With this news, my Friend https://twitter.com/SchaedlerDaniel and I Just Started a Teams Call and had some fun in testing some Fun Background Images.
Then we
started to Create some Images for the Company we are Working for. Of Corse we
added some funny ones and others with the Corporate Logo. And then we came up
to ship those Images to everyone’s Computer with Intune. Here is a Step by step
Guide how to do it, if you like to have this nice new Teams feature Configured.
Important!
You should know that the Files will be stored in the Users appdata: %AppData%\Microsoft\Teams\Backgrounds\Uploads
The User must First choose the MS Backgrounds in Teams, before this Folders will be created in Teams, but you can create it by your self to use it.
There is another limitation, if you use JPG, those must be in a special Format, the dame size and max. 1 MB as the Backgrounds Templates from MS. If you use PNG, those are without any limitation as I tested so far.
At the moment this is a “Hack” MS Teams will add some user friendly add my own Background in a Later Version of Teams: https://t.co/UfVZ1dRdq9?amp=1 I have no Idea this will be run in the Future, so no guarantee, and test it first in Lab, bevor Production and maybe you need some changes on the PowerShell scripts I created
I have tested this with Windows Insider Build 19608 / Win10 1909 and Teams Version 1.3.00.8663 (64-bit). It was last updated on 4/11/20.
Run the Intune Content prep tool to create the Intunewin File:IntuneWinAppUtil.exe -c C:\intune\bv-teams -s C:\intune\bv-teams\copyTeamsBackground.ps1 -o C:\intune\bv-teams\TeamsBackgroundImg -q
This Post is waiting for a while until now, when I finally found time to publish it. We will fill the Gap when you add your Company Devices (Tablets) with a csv-File in your Intune Tenant as “Corporate device Identifiers”.
Some companies only allow, company added devices to the Intune Tenant, so a user can’t enroll his private device. In Intune you can disable regular Device Enrollment from users! If you pre-Import the CSV with the Identifiers (Serial or IMEI), you and the users will only be allowed to enroll those devices as Corporate Owned Devices. https://docs.microsoft.com/en-us/intune/corporate-identifiers-add
If you like to manage those devices in Azure AD with dynamic Groups, it can be difficult because not all attributes are synced from Intune to Azure AD. There is also the problem that you can’t rename the devices in Intune.
In this example scenario, I have a lot of Android Tablets to use as Kiosk Devices with multi app installation. To configure the Kiosk Profile, create Configuration Profiles and assigne some apps is not part of this Blogpost. But anyways, you can find the steps below so you can do it if you like:
Create a “Corporate-owned dedicated devices” profile with a QR-code
Create some “Device compliance – Policies”
And also some “Device configuration – Profiles”
Assign some Applications
Maybe create a AAD-Group to assign all the above to specific Group
Here we come to the point, when you like to use Dynamic Groups with the name tag of the device, that you import with the CSV-File, you have no name on that device! How to handle this, will be explained in this post.
With a Script, I and
some Co-Worker (thank you; Athiraiyan Kugaseelan @AKugaseelan, Daniel Schaedler @SchaedlerDaniel) created, you can now fill this gap, since
the naming of the device is not the same as you try to import with the CSV-File (in the CSV File you only have the chance to a separate column and give the device a name). However, this attribute is not synced automatically synched to AzureAD.
Here is how it works and what it does:
Import a list of Devices as “Corporate-owned dedicated devices” with a CSV-File
Enroll the Device
Create an AAD Group and add the Device
The script to put all together
1. Import a list of Devices as “Corporate-owned dedicated devices” with a CSV-File
In the Intune Blade to add “Corporate device identifiers” you have to add your devices from a list you create as a CSV File. You can add the devices by serial number or IMEI. For Tablets, I prefer the serial number and for phones of course IMEI.
The following steps show you how to go on with the serial number: First of all, we create an enrollment restriction for the users, which does not allow to enroll Android and Android for Kiosk Devices and assign it to all users or to a specific group of users.
