Microsoft Intune Endpoint Privilege Management has been around for a couple of years now and address the challenge of removing local administrative privileges for users without interrupting productivity.In December 2025 Microsoft announced that they will add Microsoft Intune Endpoint Privilege Management to the Microsoft 365 E5 license during the summer in 2026! This is great…
Category: Configuration Manager
Tip when troubleshooting unexpected reboots during Autopilot – event ID 2800
Troubleshooting unexpected reboots when using Windows Autopilot can be challenging for sure. This post is a quick tip around how the Event ID 2800 in the DeviceManagement-Enterprise-Diagnostics-Provider should be used. During our session on troubleshooting the modern managed device at MMS in Minneapolis we got this question a couple of times, this post will explain…
Administrator protection in Windows 11 – First look
Administrator Protection in Windows 11 was announced at Ignite a couple of weeks ago which adds a well needed more secure option than UAC to protect our accounts with Local Administrator permissions. Administrator Protection reminds a bit on how Microsoft Endpoint Privilege Management works with a separate virtual account. Instead of the traditional UAC elevation…
Install New Teams client with PowerShell with or without content
The new Teams client is now a MSIX that we need to deploy. We have a tool for this called teamsbootstrapper.exe which gets new features all the time. The official Microsoft documentation can be found here Bulk deploy the new Microsoft Teams desktop client – Microsoft Teams | Microsoft Learn Teamsbootstrapper.exe support both online and…
PS Script to Update Boot images with CU-CVE-2023-24932
This will be a short post on how to update WinPE boot images with a Cumulative Update as we need to do that now with the release of May 2023 Cumulative Update to address CVE-2023-24932. Spent all day with colleagues to try to test what happens to OS deployment (and AutoPilot) when deploying the mitigation…
Remove built-in apps in Windows 11 22H2 during OSD
I have updated the script I use to uninstall built in apps in Windows 10 and Windows 11. Windows 11 22H2 has some changes when it comes to removing built-in apps. Is uninstalling built-in apps still a thing, yes it is. Teams Personal is one example of a similar app to Teams that causes unnecessary…
Installing updates during OSD using PSWindowsUpdate
When we move workloads to Intune in our Co-Management scenarios we lose some features we have been using and need to go back to basic. In this short post we will install updates during OSD using the PSWindowsUpdate module which is great. When we moved the Windows Update workload and uninstalled WSUS we need another…
Logging the Co-management and Defender onboarding process during OSD
When starting to move workloads to Intune of the first workload to move is Compliance and Endpoint Protection. When moving the Endpoint protection workload the following configurations are moved to Intune instead of MEMCM: Windows Defender Antimalware Windows Defender Application Guard Windows Defender Firewall Windows Defender SmartScreen Windows Encryption Windows Defender Exploit Guard Windows Defender…