Anthony J. Fontanez
@ajf8729.com
Lead Customer Engineer (Intune/ConfigMgr)
Endpoint Management Enthusiast
Admin: WinAdmins Community (@winadmins.io)
About Me: https://ajf.one/me
Blog: https://ajf.one/blog
All views are my own.
Endpoint Management Enthusiast
Admin: WinAdmins Community (@winadmins.io)
About Me: https://ajf.one/me
Blog: https://ajf.one/blog
All views are my own.
There's a new boot image option available in #ConfigMgr 2509! #BlackLotus
November 14, 2025 at 2:53 PM
There's a new boot image option available in #ConfigMgr 2509! #BlackLotus
Why is it every time I hear/see things like "Delivery Optimization broke our network", the "solution" always seems to be "so we blocked DO [in all the incorrect ways]" instead of "we finally decided to upgrade our ancient network infrastructure"?
October 21, 2025 at 6:06 PM
Why is it every time I hear/see things like "Delivery Optimization broke our network", the "solution" always seems to be "so we blocked DO [in all the incorrect ways]" instead of "we finally decided to upgrade our ancient network infrastructure"?
RIP Windows 10 tomorrow, can still remember running the initial insider builds!
October 13, 2025 at 10:21 PM
RIP Windows 10 tomorrow, can still remember running the initial insider builds!
Woohoo, #Autopatch can use a Win32 app instead of a platform script for the broker now! Go to intune.microsoft.com#view/Microso... and hit that Migrate button right meow! In case you missed the MC notification about this, it's here admin.cloud.microsoft#/MessageCent... #Intune
October 10, 2025 at 2:03 PM
Woohoo, #Autopatch can use a Win32 app instead of a platform script for the broker now! Go to intune.microsoft.com#view/Microso... and hit that Migrate button right meow! In case you missed the MC notification about this, it's here admin.cloud.microsoft#/MessageCent... #Intune
TIL that you need DA to view RODC password replication policy results (was testing/verifying for AzureADKerberos). @josephryanries.bsky.social maybe you know why, seems odd, thought that would fall under typical RO directory data for domain users.
September 12, 2025 at 7:35 PM
TIL that you need DA to view RODC password replication policy results (was testing/verifying for AzureADKerberos). @josephryanries.bsky.social maybe you know why, seems odd, thought that would fall under typical RO directory data for domain users.
Reminder! - "The option to move back to Compatibility mode will remain until September 2025. After this date, the StrongCertificateBindingEnforcement registry key will no longer be supported" - support.microsoft.com/en-us/topic/... #ADCS #InfoSec
KB5014754: Certificate-based authentication changes on Windows domain controllers - Microsoft Support
support.microsoft.com
September 8, 2025 at 9:23 PM
Reminder! - "The option to move back to Compatibility mode will remain until September 2025. After this date, the StrongCertificateBindingEnforcement registry key will no longer be supported" - support.microsoft.com/en-us/topic/... #ADCS #InfoSec
Reposted by Anthony J. Fontanez
#INR aka #Intune Network Requirements script just got an update and a new home. Update your bookmarks! Also, new ASAs added:
* Microsoft Defender for Endpoint
* Visual Studio
github.com/MHimken/Intu...
#MVPBuzz
* Microsoft Defender for Endpoint
* Visual Studio
github.com/MHimken/Intu...
#MVPBuzz
GitHub - MHimken/IntuneNetworkRequirements: This tool provides a way to verify Intune network requirements automatically
This tool provides a way to verify Intune network requirements automatically - MHimken/IntuneNetworkRequirements
github.com
August 29, 2025 at 10:41 PM
#INR aka #Intune Network Requirements script just got an update and a new home. Update your bookmarks! Also, new ASAs added:
* Microsoft Defender for Endpoint
* Visual Studio
github.com/MHimken/Intu...
#MVPBuzz
* Microsoft Defender for Endpoint
* Visual Studio
github.com/MHimken/Intu...
#MVPBuzz
I scored 11/21 on e-mail.wtf and all I got was this lousy text to share on social media.
Email is Easy
Everyone knows what an email address is, right?
e-mail.wtf
August 18, 2025 at 8:55 PM
I scored 11/21 on e-mail.wtf and all I got was this lousy text to share on social media.
TIL you can pass an HTTP(S) URL directly to msiexec.exe and it will totally work. I had no idea!
August 15, 2025 at 11:47 AM
TIL you can pass an HTTP(S) URL directly to msiexec.exe and it will totally work. I had no idea!
ICYMI - #PowerShell 2.0 removal coming soon! learn.microsoft.com/en-us/window... - "Windows PowerShell 2.0 is removed from Windows 11, version 24H2 starting with the August 2025 non-security update. It’s also removed from Windows Server 2025 starting with the September 2025 security update."
