Blog

Intune 28 June 2026

Microsoft Intune: Win32 vs. Store App Deployment — Complete Guide

Win32 or Store? Complete breakdown of both Intune app deployment methods — packaging, IME internals, detection rules, Autopilot ingestion order, and PowerShell scripts for every scenario.

Autopilot 28 June 2026

Windows Autopilot: Complete Device Lifecycle Management Guide

Zero-touch provisioning from factory to fully managed desktop. Complete guide to Autopilot deployment modes, ESP configuration, hardware hash harvesting, profile assignment, and troubleshooting the 5 most common failures.

Microsoft 365 27 June 2026

Agent 365 Now Requires M365 E5 — Licensing Impact and Your Options

From June 1 2026, new Agent 365 purchases require M365 E5. Existing customers are grandfathered, but E3 organisations wanting new deployments must upgrade. Full breakdown of what E5 adds, the cost comparison, and your three options.

Intune 27 June 2026

Security Copilot for Intune — 4 AI Agents Deep Dive (Policy, Change, Offboarding, Vuln)

Microsoft Security Copilot now has four dedicated Intune agents: Policy Configuration, Change Review, Device Offboarding, and Vulnerability Remediation. E5 tenants get free SCU capacity through June 30. Complete technical guide with PowerShell scripts.

Copilot 27 June 2026

Copilot Cowork Is Now GA — Metered Billing, Spending Limits & IT Governance

Copilot Cowork went GA on June 16 2026 with usage-based billing — enterprises now pay per task on top of M365 Copilot licences. Off by default. This guide covers spending limits, compliance controls, and how to enable it safely for your organisation.

Copilot 27 June 2026

Microsoft Scout — The Always-On Autopilot Agent for M365 (Build 2026)

Announced at Build 2026, Microsoft Scout is Microsoft's first always-on Autopilot agent — it runs in the background under its own Entra identity, monitoring Teams, Outlook, and SharePoint and taking action without prompting. IT governance guide for endpoint admins.

Microsoft 365 27 June 2026

Microsoft 365 Copilot Auto-Install Block Guide — IT Admin Opt-Out (June–July 2026)

Microsoft is pushing the M365 Copilot app to all enterprise Windows devices June 15–July 20, even without a Copilot licence. Act before your channel window closes — here are the three methods to block it and the PowerShell to remove it if it already installed.

Windows 27 June 2026

Windows Hello for Business Provisioning Failure — Complete Fix

WHfB provisioning prompt never appears, or disappears silently? Event IDs 360, 362, and 363 in User Device Registration log tell you exactly why. This guide covers every cause — TPM lockout, missing PRT, policy conflicts — and the fix for each.

Entra ID 27 June 2026

PRT Not Working + Local Admin Missing on Entra Joined Device

Primary Refresh Token broken means no SSO to Microsoft 365. Local admin not applying means the Entra role claim hasn't refreshed. Both fixed with dsregcmd /refreshprt and a full sign-out — here's the complete guide.

Entra ID 27 June 2026

Entra Hybrid Join Stuck in Pending State — Complete Fix Guide

Devices stuck in Pending in the Entra portal won't receive Intune policies. This guide covers every root cause — stale certs, OU moves, AD sync gaps — with dsregcmd commands and a bulk GPO fix script.

Intune 27 June 2026

Intune Enrollment Error Codes: Complete Troubleshooting Guide

Intune enrollment failing with a hex error code? This complete reference covers every common enrollment error — 0x80180026, 0x80070774, 80180018, 801c0003, 0x80090016 — with the exact cause and fix for each.

Intune 27 June 2026

Intune and Apple WWDC 2026 — What IT Admins Need to Know

Apple WWDC 2026 brought major changes to MDM management — new declarative device management APIs, iOS 26 supervised mode changes, and macOS 26 privacy controls that affect Intune enrollment. Full breakdown for IT admins.

Windows 27 June 2026

KB5094126 Sign-in Failure Fix — Windows 11 24H2

KB5094126 is causing sign-in failures on some Windows 11 24H2 devices after installation. This post covers the symptoms, affected configurations, and both the official Microsoft workaround and the permanent fix.

