Simple PowerShell Script to Get the Latest Installed Hotfix and Installed Date

One of our customers had a requirement to get the last installed Windows update and the installed date on several machines through MECM. Since MECM does not offer readily available report for this type of scenario, I used PowerShell instead to query machines and get details.

Below is the script.

Create Azure P2S VPN with Azure AD Authentication

You can use Azure Point-to-Site (P2S) VPN to connect to your Azure Virtual Network from an individual device. This helps remote workers to access resources inside the VNet. You can use certificates, RADIUS or Azure AD for user authentication.

Azure AD authentication is the most recent and easiest method to configure. With AAD authentication you can leverage additional security features like MFA and Conditional Access. It uses OpenVPN protocol for tunneling. Below is the method to configure P2S VPN using Azure AD.

Microsoft Endpoint Configuration Manager Firewall Ports

This is a downloadable spreadsheet which consists of all default firewall ports related to MECM infrastructure. Primary purpose of this document is to give MECM Admins a simple overview of firewall ports required for MECM.

MECM Client Windows Updates Scan Failed with Error = 0x80244022

Today, I was informed by a customer regarding an MECM (Microsoft Endpoint Configuration Manager) updates deployment issue. Some machines haven't downloaded updates for months. 

To troubleshoot the issue I examined logs related to software updates in client.

Configure Azure Bastion to Connect to Virtual Machines

Azure Bastion is a service (PaaS) which provides the ability to connect (RDP/SSH) to Azure virtual machines directly over TLS. With Azure Bastion, you don’t need to configure a public IP address on the VM to connect through RDP or SSH. Also, you don’t need any additional agent or software installed on your machine or inside Azure VM since you connect to VM directly from the Azure portal. Only an HTML5 capable browser is sufficient.

Azure Bastion deployment is per virtual network. Therefore, once you deployed it to a virtual network, you can connect to any VM inside that virtual network.