Jeremy Moskowitz

@curi0usJack Clearly, you and I can be friends.

Group policy remains the best security control ever invented with no close second.

@xenappblog @MSIntune Maybe there should be two factors for admins (two admins) to perform this function. And rate limits. Like the 100 an hour and unchanging for 24 hours. Just some ideas.

200,000 @MSIntune Devices Erased? Pro-Iran Hackers Hit US Firm Stryker With Data-Wiping Attack. Check out this amazing CA Policy Analyzer. @jhope188/conditional-access-finding-the-gaps-in-your-entra-ca-before-attackers-do-c15dc7c5c34f" target="_blank" rel="nofollow noopener">medium.com/@jhope188/cond…

@SwiftOnSecurity @robinbrandl Wow. Thanks guys. I had a magical sense to log on and see what was up in the world. What a great treat!! Thanks You Two!!

@robinbrandl @jeremymoskowitz 😉

I could give you a one hour lecture on how beautiful Group Policy architecture is, complexity really hard to appreciate. It remains in fact completely unmatched by anything in the entire world. Subsequent efforts are a downgrade, on purpose, because people could not handle it.

@jsnover You might be the only person I’ve hear say “boof-a-Rama” out loud. It’s so very you. ;)

Legacy Windows CLI was a "boof-a-rama" of incoherent syntax. Before PowerShell, users had to guess if a command wanted a slash or a hyphen. Learn how it was fixed: jsnover.com/blog/2026/02/0…

I still can’t believe that … months after Windows 11 is installed, randomly.. after I reboot, it OOBEs to upsell and ask me questions at login. An email every now and then.. fine. But on reboot!?

@Mister_MDM Its so easy, anyone can understand it !!

Ever wondered why a device syncs differently with Intune? And why hammering the "Sync button" in Work or school only brings down your policies, while Win32 apps do nothing? This diagram shows why. Policies flow through OMA-DM. (Intune / MMP-C) Win32 apps and PowerShell run through the IME. Different engine. Different timers. Different triggers. Two separate mechanisms. Same device. Very different behavior. Read all the details in this blog: patchmypc.com/blog/how-windo… #Intune #MSIntune #Windows #Windows11

Seriously. I explain this in my MDMandGPanswers.com/book Intune book; this behavior I believe has always been there. Most people just set and don’t check revert expectations. Until it’s too late and you’ve got 50,000 tattoo’d machines. If only Netwrix PolicyPak/Endpoint Policy Manager were there to help take your real GPOs and put them in intune and make them ACT like GPOs.. perfectly peeling off ..every..single..time.. that would be amazing. Oh way, its always worked that way. :-)

The Intune Tattooing Issue What would you do if every single policy in your tenant stayed tattooed on every device… long after you deleted it? Settings gone in the portal. Assignments removed. Yet the devices keep enforcing everything as if nothing ever changed. And the reason was nowhere near the devices. If you want to know what really caused it, the full story is here: patchmypc.com/blog/intune-de… #Intune #MSIntune #Windows #Windows11

What interesting or unusual gear DON’T I have but I should get with a Black Friday deal ? Links if possible … thanks !

@techspence Its legacy when Microsoft DCPROMO's down their own final on-prem domain controller and officially deprecates the AD role in Server 20XX.

Should Active Directory be considered "legacy"?

@mike_marable Not just ignored. Sometimes it locks up the start menu.

Does anyone have the GPO delivery method working? The Intune and PPKG deliveries have worked exactly as documented, but the GPO does nothing. The setting is ignored. learn.microsoft.com/en-us/windows/…

Can we all agree now to just stop saying "Gen AI tools" and get 33% more efficient by saying merely "AI tools" ?

In case you make mistakes sometimes, so do billion dollar companies. @Marriott .. oopsie.

I just wish there were more sessions with AI in the title at #MSIgnite. Anyway; I'm officially going. If anyone watch to catch up; ping me. Email is best, Linkedin is secondbest, and DMs on X are thirdbest way.

@zacbowden And programmatically letting me set the Staet Menu. It’s unusable when left to users.

Given how dire Windows 11’s reputation is right now, I really think Microsoft should just bite the bullet and add back the ability to move the Taskbar again. It’s literally the TOP thing I see people complaining about in comments. Could go a long way lol

@Mister_MDM So it’s clearly trying to remove certain from 1E “the company” and this is collateral damage. But why nuke the 1E cert at all?

⚠️ Heads up!!! Big warning for HP AI Devices! ⚠️ Some of HP’s latest Next Gen AI PCs, including the EliteBook X Flip G1i, are getting the updated OneAgent 1.2.50.9581 build. That version seems to run a cleanup script removing any certificate containing “1E” in its subject .... which can delete the MS-Organization-Access cert. Once that happens, your device is no longer Entra joined or Intune Enrolled!. #Intune #MSIntune #Windows #Windows11 #Entra

@NathanMcNulty Gosh if only there was a … tool.. from another MVP… which completely wrestled this problem to the ground.. that would be… amazing… #PolicyPak, I mean, Netwrix Endpoint Policy Manager.

Crazy idea, but bear with me here - stop giving users admin rights Combine that with app control, and man are you cooking

@samilaiho Sometimes, progress goes backwards.

No more Bluescreen #bsod I don't know how I feel about this 🥺🤔

@NathanMcNulty I keep my old iPhone around.. which I could sell.. specifically because of this problem. Every so often I have to dig it out, re-charge it, get the code and move on with my life. Its maddening.

One simple change would fix Microsoft Authenticator migration while still keeping device-bound security On the new phone, you shoud be able to pick the account, log in, answser MFA on the old phone, and done But no, we have to delete the accounts and re-add them all by finger

@BestBuy_Deals I'm pretty sure that an email every single day is overkill.

@OneRSAC ... This is an OR... Only one should light up (top or bottom.) Yes, it lets you proceed.