t5/MSIX/ct-p/MSIX
Automate Convertion of old App-V 4.6 packages into App-V 5.1 using Powershell
Intune - Linux Password & Custom compliance policies
Microsoft has recently released Linux support in Intune with device enrollment and compliance policies.
To know more about enrollment check here - https://sccmentor.com/2022/10/19/first-steps-into-linux-management-via-microsoft-intune/
To understand the commands that are used to install Intune portal check here - https://joymalya.com/linux-management-with-microsoft-intune/
In this blog, I will cover how to create password and custom compliance policies and what needs to be done in client end to mark the device as complaint.
Password complexity:
When password complexity requirements are enforced, devices with weak passwords are marked as non-compliant in Intune. To resolve this issue, you need to change your device password so that it meets organization’s requirements for length and quality.
Basically, Intune checks pam_pwquality configuration for enforcement w.r.t Password policy in the client machine.
Install the following by running the command in the client terminal: sudo apt install libpam-pwquality
Next, check that pam_pwquality line in /etc/pam.d/common-password. It should be edited like below to match the password compliance policy as set in Intune.
# check that the pam_pwquality line in /etc/pam.d/common-password contains at least the required settings: password requisite pam_pwquality.so retry=3 dcredit=-1 ocredit=-1 ucredit=-1 lcredit=-1 minlen=8
Example common-password file:
If the /etc/pam.d/common-password file is not edited to match the Intune policy requirement then the machine will report non-compliant.
Custom Compliance
With custom compliance, we can use shell scripts to evaluate a Linux device.
Discovery scripts for Linux must be POSIX-compliant shell scripts, such as Bash. However, the scripts can call more complex interpreters from inside the script, like Python. To successfully use other interpreters, they must be correctly installed and configured on the devices in advance of receiving the discovery script.
About POSIX-compliant syntax: Because the custom compliance script interpreter for Linux supports only a POSIX-compliant shell, it’s important to use POSIX-syntax.
To know more, check here - Create a discovery script for custom compliance policy in Microsoft Intune | Microsoft Learn
Below is an example where we have created a shell script to check for a running process or not and if so, it outputs in JSON format. Intune checks the output with the JSON file and marks the device as complaint. If not it will mark as non-complaint.
For Select your discovery script in custom compliance in Intune , select Set reusable settings, and then specify a script that’s been previously added to the Microsoft Endpoint Manager admin center. This script must have been uploaded before you begin to create the policy.To add the script to MEM Admin center follow this article - Create a discovery script for custom compliance policy in Microsoft Intune | Microsoft Learn
Sample Script to check for running process:
#!/bin/sh
checkProcess(){
Process="processname"
if pgrep -x "$Process">/dev/null
then
Process="running"
printf'{"Process": "%s"}\n'"$Process"
else
Process="notrunning"
printf'{"Process": "%s"}\n'"$Process"
fi
checkProcess
For Select your rules file, select the folder icon and then locate and add the JSON file for Linux that you want to use with this policy.
The JSON you enter is validated and any problems are displayed. Sample JSON to match the script output.If not what to display in Intune portal application as non-complaint.
{
"Rules": [{
"SettingName": "Process",
"Operator": "IsEquals",
"DataType": "String",
"Operand": "running",
"MoreInfoUrl": "https://abc.com/",
"RemediationStrings": [{
"Language": "en_US",
"Title": "Process is missing",
"Description": "Process is not running."
}]
}]
}
Linux - Intune portal shows unable to check status
After Intune installation and logging in to register the device, the intune app shows unable to check status error, and clicking retry does nothing. In Intune, the device got registered but it shows as not evaluated.
Solution:
- Remove the device entry from Intune.
- In the client end open the terminal and run sudo apt remove intune-portal && sudo apt purge intune-portal
- Run sudo rm -f /home/[username]/.config/intune
Restart the machine and retry Intune installation this time, after that the device should report compliant/non-compliant status.
Intune & macOS management - Couldn't add your device. Your IT support doesn't allow OSX devices to be added to management
After creating Apple MDM push certificate in Intune portal and while testing in the macOS device, after you install the company portal and login and try to enrol, the app shows error as
"Couldn't add your device.
Your IT support doesn't allow OSX devices to be added to management."
First step is to check in Intune portal - devices - enrollment - monitor - enrollment failure for any entry for the affected user.
In this scenario, the issue was due to the device type restrictions that was blocking the macOS devices.
Solution:
Open intune portal - Devices - Enrollment - click Apple.
Select device platform restrictions and switch to MacOS restrictions tab.
