Intune’s Enhanced App Inventory transforms application visibility from guesswork into a reliable security signal. By introducing richer metadata, user context, and freshness indicators, it closes long-standing audit and compliance gaps. Here’s what changed, how to enable it, and why it matters for Zero Trust operations. [Read More]
Microsoft’s new Intune Device View isn’t about new features—it’s about better context. By consolidating device data, actions, compliance, and reporting into a single experience, it reduces admin friction and improves audit visibility. Here’s what changed, why it matters, and how it aligns with real-world endpoint operations. [Read More]
The Secure Boot 2023 CA transition was never just a certificate update. This epilogue looks back at what actually changed at enterprise scale—broken assumptions, firmware realities, and why proof matters more than deployment success. [Read More]
Secure Boot certificate updates won’t flip Secure Boot ON for you. This post shows how to safely enable Secure Boot at scale using Intune orchestration + PowerShell execution, with BitLocker readiness gates, and OEM-supported tooling for Lenovo and Dell. [Read More]
WinCsFlags.exe doesn’t write Secure Boot certificates into firmware — it sets intent.
This deep‑dive explains how WinCS works behind the scenes, how the Secure Boot 2023 CA update actually flows from Windows to UEFI firmware, why two reboots are expected, and how to validate success using UEFICA2023Status. A practical, engine‑room explanation bridging Part 2 (0x5944) and Part 3 (validation) of the Secure Boot series—without vibes, myths, or guesswork. [Read More]
Deploying the Secure Boot 2023 certificate update is the easy part. Proving it actually worked is where things get uncomfortable. In Part 3, the spotlight shifts from execution to evidence—where dashboards stop being trusted, reboots start to matter, and firmware finally gets a vote. This is the phase where Windows claims success, devices boot happily, and yet half your fleet may still be clinging to the 2011 trust chain like it’s a security blanket. Validation is where assumptions die, receipts are demanded, and “updated” stops being a feeling and starts being something you can prove. [Read More]
The Claude / Terraform incident wasn’t AI going rogue—it was automation executing perfectly without governance. This post breaks down why agentic AI is a Zero Trust problem, not an intelligence one, and how Microsoft Agent 365 signals a shift toward scoped, observable, and approval‑gated agents designed to limit blast radius before damage happens. [Read More]
There are some security lessons that arrive as a whitepaper, and then there are the ones that arrive like a brick through the server room window. This post explores why Intune Multi-Admin Approval is no longer just a nice governance feature, but a critical security control for preventing destructive remote actions like wipe, retire, and delete from being abused at scale. [Read More]
Part 2 of the Secure Boot 2023 CA Update series dives into the actual rollout: how Windows applies the new KEK/DB certificates, why automatic updates aren’t guaranteed, and how Intune admins can safely trigger and manage the update workflow using registry‑based signals and proactive remediations. [Read More]
Removable storage devices are one of the most common attack vectors for data breaches. Learn how to block USB drives with Microsoft Intune. [Read More]
For people working with Intune and Windows/Autopilot/Windows Modern Management in customer projects, you would agree with me when I say that many times, it is the customer network that brings to us the biggest hurdle/roadblock/challenge to [Read More]
Microsoft with their latest service offering, the Windows Autopatch service, aims to relief company IT from the Windows patch management. But is it something entirely new? Can this not be achieved manually? This blog post expresses my take on the Windows Autopatch service. [Read More]
This the first part of a two-post blog that will help you to get started with Windows Autopatch in your environment, provided your environment meets the license and other requirements. [Read More]
Hybrid Entra Join was never meant to be a permanent destination — yet for many organisations, it quietly became one.
As businesses push toward modern identity models, they find themselves tangled between on‑prem dependencies, device provisioning challenges, and the politics of re‑imaging at scale. But with Microsoft’s new Hybrid Entra Join powered by Entra Kerberos (Preview), the old sync‑and‑wait pain finally meets its match. This article breaks down why Hybrid became a long‑term tenant, what the new Kerberos-based model changes, and how organisations can finally reclaim their cloud‑native roadmap. [Read More]
This blog post sheds light on how you can proactively solve Windows 10 device sync issue in an Intune environment. [Read More]
Want to have two MAM policies of different Management type applied to the same user for iOS/iPadOS platform? You need to know about IntuneMAMUPN. [Read More]
Part-2 of the 2-post blog on Windows Autopilot walks you through the Windows Autopatch operations and other miscellaneous information that we all as IT Pros must know about the service. [Read More]
Microsoft’s new Intune Device View isn’t about new features—it’s about better context. By consolidating device data, actions, compliance, and reporting into a single experience, it reduces admin friction and improves audit visibility. Here’s what changed, why it matters, and how it aligns with real-world endpoint operations. [Read More]
Copyright © 2022, MDM Tech Space - Joymalya Basu Roy