Intune Archives

AppWizard

April 2, 2026

How to use and deploy Android Work Profile in your business

The mobile device has become a dual-purpose tool for personal and professional needs, enhancing productivity but also introducing security challenges for organizations with bring-your-own-device (BYOD) policies. Samsung addresses these challenges with its Android Work Profile feature, which separates business applications and data from personal content on devices like the Galaxy S26 Series, Galaxy Z Fold7, and Galaxy Z Flip7. Android Work Profile creates two isolated profiles on a single device, allowing IT teams to manage corporate applications while keeping personal information private. IT administrators can monitor work profile applications and data but cannot access personal profiles, ensuring employee privacy. Employees can easily switch between work and personal applications and activate a “pause work apps” feature during off-hours. To set up Android Work Profile, organizations need an Enterprise Mobility Management (EMM) solution and the Android Device Policy app. The Samsung Knox Suite provides tools for managing and securing devices, including Knox Mobile Enrollment and Knox Attestation. Android Work Profile benefits businesses by enhancing data security and reputation while promoting work-life balance for employees.

Winsage

March 31, 2026

The March Windows 11 Insider Update adds 9 fresh features and improvements worth knowing

- Microsoft has introduced several enhancements for Windows 11 through its Windows Insider Program, including previews for versions 25H2, 26H1, 26H2, and anticipated version 27H2. - The Pointer Indicator feature, starting with build 26300.8085, helps users with low vision locate the mouse pointer by overlaying a crosshair effect and offers customizable color options. - A redesigned Feedback Hub app aligns with Windows 11 aesthetics and improves user experience for feedback submission, including Bluetooth LE Audio device connections and main volume controls in Quick Settings. - The File Explorer context menu now displays application icons alongside the "Open" option for certain file types, available in the Canary Channel with build 28020.1743. - The Administrator Protection feature, introduced in builds 26300.8142 and 26220.8138, prompts an authorization dialog for unsigned or untrusted applications seeking privilege elevation, enhancing security. - Windows 11 now allows customization of the right-click zone size on touchpads, available under Settings > Bluetooth & Devices > Touchpad, for touchpads with a pressable surface. - Task Manager updates include new columns for "NPU" and "NPU Engine" on various pages, as well as columns for "NPU Dedicated Memory" and "NPU Shared Memory" on the Details page. - A new icon in printer settings indicates which printers support Windows Protected Print mode, enhancing printing security. - The Windows Console is undergoing significant changes, merging improvements from Windows Terminal, including an optional Direct3D rendering path and enhanced Find dialog functionality.

Winsage

March 24, 2026

Microsoft Hints at End to Windows 11 Setup Account Requirement

Microsoft is exploring the removal of the requirement to sign in with a Microsoft account during the initial setup of Windows 11, a change that has been frequently requested by users. Currently, Windows 11 Home and most consumer Pro installations require a Microsoft account for setup, although local accounts are available but not easily accessible. This requirement has faced backlash, leading to the development of workarounds by users. Microsoft has defended the necessity of the cloud account for benefits like password recovery and settings synchronization. A potential change could introduce a clearly labeled option for setting up with a local account during the out-of-box experience, while still allowing the option to sign in with a Microsoft account. Windows 11 currently accounts for about one-third of active Windows PCs, trailing behind Windows 10. The proposed changes aim to enhance user satisfaction and address privacy concerns.

Winsage

March 24, 2026

A closer look at the Windows 11 features businesses rely on most

Windows 11 is a foundational platform for businesses, offering integrated productivity tools and compatibility with Microsoft 365, which enhances cybersecurity and IT management. Key security features include the requirement for TPM 2.0, Windows Hello for Business for secure sign-ins, and BitLocker device encryption enabled by default. The integration of Microsoft 365 Copilot allows AI-driven assistance for document creation and data analysis, streamlining workflows across applications like Word, Excel, Outlook, and Teams. IT management is simplified with tools like Windows Autopilot for zero-touch provisioning and Microsoft Intune for remote device management. Windows 11 also improves performance with features like adaptive energy saver mode and Fast Startup, while plans to enhance user experience include reintroducing the ability to move and resize the Taskbar.

Winsage

March 17, 2026

Microsoft to Block Windows 11 and Server 2025 Automated Installation After Critical RCE Vulnerability

Microsoft is implementing a two-phase initiative to disable the hands-free deployment feature in Windows Deployment Services (WDS) due to a critical remote code execution vulnerability (CVE-2026-0386) identified on January 13, 2026. This vulnerability arises from improper access control related to the Unattend.xml file, which is transmitted over an unauthenticated RPC channel, allowing attackers on the same network segment to exploit it. Successful exploitation could grant SYSTEM-level privileges and compromise OS deployment images. The initiative includes: - Phase 1 (January 13, 2026): The hands-free deployment feature will remain operational but can be disabled. New Event Log alerts and registry key controls will be introduced to enforce secure practices. - Phase 2 (April 2026): The hands-free deployment feature will be completely disabled by default for administrators who have not modified registry settings. Administrators can temporarily re-enable the feature by setting AllowHandsFreeFunctionality = 1, but this is not secure. Recommendations include reviewing WDS configurations, applying security updates, setting registry keys for secure behavior, monitoring Event Viewer for alerts, and considering alternative deployment methods. Microsoft’s KB article 5074952 provides further guidance for impacted organizations.

