Blocking dm.microsoft.com at the proxy level stops the Device Inventory and EPM agents from installing. This blog explains why
How a Proxy Misconfiguration Broke the Device Inventory Agent
Blocking dm.microsoft.com at the proxy level stops the Device Inventory and EPM agents from installing. This blog explains why
Windows 11 24H2: AppLocker script enforcement broken
Windows 11 24H2 introduces a change that prevents AppLocker Script Rules from enforcing Constrained Language Mode in PowerShell. This blog explains what changed, and why it matters!

Intune Devices Locking After Inactivity? Here’s What’s Really Causing It
Devices locking after a minute, but no timeout set in Intune? It’s not a bug — it’s your compliance policy. The “inactivity before password is required” setting triggers EAS, which enforces a lock via DeviceLock CSP. Even without a config profile, the policy applies silently.

Autopilot and Motherboard Replacements: Why a Deregistration procedure Matters
This blog explains what can go wrong when there’s no proper Autopilot deregistration or offboarding process in place, and how something as simple as a motherboard replacement can lead to enrollment failures, tenant conflicts, and even serious security risks if the device ends up in the wrong hands

Windows Autopilot Pre-Provisioning Bypasses Enrollment Restrictions?
This blog explores why Intune Platform enrollment restrictions don’t always block outdated Windows versions, when you configured an additional policy

Quick Machine Recovery: Cloud Based Remediation
This blog is about a new kind of silent recovery built into Windows. It’s not about safe mode or startup repair but something more powerful! Something that can quietly bring your devices back when they no longer can boot to Windows. We’re diving into Quick Machine Recovery.
The Case of the Disappearing Web Sign-in After Autopilot Pre-provisioning
This blog will show you a strange issue we encountered after deploying a pre-provisioned Windows 11 device using Autopilot. The user signed in using a Temporary Access Pass with Web Sign-in. After getting logged out unexpectedly, the option to use Web Sign-in (TAP) simply wasn’t there anymore.
Delivery Optimization and Autopilot: A Troubleshooting Journey
This blog will focus on how one simple Delivery Optimization Policy in Intune could mess up all of your Autopilot and Autopilot (AP-DP) enrollments.
Autopilot Device Preparation: The Standard User Fix
This blog covers how Microsoft implemented a fix in the Intune Management Extension (IME) to address the standard user bug in Autopilot Device Preparation (AP-DP)
View Full SCUP Catalog