Then we import the CSV File with the format of csv:
My example-CSV myExample.csv contains the number (serial or IMEI) and the device details:
In the upload CSV file we can choose to upload the number as serial or IMEI:
Now you can enroll the devices with a user called: afw#setup, that brings up the camera and let you scan the QR-Code from your Kiosk-Device Profile. As soon as the devices are enrolled, they are not really visible in AzureAD. Go to Intune -> Devices -> all Devices. The devices will show up with a wired name:
Unfortunately, you are not able to rename the device in the properties 🙁
However, the devices should be set as Corporate Owned Device. And you are able to see the serial number of the device. (the same as you have from the CSV-File). This is what we need, a matching number from the AAD-Device and Intune-Device! The only match you can find on both sides, is the serial number:
Now,
I would like to have the same name in the Intune/AzureAD as I uploaded in my
CSV (as the details attribute).
By design, it is not possible to rename the device, but there is another attribute, called “Management name”.
We came up with the script to read the serial number in the” Corporate device identifiers”-list and to look in the AAD for a device with the same serial number, to catch the details “name” and add the Management name of the AAD Object.
3. Create an AAD Group and add the Device
Afterwards, we have to create an Assigned
AAD-Group, because the Management Name is not an attribute to use for dynamic
groups, (this attribute is not synced from Intune to AAD).
We have to create the group with a script or manually before we add the device to the group. There we can also assign some apps/profiles or policies…
If you use RBAC, you can also add the scope tag to this group, and every client adds that tag.
4. The Script to put all together
If you like to use this script, just download it and add your name an crypted-password next to line 500. This is a function so script can be run automated in Azure Automation or in a scheduled task on a server, that the devices get as fast as possible the real name we like to have.
How to create the Password crypted? (get-credential).password | ConvertFrom-SecureString | set-content “C:\source\password.txt”
Just open the password.txt and copy the string. Be carefully, if you use the script in a scheduled task on a server, the PoSh command to create the password has to be run on that Server 😉
The script will load this modules: Install-Module -Name Microsoft.Graph.Intune – Find the Device – Get the Serial number – Get the Device ID – Add the Device to the AAD Group – Add the Management Name to the Device
There is a little gap in the Intune SDK Module and what we have to use to add the device to the Azrue AD Group, for this case we added some separate functions. List of variables that you have to change:
# Login with the Script to your Tenant
$adminPwd= ConvertTo-SecureString -String $passWd -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential ($AdminUPN, $adminPwd)
Write-Log "Establishing connection"
$connection = Connect-MSGraph -PSCredential $creds
$global:authToken = Get-AuthToken -User $adminUPN
Write-Log "Getting all corporate identifiers"
#getting corp identifiers
$corpDevices = Get-CorporateDeviceIdentifiers
Write-Log "Getting all enrolled devices"
#getting enrolled devices
$enrolledDevices = Get-IntuneManagedDevice
# create the AAD Group for Assigenment, if it's not exists
$AADGroup = "Android-Classroom1"
$GroupId = (Get-AADDeviceGroup -GroupName $AADGroup).id
if($GroupId -eq $null -or $GroupId -eq ""){
$newGroup = New-AADGroup -displayName $AADGroup -securityEnabled:$true -mailEnabled:$false -mailNickname $AADGroup
$GroupId = $newGroup.id
#Write-Host "AAD Group - '$AADGroup' doesn't exist, please specify a valid AAD Group..." -ForegroundColor Red
#Write-Host
}
# loop every device that is in Corp-identifyers and new enrolled in Intune
foreach($corpDevice in $corpDevices)
{
# go for the Serial number
if($corpDevice.importedDeviceIdentityType -eq "serialNumber")
{