Winsage

March 14, 2026

Announcing Windows 11 Insider Preview Build 26220.8062 (Beta Channel)

Windows 11 Insider Preview Build 26220.8062 (KB 5079458) has been released to the Beta Channel, introducing various changes and improvements. 1. Policy-Based Removal of Preinstalled Microsoft Apps: IT administrators can now use a dynamic app removal list to remove MSIX/APPX apps by adding their package family names through Group Policy. The dynamic list is not yet available in Intune CSP. 2. Windows Setup Experience: Users can select a custom name for their user folder during the Windows setup process, which must adhere to standard naming conventions. 3. Windows Driver Policy Update: A new policy removes default trust for cross-signed drivers, allowing third-party drivers from the Windows Hardware Compatibility Program (WHCP) by default. The feature will initially operate in audit mode for at least 100 hours. 4. Point-in-Time Restore Updates: Local administrators will see a settings dialog to view or modify default restore settings, including a list of available restore points. Updated messaging has been added to the restore experience. 5. Drag Tray Rebranding: The Drag Tray has been rebranded as Drop Tray, with settings relocated to System > Multitasking. 6. Pen Settings: Refinements have been made to the Pen settings page, including an option for the pen tail button to launch the same app as the Copilot key. 7. File Explorer and Other Enhancements: Improvements have been made to the reliability of setting the preferred display language, and unexpected errors from the sfc/scannow command have been removed. Updates are gradually rolled out to Insiders who opt in via Settings > Windows Update, and features may evolve or be removed based on feedback.

Winsage

March 13, 2026

Announcing Windows 11 Insider Preview Build 26300.8068 (Dev Channel)

Windows 11 Insider Preview Build 26300.8068 (KB 5079464) has been released to the Dev Channel. Key changes include: - Enhanced policy for removing preinstalled Microsoft Store apps for Windows ENT/EDU, allowing IT administrators to use a dynamic app removal list via Group Policy. - Users can now select a custom name for their user folder during the Windows setup process. - A new policy removes default trust for cross-signed drivers, allowing third-party drivers from the Windows Hardware Compatibility Program (WHCP) by default, initially operating in audit mode. - Point-in-time restore now includes a settings dialog for local administrators and displays available restore points. - Microsoft 365 Family subscribers can upgrade their plan directly from the Accounts page in Settings. - The Drag Tray feature has been rebranded to Drop Tray, with settings relocated. - Updates to Pen settings include a new option for the pen tail button. - Enhanced reliability for preferred display language settings and removal of an unexpected error from sfc/scannow. Updates are gradually rolled out to users who opt in through the Settings menu under Windows Update.

Winsage

March 11, 2026

How to disable Hyper-V for Windows 11

Microsoft's Hyper-V is a hardware virtualization platform integrated into Windows 11 Professional, Enterprise, and Education editions, allowing users to host multiple virtual machines (VMs) on a single computer. It operates using a type 1 hypervisor directly on hardware, enabling VMs to share resources like CPU, memory, and storage. Hyper-V includes features such as dynamic memory allocation, software-defined networking, and saved checkpoints. IT administrators may need to disable Hyper-V due to compatibility issues with third-party virtualization software, high-precision applications, or driver conflicts. Disabling Hyper-V can also affect security features reliant on it, such as virtualization-based security (VBS) and Device Guard. Methods to disable Hyper-V include: 1. Using the Windows Features dialog. 2. Executing a PowerShell command: Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All, HypervisorPlatform, VirtualMachinePlatform. 3. Running a DISM command:

dism /Online /Disable-Feature /FeatureName:Microsoft-Hyper-V-All /FeatureName:HypervisorPlatform /FeatureName:VirtualMachinePlatform

. 4. Using the bcdedit command: bcdedit /set hypervisorlaunchtype off. 5. Modifying Group Policy to disable VBS. 6. Editing the Windows Registry to disable VBS or Credential Guard. For multiple managed computers, administrators can create and execute a PowerShell script or use Group Policy Objects to streamline the process. Testing in a controlled environment is recommended to ensure desired outcomes without compromising security or functionality.

Winsage

March 11, 2026

Microsoft to enable Windows hotpatch security updates by default

Microsoft will enable hotpatch security updates by default for eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API starting with the May 2026 Windows security update. This change aims to enhance security and reduce the time to achieve 90% patch compliance by half. The updates will be managed through Windows Autopatch, which allows organizations to apply updates without manual intervention. Administrators can manage hotpatch updates at the tenant level and can opt-out starting April 1, 2026. A Hotpatch quality updates report will be available in Intune to ensure devices are ready for the updates. Windows Autopatch became generally available in July 2022 and is currently operational on over 10 million production devices.

Winsage

March 11, 2026

Microsoft flips Windows Autopatch to default hotpatch security updates

Microsoft will automatically enable hotpatch security updates for Windows devices managed through Microsoft Intune or the Microsoft Graph API starting with the May 2026 Windows security update. This feature allows security fixes to be applied without requiring a device restart, improving compliance efficiency. Devices that install the April 2026 baseline security update will begin receiving hotpatch updates in May 2026, but this will only apply to devices not already assigned to a quality update policy. Organizations can opt out of hotpatch updates for specific device groups or their entire tenant starting April 1, 2026.