Before you roll out the Secure Boot 2023 certificates, map your fleet. This guide shows how to inventory posture with Intune—reports, proactive remediations, JSON outputs, and OEM gotchas. [Read More]
Behind the first OOBE screen, Windows launches a dense chain of provisioning tasks that never surface in the UI. As soon as the device comes online, CloudExperienceHost and the provisioning engine begin executing ZDP update checks, initializing and validating the TPM (EK, SRK, AIK), and activating hardware attestation. In parallel, Autopilot performs token‑based device discovery, retrieves its deployment profile, and drives the consumer‑vs‑enterprise pivot that determines the rest of setup. This part of the series breaks down those hidden flows — the CEH pipelines, TPM trust establishment, Autopilot token exchanges, and the orchestration logic that shapes modern Windows provisioning. [Read More]
There are many perfectly valid, intentional ways a Windows device can end up enrolled into Intune. All of these make sense. They involve planning. They involve intent. And then there was… the most popular method of [Read More]
Hybrid Entra Join was never meant to be a permanent destination — yet for many organisations, it quietly became one.
As businesses push toward modern identity models, they find themselves tangled between on‑prem dependencies, device provisioning challenges, and the politics of re‑imaging at scale. But with Microsoft’s new Hybrid Entra Join powered by Entra Kerberos (Preview), the old sync‑and‑wait pain finally meets its match. This article breaks down why Hybrid became a long‑term tenant, what the new Kerberos-based model changes, and how organisations can finally reclaim their cloud‑native roadmap. [Read More]
Windows Autopilot has evolved—but not in a way that makes the choice obvious. With the introduction of Autopilot v2 (Device Preparation), organizations now have a faster, cloud‑first provisioning model alongside the classic Autopilot experience. This article breaks down Autopilot v1 vs v2 through real‑world scenarios, helping you decide which model fits your identity strategy, device mix, and Windows 11 modernization goals. [Read More]
Modern Windows provisioning has evolved far beyond imaging, task sequences, and manual device setup. Today, identity—not infrastructure—drives the entire lifecycle of a device. Windows Autopilot sits at the center of this shift, transforming how organizations register, configure, deliver, and recycle Windows endpoints.
Whether you’re modernizing an existing estate or designing a cloud‑first provisioning strategy, understanding Autopilot’s identity pipeline and provisioning models is essential.
This blog post is fundamentally a deep technical exploration of Windows Autopilot as an identity‑driven provisioning framework. [Read More]
Modern Windows provisioning isn’t a mystery — it’s a disciplined choreography, processes moving in sync to deliver a managed, corporate‑ready device. For IT Pros, this post traces the internals from power‑on UEFI boot to the first OOBE screen: process trees and parent/child chains, critical executables spinning up and terminating, service handoffs, registry details, and trust boundaries — revealing how orchestration turns complexity into a reliable, secure, repeatable journey for enterprise teams. And just to mention, this is only Part 1 with a Part 2 coming soon! [Read More]
Introduction The upcoming Windows Secure Boot UEFI CA 2023 certificate update is a critical security milestone for enterprises. This update strengthens Secure Boot by ensuring only trusted bootloaders and firmware components are allowed during the boot [Read More]
Learn how Microsoft Intune simplifies WPA2-Enterprise Wi-Fi onboarding using EAP-TLS and certificate-based authentication. Explore the workflow, key components, and deployment best practices for secure enterprise connectivity. [Read More]
Removable storage devices are one of the most common attack vectors for data breaches. Learn how to block USB drives with Microsoft Intune. [Read More]
Microsoft with their latest service offering, the Windows Autopatch service, aims to relief company IT from the Windows patch management. But is it something entirely new? Can this not be achieved manually? This blog post expresses my take on the Windows Autopatch service. [Read More]
The Start Menu of Windows 10 fresh out-of-box is a complete mess. Don’t worry as you can easily customize the Start Menu layout with Intune. [Read More]
Exploring the new Remote Help feature in MEM Intune. Takes you through all the setup that is required as well as checking out how it works. [Read More]
Noticing the shiny new widget appearing on the Windows taskbar? Learn how you can disable “News and Interests” taskbar widget from Intune. [Read More]
Ever been in a situation where suppose you have been involved in investigating an issue that requires you to grab Windows Event logs from a user’s workstation. But while going through the Event logs, you notice [Read More]
The hardest and most critical component of working with Microsoft Graph API is AUTH and this blog post aims to help you have a better understanding of the same. [Read More]
This blog post shows how you can disable browsers (Chrome/Edge) from generating toast notifications on managed-Windows endpoint with Intune. [Read More]
This short blog post helps you with how you can get Windows 11 deployed to your managed Windows 10 endpoints with Intune and WUfB. [Read More]
Copyright © 2022, MDM Tech Space - Joymalya Basu Roy