This will be a short post on how to update WinPE boot images with a Cumulative Update as we need to do that now with the release of May 2023 Cumulative Update to address CVE-2023-24932. Spent all day with colleagues to try to test what happens to OS deployment (and AutoPilot) when deploying the mitigation…
Category: Windows 10
Windows MDM Security Baseline – Settings Catalog
Important Update! I published a new export to solve import issues but that export missed the following so if you download that export update it with the following changes to match the Security Baseline: I wrote a post a couple of weeks ago with the Microsoft Edge Security Baseline policy re-created in Settings catalog. I…
Configuring Desktop App Installer using CSP and script?!
Desktop App installer a.k.a. Windows Package Manager and Winget is a powerful addition to the Windows platform. It is also something that we all need to learn and configure according to our organization’s requirements, compliance requirements and security. The “New” Store support in Intune makes this a bit trickier as well as we must allow…
Troubleshooting Windows 10/11 Enterprise subscription is not valid
Wrote a blog post on how to Troubleshoot Windows 10/11 Subscription based activation over at 4Sysops. The issue we saw show up as Windows 10 Enterprise subscription is not valid as shown below. It turns out the If there is more than one Azure AD account added under “Access work or School”, they will fail…
Upgrade from Windows 10 to Windows 11 with Setupconfig.ini and Intune
Me and Fellow MVP Ronni Pedersen have been presenting on Windows Servicing on a number of events the last couple of months! One of the things we cover is how to use Setupconfig.ini together with Intune when doing Windows Servicing. After testing it out when doing an upgrade from Windows 10 to Windows 11 using…
Script to make the user which enrolled in AAD a local admin.
When we use AutoPilot with Windows 10 and Intune one of the great benefits is that we can make the enrolling user a standard user and not local admin per default. In some case we of course need to make the users who enrolled the PC a local admin, perhaps after ordering it from a…
Windows Servicing in the work from anywhere era using IPUInstaller
During the Nordic Virtual Summit me and Ronni Pedersen did a session on “Windows Servicing in the work from anywhere era”, great event, great fun! Nordic Virtual Summit – A virtual IT Pro Community Event! During that session we demoed a new community tool or actually two community tools from my colleague Johan Schrewelius. DeploymentScheduler…
MEM, Windows 10 Personal device and Sync issues
In a project lately we use Windows 10 Personal devices that enroll into Intune. Works great, but…. When we configured Conditional Access even if the device is compliant it still blocks access since more Work accounts are configured on the device. On the personal device in this scenario a personal Microsoft Account is used to…