Skip to main content

PowerShell

Patching Gaps in the CIS Windows 11 Benchmark - Level 1 Windows 11
Microsoft Intune Windows 10 and later Security Center for Internet Security (CIS) Endpoint Security Remediation Scripts PowerShell Settings Catalog Custom Profile
The impact of the CIS settings on BitLocker and Windows Autopilot now done and dusted, we should broaden our horizons and start to look at what other problems the CIS level 1 benchmark brings to Windows 11 as a whole. Are there any? Will it be smooth sailing? Yeah, no.
Patching Gaps in the CIS Windows 11 Benchmark - Level 1 Windows Autopilot
Microsoft Intune Windows 10 and later Security Center for Internet Security (CIS) Windows Autopilot Windows Hello Settings Catalog PowerShell
With the CIS BitLocker and associated DMA settings reviewed and updated, now is time to delve into the Windows 11 specific settings that exist in the CIS Level 1 benchmark. What issues do they bring to Windows Autopilot, what solutions can we find? Honestly, who knows.
Risk Based Windows 11 Feature Update Deployment - Automation
Microsoft Intune Windows 10 and later Software Updates Dynamic Groups PowerShell Graph API Automation
The final part in this series looks at how to bring everything together under a single, repeatable script, allowing for the capture of readiness state, the tagging of devices to support the distribution of Windows 11 23H2.
Risk Based Windows 11 Feature Update Deployment - Feature Updates
Microsoft Intune Windows 10 and later Software Updates Dynamic Groups PowerShell Graph API
Using the data captured from a Windows 11 Feature Update Readiness report to successfully tag device attributes to device objects, and group them based on risk, we now look at how to deploy Feature Updates to these devices in a controlled manner.
Risk Based Windows 11 Feature Update Deployment - Device Attributes
Microsoft Intune Windows 10 and later Software Updates Dynamic Groups PowerShell Graph API Automation
Having looked into capturing the Feature Update Readiness data for Windows 11 23H2 for our Windows devices, we can now use this risk based data to tag them with their associated risk, grouping them together to allow for sensible Feature Update profile assignment.
Risk Based Windows 11 Feature Update Deployment - Reporting
Microsoft Intune Windows 10 and later Software Updates Dynamic Groups PowerShell Graph API Automation
With Windows 10 support coming to an end sooner than you’d expect, in the first part of this series we look at ways to capture Feature Update Readiness Report data using PowerShell and Graph to help with the rollout of the new Windows 11 operating system.
Remediating BitLocker DMA Exception Errors with Microsoft Intune
Microsoft Intune Windows 10 and later BitLocker PowerShell Security Direct Memory Access
So you’ve configured BitLocker encryption in Microsoft Intune, but some of your devices are failing to encrypt complaining about a DMA exception issue as part of Automatic Encryption. How can we fix that without creating a gaping security hole?
Creating Reusable Groups of Firewall Settings for Microsoft Online Services
Microsoft Intune Windows 10 and later Security PowerShell Graph API Settings Catalog Firewall Automation Endpoint Security
It’s time to remove another manual process, this time the creation of Microsoft 365 network endpoints for Windows Firewall Rules in Microsoft Intune, because nobody should be creating these manually.
Keeping Windows Store Apps Updated with Microsoft Intune
Microsoft Intune Windows 10 and later Software Updates Remediation Scripts Apps PowerShell Windows Autopilot Security
Now we all love the new Windows Store, especially for deploying applications from Microsoft Intune, but we should find a way to keep these UWP applications up to date without additional license cost.