Your administrator would have created a device restriction to block the enrollment of MacOS earlier. If there are multiple restrictions created for devices open one by one and make sure the macOS platform is allowed for enrollment.
When you edit the restrictions and go to the properties and under platform settings, you can find out whether the macOS devices are allowed to enroll or if they are blocked.
The case of missing shortcut Icon - App-V 5.X
Let us assume a person X has sequenced an application say example Adobe Reader application. He is doing some manual clean up in the package editor. He removed some junk entries to keep the package clean. He also removed the Installer folder that has the installer cache (.msi, .mst, .msp)captured from the installer package as he felt it is also unnecessary junk entries like all others do.
After completing sequencing, he published the package to the machine in a standalone environment and saw that the shortcut icon is missing. He was wondering why the Icon is missing. He came back with a query as why the Icon is missing even after successful sequencing.

Now lets troubleshoot for him. First let's edit the shortcut for icon. We can see that it is looking in %ALLUSERSPROFILE%\Microsoft\AppV\Client\Integration\.....\SC_Reader.ico.
Lets take Procmon capture to get a proper solution. We can see that it is searching for SC_Reader.ico in the Installer location and the path is not found clearly from procmon trace. When checked manually in the %Allusersprofile% we do see that the Installer folder is missing. This is because the person X has removed it from the package considering it as Junk entries earlier.
We can clearly see that after doing a fresh sequencing of the application that the Icon files are indeed kept in the Windows\Installer folder.
So to conclude do not remove files and folders blindly considering it as junk entries. Do not remove Windows\Installer completely. Perform cleanup with caution. Make sure if removing the Installer folder completely will not affect the functionality.
W365: Error code 0x80072ee2
Recently i started seeing the below error message when accessing cloud pc through the windows app.
The connection cannot proceed because the authentication authority cannot be contacted.
Error code: 0x80072ee2
Steps taken to resolve was quite simple.
Try closing down windows app forcefully.
Even if it fails to connect to windows 365 cloud pc next time then restart the base laptop which should fix this error.
W365 - cloud pc disconnect Error Code 0x3
As per Microsoft, Error code: 0x3 can occur when the processor is over-utilized and session can get disconnected abruptly.
Solution is to Restart Cloud PC to resolve Error Code 0x3
You can restart the cloud pc by going to windows365.microsoft.com and select the three dot icon next to the Cloud PC and click Restart. After restart, you should be able to access the cloud pc.
Intune - Even if Intune app shows complaint, Edge browser displays yellow banner
In Ubuntu 22.04 LTs, even after registering the device in Intune app and it shows as complaint, Microsoft Edge browser shows yellow blocking banner when opening Sharepoint online or OneDrive link even when the Intune portal app shows as complaint.
open Intune portal app and click remove this device and restart the device and sign in again and register the device. The yellow banner should disappear.
w365: Embracing the Future: Switching to Windows 365 and Its Benefits
In the ever-evolving landscape of modern work environments, businesses seek innovative solutions that offer flexibility, security, and efficiency. Windows 365 emerges as a game-changer, revolutionizing how organizations operate by providing a seamless, cloud-based PC experience. This blog explores what Windows 365 is, why it’s beneficial, and how switching to this platform can transform your business.
What is Windows 365?
Windows 365 is Microsoft’s cloud-based service that streams a full Windows experience from the Microsoft Cloud to any device. It essentially transforms your physical device into a high-performance cloud PC. With Windows 365, users can access their personalized Windows environment, including apps, data, and settings, from anywhere and on any device with an internet connection. Windows 365 is managed through Intune whereas Azure virtual desktop is managed through Azure portal.
Key Benefits of Switching to Windows 365
1. Enhanced Flexibility and Accessibility
One of the primary advantages of Windows 365 is the ability to access your desktop from anywhere. Whether you're working from home, a coffee shop, or traveling, you can log into your cloud PC and pick up right where you left off. This flexibility is crucial in today’s hybrid work environments, where employees are no longer confined to a single physical location.
2. Seamless User Experience
Windows 365 offers a consistent and personalized user experience. Your desktop, apps, and settings are always available and up-to-date, regardless of the device you're using. This eliminates the frustration of configuring settings or installing software repeatedly on different devices.
3. Improved Security
Security is a paramount concern for businesses of all sizes. Windows 365 leverages Microsoft’s robust security framework, providing enterprise-grade protection. Data is stored and processed in the cloud, reducing the risk of data loss or theft from physical devices. Additionally, features like multifactor authentication, secure boot, and Microsoft Defender for Endpoint ensure comprehensive security.
