banner
LightNews
ajf8729.com
Anthony J. Fontanez
@ajf8729.com
250 followers 250 following 72 posts
Lead Customer Engineer (Intune/ConfigMgr) Endpoint Management Enthusiast Admin: WinAdmins Community (@winadmins.io) About Me: https://ajf.one/me Blog: https://ajf.one/blog All views are my own.
ajf.one
Posts Media Videos Starter Packs
ajf8729.com
Anthony J. Fontanez @ajf8729.com · 1d
Woohoo, #Autopatch can use a Win32 app instead of a platform script for the broker now! Go to intune.microsoft.com#view/Microso... and hit that Migrate button right meow! In case you missed the MC notification about this, it's here admin.cloud.microsoft#/MessageCent... #Intune
1 2
ajf8729.com
Anthony J. Fontanez @ajf8729.com · 29d
TIL that you need DA to view RODC password replication policy results (was testing/verifying for AzureADKerberos). @josephryanries.bsky.social maybe you know why, seems odd, thought that would fall under typical RO directory data for domain users.
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Sep 8
Reminder! - "The option to move back to Compatibility mode will remain until September 2025. After this date, the StrongCertificateBindingEnforcement registry key will no longer be supported" - support.microsoft.com/en-us/topic/... #ADCS #InfoSec
KB5014754: Certificate-based authentication changes on Windows domain controllers - Microsoft Support
support.microsoft.com
2 2
Reposted by Anthony J. Fontanez
intune.best
Martin Himken | MVP @intune.best · Aug 29
#INR aka #Intune Network Requirements script just got an update and a new home. Update your bookmarks! Also, new ASAs added:

* Microsoft Defender for Endpoint
* Visual Studio

github.com/MHimken/Intu...

#MVPBuzz
GitHub - MHimken/IntuneNetworkRequirements: This tool provides a way to verify Intune network requirements automatically
This tool provides a way to verify Intune network requirements automatically - MHimken/IntuneNetworkRequirements
github.com
3 5
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Aug 18
I scored 11/21 on e-mail.wtf and all I got was this lousy text to share on social media.
Email is Easy
Everyone knows what an email address is, right?
e-mail.wtf
1 5
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Aug 15
It might just load it into memory, which is what I would imagine happens when passing a UNC path.
1
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Aug 15
Not quite sure, don't see it in C:\Windows\Temp, and can't tell from a quick procmon glance.
1
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Aug 15
TIL you can pass an HTTP(S) URL directly to msiexec.exe and it will totally work. I had no idea!
3 1 6
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Aug 13
ICYMI - #PowerShell 2.0 removal coming soon! learn.microsoft.com/en-us/window... - "Windows PowerShell 2.0 is removed from Windows 11, version 24H2 starting with the August 2025 non-security update. It’s also removed from Windows Server 2025 starting with the September 2025 security update."
Windows message center
Windows message center
learn.microsoft.com
2 3
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Aug 6
Seems the 2025-08 .NET 8/9 updates were released a week early this month, in case you're already seeing the 2025-07 updates superseded in #ConfigMgr github.com/dotnet/core/...
.NET August 2025 Update - .NET 8.0.19 and .NET 9.0.8 · Issue #10017 · dotnet/core
.NET August 2025 Update Release Notes 9.0.8 8.0.19 Note: The .NET July updates were moved up from the normal 2nd Tuesday release day to match Visual Studio update 17.14.11. Status Asset Type 9.0.8 ...
github.com
Reposted by Anthony J. Fontanez
merill.net
Merill Fernando 💚 @merill.net · Aug 6
Folks, bookmark this 👇

Did you know I curate a list of all the awesome Entra related links all in one place?

Here's a quick peak into this list
1 3 11
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Aug 2
I ended up writing a post about the new feature to change group SOA from AD to #Entra. Big big thanks to @intune.best for all of the assistance he provided and initial testing he did in #WinAdmins Discord voice yesterday!