if($enrolledDevices.serialNumber -contains $corpDevice.importedDeviceIdentifier)
{
$deviceToUpdate = Get-IntuneManagedDevice -Filter "SerialNumber eq '$($corpDevice.importedDeviceIdentifier)'"
if($deviceToUpdate -ne $NULL)
{
Write-Log "Modifying device with serialnumber '$($corpDevice.importedDeviceIdentifier)'"
# change the Management name Attribute
Update-DeviceManagement_ManagedDevices -managedDeviceId $deviceToUpdate.id -managedDeviceName $corpDevice.description
#get the right aad-group id and add the device to the aad-group
$AADDevice = Get-AADDeviceDevice -DeviceID $deviceToUpdate.id
Add-AADDeviceGroupMember -GroupId $GroupId -AADMemberID $AADDevice.id
}
}
}
if($corpDevice.importedDeviceIdentityType -eq "imei")
{
# go for the IMEl number
$enrolledDevices.imei -contains $corpDevice.importedDeviceIdentifier
$deviceToUpdate = Get-IntuneManagedDevice -Filter "imei eq '$($corpDevice.importedDeviceIdentifier)'"
if($deviceToUpdate -ne $NULL)
{
Write-Log "Modifying device with serialnumber '$($corpDevice.importedDeviceIdentifier)'"
# change the Management name Attribute
Update-DeviceManagement_ManagedDevices -managedDeviceId $deviceToUpdate.id -managedDeviceName $corpDevice.description
#get the right aad-group id and add the device to the aad-group
$AADDevice = Get-AADDeviceDevice -DeviceID $deviceToUpdate.id
Add-AADDeviceGroupMember -GroupId $GroupId -AADMemberID $AADDevice.id
}
}
}
Go to Device Configuration – Profiles and Create a New Profile:
Select the App and start configuring the Settings:
Now you have all the Settings to configure, only the settings that the OEM has configured in his JSON.
If you can’t find any settings, go to the OEM’s website for the settings, and you can add those missing settings, if needed and if it’s possible, to the JSON file by your self.
This time, I tied to implement RBAC as a test and for a customer. It was quite hard to get the logic out of it and to figure out how it works in the backend. In the end, I got a piece of advice from a genius (thank you David Falkus https://github.com/davefalkus for your support) and after a short discussion, it made sense to me.
Therefore, I started my own logic draw and I would say it explains the topic in an easier way and I hope,
it helps you to understand RBAC 😉
Overview
Role RBAC
As you can
see on the picture above, there are different parties involved:
Member Group
Role
Scope Tag
Scope Group
First, the
whole configuration has to be configured with a role as a basis. Afterwards, it
needs an assignment to add Tag, Member Group and Scope Group. You are able to
use one role with the permission for multiple assignments for several use cases
with the same rights.
Important:
This is my own translation for the different parts in RBAC!
Scope Tags
Tags are
used to tag for example objects in Intune. These objects can be devices,
policies, profiles and so on. If you have a group of device objects, you have
to tag them separately. Unfortunately, there is no possibility of tagging a
whole bunch of clients at the same time. In this case it is easier to use a
script and do it with Graph API: https://github.com/microsoftgraph/powershell-intune-samples/tree/master/RBAC#12-rbac_scopetags_deviceunassignps1
Scope Group
Scope Group
means that there are some users or devices to manage such as a limited group of objects
like devices (iOS, Android or Windows) or only part
of them such as all iOS from
Marketing, etc.
Member Group
Member are one or a group of people
who have to manage
the objects
in the Scope Group.
Role
Roles have different kinds of permissions. A role can have only “Read” rights on
specific objects or “Write” or “Create” rights. We can for example grant access
to create a new configuration profile or only change a Config profile with
reading and writing access. A role can be used multiple times.
Assigenment
The Assignment contains Tags, Groups and Group
Members. They are assigned to a role, which is able to only one or even
multiple assignments.
How to Create the Parts
Scope Tags
Scope Group
Create a simple AAD Group (dynamic
or static) with the objects
you would like to manage.