4. Simplified Management and Maintenance
Managing and maintaining physical hardware can be complex and time-consuming. Windows 365 simplifies this by centralizing the management of cloud PCs. IT administrators can easily deploy, update, and manage cloud PCs through the Microsoft Endpoint Manager, reducing the overhead associated with traditional device management.
5. Scalability and Cost Efficiency
Windows 365 offers scalable solutions that can adapt to the changing needs of your business. You can quickly scale up or down based on your workforce requirements without the need for significant capital investment in hardware. This scalability is particularly beneficial for businesses with fluctuating staffing needs or those experiencing rapid growth.
6. Enhanced Collaboration and Productivity
With Windows 365, collaboration becomes seamless. Employees can share and access files in real-time, using familiar tools like Microsoft Teams and OneDrive. This fosters a collaborative work environment, enhancing productivity and ensuring that teams stay connected and efficient, regardless of their physical location.
How to Transition to Windows 365
Assess Your Needs
Before making the switch, assess your organization’s needs. Consider factors such as the number of users, required computing power, and specific business applications.
Plan and Prepare
Develop a transition plan that outlines the steps for migrating to Windows 365. Ensure you have the necessary infrastructure, including reliable internet connectivity and compatible devices.
Train Your Team
Provide training sessions to help your team understand how to use Windows 365 effectively. This will ensure a smooth transition and help employees leverage the platform’s full potential.
Implement and Monitor
Deploy Windows 365 across your organization and monitor its performance. Gather feedback from users and make any necessary adjustments to optimize the experience.
Conclusion
Switching to Windows 365 represents a strategic move towards a more flexible, secure, and efficient work environment. By embracing this innovative platform, businesses can unlock new levels of productivity, collaboration, and scalability. As the future of work continues to evolve, Windows 365 stands out as a vital tool for organizations aiming to stay ahead in a dynamic and competitive landscape.
Explore the possibilities with Windows 365 and take the first step towards transforming your business into a modern, cloud-powered powerhouse.
Intune - Linux Intune app shows disk not encrypted and still checking issue and status unknown
Intune app in ubuntu 22.04 shows disk not encrypted and still checking issue and status unknown even when the disk is actually encrypted using Luks.
solution:
sudo usermod -a -G disk <username>
sudo rm -Rf /home/[username]/.config/intune
Reboot and then open app and see.
This issue is actually fixed with latest update
w365: One way clipboard redirection
Due to security measures, organisations will want to restrict clipboard restrictions (copy-paste) from the cloud pc to base laptop but allow copy-paste to work from base laptop to cloud pc. In this case, how can we achieve this??
Prerequisites
Session hosts(cloud pc) running Windows 11 Insider Preview Build 25898 or the most recent version of Windows Insider Build (Dev Channel). You must join the Windows Insider Program to activate the Dev Channel Preview Build.
Host pool RDP properties must allow clipboard redirection in Intune, otherwise it will be completely blocked.
How to block clipboard redirection from session host (cloud pc) to client laptop:
There are 3 ways to block clipboard redirection from cloud pc to the client laptop. They are,
1. Intune configuration policy
2. GPO
3. Registry
Below, I will share steps to configure through Intune portal.
Open Intune and Create a profile with custom settings for Windows 10 and later devices, with the Templates profile type and the Custom profile template name.
For the Configuration settings tab, select Add
In the Add row pane, do the following
To configure the clipboard from session host to client:
Name: (example) Session host to client
Description: enter detailed description
OMA-URI:
./Vendor/MSFT/Policy/Config/RemoteDesktopServices/LimitServerToClientClipboardRedirection
Data type:
String
Value:
<![CDATA[<enabled/><data id="TS_SC_CLIPBOARD_RESTRICTION_Text" value="0"/>]]>
This will block clipboard redirection from session host (cloudpc) to base laptop alone.
Respective Registry keys:
Users can however copy-paste items from base laptop to cloud pc but copy-paste from cloud pc to base laptop will be restricted using this method.
w365: Managing Cloud pc frequent disconnects due to idle session timeout
Recently, many of our users started complaining that their cloud pc’s are getting disconnected very often and it’s disrupting their work.
We see that the cloud pc gets disconnected if their session was idle with no activity for 15 mins. By default the cloud pc will get disconnected if it’s idle for 15 mins as per Microsoft.
Managing Frequent Disconnects and Session Timeouts in Windows 365 Cloud PC:
Windows 365 Cloud PC is a robust platform that enables seamless access to a personalized Windows experience from anywhere. However, users might occasionally face issues with frequent disconnects and session timeouts due to inactivity. This can be frustrating, especially if you are in the middle of an important task. In this blog, we will explore the causes of these disconnects and provide solutions to manage session timeouts effectively.
