Part 2 of the Secure Boot 2023 CA Update series dives into the actual rollout: how Windows applies the new KEK/DB certificates, why automatic updates aren’t guaranteed, and how Intune admins can safely trigger and manage the update workflow using registry‑based signals and proactive remediations. [Read More]
Before you roll out the Secure Boot 2023 certificates, map your fleet. This guide shows how to inventory posture with Intune—reports, proactive remediations, JSON outputs, and OEM gotchas. [Read More]
Behind the first OOBE screen, Windows launches a dense chain of provisioning tasks that never surface in the UI. As soon as the device comes online, CloudExperienceHost and the provisioning engine begin executing ZDP update checks, initializing and validating the TPM (EK, SRK, AIK), and activating hardware attestation. In parallel, Autopilot performs token‑based device discovery, retrieves its deployment profile, and drives the consumer‑vs‑enterprise pivot that determines the rest of setup. This part of the series breaks down those hidden flows — the CEH pipelines, TPM trust establishment, Autopilot token exchanges, and the orchestration logic that shapes modern Windows provisioning. [Read More]
There are many perfectly valid, intentional ways a Windows device can end up enrolled into Intune. All of these make sense. They involve planning. They involve intent. And then there was… the most popular method of [Read More]
Hybrid Entra Join was never meant to be a permanent destination — yet for many organisations, it quietly became one.
As businesses push toward modern identity models, they find themselves tangled between on‑prem dependencies, device provisioning challenges, and the politics of re‑imaging at scale. But with Microsoft’s new Hybrid Entra Join powered by Entra Kerberos (Preview), the old sync‑and‑wait pain finally meets its match. This article breaks down why Hybrid became a long‑term tenant, what the new Kerberos-based model changes, and how organisations can finally reclaim their cloud‑native roadmap. [Read More]
Windows Autopilot has evolved—but not in a way that makes the choice obvious. With the introduction of Autopilot v2 (Device Preparation), organizations now have a faster, cloud‑first provisioning model alongside the classic Autopilot experience. This article breaks down Autopilot v1 vs v2 through real‑world scenarios, helping you decide which model fits your identity strategy, device mix, and Windows 11 modernization goals. [Read More]
Modern Windows provisioning has evolved far beyond imaging, task sequences, and manual device setup. Today, identity—not infrastructure—drives the entire lifecycle of a device. Windows Autopilot sits at the center of this shift, transforming how organizations register, configure, deliver, and recycle Windows endpoints.
Whether you’re modernizing an existing estate or designing a cloud‑first provisioning strategy, understanding Autopilot’s identity pipeline and provisioning models is essential.
This blog post is fundamentally a deep technical exploration of Windows Autopilot as an identity‑driven provisioning framework. [Read More]
Modern Windows provisioning isn’t a mystery — it’s a disciplined choreography, processes moving in sync to deliver a managed, corporate‑ready device. For IT Pros, this post traces the internals from power‑on UEFI boot to the first OOBE screen: process trees and parent/child chains, critical executables spinning up and terminating, service handoffs, registry details, and trust boundaries — revealing how orchestration turns complexity into a reliable, secure, repeatable journey for enterprise teams. And just to mention, this is only Part 1 with a Part 2 coming soon! [Read More]
Introduction The upcoming Windows Secure Boot UEFI CA 2023 certificate update is a critical security milestone for enterprises. This update strengthens Secure Boot by ensuring only trusted bootloaders and firmware components are allowed during the boot [Read More]
This blog post shows the 4 different ways via which you can disable the built-in Teams app of Windows 11 with Intune. [Read More]
One of the key features of Microsoft Intune is its MAM capabilities. Intune MAM enables us to apply policies to supported corporate applications such as Outlook, Microsoft Teams, or other Office or third-party apps, to protect [Read More]
Behind the first OOBE screen, Windows launches a dense chain of provisioning tasks that never surface in the UI. As soon as the device comes online, CloudExperienceHost and the provisioning engine begin executing ZDP update checks, initializing and validating the TPM (EK, SRK, AIK), and activating hardware attestation. In parallel, Autopilot performs token‑based device discovery, retrieves its deployment profile, and drives the consumer‑vs‑enterprise pivot that determines the rest of setup. This part of the series breaks down those hidden flows — the CEH pipelines, TPM trust establishment, Autopilot token exchanges, and the orchestration logic that shapes modern Windows provisioning. [Read More]
Having duplicate icons on your desktop as a result of OneDrive sync? Learn how to prevent OneDrive from syncing Shortcuts with Intune. [Read More]
For people working with Intune and Windows/Autopilot/Windows Modern Management in customer projects, you would agree with me when I say that many times, it is the customer network that brings to us the biggest hurdle/roadblock/challenge to [Read More]
In my last blog post, I talked about how you can block users from using removable storage devices on your MEM-managed Windows 10 devices. However, at times, it may seem to be too restrictive. What if [Read More]
Are you having a tough time deciding how to revoke local admin rights from your cloud-managed Windows 10 devices without hindering user experience? Enter Admin By Request, a product that enables you to revoke local admin rights [Read More]
Admin By Request version 7 introduced some radical changes for a better user experience. Let’s explore what has changed. [Read More]
Trying out Windows 10 OS deployment with OSDCloud by David Segura (@SeguraOSD) using just WinPE, PowerShell and Internet. No Infrastruture! [Read More]
Copyright © 2022, MDM Tech Space - Joymalya Basu Roy