Windows 10 and later
Microsoft Intune and the Curious Case of the Converting Firewall Rule Policy
·
loading
Microsoft Intune
Windows 10 and later
Settings Catalog
Security
Firewall
Endpoint Security
PowerShell
When did Microsoft go all covert ops (maybe don’t answer that question) and start making changes to your very own Firewall Rule policies in Microsoft Intune without letting anyone know? Or did they?
Patching Gaps in the CIS Windows 11 Benchmark - Level 1 Windows 11
·
loading
Microsoft Intune
Windows 10 and later
Security
Center for Internet Security (CIS)
Endpoint Security
Remediation Scripts
PowerShell
Settings Catalog
Custom Profiles
The impact of the CIS settings on BitLocker and Windows Autopilot now done and dusted, we should broaden our horizons and start to look at what other problems the CIS level 1 benchmark brings to Windows 11 as a whole. Are there any? Will it be smooth sailing? Yeah, no.
Renaming Windows Autopilot v2 Devices
·
loading
Microsoft Intune
Windows 10 and later
Windows Autopilot
Windows Autopilot Device Preparation
Custom Profiles
So Microsoft released Windows Autopilot Device Preparation, or more commonly known as APv2, into General Availability a little while ago. So with this production release we should be able to name our corporate owned Windows devices right Microsoft? Right?
Patching Gaps in the CIS Windows 11 Benchmark - Level 1 Windows Autopilot
·
loading
Microsoft Intune
Windows 10 and later
Security
Center for Internet Security (CIS)
Windows Autopilot
Windows Hello
Settings Catalog
PowerShell
With the CIS BitLocker and associated DMA settings reviewed and updated, now is time to delve into the Windows 11 specific settings that exist in the CIS Level 1 benchmark. What issues do they bring to Windows Autopilot, what solutions can we find? Honestly, who knows.
Patching Gaps in the CIS Windows 11 Benchmark - BitLocker
·
loading
Microsoft Intune
Windows 10 and later
Security
Center for Internet Security (CIS)
Custom Profiles
BitLocker
Direct Memory Access
Settings Catalog
Everyone loves a security benchmark, and with the imminent move to Windows 11 for everyone, the Center for Internet Security released version 3.0.1 of theirs, including a build kit for Microsoft Intune, but what does this build kit break for BitLocker encryption?
Risk Based Windows 11 Feature Update Deployment - Automation
·
loading
Microsoft Intune
Windows 10 and later
Software Updates
Dynamic Groups
PowerShell
Graph API
Automation
The final part in this series looks at how to bring everything together under a single, repeatable script, allowing for the capture of readiness state, the tagging of devices to support the distribution of Windows 11 23H2.
Risk Based Windows 11 Feature Update Deployment - Feature Updates
·
loading
Microsoft Intune
Windows 10 and later
Software Updates
Dynamic Groups
PowerShell
Graph API
Using the data captured from a Windows 11 Feature Update Readiness report to successfully tag device attributes to device objects, and group them based on risk, we now look at how to deploy Feature Updates to these devices in a controlled manner.
Risk Based Windows 11 Feature Update Deployment - Device Attributes
·
loading
Microsoft Intune
Windows 10 and later
Software Updates
Dynamic Groups
PowerShell
Graph API
Automation
Having looked into capturing the Feature Update Readiness data for Windows 11 23H2 for our Windows devices, we can now use this risk based data to tag them with their associated risk, grouping them together to allow for sensible Feature Update profile assignment.
Risk Based Windows 11 Feature Update Deployment - Reporting
·
loading
Microsoft Intune
Windows 10 and later
Software Updates
Dynamic Groups
PowerShell
Graph API
Automation
With Windows 10 support coming to an end sooner than you’d expect, in the first part of this series we look at ways to capture Feature Update Readiness Report data using PowerShell and Graph to help with the rollout of the new Windows 11 operating system.