March 29, 2026
MDM Tech Space
Recent Posts
WinCsFlags.exe for Secure Boot 2023 CA Certificate Updates: What It Really Does and the OS → Firmware Flow.
General

WinCsFlags.exe and Secure Boot 2023 CA Updates – A Bridge Between Part 2 & Part 3

March 27, 2026 0

WinCsFlags.exe doesn’t write Secure Boot certificates into firmware — it sets intent.
This deep‑dive explains how WinCS works behind the scenes, how the Secure Boot 2023 CA update actually flows from Windows to UEFI firmware, why two reboots are expected, and how to validate success using UEFICA2023Status. A practical, engine‑room explanation bridging Part 2 (0x5944) and Part 3 (validation) of the Secure Boot series—without vibes, myths, or guesswork. [Read More]

Microsoft Intune: Secure Boot 2023 CA Certificate Update Rollout - Part 3
General

Secure Boot Certificate Update Rollout at 50,000 Feet (and Devices): A Field Guide for the Sleep‑Deprived IT Admin – Part 3

March 24, 2026 1

Deploying the Secure Boot 2023 certificate update is the easy part. Proving it actually worked is where things get uncomfortable. In Part 3, the spotlight shifts from execution to evidence—where dashboards stop being trusted, reboots start to matter, and firmware finally gets a vote. This is the phase where Windows claims success, devices boot happily, and yet half your fleet may still be clinging to the 2011 trust chain like it’s a security blanket. Validation is where assumptions die, receipts are demanded, and “updated” stops being a feeling and starts being something you can prove. [Read More]

Intune Multi-Admin Approval: The Security Feature You’ll Wish You Enabled Before Someone Presses “Wipe All”
General

Intune Multi-Admin Approval: The Security Feature You Wish You’d Enabled Before Someone Pressed “Wipe All”!

March 13, 2026 0

There are some security lessons that arrive as a whitepaper, and then there are the ones that arrive like a brick through the server room window. This post explores why Intune Multi-Admin Approval is no longer just a nice governance feature, but a critical security control for preventing destructive remote actions like wipe, retire, and delete from being abused at scale. [Read More]

Modern Windows Provisioning - Autopilot Internals - Part 2
General

Modern Windows Provisioning Internals – Part 2

March 3, 2026 0

Behind the first OOBE screen, Windows launches a dense chain of provisioning tasks that never surface in the UI. As soon as the device comes online, CloudExperienceHost and the provisioning engine begin executing ZDP update checks, initializing and validating the TPM (EK, SRK, AIK), and activating hardware attestation. In parallel, Autopilot performs token‑based device discovery, retrieves its deployment profile, and drives the consumer‑vs‑enterprise pivot that determines the rest of setup. This part of the series breaks down those hidden flows — the CEH pipelines, TPM trust establishment, Autopilot token exchanges, and the orchestration logic that shapes modern Windows provisioning. [Read More]

Hybrid Entra Join using Entra Kerberos
General

Hybrid Entra Join Continues To Exist — Not Because Anyone Wants It, But Because Reality Is Inconvenient.

February 20, 2026 Comments Off on Hybrid Entra Join Continues To Exist — Not Because Anyone Wants It, But Because Reality Is Inconvenient.

Hybrid Entra Join was never meant to be a permanent destination — yet for many organisations, it quietly became one.
As businesses push toward modern identity models, they find themselves tangled between on‑prem dependencies, device provisioning challenges, and the politics of re‑imaging at scale. But with Microsoft’s new Hybrid Entra Join powered by Entra Kerberos (Preview), the old sync‑and‑wait pain finally meets its match. This article breaks down why Hybrid became a long‑term tenant, what the new Kerberos-based model changes, and how organisations can finally reclaim their cloud‑native roadmap. [Read More]

Random Posts

Disable GenAI assistant in Adobe Acrobat with Intune
General

Disable GenAI assistant in Adobe Acrobat with Intune

March 13, 2025 Comments Off on Disable GenAI assistant in Adobe Acrobat with Intune

Generative AI is all over the headlines, and that’s not empty hype. In the past year, generative artificial intelligence has captured the world’s imagination. This powerful type of artificial intelligence (AI) can create new content based [Read More]

Copyright © 2022, MDM Tech Space - Joymalya Basu Roy