Intune’s Enhanced App Inventory transforms application visibility from guesswork into a reliable security signal. By introducing richer metadata, user context, and freshness indicators, it closes long-standing audit and compliance gaps. Here’s what changed, how to enable it, and why it matters for Zero Trust operations. [Read More]
Microsoft’s new Intune Device View isn’t about new features—it’s about better context. By consolidating device data, actions, compliance, and reporting into a single experience, it reduces admin friction and improves audit visibility. Here’s what changed, why it matters, and how it aligns with real-world endpoint operations. [Read More]
The Secure Boot 2023 CA transition was never just a certificate update. This epilogue looks back at what actually changed at enterprise scale—broken assumptions, firmware realities, and why proof matters more than deployment success. [Read More]
Secure Boot certificate updates won’t flip Secure Boot ON for you. This post shows how to safely enable Secure Boot at scale using Intune orchestration + PowerShell execution, with BitLocker readiness gates, and OEM-supported tooling for Lenovo and Dell. [Read More]
WinCsFlags.exe doesn’t write Secure Boot certificates into firmware — it sets intent.
This deep‑dive explains how WinCS works behind the scenes, how the Secure Boot 2023 CA update actually flows from Windows to UEFI firmware, why two reboots are expected, and how to validate success using UEFICA2023Status. A practical, engine‑room explanation bridging Part 2 (0x5944) and Part 3 (validation) of the Secure Boot series—without vibes, myths, or guesswork. [Read More]
Deploying the Secure Boot 2023 certificate update is the easy part. Proving it actually worked is where things get uncomfortable. In Part 3, the spotlight shifts from execution to evidence—where dashboards stop being trusted, reboots start to matter, and firmware finally gets a vote. This is the phase where Windows claims success, devices boot happily, and yet half your fleet may still be clinging to the 2011 trust chain like it’s a security blanket. Validation is where assumptions die, receipts are demanded, and “updated” stops being a feeling and starts being something you can prove. [Read More]
The Claude / Terraform incident wasn’t AI going rogue—it was automation executing perfectly without governance. This post breaks down why agentic AI is a Zero Trust problem, not an intelligence one, and how Microsoft Agent 365 signals a shift toward scoped, observable, and approval‑gated agents designed to limit blast radius before damage happens. [Read More]
There are some security lessons that arrive as a whitepaper, and then there are the ones that arrive like a brick through the server room window. This post explores why Intune Multi-Admin Approval is no longer just a nice governance feature, but a critical security control for preventing destructive remote actions like wipe, retire, and delete from being abused at scale. [Read More]
Part 2 of the Secure Boot 2023 CA Update series dives into the actual rollout: how Windows applies the new KEK/DB certificates, why automatic updates aren’t guaranteed, and how Intune admins can safely trigger and manage the update workflow using registry‑based signals and proactive remediations. [Read More]
The writing style for this brief post will not be like the usual blog posts that I do, but more like a service ticket being handled. So let’s get started with it! Title: The case of [Read More]
This blog post helps to explains how the Intune expedite Windows update process works. [Read More]
Windows Autopilot with Windows 11 – are there any changes to the user experience? Plus, a quick look at the new Autopilot diagnostics page. [Read More]
You might be aware of Microsoft’s aanouncement of supporting Linux management with Intune. You may have also been through the instructions to know how to have your Linux device managed with Intune. But if you are not someone who is well-versed with Linux operations and thus finding it hard to guess what the commands are doing, then this blog post is for you. [Read More]
The new “Locate device” remote action in Intune helps IT admins to fetch the location details of a device in the event of lost/stolen device. [Read More]
Microsoft with their latest service offering, the Windows Autopatch service, aims to relief company IT from the Windows patch management. But is it something entirely new? Can this not be achieved manually? This blog post expresses my take on the Windows Autopatch service. [Read More]
Are you prepared for the strong certificate mapping enforcement that Microsoft brings with its Feb 2025 patch Tuesday update for the Windows Server OS? Microsoft introduced strong certificate mapping with the May 2022 patch Tuesday security [Read More]
Learn how you can easily generate Azure AD Temporary Access Pass for bulk users utilizing the power of Microsoft Graph API and PowerShell. [Read More]
Ever been in a situation where suppose you have been involved in investigating an issue that requires you to grab Windows Event logs from a user’s workstation. But while going through the Event logs, you notice [Read More]
Copyright © 2022, MDM Tech Space - Joymalya Basu Roy