Windows message center
Windows message center
learn.microsoft.com
August 13, 2025 at 3:09 PM
ICYMI - #PowerShell 2.0 removal coming soon! learn.microsoft.com/en-us/window... - "Windows PowerShell 2.0 is removed from Windows 11, version 24H2 starting with the August 2025 non-security update. It’s also removed from Windows Server 2025 starting with the September 2025 security update."
Seems the 2025-08 .NET 8/9 updates were released a week early this month, in case you're already seeing the 2025-07 updates superseded in #ConfigMgr github.com/dotnet/core/...
.NET August 2025 Update - .NET 8.0.19 and .NET 9.0.8 · Issue #10017 · dotnet/core
.NET August 2025 Update Release Notes 9.0.8 8.0.19 Note: The .NET July updates were moved up from the normal 2nd Tuesday release day to match Visual Studio update 17.14.11. Status Asset Type 9.0.8 ...
github.com
August 6, 2025 at 10:20 PM
Seems the 2025-08 .NET 8/9 updates were released a week early this month, in case you're already seeing the 2025-07 updates superseded in #ConfigMgr github.com/dotnet/core/...
Reposted by Anthony J. Fontanez
Folks, bookmark this 👇
Did you know I curate a list of all the awesome Entra related links all in one place?
Here's a quick peak into this list
Did you know I curate a list of all the awesome Entra related links all in one place?
Here's a quick peak into this list
August 6, 2025 at 12:38 AM
Folks, bookmark this 👇
Did you know I curate a list of all the awesome Entra related links all in one place?
Here's a quick peak into this list
Did you know I curate a list of all the awesome Entra related links all in one place?
Here's a quick peak into this list
I ended up writing a post about the new feature to change group SOA from AD to #Entra. Big big thanks to @intune.best for all of the assistance he provided and initial testing he did in #WinAdmins Discord voice yesterday!
ajf.one/group-soa
ajf.one/group-soa
August 2, 2025 at 5:23 PM
I ended up writing a post about the new feature to change group SOA from AD to #Entra. Big big thanks to @intune.best for all of the assistance he provided and initial testing he did in #WinAdmins Discord voice yesterday!
ajf.one/group-soa
ajf.one/group-soa
Aye, this new #Entra feature is pretty neat once you work out the missing bits! After you set isCloudManaged=true, add the group to the Cloud Sync Entra->AD config, trigger provisioning, and watch the group get relocated/renamed! SOA reversal with the SID maintained! See before and after images:
August 1, 2025 at 10:54 PM
Aye, this new #Entra feature is pretty neat once you work out the missing bits! After you set isCloudManaged=true, add the group to the Cloud Sync Entra->AD config, trigger provisioning, and watch the group get relocated/renamed! SOA reversal with the SID maintained! See before and after images:
Internet-facing file servers, using SMB over QUIC, and secured using Entra authentication! This turned out to be really easy to get up and running. ajf.one/entrafs #Entra #EntraID
Internet-facing File Servers, with a dash of Entra Authentication!
Now that the the “Azure AD based Windows Login” extension is available (docs here), a Windows server running in Azure or that is Arc-enabled can now be signed into via Entra ID. When I …
ajf.one
July 27, 2025 at 9:23 PM
Internet-facing file servers, using SMB over QUIC, and secured using Entra authentication! This turned out to be really easy to get up and running. ajf.one/entrafs #Entra #EntraID
You can now sign into Server 2025 via Entra ID and gain MFA/RBAC/CA if the VM is in Azure or is Arc enabled! learn.microsoft.com/en-us/entra/...
Sign in to a Windows virtual machine in Azure by using Microsoft Entra ID - Microsoft Entra ID
Learn how to sign in to an Azure VM that's running Windows by using Microsoft Entra authentication.
learn.microsoft.com
July 20, 2025 at 7:35 PM
You can now sign into Server 2025 via Entra ID and gain MFA/RBAC/CA if the VM is in Azure or is Arc enabled! learn.microsoft.com/en-us/entra/...
Reposted by Anthony J. Fontanez
It has been almost 3 years since my last blog post, but I am excited to share my first Microsoft Tech Community post!
Want deeper Intune reporting? I walk through building a Windows 365 dashboard using Power BI + Log Analytics.
Check it out!
#Intune #Windows365 #TechCommunity
Want deeper Intune reporting? I walk through building a Windows 365 dashboard using Power BI + Log Analytics.
Check it out!
#Intune #Windows365 #TechCommunity
Creating Custom Intune Reports with Microsoft Graph API | Microsoft Community Hub
Systems administrators often need to be able to report on data that is not available in the native reports in the Intune console. In many cases this...
techcommunity.microsoft.com
July 10, 2025 at 3:52 PM
It has been almost 3 years since my last blog post, but I am excited to share my first Microsoft Tech Community post!
Want deeper Intune reporting? I walk through building a Windows 365 dashboard using Power BI + Log Analytics.