Entra ID 27 June 2026

Entra Conditional Access: WHfB Enforcement Deadline July 2026

Microsoft's July 2026 deadline for phishing-resistant MFA enforcement is approaching. Here's what Conditional Access changes you need to make now to avoid access disruptions when the WHfB enforcement goes live.

Intune 27 June 2026

What's New in Microsoft Intune — June 2026

Microsoft Intune June 2026 release — new Autopilot device preparation updates, Copilot integration in Intune admin centre, and the latest policy improvements for Windows, iOS, and Android.

Intune 27 June 2026

Top 10 Intune PowerShell Commands Every Admin Should Know

These 10 Microsoft Graph PowerShell commands are the foundation every IT admin and EUC engineer needs before moving to advanced Intune automation — covering device inventory, compliance reporting, remote actions, and bulk cleanup.

Scripts 27 June 2026

Export and Filter Group Policy Objects to CSV with PowerShell

A simple PowerShell script that lets you search your entire GPO estate by keyword and export the results to CSV — no manual browsing in GPMC required.

Autopilot 27 June 2026

Windows Autopilot Enrollment Failures: A Structured Troubleshooting Guide

A step-by-step guide for troubleshooting Windows Autopilot enrollment failures — covering hardware hash, profile assignment, network requirements, logs, and common error codes.

Windows 26 June 2026

Windows Update Stuck? The Complete Fix Guide (Every Verified Method)

Windows Update stuck at 0%, failing with an error code, or frozen at boot? This complete guide covers every verified fix — from the built-in troubleshooter and DISM/SFC repairs to the full component reset script — with real command outputs and community-validated methods used by thousands of IT professionals.

Security 26 June 2026

Autopatch Is Alerting on Expiring Secure Boot Certificates — Here's What to Do

Windows Autopatch has added a new alert: 'Secure Boot — certificate update required'. Devices using the older Microsoft Secure Boot certificates are flagged because those certificates expire in 2026. Here is what the alert means, which devices are affected, and how to get them onto the 2023 UEFI certificates.

Technical Guide 26 June 2026

Hotpatch for Windows 11 — June and July Are Baseline Months. Here's the Full 2026 Schedule

If your Windows 11 devices didn't hotpatch in June — that's expected. June 2026 is a baseline month, which means a full cumulative update and a restart. So is July. Hotpatch doesn't resume until August. Here is the complete 2026 schedule, what prerequisites you need, and what to check if your devices aren't hotpatching when they should be.

Intune 26 June 2026

Windows Autopilot Device Preparation Roadmap: What Is Coming and When to Migrate

Pre-provisioning and self-deploying modes are planned for Autopilot Device Preparation but not yet available. Both classic Autopilot and Device Preparation run in parallel — no forced migration.

Intune 26 June 2026

Autopilot Device Preparation: App Limit Now 25, Managed Installer Fixed, Enterprise App Catalog Added

Three key improvements: app limit raised to 25, managed installer fix (April 2026), Enterprise App Catalog support from Intune 2506.

Windows 26 June 2026

Windows Autopilot Now Installs Monthly Security Updates During OOBE — What IT Admins Must Check

From January 2026, devices going through Windows Autopilot automatically receive the latest monthly security update during OOBE. Adds 20-40 min to provisioning.

Intune 26 June 2026

Windows Autopilot Device Preparation + Windows 365: Now Generally Available

From May 11 2026, Autopilot Device Preparation GA for Windows 365 Enterprise, Flex Dedicated, Flex Shared, and Cloud Apps.

AI 26 June 2026

Copilot Notebooks Now Available to Copilot Chat Users: What Is New in June 2026

Microsoft is expanding Copilot Notebooks to Copilot Chat users for the first time, rolling out in June 2026. Chat users get access via OneNote on web with standard sources and mind maps. At the same time, M365 Copilot users gain Teams meetings as a knowledge source, an Excel agent that generates spreadsheets from notebook content, auto-generated infographics, and a redesigned UI.