Member Group
Create a simple AAD Group (dynamic
or static) with the users, who have to manage the objects
from the scope group.
Role
Create permissions.
Assigenment
Add the member group to the assignment:
Add the Scope Group to the assignment:
Add the Scope Tag to the assignment:
One last Thing:
Add a tag
to a device:
And this is
it! Please be careful and test it only with a test user since you can exclude
your own account from some config. I
recommend using a global admin to create the whole RBAC. And avoid using a
global admin in a member group. As well
to point out: Never use all User & all Device for
the Scope Group!
I
hope this helps and saves you some time to have a beer….
After clicking on the settings-symbol, choose the option “Power BI reports” and click on the “Create Dashboard”-button.
This button
will open a new tab in your browser
and shows the Power BI online Service Website.
Log in with the
same account as you logged-in to the
Security Center:
Additional information: If it is your first log-on, you need to answer some questions and specify some details about the authentication method (use OAuth2). You need as well to accept the access rights.
Choose “Windows Defender Advanced Threat Protection” in the category “My apps”.
This will open and show you a per-provisioned dashboard.
In case you
would like to see a report or create your own dashboard or report, follow the instructions provided below:
Stay on the current dashboard and select the hamburger-button in the top right corner:
This will show you a dashboard, a report and also the connector (datasets) information:
Open the report and have a look at the data shown in this report. In the footer, you have also some register tabs to split the information in different sections:
Would you like to save the report or dashboard on your own workspace? This is difficult, but you have the
option to share the dashboard
/ report and use it from there.
If you would like
to build your very own reports, use the connector
from the security center
“Build custom dashboards”.
Attention:
This dashboard provides you only with a preview and shows only data from the
last 30 days.
Part
2
To
understand how the connector
works, read the instructions below. Please note that the docs page is no longer matching
the today’s Power Bi Desktop:
Open the Power BI Desktop application after the installation has finished
As a first step, use the same credentials as in first part to log in (This is to connect your Power BI online sources)
Select “Get data”
Choose “More…”
By typing the word “Graph“ the option “Microsoft Graph Security (Beta)” appears.
Select “Microsoft Graph Security (Beta)” and connect.
Select “continue” on the preview connector wizard
In the next wizard, select the version of graph (1.0) in the version 1 of graph are elements and paths which are no more changing. If you like to play with some options coming, choose “Beta”. But be carefully, these settings can change daily.
The log-on-mask to login to graph will appear. Since the information you connect is sensitive, you have to use an account with admin rights in the WADATP Security Center (or in minimum read rights).
Afterwards, the “Navigator” wizard pops up and you have to select all “Display Options”
As soon as the data is loaded, some information to select will appear.
This looks like:
In my
opinion, this information is not
very helpful since it is mainly used
to control and remediate alerts.
If you connect to the Power BI
online services, you can connect to the data
from the first part in this blog:
To use
the data from Power BI, open Power
BI Desktop:
Open the Power BI Desktop application after the installation. Use again the credentials as in first part to log in (This is to connect your Power BI online sources)
Select “Get data”
Choose “Power BI Datasets”
As a next step, select “My workspace”
Select “Windows Defender Advanced Threat Protection” and click “Load”
Two new tables will appear:
This enables you to easily create your own report:
Mobile devices can be found everywhere in today’s world. They should be managed in an enterprise environment like any other computer.
In this training you will learn how to manage devices from the cloud with Microsoft Intune.
Devices in today’s world can work from anywhere and whenever users want. This shift changes security requirements and the way these devices are managed. Therefore, you need to learn how to manage these types of devices. Learn how you can handle end users to make your life better, instead of completing a device and solving all the problems outside your organization.
Learn to identify business cases, to generate use cases and to provide the right workload with the right technology to the modern workers. This course focuses on managing and securing devices with Microsoft EM&S Suite. The expert and double MVP Mirko Colemberg has developed this five-day practical laboratory based on practical experience.
