mobile device management Archives

AppWizard

June 5, 2026

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

A vulnerability in several Microsoft 365 Android applications, identified as FlagLeft, was caused by a development flag left enabled in production builds, which disabled checks meant to restrict account-token sharing to trusted applications. This flaw affected applications such as Word, PowerPoint, Excel, Microsoft 365 Copilot, Microsoft Loop, and OneNote, allowing unauthorized apps to request and obtain user tokens without permission. Microsoft Teams was unaffected. The vulnerability was demonstrated by Enclave, allowing access to user emails through an unverified app. On May 12, Microsoft issued four CVEs for the affected applications, categorized under improper access control. The patched version of Word for Android is 16.0.19822.20190, and users are advised to update their applications. The patch does not invalidate already compromised tokens, so users should revoke these tokens and sign in again.

Winsage

June 4, 2026

ADCS Now Generates Post-Quantum Certificates For Windows

Active Directory Certificate Services (ADCS) now supports the generation of post-quantum certificates, enhancing quantum-safe cryptography within Windows' secure connection protocols. Microsoft has integrated PQ TLS hybrid key exchange into the Windows Transport Layer Security (TLS) stack, providing protection against "Harvest Now, Decrypt Later" attacks. The PQ TLS hybrid key exchange combines traditional cryptographic methods with the NIST ML-KEM algorithm, offering three hybrid combinations: X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1_MLKEM1024. This feature is available in preview via the Windows Insider Program and will be rolled out to Windows 11 and Windows Server. Additionally, Windows cryptography APIs now support composite ML-KEM and ML-DSA algorithms, which are NIST-approved standards for key exchange and digital signatures, enhancing security by requiring multiple components to be compromised. Microsoft emphasizes the importance of establishing new Certification Authorities (CAs) for implementing post-quantum certificate issuance, as existing CAs cannot be upgraded. The introduction of ML-DSA support within ADCS allows organizations to counter HNDL risks associated with long-lived data. Organizations are encouraged to inventory their use of public-key cryptography, prioritize systems protecting sensitive data, and test hybrid and composite approaches in non-production environments to facilitate a smooth transition to quantum-safe cryptography.

Winsage

May 1, 2026

Microsoft now lets admins choose pre-installed Store apps to uninstall

Microsoft has updated its Windows 11 operating system to enhance the management of preinstalled applications. The new RemoveDefaultMicrosoftStorePackages policy allows IT administrators to remove any preinstalled MSIX/APPX applications by referencing their Package Family Name (PFN) through Group Policy Object (GPO) or custom OMA-URI for mobile device management (MDM). This feature requires devices to have at least the April 2026 Windows non-security update. It is available for Windows 11 version 24H2 Enterprise and Education editions, whereas it was initially exclusive to version 25H2 or later. A comprehensive list of supported applications and instructions for applying the policy are provided in Microsoft's documentation. Additionally, a new policy setting enables the uninstallation of the AI-powered Copilot digital assistant from enterprise devices after the April 2026 Patch Tuesday updates. The dynamic list option for this policy will be rolled out in the coming months.

Winsage

April 18, 2026

Microsoft’s Patch Tuesday release for April is a whopper

A series of updates have been released, focusing on system integrity and performance. Users should perform verification tasks, including installing, uninstalling, and repairing MSI packages, connecting and disconnecting cloud sync providers, and enrolling devices in Intune or MDM solutions. The Common Log File System driver (clfs.sys) is receiving a follow-up patch, along with updates to Storage Spaces (spaceport.sys) and app isolation file system drivers (bfs.sys, wcifs.sys). Users should also run Windows Update installation and rollback cycles, install and uninstall applications, and verify data integrity through backup solutions. For Storage Spaces, creating a pool with mirrored and thin virtual disks and ensuring clean deletion is necessary. April's updates for Office target MSI editions, including Excel 2016 (KB5002860), PowerPoint 2016 (KB5002808), Office 2016 shared libraries (KB5002859), and SharePoint Server editions from 2016 to 2019. These updates do not apply to Click-to-Run deployments like Microsoft 365 Apps. Users should validate complex Excel workbooks, PowerPoint presentations, SharePoint document libraries, and the functionality of Office add-ins. Testing for two High Risk components is essential: changes to Kerberos may disrupt services using RC4 keytabs, and the Remote Desktop client update requires validation of clipboard functionality, printer redirection, and session reconnection. Validating Secure Boot and BitLocker is critical as CVE-2023-24932 key rolling progresses. Additionally, cloud sync testing is important due to five patches to the Projected File System driver, and regression testing is needed for dual afd.sys updates and VPN/IPsec patches across remote-access infrastructure. Office updates are limited to MSI editions.

AppWizard

March 25, 2026

Apple Maps may soon copy one of Google Maps’ more annoying features

Apple will introduce advertisements in Apple Maps search results in the US and Canada, featuring promoted listings at the top of results with a blue highlight. The ads will be privacy-focused, with no user data linked to accounts or shared externally. The Apple Business program will launch on April 14, 2026, allowing businesses to create and manage their listings on Apple Maps and run advertisements through the platform.