Understanding Session Timeouts and Disconnects
Idle and Inactivity Timeout
Windows 365 Cloud PC sessions might disconnect after 15 minutes of inactivity. This is a default setting to optimize resource usage and ensure security. Inactivity here means no user input (keyboard or mouse) is detected.
Session Timeout
Additionally, sessions may have a 15-minute session timeout. This means that even if the session is active, it will disconnect after a certain period if no user input is detected.
Causes of Disconnects
1. Idle Timeout:
- If you leave your Cloud PC idle without any interaction for 15 minutes, the session will automatically disconnect.
2. Session Timeout:
- Even if the session is active, without any user interaction for 15 minutes, the session will timeout.
Adjusting Timeout Settings
To prevent frequent disconnects, you can adjust the timeout settings through Microsoft Endpoint Manager (Intune). Here’s how:
1. Log into Microsoft Endpoint Manager:
2. Navigate to Configuration Profiles:
Go to Devices > Configuration profiles
3. Create a New Profile:
- Click on Create profile
- Choose Windows 10 and later as the platform.
- Select Templates for the profile type, then choose Administrative Templates
4. Configure Timeout Settings:
- In the settings picker, browse to Administrative templates > Windows Components> Remote Desktop Services > Remote Desktop Session Host > Session Time Limits
- Configure the following settings:
- Set time limit for active but idle Remote Desktop Services sessions: Increase the idle timeout duration.
- Set time limit for disconnected sessions: Extend the session timeout duration.
5. Assign the Profile:
- Assign this profile to the group of users or devices using Windows 365 Cloud PCs.
- Ensure the profile is applied to all relevant users.
6. Review and Create:
- Review the settings and click Create.
- The profile will be pushed to the assigned devices and users, adjusting the timeout settings accordingly.
To avoid disconnects due to inactivity, consider these practices:
1. Regular Interaction:
- Make sure to interact with your Cloud PC regularly. Even minimal interactions like moving the mouse can prevent idle timeouts.
2. Keep Applications Running:
- Some applications can simulate activity. For instance, running a presentation or a video can help keep the session active.
By increasing the idle and session timeout durations, and ensuring regular interaction with the Cloud PC, you can significantly reduce the frequency of disconnects and maintain a seamless working experience.
By following these steps, you can ensure that your Windows 365 Cloud PC remains active and responsive, minimizing interruptions and maximizing productivity.
w365 - Enable watermarking inside windows 365 cloud pc
As businesses continue to adopt Windows 365 Cloud PCs, ensuring data security and compliance becomes increasingly critical. One effective security measure is the implementation of watermarking, which can display QR codes on the screen to deter data leakage and track information access. This blog will guide you through the steps to enable watermarking in Windows 365 Cloud PCs using Microsoft Intune.
What is Watermarking?
Watermarking involves overlaying a visual mark, such as a QR code, on the screen. This can help prevent unauthorized sharing of sensitive information by making it easily identifiable. QR codes can also be used to embed tracking information, enhancing the traceability of data access and distribution.
Benefits of Watermarking
-Deterrence: Visible watermarks discourage users from capturing and sharing sensitive information.
Traceability:QR codes can contain metadata that helps track when and where the information was accessed.
Compliance: Helps organizations! meet regulatory requirements for data protection.
How to enable watermarking inside cloud pc:
Sign in to the Microsoft Intune admin center.
Create a configuration profile for Windows 10 and later devices, with the Settings catalog profile type.
In the settings picker, browse to Windows Components > Remote Desktop Services > Remote Desktop Session Host > Azure Virtual Desktop
4. Select the Enable watermarking. Don't select the deprecated one.
After you enable watermarking, you can find more details from the session host by following these steps:
- Scan the QR code and make a note of the Device ID GUID.
- Sign in to the Microsoft Intune admin center.
- Select Devices > All devices.
- In the search box, enter the Device ID GUID to find the device details.
The following clients support watermarking:
Remote Desktop client for:
- Windows Desktop, version 1.2.3317 or later, on Windows 10 and later.
- Web browser.
- macOS, version 10.9.5 or later.
- iOS/iPadOS, version 10.5.4 or later.
Windows App for:
- Windows
- macOS
- Web browser
Intune - Intune portal app in ubuntu 22.04 LTS shows “we are still checking if you can access"
Intune portal app in ubuntu 22.04 LTS shows “we are still checking if you can access..”
Check whether user is in the AD user group and then retry.