Skip to main content

Windows 10 and later

Patching Gaps in the CIS Windows 11 Benchmark - Level 1 Windows 11
Microsoft Intune Windows 10 and later Security Center for Internet Security (CIS) Endpoint Security Remediation Scripts PowerShell Settings Catalog Custom Profile
The impact of the CIS settings on BitLocker and Windows Autopilot now done and dusted, we should broaden our horizons and start to look at what other problems the CIS level 1 benchmark brings to Windows 11 as a whole. Are there any? Will it be smooth sailing? Yeah, no.
Renaming Windows Autopilot v2 Devices
Microsoft Intune Windows 10 and later Windows Autopilot Windows Autopilot Device Preparation Custom Profiles
So Microsoft released Windows Autopilot Device Preparation, or more commonly known as APv2, into General Availability a little while ago. So with this production release we should be able to name our corporate owned Windows devices right Microsoft? Right?
Patching Gaps in the CIS Windows 11 Benchmark - Level 1 Windows Autopilot
Microsoft Intune Windows 10 and later Security Center for Internet Security (CIS) Windows Autopilot Windows Hello Settings Catalog PowerShell
With the CIS BitLocker and associated DMA settings reviewed and updated, now is time to delve into the Windows 11 specific settings that exist in the CIS Level 1 benchmark. What issues do they bring to Windows Autopilot, what solutions can we find? Honestly, who knows.
Patching Gaps in the CIS Windows 11 Benchmark - BitLocker
Microsoft Intune Windows 10 and later Security Center for Internet Security (CIS) Custom Profiles BitLocker Direct Memory Access Settings Catalog
Everyone loves a security benchmark, and with the imminent move to Windows 11 for everyone, the Center for Internet Security released version 3.0.1 of theirs, including a build kit for Microsoft Intune, but what does this build kit break for BitLocker encryption?
Risk Based Windows 11 Feature Update Deployment - Automation
Microsoft Intune Windows 10 and later Software Updates Dynamic Groups PowerShell Graph API Automation
The final part in this series looks at how to bring everything together under a single, repeatable script, allowing for the capture of readiness state, the tagging of devices to support the distribution of Windows 11 23H2.
Risk Based Windows 11 Feature Update Deployment - Feature Updates
Microsoft Intune Windows 10 and later Software Updates Dynamic Groups PowerShell Graph API
Using the data captured from a Windows 11 Feature Update Readiness report to successfully tag device attributes to device objects, and group them based on risk, we now look at how to deploy Feature Updates to these devices in a controlled manner.
Risk Based Windows 11 Feature Update Deployment - Device Attributes
Microsoft Intune Windows 10 and later Software Updates Dynamic Groups PowerShell Graph API Automation
Having looked into capturing the Feature Update Readiness data for Windows 11 23H2 for our Windows devices, we can now use this risk based data to tag them with their associated risk, grouping them together to allow for sensible Feature Update profile assignment.
Risk Based Windows 11 Feature Update Deployment - Reporting
Microsoft Intune Windows 10 and later Software Updates Dynamic Groups PowerShell Graph API Automation
With Windows 10 support coming to an end sooner than you’d expect, in the first part of this series we look at ways to capture Feature Update Readiness Report data using PowerShell and Graph to help with the rollout of the new Windows 11 operating system.
Remediating BitLocker DMA Exception Errors with Microsoft Intune
Microsoft Intune Windows 10 and later BitLocker PowerShell Security Direct Memory Access
So you’ve configured BitLocker encryption in Microsoft Intune, but some of your devices are failing to encrypt complaining about a DMA exception issue as part of Automatic Encryption. How can we fix that without creating a gaping security hole?