ajf.one/group-soa
2 5
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Aug 1
Aye, this new #Entra feature is pretty neat once you work out the missing bits! After you set isCloudManaged=true, add the group to the Cloud Sync Entra->AD config, trigger provisioning, and watch the group get relocated/renamed! SOA reversal with the SID maintained! See before and after images:
Synced group in Entra prior to isCloudManaged attribute change Synced group in Entra after isCloudManaged attribute change Get-ADGroup output before SOA shift Get-ADGroup output after SOA shift
2
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Jul 27
Internet-facing file servers, using SMB over QUIC, and secured using Entra authentication! This turned out to be really easy to get up and running. ajf.one/entrafs #Entra #EntraID
Internet-facing File Servers, with a dash of Entra Authentication!
Now that the the “Azure AD based Windows Login” extension is available (docs here), a Windows server running in Azure or that is Arc-enabled can now be signed into via Entra ID. When I …
ajf.one
1 5
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Jul 20
You can now sign into Server 2025 via Entra ID and gain MFA/RBAC/CA if the VM is in Azure or is Arc enabled! learn.microsoft.com/en-us/entra/...
Sign in to a Windows virtual machine in Azure by using Microsoft Entra ID - Microsoft Entra ID
Learn how to sign in to an Azure VM that's running Windows by using Microsoft Entra authentication.
learn.microsoft.com
2
Reposted by Anthony J. Fontanez
seanbulger.bsky.social
Sean Bulger @seanbulger.bsky.social · Jul 10
It has been almost 3 years since my last blog post, but I am excited to share my first Microsoft Tech Community post!

Want deeper Intune reporting? I walk through building a Windows 365 dashboard using Power BI + Log Analytics.

Check it out!
#Intune #Windows365 #TechCommunity
Creating Custom Intune Reports with Microsoft Graph API | Microsoft Community Hub
  Systems administrators often need to be able to report on data that is not available in the native reports in the Intune console. In many cases this...
techcommunity.microsoft.com
1 3 11
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Jul 10
If you were to trust their root CA as instructed, anything it issues would be inherently trusted by your device.
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Jul 10
This is actually hilarious and no, you shouldn't blindly trust some root CA like this. This defeats the purpose of how PKI works. Public CAs are heavily regulated in terms of auditing and security.
1
ajf8729.com
Anthony J. Fontanez @ajf8729.com · Jul 10
Notepad++'s code signing cert expired, couldn't get a new one under the "Notepad++" name, so instead of getting one under their name (what the WinSCP developer does), they instead created their own root CA, issued a code signing cert, and want you to trust it notepad-plus-plus.org/news/v883-se...
Notepad++ v8.8.3 - Self-signed Certificate: Certified by Code, Not Corporations | Notepad++
notepad-plus-plus.org
1 1 2
ajf8729.com
Anthony J. Fontanez @ajf8729.com · May 28
And it's a super easy setup/upgrade, go do it now! #Entra
1 2 6
Reposted by Anthony J. Fontanez
joeloveless.com
joeloveless.com @joeloveless.com · May 25
Happy Memorial Day Weekend Everyone! Indy 500 tomorrow, Game 3 between the Pacers and Knicks. What better way to celebrate the weekend than a new post about converting SCCM Configuration Items to Intune Remediation Scripts?

joeloveless.com/2025/05/conf...

#sccm #intune #mecm #powershell
Converting Registry Based SCCM Configuration Items to Intune Remediation Scripts
Script walkthrough on converting SCCM Configuration Items to Intune Remediation Scripts.
joeloveless.com
1 4
ajf8729.com
Anthony J. Fontanez @ajf8729.com · May 19
Straight to the code: github.com/ajf8729/Blac...
GitHub - ajf8729/BlackLotus: BlackLotus aka CVE-2023-24932 Detection/Remediation Scripts for Intune, ConfigMgr, and generic use
BlackLotus aka CVE-2023-24932 Detection/Remediation Scripts for Intune, ConfigMgr, and generic use - ajf8729/BlackLotus
github.com
2 5
ajf8729.com
Anthony J. Fontanez @ajf8729.com · May 19
My take on remediating #BlackLotus via #Intune Remediations & #ConfigMgr CIs. It sure was fun to code up and test as much as I was able to. Please let me know if you have any feedback or run into any issues if you try the scripts out!

ajf.one/blacklotus
Dealing With CVE-2023-24932, aka Remediating BlackLotus
CVE-2023-24932. 2023 feels like so long ago, and yet, this is still an issue. Why? Because it’s quite frankly a mess to deal with and has multiple moving parts. I highly recommend reading tho…
ajf.one
1 2 4
ajf8729.com
Anthony J. Fontanez @ajf8729.com · May 19
Nice Tech Community post on migrating BitLocker from #ConfigMgr to #Intune - techcommunity.microsoft.com/blog/CoreInf...
Migrating BitLocker Recovery Key Management from ConfigMgr to Intune: A Practical Guide | Microsoft Community Hub
Hi, I'm Herbert Fuchs, a Cloud Solution Architect. In this blog, I’ll guide you through migrating existing BitLocker recovery keys from Configuration Manager...
techcommunity.microsoft.com
1 4
ajf8729.com
Anthony J. Fontanez @ajf8729.com · May 11
What do we want? A 64 bit IME! #Intune
3