Matt

  How many times do you want to get a quick look at vulnerabilities in your tenant without having to go to Entra to activate your PIM, then to Defender, and navigate deep?   This is exactly what I was dealing with this past weekend, especially in the USA, since we had a long weekend because Monday is MLK holiday, which gave me time to dig deeper.   I came across 2 GitHub repos from two amazing friends, MVPs in our community. All credit to our friends:-   1.       Fabian Bader f-bader/MSRC-PatchReview: A PowerShell variant of the amazing patch_review.py by kevthehermit amazing script, to run on your device to get all CVEs. ·          Keep in mind this script targets BaseScore 8.0,  if your company or customer, like my customers, they wants more security, you have to lower the BaseScore to 7.0 or less. You can see that in line ‘75’ from the script. ·          ...

  Ever wondered why some devices in your organization stubbornly refuse to get updates despite being in SCCM or Intune? This represents a common challenge faced by administrators during the implementation of security patches. Administrators endeavor to fulfill their responsibilities and meet the expectations of the security, compliance teams, and management. I was among those 😒 who initiated a hot seat challenge from August to October 2025. Many customers were affected, regardless of their Endpoint Management system, whether SCCM or Intune. Some of their devices repeatedly failed despite ongoing efforts 🙄 . Why should I care? When you work with Endpoints, you're engaging with your compliance and cybersecurity team, who want to make sure there are no security risks. They focus on Security Zero Trust and Conditional Access, so your users can smoothly access your organization's resources without being blocked just because a device isn't marked as compliant.    ...

  Intune Monitor Assignment Failures (preview) All Intune administrators, we create many of policies as test, production, etc. Or wondered why some apps or policies fail to deploy in Microsoft Intune?  Many times, we end up with multiple devices conflicting with various policies, and we have to open and check each policy. Run 'View Report' to see which device(s) conflict, then review the settings. Sometimes, Intune tells you which policy the device conflicts with, but it involves many steps.   However, the new Assignment Failures (Preview) feature provides admins with deeper visibility into these issues.   I totally forgot the old report published by Microsoft around 2021. Haven’t checked it since then, but now it has great features.     Assignment Failures (Preview) The Assignment Failures report is your helpful guide to understanding errors and conflicts in configuration profiles assigned to devices. It provides a friendly overview ...

  What is Windows 10 ESU? It stands for Extended Security Updates. This license was released by Microsoft after Windows 10 reached the end of support on October 14th, 2025. This solution was introduced to help many companies and individuals who are still using Windows 10 for any reason and want to migrate their work to Windows 11. The license covers 1-3 years. This license is free for home users, but for companies it costs $60 per user for the first year.   If you want to get a license, you can buy it from one of Microsoft's partners. And deploy ESU MAK via Intune or any other option.   If you deployed the ESU Key and it is installed, but you did not receive the Nov updates, no worries, you are not alone. I have the issue, and after deploying my license, I did not get the update on Tuesday, November 11 th , 2025. I did all the troubleshooting you can imagine to see when the update will be, but I get the message that the version has reached the end of support. ...

  Defender – Intune   Modern Management and old problems I typically review the vulnerabilities and examine the recommendations in Microsoft Defender. I know it is a long list. However, I haven’t come to mind, but I will still see some legacy vulnerabilities there.   Even in a modern Intune and Microsoft Defender environment, legacy software configurations can persist quietly and lower your Threat & Vulnerability Management for Easier Identification, I call it ( TVM ) score than expected. Recently, while reviewing Defender TVM reports, I noticed three vulnerabilities that stood out: ·          Disable Flash on Adobe Acrobat Pro XI ·          Disable Flash on Adobe Reader DC ·          Block outdated ActiveX controls for Internet Explorer ·          Block webpages from automatically running...