Security

Checking for Updated Secure Boot Certificates

Posted on September 5, 2025 by Trevor Jones in Compliance, Intune, Powershell, Reporting, Security, Software Updates

A couple of months back Microsoft published a blog about Secure Boot certificates expiring in June 2026 and of the potential need to take action. It would appear that as long as Secure Boot is enabled, your OEM firmware is up-to-date, you are sending the right diagnostic data, and Windows updates are enabled, devices should … Continue reading Checking for Updated Secure Boot Certificates →

Create a Catalog of Windows Update Data using Microsoft Graph

Posted on April 14, 2025 by Trevor Jones in Compliance, Intune, Powershell, Reporting, Security, Software Updates

For some time I have run my own reporting solution for Windows Updates since I've never really been happy with the canned reports Microsoft have created in Intune and Windows Update for Business reports, even to this day. As part of this solution I have had to gather data on Windows Updates, such as versions, … Continue reading Create a Catalog of Windows Update Data using Microsoft Graph →

Activating PIM Roles that require MFA or Conditional Access Authentication Context with PowerShell

Posted on November 26, 2024 by Trevor Jones in Azure, Powershell, Security

For some time, I've been activating and scheduling activations for Azure roles under Privileged Identity Management (PIM) using the Microsoft Graph PowerShell SDK. However recently we secured these role activations to require a conditional access authentication context with MFA. This basically requires me to MFA when I activate a role with PIM. Problem is, by … Continue reading Activating PIM Roles that require MFA or Conditional Access Authentication Context with PowerShell →

The Quest for a Microsoft Graph Access Token

Posted on March 19, 2024November 27, 2024 by Trevor Jones in Powershell, Security

For a long time I've used the following PowerShell cmdlet from the Intune PowerShell SDK to get an access token for Microsoft Graph for running ad-hoc Graph queries or testing automation code locally: $GraphToken = Connect-MSGraph -PassThru Since most of the time I prefer to construct my own code to call the REST API directly … Continue reading The Quest for a Microsoft Graph Access Token →

Fix CVE-2022-29470 / Intel-SA-00875 / Nessus 180052 Intel Dynamic Tuning Technology Vulnerability with Intune

Posted on October 27, 2023January 26, 2024 by Trevor Jones in Drivers, Intune, Powershell, Security

Note: this blog is now retired since the download URL for the Intel DTT drivers is no longer available and I could not find an alternative. The text and scripts remain for reference only. I've never been a fan of security - I see it as nothing more than a necessary evil. I don't lock … Continue reading Fix CVE-2022-29470 / Intel-SA-00875 / Nessus 180052 Intel Dynamic Tuning Technology Vulnerability with Intune →