It’s well known that Microsoft Entra ID supports a maximum of 200 BitLocker recovery keys per device. Once this limit is reached, new recovery keys cannot be escrowed to Entra. Silent encryption will fail if the BitLocker policy enforces key escrow before...
In this blog, we’ll explore the new Quality updates introduced in the out-of-box experience (OOBE), also known as the Windows Update Experience (NDUP), in the latest Windows build. With these enhancements, once a device finishes the Windows Autopilot Device...
Understanding Windows Update Registry Settings This article aims to help readers better understand where devices are pulling their Windows updates from based on the Windows Update registry settings on the local device. We will cover some of the various states the...
Have you ever wondered how Intune’s Collect Diagnostics feature gathers logs from managed devices? In this deep dive, we break down the entire process, from Graph API requests to CSP execution, and uncover why the expected WNS push notification wasn’t being sent,...
Introduction Managing Windows Feature Updates via Intune and Windows Update for Business (WUfB) should be straightforward….at least, in theory. We configured a Feature Updates Policy to ensure all existing (not newly enrolled) Windows 11 23H2 devices were going...
Introduction In our last Patch Tuesday blog, we discussed TPM attestation failures that are happening on Windows 11 24H2, specifically during the Endorsement Key (EK) Verify phase. This caused Windows Autopilot for Pre-Deployments enrollments to fail. To dig deeper, I...