intune

Microsoft’s 2011 Secure Boot certificate family begins expiring in June 2026, and the most consequential deadline is the Microsoft Corporation KEK CA 2011, whose replacement determines whether affected Windows devices can keep receiving future Secure Boot database and revocation updates. The...

Microsoft has added a Secure Boot status report to Windows Autopatch in the Intune admin center to help organizations identify Windows devices that have not received the 2023 UEFI Secure Boot certificates before legacy 2011 certificates begin expiring in June 2026. The move is less a cosmetic...

Microsoft has added a Windows 11 policy called “Remove Microsoft Copilot app” that lets administrators uninstall the consumer Copilot app through Group Policy, MDM policy, or an equivalent Registry value on supported editions including Pro, Enterprise, Education, and IoT Enterprise/LTSC. The...

Microsoft has expanded Windows 11’s RemoveDefaultMicrosoftStorePackages policy for Enterprise and Education devices on versions 24H2 and 25H2, letting IT administrators remove preinstalled MSIX and APPX apps by listing package family names, with broad rollout tied to the April 2026 preview...

Microsoft is making a clearer case than ever that Intune is no longer just an endpoint admin console; it is becoming the center of gravity for how organizations shape Windows Update behavior. That message matters because Microsoft is simultaneously changing the defaults around Windows servicing...

Microsoft has quietly pushed an out‑of‑band hotpatch—KB5084897—to hotpatch‑enabled Windows devices on March 16, 2026, to correct a persistent Bluetooth UI and pairing problem that caused connected devices to disappear from the Bluetooth & devices page and Quick Settings, and in some cases...

Microsoft quietly shifted the default for managed Windows updates on Patch Tuesday: beginning with the May 2026 security update, Hotpatch (no‑restart) updates will be enabled by default for eligible devices managed via Windows Autopatch through Microsoft Intune and the Microsoft Graph API, with...

Microsoft’s published guidance for enabling Secure Boot certificate updates via Microsoft Intune is both timely and operationally important: Intune administrators can now use the Settings catalog to push the Enable Secure Boot Certificate Updates control and then scope that deployment to...

Microsoft is flipping a default switch in Windows Autopatch that will make hotpatch security updates the standard behavior for eligible devices — a change that promises dramatically faster compliance but also requires IT teams to make explicit readiness decisions before the May 2026 security...

Microsoft’s “first sign‑in restore” joins Windows Backup for Organizations, giving IT teams a practical second chance to rehydrate users’ Windows settings, Start menu pins, and Microsoft Store app lists when a new or reimaged device reaches the desktop for the first time. Announced in...

Microsoft is rolling out automatic local backups for OneNote on iOS devices starting in mid‑March 2026, a change designed to give mobile-first users a self‑service recovery option that mirrors the desktop backup experience and to reduce dependency on IT for basic notebook restores. Background...

Microsoft and Ericsson have launched a coordinated push to make 5G a first-class, manageable connectivity option for enterprise Windows PCs—embedding AI‑driven 5G controls into Windows 11 and tying those controls into Microsoft Intune and Ericsson’s Enterprise 5G Connect to give IT teams...

Microsoft and Ericsson’s new deal folds AI‑driven 5G connectivity directly into Windows 11, promising to make cellular the sensible default for many enterprise laptops and to turn Wi‑Fi into the fallback for scenarios where a local access point is the only option. Background On February 17...

Microsoft and Ericsson have moved the “always‑connected PC” from pilot projects into the OS layer: Windows 11 now includes enterprise-grade 5G management that ties Microsoft Intune to Ericsson’s cloud-native Enterprise 5G Connect, enabling remote eSIM provisioning, policy-driven network...

Microsoft and Ericsson have stitched enterprise-grade 5G control directly into Windows 11, promising IT teams a way to deploy, secure, and optimize always‑connected laptops at scale—complete with automated eSIM switching, Intune integration, and a local AI agent that dynamically steers...

Ericsson and Microsoft have announced a joint integration that embeds advanced 5G management capabilities into Windows 11, promising enterprises an easier, more secure, and more automated way to deploy and operate 5G‑connected laptops at scale. Background The move builds on several years of...

As IT teams move into the first quarter, the most effective way to convert January urgency into sustained momentum is to treat device management like a performance lever—not an administrative chore—and execute a compact, prioritized checklist that clears the runway for audits, refresh cycles...

Microsoft has quietly given IT teams a new lever: a built‑in Secure Boot status report in the Intune / Windows Autopatch admin surface that lets administrators see, at device granularity, which endpoints have Secure Boot enabled, which are already carrying Microsoft’s replacement Secure Boot...

Microsoft’s management toolchain now surfaces Secure Boot readiness and certificate status inside Intune, giving IT teams a single-pane view and control points to manage the platform-level certificate rotation required before Microsoft’s legacy Secure Boot CAs begin to expire in 2026. This...

Microsoft’s Technical Takeoff returns in March 2026 with a concentrated, engineering‑led lineup aimed squarely at Windows, Windows‑in‑the‑cloud, and endpoint management teams—and for IT pros who manage Windows 11, Windows 365, Azure Virtual Desktop or Intune, the four Mondays of deep dives are...