-
Windows Hotpatch for Windows 11: Fewer Reboots, Happier Users
Hotpatch for Windows 11 Enterprise (24H2+) delivers monthly security updates without rebooting. Managed via Windows Autopatch and Intune using a Windows quality update policy. Quarterly baselines still require a reboot, but the in-between months are reboot-free—less disruption, better compliance. 🎯 Why It Matters 🧠 How Hotpatch Works Scope: Hotpatch covers monthly security updates. Feature updates, .NET, drivers, and firmware still require reboots. ✅ Prerequisites ARM64
-
macOS LAPS in Intune – Finally Some Love for Mac Admins
Let’s be honest—managing local admin accounts on macOS has always been a bit of a mess. From clunky scripts to half-baked MDM workarounds, it’s never felt as clean or secure as it should. But with the latest updates from Microsoft Intune, we finally have something that feels right: macOS LAPS. 🧠 What is LAPS, Anyway? LAPS
-
Quick Machine Recovery in Windows 11 24H2: The Resilience Game-Changer
If your fleet ever faces a boot meltdown, Quick Machine Recovery (QMR) is the lifeline you need—with zero heroics and minimum fuss. 🚀 What’s Quick Machine Recovery? ✅ Why It’s a Straight-Up Admin Win ⚙️ How It Works—The Technical Flow 🛠️ How To Configure It with Intune From the Intune Admin Center: You can test
-
Switching Entra Connect to Application-Based Authentication – Easy, Secure, Future-Proof
Microsoft is pushing forward: Application-Based Authentication is now the recommended standard for Entra Connect (formerly Azure AD Connect). And the best part? Switching is dead simple. Most of the time, it’s literally just next – next – done if you use the Managed by Microsoft Entra Connect (recommended). 💡Why Switch? 🛠️ How It Works When
-
TechConference Vienna Recap: Attack & Defense with Microsoft Entra
Last week, my colleague Jürgen and I had the pleasure of hosting a hands-on workshop at the TechConference in Vienna. The topic? One that’s increasingly critical in today’s hybrid identity landscape: Attack & Defense with Microsoft Entra. 🎯 Understanding the Threat Landscape We kicked things off by diving into real-world attack patterns targeting identity infrastructures. From
-
Enabling SSO to On-Prem Resources for Entra-Only Devices Using Cloud Kerberos Trust
In modern environments where devices are joined only to Microsoft Entra ID, enabling seamless access to on-premises resources like file shares or legacy applications can be a challenge. This blog post walks through how to configure Cloud Kerberos Trust to enable Single Sign-On (SSO) for Entra-only joined devices—without requiring a hybrid join or certificate-based trust. 🧰 Prerequisites 🖥️ Step
-
Register Devices to Windows Autopilot – The Easy Way
Manually registering devices for Windows Autopilot via CSV upload can be a hassle – especially during on-site deployments or when dealing with just a handful of machines. This PowerShell script simplifies the process by uploading Autopilot info directly to Intune via Microsoft Graph. ✅ What the script does 💡Why use it? Perfect for small environments,
-
Using Intune Remediations to Manage Windows 11 Taskbar Alignment
In this post, I’ll walk through a real-world example: enforcing the taskbar alignment on Windows 11 devices. While seemingly minor, consistent UI configurations can help standardize user experiences across the enterprise – especially in environments with strict UX or branding guidelines. We’ll use a detection script to check alignment, and a remediation script to set