Check it out!
#Intune #Windows365 #TechCommunity
Want deeper Intune reporting? I walk through building a Windows 365 dashboard using Power BI + Log Analytics.
Check it out!
#Intune #Windows365 #TechCommunity
Notepad++'s code signing cert expired, couldn't get a new one under the "Notepad++" name, so instead of getting one under their name (what the WinSCP developer does), they instead created their own root CA, issued a code signing cert, and want you to trust it notepad-plus-plus.org/news/v883-se...
Notepad++ v8.8.3 - Self-signed Certificate: Certified by Code, Not Corporations | Notepad++
notepad-plus-plus.org
July 10, 2025 at 12:43 PM
Notepad++'s code signing cert expired, couldn't get a new one under the "Notepad++" name, so instead of getting one under their name (what the WinSCP developer does), they instead created their own root CA, issued a code signing cert, and want you to trust it notepad-plus-plus.org/news/v883-se...
Reposted by Anthony J. Fontanez
Happy Memorial Day Weekend Everyone! Indy 500 tomorrow, Game 3 between the Pacers and Knicks. What better way to celebrate the weekend than a new post about converting SCCM Configuration Items to Intune Remediation Scripts?
joeloveless.com/2025/05/conf...
#sccm #intune #mecm #powershell
joeloveless.com/2025/05/conf...
#sccm #intune #mecm #powershell
Converting Registry Based SCCM Configuration Items to Intune Remediation Scripts
Script walkthrough on converting SCCM Configuration Items to Intune Remediation Scripts.
joeloveless.com
May 25, 2025 at 1:32 AM
Happy Memorial Day Weekend Everyone! Indy 500 tomorrow, Game 3 between the Pacers and Knicks. What better way to celebrate the weekend than a new post about converting SCCM Configuration Items to Intune Remediation Scripts?
joeloveless.com/2025/05/conf...
#sccm #intune #mecm #powershell
joeloveless.com/2025/05/conf...
#sccm #intune #mecm #powershell
My take on remediating #BlackLotus via #Intune Remediations & #ConfigMgr CIs. It sure was fun to code up and test as much as I was able to. Please let me know if you have any feedback or run into any issues if you try the scripts out!
ajf.one/blacklotus
ajf.one/blacklotus
Dealing With CVE-2023-24932, aka Remediating BlackLotus
CVE-2023-24932. 2023 feels like so long ago, and yet, this is still an issue. Why? Because it’s quite frankly a mess to deal with and has multiple moving parts. I highly recommend reading tho…
ajf.one
May 19, 2025 at 1:55 PM
My take on remediating #BlackLotus via #Intune Remediations & #ConfigMgr CIs. It sure was fun to code up and test as much as I was able to. Please let me know if you have any feedback or run into any issues if you try the scripts out!
ajf.one/blacklotus
ajf.one/blacklotus
Nice Tech Community post on migrating BitLocker from #ConfigMgr to #Intune - techcommunity.microsoft.com/blog/CoreInf...
Migrating BitLocker Recovery Key Management from ConfigMgr to Intune: A Practical Guide | Microsoft Community Hub
Hi, I'm Herbert Fuchs, a Cloud Solution Architect. In this blog, I’ll guide you through migrating existing BitLocker recovery keys from Configuration Manager...
techcommunity.microsoft.com
May 19, 2025 at 1:50 AM
Nice Tech Community post on migrating BitLocker from #ConfigMgr to #Intune - techcommunity.microsoft.com/blog/CoreInf...
Did you know you can send LAPS passwords to Entra on Server OS? Neither did @adamgrosstx.bsky.social or I until yesterday! Just need to hybrid join the server(s) and set the GPO to backup to "AAD"! Neat!
April 30, 2025 at 12:33 AM
Did you know you can send LAPS passwords to Entra on Server OS? Neither did @adamgrosstx.bsky.social or I until yesterday! Just need to hybrid join the server(s) and set the GPO to backup to "AAD"! Neat!
Reposted by Anthony J. Fontanez
📬 #Windows Recall had a rocky start, but where do we stand now as it moves into GA? With a complete security overhaul, fresh admin controls, and a default-off strategy, the improvements are promising!
Interested to read a more optimistic view?
stte.me/recallisgreat
Interested to read a more optimistic view?
stte.me/recallisgreat
From Criticism to Confidence: Windows Recall
Windows Recall is a powerful tool, but is it secure, should you be concerned, and how do you manage it?!
stte.me
April 28, 2025 at 12:06 PM
📬 #Windows Recall had a rocky start, but where do we stand now as it moves into GA? With a complete security overhaul, fresh admin controls, and a default-off strategy, the improvements are promising!
Interested to read a more optimistic view?
stte.me/recallisgreat
Interested to read a more optimistic view?
stte.me/recallisgreat