Troubleshooting unexpected reboots when using Windows Autopilot can be challenging for sure. This post is a quick tip around how the Event ID 2800 in the DeviceManagement-Enterprise-Diagnostics-Provider should be used. During our session on troubleshooting the modern managed device at MMS in Minneapolis we got this question a couple of times, this post will explain…
New settings in Intune Security Baseline Windows 11 24H2 -2504
In service release 2504 of Intune new settings is added to the Windows 11 24H2 Security Baseline. However, they are not released as a new version of the baseline but added when you either create a new policy or edit an existing policy. In this post we will look at the experience upgrading and adding…
Managing extensions in Visual Studio Code
Managing extensions in Visual Studio code is supported since version 1.96 (November 2024) and is a very welcome addition. We can block extensions, allow extensions or control exactly which version of an extension that is allowed and more. ADMX/ADML files are now included in the setup files for Visual Studio code.I will not use them…
Reinstall a required Win32app using remediation on demand
Remediations on demand is one of the coolest thing when it comes to troubleshooting a zero-trust modern managed device. We can run them instantly on demand to clients. It triggers fast and you get the status in the Intune Portal in minutes, the output from the script can take some time though.We also need to…
Administrator protection in Windows 11 – First look
Administrator Protection in Windows 11 was announced at Ignite a couple of weeks ago which adds a well needed more secure option than UAC to protect our accounts with Local Administrator permissions. Administrator Protection reminds a bit on how Microsoft Endpoint Privilege Management works with a separate virtual account. Instead of the traditional UAC elevation…
Remediation on demand script – ResetWindowsUpdate
Remediations on demand is an extremely powerful tool for managing our Intune managed devices. One of the biggest differences compared to how we managed Windows Devices on premises was that we could always connect to them using WinRm for example and solve problems.In the Zero-trust world there is no such possibility, many are working from…
Customizing Taskbar and Start in Windows 11 23h2 with PowerShell
Updated script (about time! many requests and comments) that customizes the Taskbar by adding removal of the copilot icon on the Taskbar and fixing removal of search which I got a lot of comments about that it stopped working. The original article can be found here: https://ccmexec.com/2022/10/customizing-taskbar-and-start-in-windows-11-22h2-with-powershell/ Search is also fixed but had to be…
Copilot in Edge Sidebar and access to current webpage
This has been a discussion point for a couple of weeks now at least in Sweden and EU and it is time to write a short post on the topic. I see many organizations disabling both Copilot and the Edge Sidebar which can be used to access Copilot. Which is always sad in some perspective…