AI 26 June 2026

Microsoft Agent 365: The IT Admin Guide to Governing AI Agents Across Your Organisation

Microsoft Agent 365 is generally available as of May 1, 2026 — a purpose-built control plane for observing, governing, and securing every AI agent in your organisation. GA brings the Agent Registry backed by Entra Agent IDs, Registry Sync with AWS, Google Cloud, Salesforce and Databricks, a Shadow AI page for local endpoint agents, and deployment controls for approved agents. Here's what IT admins need to know.

Windows 26 June 2026

Windows 365 Developer Image: A Pre-Configured Cloud PC for Dev Teams (Build 2026)

Microsoft announced a Windows 11 developer configuration image for Windows 365 at Build 2026, now in public preview. It comes pre-installed with VS Code, Git, GitHub CLI, Python, Node.js, and WSL with Ubuntu. Here's what IT admins need to know about availability, requirements, and preview limitations.

AI 26 June 2026

Claude Opus 4.8 Is Now Inside Microsoft 365 Copilot: What IT Admins Need to Know

Anthropic Claude Opus 4.8 is now available directly inside Microsoft 365 Copilot alongside OpenAI GPT models. Users can choose their model, run side-by-side comparisons with Model Council, or let Auto mode pick the best option. Here is what IT admins need to know about EU Data Boundary restrictions, government cloud limitations, and how to brief your users.

Security 26 June 2026

Microsoft Purview DLP Now Scans Copilot Prompts in Real Time: How to Turn It On

Microsoft Purview DLP can now block Copilot from processing prompts that contain sensitive data — credit card numbers, national IDs, or custom sensitive information types your organisation defines. A default policy already exists in your tenant, but it is in simulation mode and not blocking anything yet.

Licensing 26 June 2026

Microsoft 365 Copilot SMB Pricing Changes July 1, 2026: What You Need to Know Before the Deadline

From July 1, Microsoft 365 Business Standard with Copilot and Business Premium with Copilot become permanent SKUs with updated list prices. If you manage licensing for a business under 300 seats, here is exactly what changes, what promos are still running, and whether to buy before June 30.

Security 26 June 2026

Entra ID SSPR Change: Unregistered Phone Numbers Stop Working September 7, 2026

From September 7 2026, Microsoft Entra self-service password reset will only accept methods users have explicitly registered. Directory-sourced phone numbers and emails that were never formally registered will stop working. Here is what to audit and fix before the deadline.

Security 26 June 2026

Microsoft Entra Custom Controls Are Being Retired: How to Migrate to External MFA Before September 2026

Custom Controls in Microsoft Entra Conditional Access stop accepting changes in September 2026 and reach end of life in May 2027. If you use Duo, Okta, or any third-party MFA provider through Custom Controls, here is your step-by-step migration guide to External MFA before the deadline.

Security 26 June 2026

Windows 11 June 2026 Security Alert: Secure Boot Certificate Update and BitLocker Bypass Fix

KB5094126 delivers two urgent security items: automatic migration from expiring 2011 Secure Boot certificates to 2023 certs, and a patch for CVE-2026-45585 — a BitLocker bypass that allows physical attackers to decrypt protected drives via the Windows Recovery Environment.

Windows 26 June 2026

Get Ready for Windows 11 26H2: What IT Teams Need to Do Now

Windows 11 version 26H2 is confirmed for Fall 2026 and is already in the Experimental Insider channel. Here is everything enterprise IT teams need to know to start testing and plan their rollout — including the critical 26H1 device upgrade dead-end.

Security 26 June 2026

The Windows 11 25H2 Security Baseline Is in Intune — Here Is What Changed and How to Migrate

The Windows 11 25H2 security baseline is now in Intune. Your existing profiles will not auto-update. Here is what changed, how to handle the IE11 COM known issue, and how to migrate cleanly.

Windows Update 26 June 2026

Windows Autopatch Just Turned Hotpatch On By Default — Act Before It Hits Your Estate

From May 2026, hotpatch updates are enabled by default for all eligible devices in Windows Autopatch. No restart required for most months — but if your estate is not ready, you need to opt out now.

Licensing 26 June 2026

Intune Suite Is Now Included in M365 E3 and E5 — What Changes on July 1

From July 1 2026, Endpoint Privilege Management, Enterprise App Management, and Cloud PKI land in M365 E5 at no extra cost. M365 E3 gets Advanced Analytics, Remote Help, and Tunnel for MAM. No action needed — tenants are auto-provisioned.

