Software Updates

Checking for Updated Secure Boot Certificates

Posted on September 5, 2025 by Trevor Jones in Compliance, Intune, Powershell, Reporting, Security, Software Updates

A couple of months back Microsoft published a blog about Secure Boot certificates expiring in June 2026 and of the potential need to take action. It would appear that as long as Secure Boot is enabled, your OEM firmware is up-to-date, you are sending the right diagnostic data, and Windows updates are enabled, devices should … Continue reading Checking for Updated Secure Boot Certificates →

Create a Catalog of Windows Update Data using Microsoft Graph

Posted on April 14, 2025 by Trevor Jones in Compliance, Intune, Powershell, Reporting, Security, Software Updates

For some time I have run my own reporting solution for Windows Updates since I've never really been happy with the canned reports Microsoft have created in Intune and Windows Update for Business reports, even to this day. As part of this solution I have had to gather data on Windows Updates, such as versions, … Continue reading Create a Catalog of Windows Update Data using Microsoft Graph →

Investigating Safeguard Hold 54762729 for Windows 11 24H2

Posted on November 8, 2024December 11, 2024 by Trevor Jones in Drivers, Intune, Powershell, Reporting, Software Updates

!! UPDATE 2024-11-12 !! Microsoft have now documented this safeguard as well as patching it in the December 10, 2024 Windows updates. Read more about it here. A few days ago I happened to be reviewing our feature update Power BI report and noticed that a number of devices were now being blocked from upgrading … Continue reading Investigating Safeguard Hold 54762729 for Windows 11 24H2 →

Managing HP Driver Updates with Microsoft Intune, Azure Log Analytics and Power BI – Part 2

Posted on March 31, 2023 by Trevor Jones in Azure, Drivers, Intune, PowerBI, Powershell, Reporting, Software Updates

In Part 1 of this series we looked at how we can report on missing driver updates for HP workstations using Intune Proactive remediations, Azure Log Analytics and Power BI. In Part 2 we'll look at how we can deploy driver updates to devices and use the information available in the Power BI report to … Continue reading Managing HP Driver Updates with Microsoft Intune, Azure Log Analytics and Power BI – Part 2 →

Managing HP Driver Updates with Microsoft Intune, Azure Log Analytics and Power BI – Part 1

Posted on March 28, 2023March 31, 2023 by Trevor Jones in Azure, Drivers, Intune, PowerBI, Reporting, Software Updates

In this two-part series I will cover a solution I recently created to manage HP driver updates on Windows workstations. In part 1, I'll show you a reporting solution giving you visibility of available HP driver updates across your managed estate and in part 2, I'll show a flexible solution for deploying driver updates, whether … Continue reading Managing HP Driver Updates with Microsoft Intune, Azure Log Analytics and Power BI – Part 1 →

Consolidated Feature Update Reporting for Microsoft Intune

Posted on February 10, 2023 by Trevor Jones in Intune, PowerBI, Reporting, Software Updates

If you're deploying feature updates using feature update profiles in Intune you're probably familiar with the Windows Feature Update Report available in the endpoint manager portal: As is often the case with these canned reports though, I find myself wanting to report things differently - in this case I wanted to see a consolidated view … Continue reading Consolidated Feature Update Reporting for Microsoft Intune →

Granting delegated permissions to the Microsoft Intune PowerShell SDK for the Windows Update for Business Deployment Service

Posted on February 7, 2023 by Trevor Jones in Intune, Powershell, Software Updates

When working with Microsoft Graph in PowerShell I tend to use the REST API directly rather than cmdlets provided by Microsoft in their Graph modules - just personal preference I suppose. I found myself needing to query the Windows Update for Business deployment service using the Graph API, and this requires a specific permission - … Continue reading Granting delegated permissions to the Microsoft Intune PowerShell SDK for the Windows Update for Business Deployment Service →

Create Compatibility Collections in ConfigMgr for Windows 11 22H2

Posted on September 23, 2022 by Trevor Jones in ConfigMgr, OS Deployment, Reporting, SCCM, Software Updates

When Windows 11 was first released I published some resources for creating collections in ConfigMgr containing workstations in their various "update readiness" states, such as whether they are capable for upgrade, if they are blocked by the common blockers like CPU family or by a safeguard hold, for example. Here I am publishing the same … Continue reading Create Compatibility Collections in ConfigMgr for Windows 11 22H2 →

Enhance Update Compliance Reporting with Azure Automation

Posted on June 7, 2022June 7, 2022 by Trevor Jones in Azure, Intune, PowerBI, Powershell, Software Updates

In my last blog I provided an Intune Proactive remediations script that can be used to gather additional Windows Update information from your managed Windows devices and send the data to an Azure Log Analytics workspace to enhance your Windows Update reporting together with Microsoft's Update Compliance solution. In this blog, I will provide an … Continue reading Enhance Update Compliance Reporting with Azure Automation →

Enhance Update Compliance Reporting with Microsoft Endpoint Manager

Posted on May 26, 2022 by Trevor Jones in Compliance, Intune, Powershell, Reporting, Software Updates

If you're using Windows Update for Business in Microsoft Endpoint Manager you're probably also using Microsoft's Update Compliance solution for reporting. Update Compliance contains some useful data and I know the team are working on additional improvements. A while back I created my own "Update Compliance" solution in part because I wasn't happy with the … Continue reading Enhance Update Compliance Reporting with Microsoft Endpoint Manager →