Windows 10 - Remote Desktop - Login Failed

I've been getting an error that has been bugging me recently on my Windows 10 device - a Surface Pro 4 running the Fast Ring Insider build (at this time its Build 14342_rs1_release.160506-1708).

Trying to Remote Desktop to a Windows Server 2008 just wouldn't work -- not matter what combination of credentials I tried, it just failed with a 'Login Failed' error. Oddly, connections to other machines running Server 2012 DID work. I shrugged it off and ignored it until I got time to look at it today - and the fix amazes me.

Simple enable the Firewall exception for Remote Desktop -- fire up firewall.cpl, click allow a program through the firewall, and select Remote Desktop. Reboot, and that's it.

Must be something getting blocked around the authentication or such. But at least that's working again.

Office 365, MDM

I was experimenting with Office 365's offering of InTune last night - and made an interesting discovery.

Don't just enable it. You'll find you lock out your user's devices from accessing resources until you "fix" the policies. The default policy seems to be that any device access a 365 resource must be enrolled into the Organisation's InTune account. Probably not a bad thing, but might not play nicely with companies if you have other MDM's deployed, such as Cisco Meraki or VMWare's AirWatch. Guess I'll need to do a bit more testing here.

To disable the policy and regain access, visit the InTune page at: https://protection.office.com/#/device

Then go to Security Policies, Device Management.

Edit the Default MDM Policy by Office 365.

I think you now have two choices: Disable the Deployment or add an exclusion. Personally I did both until I work things out - Deployment, set to No, and click on the Manage Organisation Wide Device Access Settings to get to the exclusions option (I added the Default group here - which basically disabled intune!).

Office 365, Azure AD and LiveID accounts

Recently a company that I deal with has moved to Office 365 -- this has entailed moving a number of identifies into Microsoft Azure AD (think Active Directory, existing on Azure and usable for SSO activity) and signing up for Office 365 services.

No problem - or so you'd think.

When trying to signin on a Microsoft site with an enrolled Organisation account (that is, an account on the Azure AD), the OLD LiveID was being used intermittently. A quick chat with Microsoft confirmed this -- Organisation and LiveID's can exist on the SAME email address at the same time - surely a situation where it can lead to confusion!

The good news is you can disable / deactive your LiveID to drop back to just using the Org account (where possible at least), but it does mean you have to be careful during the deactivation period to ensure you sign in at the right place (best to use office365.com addresses!).

However, the world gets a bit murky if you are using MSDN it seems: https://www.visualstudio.com/get-started/setup/link-msdn-subscription-to-organizational-account-vs

Am I the only one that can see this being a total nightmare for companies with a large dev population or other LiveID usage?



 

Surface Pro 4 - Impressions

For the past few weeks I've been using a Surface Pro 4 -- something I picked up just before I headed to San Francisco for Microsoft Build 2016.

Why did I opt for the Surface Pro 4 over the Surface Book? I already have a very functional laptop (an Macbook Pro actually), and I wanted a tablet that was actually a functional device (and I could handwrite on!). The Surface Pro gave me more bang for buck in this regard.

It's even powerful enough to let me play Prison Architect ;) (And, of course, run a small dev lab in HyperV)