AI 26 June 2026

ChatGPT Is Now Inside Microsoft Teams — What Every IT Admin Needs to Know

OpenAI has shipped admin-managed Teams sync for ChatGPT Enterprise. One Entra admin consent and ChatGPT can index your entire organisation Teams content. Here is what IT admins need to know before enabling it.

Scripts 26 June 2026

Get the Primary User and Last Sync Time for Any Intune Device — Bulk via PowerShell

You export a list of devices and all you get is hostnames. This script feeds that CSV into Microsoft Graph and gives you back the primary user, last sync time, and device status for every device in one run.

Security 26 June 2026

Microsoft Defender EDR Updates Now Ship via Microsoft Update — What Changes for Endpoint Admins

Microsoft now distributes Defender for Endpoint EDR component updates through Microsoft Update independently of the monthly Windows OS rollup. If you rely on manual deployment packages, you need to add the new Defender update package to your update process now.

Security 26 June 2026

Microsoft Defender Can Now Automatically Isolate Compromised Endpoints — Here's How It Works

Microsoft Defender for Endpoint now has a preview capability that automatically severs a compromised device from your corporate network the moment suspicious activity is detected — while keeping a secure channel open so your security team can still investigate remotely.

Security 26 June 2026

Defender Now Discovers and Protects Local AI Agents on Windows Endpoints

A new preview capability in Microsoft Defender for Endpoint automatically discovers local AI agents running on onboarded Windows devices — coding agents, IDE extensions like GitHub Copilot, desktop AI assistants — and provides runtime protection that can block prompt injection before it executes.

Security 26 June 2026

CVE-2026-41091: Microsoft Defender Elevation of Privilege Vulnerability Exploited in the Wild — Patch Now

CVE-2026-41091 is a CVSS 7.8 elevation of privilege vulnerability in Microsoft Defender that has already been exploited in the wild. Fixed in June 2026 Patch Tuesday alongside two additional Defender CVEs. Check your Defender engine version now — it should be 1.1.26050.11 or later.

Technical Guide 25 June 2026

Silently Fix a Missing Primary Refresh Token with Intune Proactive Remediations

No PRT means no passwordless. The device looks healthy in Intune, compliance shows green, but WHfB provisioning silently fails. Here is the 6-step automated remediation that detects and fixes it without touching a healthy device.

AI Engineering 25 June 2026

AI Loops: What the Best Engineers Are Actually Building Right Now

Most people still use AI the slowest way — one prompt, one answer, repeat by hand. The engineers pulling ahead are building loops. Here is what a loop actually is, how it works, when to build one, and two copy-paste templates you can run in Claude or ChatGPT right now.

Technical Guide 25 June 2026

Silently Fix Broken Windows Hello for Business with Intune Proactive Remediations

NgcSet = NO on a device that looks perfectly healthy is one of the most common WHfB failure patterns. Here is the two-script Intune Proactive Remediation that detects and silently fixes it — without touching a healthy device.

Community Recap 24 June 2026

10 Key Takeaways from Microsoft's Windows Autopilot AMA

Microsoft's product team hosted a live AMA on Windows Autopilot deployment — Maggie D'Acuba (Product Manager, Windows Autopilot) and Perla Morales answered real questions from IT admins. Here are the 10 things that stood out.

Story 20 June 2026

Why I Started EndpointWeekly

Every Friday I found myself manually searching through dozens of blogs, social feeds and Microsoft docs just to stay current. I built EndpointWeekly to fix that — for myself, and for every engineer who feels the same.

Tips 10 June 2026

5 Intune Tips Every Admin Should Know in 2026

After years of managing Intune environments, these are the five settings, workflows and techniques that consistently save time and prevent headaches.

Technical Guide 11 May 2026

Automating Windows Hello for Business Enrollment with PowerShell and Intune

Devices can be Azure AD joined with a valid PRT and still have Windows Hello completely unprovisioned. Here's how I built a three-script solution to detect, remediate and automate the entire enrollment flow — silently, in user context, via Intune.