Winsage

March 11, 2026

How to disable Hyper-V for Windows 11

Microsoft's Hyper-V is a hardware virtualization platform integrated into Windows 11 Professional, Enterprise, and Education editions, allowing users to host multiple virtual machines (VMs) on a single computer. It operates using a type 1 hypervisor directly on hardware, enabling VMs to share resources like CPU, memory, and storage. Hyper-V includes features such as dynamic memory allocation, software-defined networking, and saved checkpoints. IT administrators may need to disable Hyper-V due to compatibility issues with third-party virtualization software, high-precision applications, or driver conflicts. Disabling Hyper-V can also affect security features reliant on it, such as virtualization-based security (VBS) and Device Guard. Methods to disable Hyper-V include: 1. Using the Windows Features dialog. 2. Executing a PowerShell command: Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All, HypervisorPlatform, VirtualMachinePlatform. 3. Running a DISM command:

dism /Online /Disable-Feature /FeatureName:Microsoft-Hyper-V-All /FeatureName:HypervisorPlatform /FeatureName:VirtualMachinePlatform

. 4. Using the bcdedit command: bcdedit /set hypervisorlaunchtype off. 5. Modifying Group Policy to disable VBS. 6. Editing the Windows Registry to disable VBS or Credential Guard. For multiple managed computers, administrators can create and execute a PowerShell script or use Group Policy Objects to streamline the process. Testing in a controlled environment is recommended to ensure desired outcomes without compromising security or functionality.

Winsage

January 20, 2026

Windows 11 Home vs. Windows 11 Pro: I compared both versions, and this one’s best for your PC

Windows 11 is approaching its fifth anniversary since launch, featuring significant changes while retaining core functionalities from Windows 10. Key updates include a refreshed visual design, improved system performance, support for Android applications, and the introduction of AI-powered Copilot. Microsoft offers a Pro version for power users, providing advanced tools, deeper control over system settings, and enhanced security options. Windows 11 Home includes features like Windows Hello, Device Encryption, Windows Defender Antivirus, Firewall, SmartScreen, Family Safety, and support for Android apps. It is suitable for average users and those on a budget, as it is free for upgrades from compatible Windows 10 devices and comes preinstalled on new PCs. Windows 11 Pro includes additional features such as BitLocker Drive Encryption, Credential Guard, Hyper-V, Windows Sandbox, and full Remote Desktop hosting. It is ideal for users needing greater control over their system and those who rely on virtualization tools. Windows 11 Home is free for users upgrading from Windows 10, while Windows 11 Pro costs approximately 9 for a full license or for an upgrade from Home.

Winsage

January 19, 2026

Windows 11 Home vs Pro: Expert Issues Upgrade Advice

Windows 11 Home and Windows 11 Pro share consistent performance, with both versions offering the same kernel, gaming features, and applications. Key functionalities such as Copilot, Windows Defender, Secure Boot, and TPM 2.0 protections are available on both editions, assuming hardware requirements are met. Windows 11 Home is simpler for most consumers, performing updates seamlessly and allowing free upgrades from eligible Windows 10 devices. Windows 11 Pro offers enhanced control capabilities through the Group Policy Editor, allowing for update deferrals and more extensive system management. Pro includes BitLocker device encryption, centralized management features, and the ability to join domains and integrate with Azure Active Directory. It also supports virtualization features like Hyper-V and Windows Sandbox, which are not available in Home. Pro can serve as a host for remote desktop connections, while Home can only connect to remote PCs. In terms of hardware limits, Windows 11 Home supports up to 128GB of RAM and one CPU socket, while Pro supports up to 2TB of RAM and two CPU sockets. The retail prices are approximately 9 for Home and 9.99 for Pro, with upgrade options available. For general users, Windows 11 Home is recommended, but Pro is advisable for those needing remote desktop hosting, BitLocker management, update deferrals, or virtualization capabilities.

Winsage

January 18, 2026

Windows 11 Home vs. Windows 11 Pro: I compared both versions, and here’s my upgrade advice

Windows 11 is nearing its fifth anniversary and features enhancements in visual design, system performance, and support for Android applications. Microsoft offers a Pro version for power users, which includes advanced functionalities not available in the Home version, such as BitLocker Drive Encryption, Hyper-V, and enhanced remote access capabilities. Windows 11 Home is suitable for average users who prefer simplicity, offering essential features for everyday tasks and automatic updates. It is free for users upgrading from compatible Windows 10 devices and comes preinstalled on new PCs. Windows 11 Pro, priced around 0 for a full license, is ideal for users seeking greater control over system settings and those who rely on virtualization tools. Key specifications include: - Both editions share core features like the full Windows 11 UI, Snap Layouts, and Copilot. - Windows 11 Home includes basic security features, while Pro adds advanced options like BitLocker and Credential Guard. - Pro supports virtualization with Hyper-V and Windows Sandbox, while Home does not. - Processor support differs, with Home supporting 1 CPU and 64 cores, and Pro supporting 2 CPUs and 128 cores.

Winsage

November 24, 2025

How to get free Windows 10 security patches on your PC – from now to October 2026

Windows updates will roll out automatically on November 11. Official support for Windows 10 has ended, meaning PCs with default settings will no longer receive monthly security updates. Microsoft has introduced Extended Security Updates (ESU) for Windows 10, allowing users to receive security updates until October 2026. Any personal Windows 10 PC running version 22H2 can access free ESU subscriptions, excluding Enterprise and Education editions. Enrollment requires a Microsoft account and is available for up to 10 PCs. In Europe, customers in the EEA qualify for free ESU subscriptions without needing a Microsoft account. Enterprise customers will incur higher costs for commercial ESU subscriptions. Users must ensure they meet eligibility requirements to see the ESU offer.