Practical Labs: 50 percent of the time is devoted to practical labs and exercises. Another 20 percent are used for use case and workload concepts with appropriate methods for working in production environments.
Key Learnings: Creation and implementation of all required settings for using Azure AD and EM&S by yourself and from scratch. Transition from business cases to use cases and embedding workloads into the appropriate technology. Implementation of the appropriate technology with all the settings needed to get workloads done. Getting to know all the different settings that help to implement a working environment based on concrete cases from a company:
Get Azure AD running
Application Management
Modern OSD
Best Practices for the Security Basis
Analytics
Troubleshooting
Target audience: This course is aimed at IT Professionals who need a deeper understanding of the modern workplace with Windows and Azure Services and want to expand their knowledge. This course also provides background information on business / use cases to take the right actions to implement the right opportunities for the right workload.
Requirements:
Basic knowledge how network and internet works
Knowledge about processes with business and use cases
Powershell basic
Read about: OMA-URI (CSP) and Graph/AIP
Level: 300 Advanced
Material Goodies:
Lab manual (online on Azure AD)
Slide decks (PDFs), Lab documents
A Surface-Go-device
Access to a Teams-group on a private channel for all participants:
to share your experiences
chat
wiki
script sharing
from time to time an online meeting for important updates
Days: 5
Language: German and English
Where: At the moment, this course in available at Digicomp in Zurich, Switzerland. Handouts are in English, but the course will be held in German:
Manage Devices with all the tools of Microsoft Azure
Kurs: Modern Managed Devices from Zero to Production («MMDZP») Mobile Geräte sind in der heutigen Welt überall zu finden. Sie sollten in einer Unternehmensumgebung wie jeder andere Computer verwaltet werden.
This time, I’m at the MCT Global Summit in Germany (Cologne) and it is the first time I’m writing a blog post about a product. This means, everything I’m writing is my personal opinion and can differentiate to your opinion about those devices.
I got the chance from the sponsor “Sennheiser” to test every day another headset while having also some Skype meetings during the week. I promised to test the devices and write a report about them. To be honest, for the past years I’ve been using my Bose in-ear noise-cancelling headphones almost every day and I am more than happy with them. But since I am an open-minded person, I like it to try and test other things. And the best is, I didn’t have to buy them to test new devices.
Headphone: Sennheiser SC 6×5 USB
Sound quality:
The quality of the sound is different. In a call, unwanted noises for the people who are talking and also background noises from the other attendees are filtered. Additionally, there is also a difference when you listen to music. These speakers are suitable for business and private.
Handling:
The Headset has an S4B extender, with which you can answer a call, hang up and also adjust the volume + / -.
Other:
This headset has a very long cable. Especially when you pack the headset into your backpack, it can result in a mess. The reason for this long cable is that the headphone was originally planned to be used with a desktop tower where you must plug in the headphone to an USB port in the back of the tower. In my opinion, a modern workstation has mostly an USB port in front of the computer. So there is only limited need for such a long cable.
Summary:
If you are looking for a device to use permanently on the workstation at your office, this headset meets your needs. I used a Jabbra headset at home for a long time and for many meetings. After testing this device and only taking the call and sound quality into consideration, I would definitively prefer the Sennheiser one. Since I always hated to deal with a mess of cable, I personally would buy the wireless version which is as well available in this series. Its token has a range of 100 meters.
Headphone: Sennheiser MB660 uc ms
Sound quality:
The quality of sound is just amazing and also the call quality is on another level than I have ever heard before. This device has a noise-cancelling-function; as soon as you enable it, there is no more surround sound or click to hear – totally different to what I am used to from my Bose in-ear noise-cancelling headphones which I have been using for years. If you put the Bose in-ear noise-cancelling headphones and start the noise-cancelling-function, you still hear clicks and it also feels like a vacuum in your head. But with the MB660 it is completely different: It just starts and the noises around you just go away as if by magic.
