YubiKey PKI Provisioning: When Certificate Template Permissions Break Everything
We hit CERTSRV_E_UNSUPPORTED_CERT_TYPE errors during YubiKey bulk provisioning. The fix was simpler than expected—but the permission model nearly derailed us.
ReadFor Intune Engineers
What Intune doesn't tell you —
but you'll hit in production.
Real patterns from real environments. Compliance gaps, enforcement blind spots, and the fixes that actually hold up at scale.
Latest
BitLocker, Not LAPS: Fixing Sysprep Failures on Trusted Launch AVD Images
We spent weeks chasing LAPS as the culprit behind sysprep failures on Windows 11 AVD multi-session builds. It was BitLocker the whole time—specifically TPM-only mode on Trusted Launch VMs.
ReadEntra Hybrid Join Stuck in Pending: Troubleshooting a Systemic Device Registration Failure
Four devices stuck in "Pending" status in Entra ID after a migration. Here's what we found when we dug into the SCP, Cloud Kerberos Trust, and a broken NGC key binding.
ReadWhen Intune Enrollment Won't Stick: Registry Cleanup, Reimaging, and What We Learned
A single misspelled email in Active Directory cascaded into enrollment failure and stale MDM registry artifacts. Here's what we found, what we tried, and when we knew it was time to reimage.
Read