PaulyCloud — Intune & Endpoint Management Blog on PaulyCloud

Confirm Escrow of FileVault Recovery Keys in Microsoft Entra

Mon, 18 May 2026 00:00:00 +0000

A couple of weeks ago I wrote about confirming the escrow of BitLocker recovery keys in Microsoft Entra — driven by the urgency of the Secure Boot certificate changes. On the macOS side, there is no equivalent certificate crisis forcing our hand right now, but that does not make FileVault key escrow any less important.

macOS continues to grow as a platform in the enterprise. More and more organizations are offering Macs as a choice — or even a default — for their workforce, and with Apple Silicon delivering strong performance across developer, creative, and general productivity workloads, that trend is only accelerating. As your Mac fleet grows, so does the importance of managing it with the same rigour you apply to Windows.

IntuneTip: Reset Windows Hello for Business Using On-Demand Remediation

Mon, 04 May 2026 00:00:00 +0000

Sometimes users need to have their Windows Hello for Business container reset. This can happen for a myriad of reasons:

Biometrics stopped working
“Something went wrong” errors during sign-in that won’t resolve
Trust relationship between the credential and Microsoft Entra ID broke
User suspects their PIN was observed or compromised
Device was lost briefly and recovered — user wants to re-key

For this support request, you can easily push a small script using Intune’s on-demand remediation feature (preview). All it does is use certutil to delete the Windows Hello container and return the exit code.

Secure Boot Certificates – Confirm Escrow of BitLocker Recovery Keys in Microsoft Entra

Mon, 27 Apr 2026 00:00:00 +0000

With the change of the Secure Boot certificates coming in fast and furious as summer approaches, it is paramount to ensure that your estate is ready to deploy the changes swiftly and securely.

The change and deployment has been documented thoroughly by several great community articles and contributions in recent months, along with the expansion of Microsoft’s own documentation on the subject.

I will not delve further into that here other than to provide links for further reading, but if you’re looking at a deployment guide, I would highly suggest taking a look at Mindcore’s blog linked below:

Passkey (iOS/Android) Registration Issue

Tue, 20 May 2025 00:00:00 +0000

It is essential for some organizations to support BYOD for the iOS and Android platforms.

This is most easily done while protecting data by utilizing Mobile Application Management (MAM), App Protection Policies (APP), and Conditional Access policies to enforce it.

Along with this, we are all in the eternal search for features that provide more security and a better user experience. Such unicorn features are few and far between, as more security usually means impacting the end-user experience in some way.

About

Mon, 01 Jan 0001 00:00:00 +0000

Welcome to PaulyCloud
#

PaulyCloud is a blog dedicated to Microsoft Intune and endpoint management. Here you’ll find practical guides, deep dives, and real-world tips for managing devices at scale in the modern workplace.

What You’ll Find Here
#

Configuration Profiles — Settings catalog, templates, and custom OMA-URI to manage endpoints the right way
Scripting & Automation — PowerShell scripts, remediation scripts, and Graph API to take the manual work out of endpoint management
Windows Autopilot & Device Preparation — Zero-touch deployment, provisioning profiles, and modern device onboarding at scale
Security Baselines — Hardening endpoints with Microsoft’s recommended settings and beyond
Conditional Access — Integrating Intune with Entra ID to enforce the right access controls at the right time
Device Compliance — Configuring and troubleshooting compliance policies that feed into your security posture
App Deployment — Win32 apps, LOB apps, Microsoft Store apps, and everything in between
Troubleshooting — Diagnosing and resolving the Intune issues you’ll inevitably run into

Connect
#

Feel free to reach out or follow along on LinkedIn and GitHub.

Contact

Mon, 01 Jan 0001 00:00:00 +0000

Get in Touch
#

Have a question, feedback, or just want to connect? Feel free to reach out.

Privacy Policy

Mon, 01 Jan 0001 00:00:00 +0000

We Do Not Collect Your Data
#

PaulyCloud is a personal blog. Your privacy matters, and this site is designed to respect it fully.

No Tracking
#

No cookies — This site does not set any cookies
No analytics — No Google Analytics, no tracking pixels, no telemetry
No fingerprinting — No browser or device fingerprinting of any kind

No Data Collection
#

No personal data is collected, stored, or processed
No email addresses are harvested or stored
No user accounts are required
No forms collect or transmit data from this site

No Third-Party Trackers
#

This site does not embed any third-party tracking scripts, ad networks, or social media trackers.

Search

Mon, 01 Jan 0001 00:00:00 +0000

PaulyCloud — Intune & Endpoint Management Blog on PaulyCloud

Confirm Escrow of FileVault Recovery Keys in Microsoft Entra

IntuneTip: Reset Windows Hello for Business Using On-Demand Remediation

Secure Boot Certificates – Confirm Escrow of BitLocker Recovery Keys in Microsoft Entra

Passkey (iOS/Android) Registration Issue

About

Welcome to PaulyCloud #

What You’ll Find Here #

Connect #

Contact

Get in Touch #

Email #

LinkedIn #

GitHub #

Privacy Policy

We Do Not Collect Your Data #

No Tracking #

No Data Collection #

No Third-Party Trackers #

Search

Welcome to PaulyCloud
#

What You’ll Find Here
#

Connect
#

Get in Touch
#

Email
#

LinkedIn
#

GitHub
#

We Do Not Collect Your Data
#

No Tracking
#

No Data Collection
#

No Third-Party Trackers
#