Handling:
The over-the-ear headset comes with a nice box to store anything in it. Furthermore, it has a jack cable and also a USB dongle for Bluetooth connection in case your device has no BT. I had also a talk with the seller at the booth about this dongle, especially why we need that since nowadays every tablet or notebook has already BT. He explained me that the transport of the voice from the headphone to the computer is crypted with this BT connect and it is not possible to overtake and listen to the conversation. This means that you can use regular BT for listening to music and for business calls you can use the connect with the dongle.
Other:
There is also no handling needed with cables since it is wireless. On the side of the right ear shell you have touch to volume up and down and on the left ear shell you can change the sound optimization for call, disco, cinema and so on. You get also a 2mono jack connector to stereo, as we all know from the airplanes.
Summary:
In a nutshell, if you travel sometimes by plane and also want to use the headset for working or maybe traveling by train and also want to use it for fun in your private vacation time, this is one of my favorites since it really is an all-in set.
Maybe I can test some other device from Sennheiser in the future and post some information about them. I really like what they produce!
I had a Theater Session at Ignite 2018 about how to onboard Clients and Servers to WDATP (Windows Defender Advanced Thread Protection). During this session, I asked the audience if they want to have a 20-minute demo session or just have a look at the slides. The choice was clear: Everyone voted for the demo session.
Personally, I like to have sessions which are fully packed with demos. In these sessions you learn the most, but in this case the story for a session gets lost and also the jokes during the session are difficult to made.
If you would like to watch the session first, here we go:
Please consider, that there are some changes for onboarding (around minute 9:00) since it is the explanation about onboarding with Intune. Especially in minute 11:30, the explanation is for the new material that I will write down here.
Log in to your Intune Tenant over the portal.azure.com and click on Intune / Device compliance / Windows Defender ATP.
As you saw in the session, you have to connect your Intune to the Security Center first and afterwards you can see the connection status “Available”. When you are connected, you can also see the doughnut chart which informs you about devices without ATP agent.
When you click on the link “Create a device configuration profile to configure the ATP Agent” below the doughnut chart, you will be routed directly to the Intune / Device configuration / Profiles where you can perform the following steps:
Create a new profile
Chose a name
Select the platform “Windows10 and later”
Select the profile type “Windows Def ATP”
Select “Configure”
As you can see, you don’t have to upload the Intune Onboarding script anymore since the only two options are “Sample sharing for all files” and “Expedite telemetry reporting frequency”. Just enable both and that’s it.
To onboard every client to your environment, you just have to assign the profile to a device group or all device groups.
If you now have a look at your old created profile with the onboarding file, you can still see there the file you uploaded, but there is no more a need to use it. In case you have the new profile assigned to all your devices, you can easily delete the old profile.
It is now very easy, right?
But please test it out, so it is really running in your production, before you delete the old profile.
Hope it helps and saves you some time to have a beer….
In Config Manager TP1809/1810 is new a Community Hub. The implementation of this means that the community members have the possibility to share Powershell Scripts with each other.
There will be coming more in the future such as CI’s and Reports that you can upload and share with others. It’s pretty cool, that you can share stuff in SCCM directly.
By the way, this BlogPost is written with the CB TP1810 Version; in the final Version may be some differences.
Right now, Microsoft only supporting authentication of users that are in the MSFT AAD tenant. So, all the MVP’s and any Microsoft field employees only, can upload scripts!
Here I like to start showing you the new Feature to help sharing to the Community. (wait for the final version)
You can have a look into your existing script library, add a new Script or make sure you have approved an script in the library:
As a second step you can click on the Community Workspace and select “Hub”:
Here you can see the scripts which are already published by other community members.
(By the way you can see that I was the first who submitted a script :-))
Next step is to log in with your AAD or MSFT (later one also Live-ID) account by clicking the “sign in” button in the upper right corner. A similar window pops up because, to log you in to an Azure-Portal.
As a next step, you can upload your approved script from your library by selecting “My Hub” and then choosing “Add an item”.
