Office 365 Additional Security, Require MFA to Domain Join Devices in Azure Active Directory

How to enable the feature to prompt for Multi Factor Authentication when joining a device to an Azure Active Directory domain. We would also like to limit the number of devices a user can have to 5.

Start in Azure Active Directory Admin Center

Select Azure Active Directory > Devices

Under Devices click “Device Settings”

Now you can set the max number of devices per user and enforce MFA to join devices

Troubleshooting Windows Updates and WSUS

Troubleshooting Windows Updates #Windows 10 #Windows 2016

Windows Update Log

PowerShell command to check the Windows Update log

Get-WindowsUpdateLog

 

Check Registry Keys

Run command prompt as adminitrator and paste these query registry keys in to see what your client has set for Windows Updates.

reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /s

reg query HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Update

reg query HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings

 

Check CBS Log

Find the Component-Based Servicing log here.

C:\Windows\Logs\CBS

WSUS and Windows 10 Clients – UsoClient.exe

So, you deploy a GPO to Window 10 clients, but your in a hurry to get the clients to check in…

As a SysAdmin for many years I would log on to a client, open command prompt and type :

wuauclt /detectnow  (Windows 7 / Windows Server 2008/2012 clients)

 

In Windows 10 you will notice that it doesn’t do anything and doesn’t show you anything. (As shown above)

(confirmed on https://blogs.technet.microsoft.com/yongrhee/2017/11/09/wuauclt-detectnow-in-windows-10-and-windows-server-2016/)

An example of “Whats New” in Windows 10, and Windows Server 2016 To check or scan “Windows Update” from the command prompt :
CMD (Run As Administrator)
c:\windows\system32\

UsoClient.exe startscan

And there is more switches….

  1. StartScan – Used To Start Scan
  2. StartDownload – Used to Start Download of Patches
  3. StartInstall – Used to Install Downloaded Patches
  4. RefreshSettings  – Refresh Settings if any changes were made
  5. StartInteractiveScan  – May ask for user input and/or open dialogues to show progress or report errors
  6. RestartDevice – Restart device to finish installation of updates
  7. ScanInstallWait – Combined Scan Download Install
  8. ResumeUpdate – Resume Update Installation On Boot