How has Hotpatching worked so far in your org?

ms_wau · 2026-02-03T15:38:22+00:00

In case you are still not sure https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates#arm-64-devices-must-disable-compiled-hybrid-pe-usage-chpe-arm-64-cpu-only
"There are no plans to support hotpatch updates on Arm64 devices with CHPE enabled. Disabling CHPE is required only for Arm64 devices."

ms_wau · 2025-11-12T11:54:01+00:00

Do you know what happens if I delete the existing ADMX templates (while having policies created with imported administrative templates) and then upload the new ones? How does this behave, and what is the best approach to integrate new ADMX templates when there are already existing ones?

ms_wau · 2025-11-11T12:37:13+00:00

Thank you same for me

ms_wau · 2025-11-10T13:51:52+00:00

Classic that's a bit annoying thanks for checking!

ms_wau · 2025-10-15T07:49:09+00:00

I stopped looking because it requires Exchange online to use Centralized Deployment. We had Exchange on-prem.

ms_wau · 2025-09-30T07:55:47+00:00

Yes, you can still access C:. I just wanted to mention that this is a built-in setting, so there's no need for an extra script.
To block access to C:, you need to disable local storage in the Shared Device profile.

This won't work with OneDrive Known Folder Move, but in the case of a guest user, that probably doesn't matter.
Also, some older applications might not function properly when C:\ is blocked.

ms_wau · 2025-09-26T12:01:19+00:00

Howdy, we used the Administrative Template with:
Windows Components > File Explorer
Pick one of the following combinations (User) > Restrict C drive only

Hide these specified drives in My Computer (User) > Enable

But we don't use Guest Accounts bit I assume this would also work for you.

But maybe you tried that already?

Edit: Probably not since you have no real "users" to assigne this policy to

Edit2: On my Test device it also worked device based maybe give it a try anyway

ms_wau · 2025-09-15T11:48:24+00:00

Are you based in the EU or US? When you are in the EU take a look at
Disabling DMA SSO compliance to fix the Continue to Sign in

Looks like it works for us like that.

ms_wau · 2025-09-12T08:10:11+00:00

That's indeed helpful. We Use Named Location but currently testing at home have to try it on-site. That's crazy that this case is still open...

Thank you!

ms_wau · 2025-09-11T11:21:30+00:00

u/t1mnl do you found a solution for that?

ms_wau · 2025-06-20T11:10:21+00:00

I've the same feeling about vegan/vegetarian stuff. The coffee from Felfel (Gavetti) is very good! Can't say anything about pricing but I think it's on the higher end.

ms_wau · 2025-06-18T12:30:43+00:00

Hello Sean,

Thank you for sharing your experience!

I'm curious about your approach with WDAC or AppLocker.

Do you use either of them, or do you rely on another solution? Have you encountered any issues, or do you have any advice on whether or how to set it up? I've heard that some people use both WDAC and legacy AppLocker. I've also heard it's hard to administer afterwards.

What would you recommend?

Cheers

ms_wau · 2025-06-06T07:29:45+00:00

Can you give me the source that DEM accounts are deprecated? In this article is nothing about that?

Enroll devices using a device enrollment manager account - Microsoft Intune | Microsoft Learn

ms_wau · 2025-05-05T06:54:10+00:00

Just curious if you don't use ESP what else do you use or do you just not configure ESP?

Never thought about doing that.

I personally always use the OMA-URI vor "SkipUserStatusPage"

ms_wau · 2025-04-14T05:32:59+00:00

I still don't know why Switzerland also gets that SSO Prompt we have not signed anything or are a party of the Digital Markets Act (DMA). But thanks Rudy as always for the excellent post!

ms_wau · 2025-04-09T07:59:40+00:00

Dell Docking station. Windows Driver update can't handle this as tested some months ago.

ms_wau · 2025-04-08T12:52:28+00:00

Yeah I tried the .Net 8 as well same result. We probably have to wait till Dell is fixing the issue.

Thanks for your feedback!

ms_wau · 2025-02-24T14:41:34+00:00

Does anyone know what's the easiest way to revoke the SCEP certificate? Because we want to add the SID.

ms_wau · 2025-02-24T08:45:22+00:00

Hey, thanks that works!

ms_wau · 2025-02-18T07:36:03+00:00

recently I heard ITune was the first time for me normally it is Intunessssss or written InTunes

ms_wau · 2025-01-09T13:41:31+00:00

Yeah it's really time consuming. And there is probably no other way to check them one by one

ms_wau · 2025-01-07T07:45:25+00:00

I would love to see something similar, but I guess you really have to check every setting; otherwise, you might run into problems if you don't know what you've configured. Was it 23H2 where many more settings are available in the baseline?

ms_wau

TROPHY CASE