A new window will pop up where you can select the approved script from your SCCM repository.
Tip: At the moment, you can only select “Scripts”, but in the future there are coming more options such as CI’s and also reports.
Use the “Browse”-Button to find the script you like to share. Therefore, a new window will pop up:
It’s important to know that you will only see approved scripts!
Select the script you would like to upload and click “OK”. You will be redirected to the previous windows. Enter a name for the script and don’t forget to fill in a description. Otherwise the upload will fail.
If you select the option “Keep It Private”, it will only show up in your console. You have to login first with your account, then in the “Home” tab with all the other scripts or if you select “My Hub” you can see only your scripts.
“Keep It Private” means, you are the only one, that can see your script, but you have to login first:
Open the Console and go to Community / Hub
Without login it looks like this (you can only see all the Public scripts):
Login and select “My Hub”:
And with the Login on the “Home” tab you can see all scripts (public and yours):
After this little explanation we go back to the next step…
Now you can select the script that you like:
(the “Q & A” and the “Ratings & Reviews” are in “coming soon” status)
When you select “Download” the script will show up in your script repository.
In the end you can go back to the Software Library and check if the script is there:
Check the name, the approval state (“Waiting for Approval”) and have also a look on the date. The account is all the time the one you used to log in to the console.
As a last step approve the script and use it.
Hope this helps to save some time which you can use for other task or to enjoy a beer
Normally I write test it first, but this Feature is still in TP, that means it’s only for testing. :
Since the Store for Business is in Place i use it often, but there is one thing i really don’t like in the Store for Business, you can add as many Apps (free and Buy) as you like to your Private Store that you can Use for your Employees. But to remove any of that Apps to delete from the Private Store is not really implemented with a simple “remove” button in the Private Store.
But wait, there is a Way to remove that Apps from your Private Store to keep them clean and only Manage the Apps that you really need, and not Managing Apps that you added by the wrong selection.
Here is how we remove app from the Private Store in the Microsoft Store for Business;
Login to the Businessstore.microsoft.com with your global admin Credentials
Go to manage -> Products & services and have a look for your App you like to remove
Select the App and:
a. Have a look on the User Assignment, this should be empty, otherwise you have to delete the assignment
b. Also have a look that the App is no more in any Private Store Collections
4. Next Step would be; go to Order History and find your App
5. Select the Order Link on the App
6. Now you can see the App Details and in the Actions column select Refund
7. This will show you a pop up message where you can “refund” the App
8. After that the status of the Order Details changes to:
9. Finally your App is gone from the Private Store
Happy testing, be carefully, sometimes a “delete” (Refund) Job takes over night to delete that App from your Store, there is no need to refund it again and again, just wait 24h. 🙂
Hope it helps to cleanup your Private Store, have fun and enjoy a Beer
![dd an item Type: Description: Scri t v Browse This Scrit is to check a Shortcut on the Clients desktop] C] Keep It Private dd U m*k.d a ÉmÜ; and C2J represent that to •e t. Cancel](http://blog.colemberg.ch/wp-content/uploads/imported-onenote-images/onenote-5bb87a7f896041.67552804.png)
![colemberg.ch [MVP] Manage CamCard cc Free • Online • Licenses Find a solution provider Product Details Unlimited licenses O used Private Store Collections Users Assign to Users Search user by name or email Name No licenses have been assigned for this app.](http://blog.colemberg.ch/wp-content/uploads/imported-onenote-images/onenote-5bb61c149d97c3.43990332.png)
![colemberg.ch [MVP] Manage Find a solution provider Manage / Products & services / Apps & software Products & services Apps & software Volume licensing Benefits New LOB Apps camcard 88 Card view Name 'TX No results found. Refine results: Product type: All v Application type: All Available quantity Subscription type:](http://blog.colemberg.ch/wp-content/uploads/imported-onenote-images/onenote-5bb61c1e79b938.96411100.png)
Login