First new post in a while...

christopherkibble.com/post/amd-rad...

Four years running now, still managing to keep my lab root CA alive! I think the VM has been moved 3 or 4 times at this point, but I still keep managing to publish a new CRL! #PKI #ADCS

Secure Boot, Certificates and BlackLotus – mAnimA.de Microsoft wants you to update your Secure Boot certificates as soon as possible. Join me as I explain the situation and take action now!

What do #Certificates, #SecureBoot, and #BlackLotus have in common? Read my new blog post for more context on what's actually happening and why you need to do more than just flip a few settings in the long run. Enjoy reading!

manima.de/2026/01/secu...

It really grinds me gears when Teams meeting organizers do not force end meetings when they are over, and people that walked away or fell asleep stay stuck in the meeting for hours, leaving the camera icon there saying there's an active meeting.

Advent-of-Code/2025/01 at main · ajf8729/Advent-of-Code Advent of Code. Contribute to ajf8729/Advent-of-Code development by creating an account on GitHub.

I've completed "Secret Entrance" - Day 1 - Advent of Code 2025 #AdventOfCode adventofcode.com/2025/day/1 github.com/ajf8729/Adve...

There's a new boot image option available in #ConfigMgr 2509! #BlackLotus

Why is it every time I hear/see things like "Delivery Optimization broke our network", the "solution" always seems to be "so we blocked DO [in all the incorrect ways]" instead of "we finally decided to upgrade our ancient network infrastructure"?

RIP Windows 10 tomorrow, can still remember running the initial insider builds!

Woohoo, #Autopatch can use a Win32 app instead of a platform script for the broker now! Go to intune.microsoft.com#view/Microso... and hit that Migrate button right meow! In case you missed the MC notification about this, it's here admin.cloud.microsoft#/MessageCent... #Intune

TIL that you need DA to view RODC password replication policy results (was testing/verifying for AzureADKerberos). @josephryanries.bsky.social maybe you know why, seems odd, thought that would fall under typical RO directory data for domain users.

Reminder! - "The option to move back to Compatibility mode will remain until September 2025. After this date, the StrongCertificateBindingEnforcement registry key will no longer be supported" - support.microsoft.com/en-us/topic/... #ADCS #InfoSec

GitHub - MHimken/IntuneNetworkRequirements: This tool provides a way to verify Intune network requirements automatically This tool provides a way to verify Intune network requirements automatically - MHimken/IntuneNetworkRequirements

#INR aka #Intune Network Requirements script just got an update and a new home. Update your bookmarks! Also, new ASAs added:

* Microsoft Defender for Endpoint
* Visual Studio

github.com/MHimken/Intu...

#MVPBuzz

Email is Easy Everyone knows what an email address is, right?

I scored 11/21 on e-mail.wtf and all I got was this lousy text to share on social media.

It might just load it into memory, which is what I would imagine happens when passing a UNC path.

Not quite sure, don't see it in C:\Windows\Temp, and can't tell from a quick procmon glance.

TIL you can pass an HTTP(S) URL directly to msiexec.exe and it will totally work. I had no idea!

Windows message center Windows message center

ICYMI - #PowerShell 2.0 removal coming soon! learn.microsoft.com/en-us/window... - "Windows PowerShell 2.0 is removed from Windows 11, version 24H2 starting with the August 2025 non-security update. It’s also removed from Windows Server 2025 starting with the September 2025 security update."

.NET August 2025 Update - .NET 8.0.19 and .NET 9.0.8 · Issue #10017 · dotnet/core .NET August 2025 Update Release Notes 9.0.8 8.0.19 Note: The .NET July updates were moved up from the normal 2nd Tuesday release day to match Visual Studio update 17.14.11. Status Asset Type 9.0.8 ...

Seems the 2025-08 .NET 8/9 updates were released a week early this month, in case you're already seeing the 2025-07 updates superseded in #ConfigMgr github.com/dotnet/core/...

Folks, bookmark this 👇

Did you know I curate a list of all the awesome Entra related links all in one place?

Here's a quick peak into this list

I ended up writing a post about the new feature to change group SOA from AD to #Entra. Big big thanks to @intune.best for all of the assistance he provided and initial testing he did in #WinAdmins Discord voice yesterday!

ajf.one/group-soa

Aye, this new #Entra feature is pretty neat once you work out the missing bits! After you set isCloudManaged=true, add the group to the Cloud Sync Entra->AD config, trigger provisioning, and watch the group get relocated/renamed! SOA reversal with the SID maintained! See before and after images:

Internet-facing File Servers, with a dash of Entra Authentication! Now that the the “Azure AD based Windows Login” extension is available (docs here), a Windows server running in Azure or that is Arc-enabled can now be signed into via Entra ID. When I …

Internet-facing file servers, using SMB over QUIC, and secured using Entra authentication! This turned out to be really easy to get up and running. ajf.one/entrafs #Entra #EntraID

Sign in to a Windows virtual machine in Azure by using Microsoft Entra ID - Microsoft Entra ID Learn how to sign in to an Azure VM that's running Windows by using Microsoft Entra authentication.

You can now sign into Server 2025 via Entra ID and gain MFA/RBAC/CA if the VM is in Azure or is Arc enabled! learn.microsoft.com/en-us/entra/...

Creating Custom Intune Reports with Microsoft Graph API | Microsoft Community Hub   Systems administrators often need to be able to report on data that is not available in the native reports in the Intune console. In many cases this...

It has been almost 3 years since my last blog post, but I am excited to share my first Microsoft Tech Community post!

Want deeper Intune reporting? I walk through building a Windows 365 dashboard using Power BI + Log Analytics.

Check it out!
#Intune #Windows365 #TechCommunity

If you were to trust their root CA as instructed, anything it issues would be inherently trusted by your device.

This is actually hilarious and no, you shouldn't blindly trust some root CA like this. This defeats the purpose of how PKI works. Public CAs are heavily regulated in terms of auditing and security.

Notepad++'s code signing cert expired, couldn't get a new one under the "Notepad++" name, so instead of getting one under their name (what the WinSCP developer does), they instead created their own root CA, issued a code signing cert, and want you to trust it notepad-plus-plus.org/news/v883-se...

And it's a super easy setup/upgrade, go do it now! #Entra

Converting Registry Based SCCM Configuration Items to Intune Remediation Scripts Script walkthrough on converting SCCM Configuration Items to Intune Remediation Scripts.

Happy Memorial Day Weekend Everyone! Indy 500 tomorrow, Game 3 between the Pacers and Knicks. What better way to celebrate the weekend than a new post about converting SCCM Configuration Items to Intune Remediation Scripts?

joeloveless.com/2025/05/conf...

#sccm #intune #mecm #powershell

GitHub - ajf8729/BlackLotus: BlackLotus aka CVE-2023-24932 Detection/Remediation Scripts for Intune, ConfigMgr, and generic use BlackLotus aka CVE-2023-24932 Detection/Remediation Scripts for Intune, ConfigMgr, and generic use - ajf8729/BlackLotus

Straight to the code: github.com/ajf8729/Blac...