Blogged: Secure boot certificates and older hardware niallbrady.com/2026/05/31/se… cc @miketerrill @gwblok @jarwidmark #MSIntune

The endpoint management newsletter is out! Highlights: June Patch Tuesday the Secure Boot cert rollout, MDOP end of support, ConfigMgr 2409 EOL, and Windows 365 at Build 2026. Read: danielengberg.com/endpoint-m… #intune #msintune #configmgr #powershell #windows11

MDOP is out of support: What to do next with Microsoft Intune | Microsoft Community Hub techcommunity.microsoft.com/…

Copilot chat (Basic) is no longer working for me on any device. Now all I get from the app, or via the chat option in edge is "something went wrong" after first answering whatever question i posted. Very annoying. Not network related as I see the same thing on my Cloud PC.

The Secure Boot master key used to verify firmware integrity across hundreds of devices was a test key generated by AMI, labeled in the certificate itself as "DO NOT TRUST." Vendors were supposed to replace it with their own keys before shipping. Most did not. The key ended up in a public GitHub repository and was sitting there exposed before anyone noticed. Devices from Acer, Dell, HP, Lenovo, Intel, Gigabyte and Supermicro were all affected.

HPIA 5.3.6, a replacement for HPIA5.3.5 (which was pulled) is now published with the new /SubCategory command option and certain fixes #HPIA #MSMMOA #SCCM #MECM #Intune

Exciting news. 🗞️ Our 3rd #AI edition of bestseller Mastering Microsoft Intune is officially up for pre-order! 👉 amazon.com/Mastering-Microso…

Spend a huge amount of time to come up with a new way to debug when things go wrong in your environment. Brand new version of Intune debug toolkit coming soon! #MSIntune #IntuneDebugToolkit

Microsoft Configuration Manager (aka #ConfigMgr, #SCCM, #MEMCM, #MECM, #SMS) Version 2409 goes end of life on Saturday, June 6, 2026. If you are still running this version, it is time to upgrade.

It started with a simple question within the #ITCommunity: "Has anyone else seen this?" After the May updates, #ITPros began reporting issues with Company Portal deployments during Autopilot pre-provisioning. @Mister_MDM dug in to find out why. A great example of community-driven troubleshooting and what can happen when people share what they're seeing. 👉 bit.ly/49LgG8d #MSIntune #Intune #WindowsAutopilot

In my article ourcloudnetwork.com/how-to-s… I explain that guests can read user details, managers, group members, application properties and certificate configurations in your directory, and by default, anyone can invite them to your org, even other guests! All this information is what a malicious actor can use to map your organisation, and how would you know if any of the potential thousands of guests in your environment have been breached? you wouldn't... Before you can think about managing the lifecycle of your guests, you need to stop this problem in its tracks. Take the first step and limit who can invite guests to your tenant now! #Microsoft #Entra

Why didn’t somebody tell me before that required installations are one of the biggest things breaking Autopilot ESP? 😩 “So what are your required installations?” Every Autopilot admin asks this… and Intune makes it ridiculously hard to answer. No single view. You’re stuck clicking through assignments or running PowerShell. Meanwhile your ESP is stuck for 30 minutes because of 7 hidden required Win32 apps. The FREE Intune Dashboard fixes it in one click. Now you can easily compare with the ESP configuration. **Required Install** view shows every required app across the entire tenant — All Devices All Users — instantly. Right now we have exactly **7** required apps (ConfigMgr Toolkit, .NET Runtime, M365 Apps, etc.). No more guessing. No more ESP surprises. @MSIntune #Intune

In my latest video, I sit down with Amir Bredy from the Azure Edge Security team to talk about LAPS for Azure Arc—and why it might be the lowest-effort, highest-impact security win available to hybrid customers right now. 💡 Here’s what makes it powerful 👇 ✅ Manage Windows LAPS centrally with Azure Policy ✅ One consistent model across Azure VMs and Arc-enabled servers—on-prem, edge, or other clouds ✅ Audit-first, enforce-when-ready rollout ✅ Secure defaults aligned to NIST & CIS (15-char passwords, 30-day rotation) ✅ Audit-ready compliance evidence your security team will actually love We also walk through a live demo—from policy assignment to verified compliance, including the “Reasons” evidence field that makes audits dramatically easier. 🎬 If you’ve got Windows machines in Azure or connected through Arc and haven’t modernized your local admin password strategy yet, this is the one to watch. 👉 Start in audit mode. Share the report with your security team. Flip to configure when you’re ready. 🔗 Watch the full interview demo: youtube.com/watch?v=9zx1U4wF… 🔗 Blog: thomasmaurer.ch/2026/06/laps… #AzureArc #Security #LAPS #HybridCloud #Azure #CyberSecurity #WindowsServer #EntraID #ZeroTrust #SovereignCloud

Endpoint decisions influence sustainability outcomes—and IT teams are already making them. Explore how Windows can help measure and optimize the impact of endpoint decisions in the e-book, “Energy-smart IT with Windows and Microsoft Intune”: msft.it/6012vga3r

It is indeed "the" endpoint management event! And we will be there, in San Diego, for the first time, in the @PowerStacks booth demo'ing our new App Store for Intune! powerstacks.com/products/app…

🚨Reminder: If you don't provide a certificate, your #MCC (Connected Cache) will stop delivering content for Intune in a week. Starting June 16, content for Intune (and Teams) will only be downloaded to endpoints with a secured connection to the source. techcommunity.microsoft.com/…

MMS 2026 Midway Edition will be held in beautiful San Diego from October 25-28, featuring deep technical sessions, networking opportunities, Microsoft endpoint management discussions, hallway conversations and a welcome reception aboard the USS Midway aircraft carrier. If you haven’t attended MMS before, this is the one to experience. Intune, ConfigMgr, Windows, security, automation, cloud management, community, MVPs, Microsoft folks, real-world lessons, and probably a few late-night “just one more conversation” moments at the hotel lobby. The early discounts are already gone, and registrations are moving fast, so now’s the time to lock it in before your future self gets disappointed. San Diego. USS Midway. Manchester Grand Hyatt. One of the best endpoint management communities on the planet. Register here: mmsmoa.com/mms2026midway #MMSMidway #MMSMOA #SanDiego #ITpros #MSIntune

For those using Device-bound Passkeys and want to start playing with @Yubico, here are the AAGUIDs for Attestation. support.yubico.com/s/article…

Shouldn't affect them. Platform scripts and Remediations both execute through the Intune Management Extension, so they aren't governed by the LocalMachine execution policy W365 is moving to RemoteSigned. If 'Enforce script signature check' is off, IME runs the script with Bypass, which sits above LocalMachine in scope precedence and ignores it. If it's on, the script already had to be signed by a cert in Trusted Publishers, so RemoteSigned adds nothing new. The actual gotcha is precedence: MachinePolicy and UserPolicy override LocalMachine. If AllSigned gets pushed at MachinePolicy via Intune or GPO, that overrides the new default and is what fails provisioning, resize, and restore. That's the thing worth auditing.

You have Intune Remote Help already, you might as well use it gerryhampsoncm.blogspot.com/… #Intune #RemoteHelp #M365E3

Be aware that @MSIntune Windows Autopilot device preparation requires Personal Device Enrollment to be set to Allow (temporarily).