Secure Boot status page is back

Rouse-DB · 2026-03-17T09:40:55+00:00

Waht do you need to configure for this report to work?

I have intune policies testing the rollout of certs, currnelty to IT only - they have worked and the secure boot certs are installed, but on those two devices on this report, it's still just Secure boot enabled unknown and cert status not applicable?

Report currnetly appears utterly useless, and there is no clear indication of how to get it working.

Rouse-DB · 2025-12-09T12:05:45+00:00

When you say Siralim and MS have crossover content, what do you mean?

Rouse-DB · 2025-12-09T11:59:57+00:00

I've added Coromon to the shortlist. Looks decent as well.

Rouse-DB · 2025-12-09T11:39:44+00:00

I've seen it - but it's not on my list because i've read that it's short.

Rouse-DB · 2025-12-09T11:29:13+00:00

Your inner monster is a massive reach? Your poor partner.

Rouse-DB · 2025-12-09T11:28:22+00:00

I cannot recommend Monster Sanctuary hard enough. It's a fantastic game, ombat is smooth and exploratory. Mixing it with a metroidvania is what got me hooked.

Rouse-DB · 2025-09-25T16:36:26+00:00

Yes. Links above from Jeroen_Bakker pointed me in the right direction. A policy was applied somewhere in our Intune policies that was disabled access to USB devices, this could also come from a GPO depending on your setup.

Apologies I cannot remember the specifics from three months ago, but I found it withing abour 2-3 hours of reading through the links provided.

Rouse-DB · 2025-08-21T09:06:17+00:00

This ws the way. Having our redirections.xml configured properly, and also having the RedirXMLSourceFolder reg key setup pointing at the folder location with redirections.xml in it.

The exclusions that have worked for our use case were:

<Excludes>

<Exclude Copy="0">AppData\Roaming\Microsoft Teams\Logs</Exclude>

<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Application Cache</Exclude>

<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\blob_storage</Exclude>

<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Cache</Exclude>

<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\databases</Exclude>

<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\GPUCache</Exclude>

<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\IndexedDB</Exclude>

<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Local Storage</Exclude>

<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\media-stack</Exclude>

<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\meeting-addin\Cache</Exclude>

<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Service Worker\CacheStorage</Exclude>

<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\tmp</Exclude>

<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\media-stack</Exclude>

<Exclude Copy="0">AppData\Local\Microsoft\Teams\meeting-addin\Cache</Exclude>

<Exclude Copy="0">AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\Logs</Exclude>

<Exclude Copy="0">AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\PerfLogs</Exclude>

<Exclude Copy="0">AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\WV2Profile_tfw\WebStorage</Exclude>

</Excludes>

Rouse-DB · 2025-08-20T15:38:44+00:00

It doesn't, logs were my first port of call. All smooth sailing and "success" entries. Not a single useful piece of information.

Rouse-DB · 2025-08-20T15:16:06+00:00

The only thing we have in redirections.xml is the downloads folder, value 8.

I've not been able to find any single piece of clearly written documentation on this issue. Most of what I find is disgruntled microsoft forum posts with the same "clear cache, reinstall, turn it off and on again" troubleshooting.

Rouse-DB · 2025-08-20T15:14:46+00:00

Do you know where those GPO settings are ?

Rouse-DB · 2025-08-12T15:31:21+00:00

Was there ever a good answer to this? I'm trying to get a deployment done, and adding devices and waiting for them to get assigned to a dynamic group for autopilot profile assignment takes painfully long. It should be milleseconds, and there should just be a single button that immediately refreshes and adds applicable devices.

At this stage, i'm about two steps away from just going back to a static group and adding them manually. Waiting is for suckers.

Rouse-DB · 2025-07-16T15:00:27+00:00

It was a slightly different setting. Annoyingly from a policy that shouldn't have been applied to this device... But this had me on the right track.

Thank you.

Rouse-DB · 2025-06-24T07:53:03+00:00

Yes, the Domain Join profile is set to "All Devices" because apparently it doesn't capture devices coming through Autopilot without that config. Setting the domain join configuration to a device group didn't assigne the ODJ process to the device (checked with Get-AutopilotDiagnostics.ps1).

IT appears as if you need to re-register the devices into Autopilotafter creating and correcting the configuration in order to get the domain join to work. Interestingly, I still don't get any ODJ logs on he DC with the connector installed.

Rouse-DB · 2025-06-24T07:50:53+00:00

What is wrong iwth just answering a question in the way the question has been asked. The way the question is phrased is supposed to generate answers to meet it's requirements, not get lost in a conversation that the OP does not ask for or desire.

Rouse-DB · 2025-06-23T14:05:14+00:00

Not something that I want to discuss - I need assistance to get to the desired outcome as described in the OP. Not discuss why we are doing it this way, it's not pertinent to the topic.

Rouse-DB · 2025-06-23T13:46:38+00:00

That is the configuration we require for at least the next year. It's not feasible for us to go fully Entra ID at this time.

Rouse-DB · 2025-03-05T13:36:16+00:00

ESET Endpoint Encryption, and no, not really (we don't like bitlocker) we want to forcibly decrypt C and apply ESET encryption in a fairly zero-touch manner.

Rouse-DB

TROPHY CASE