[UPDATED]: Microsoft UEFI Signing Requirements
To strengthen the Secure Boot ecosystem and streamline signing turnaround, Microsoft is introducing enhanced UEFI signing requirements for all third-party submissions requesting signatures with Microsoft UEFI CAs (2011 and 2023) or the new Option ROM CA. These updates emphasize security assurance and interoperability across UEFI-enabled devices. Key changes include: Mandatory security audits: Annual independent reviews via the OCP SAFE program, with immediate audits for vulnerabilities or major code changes. Subsystem-based packaging: EFI Applications and Option ROMs must be submitted separately for proper certificate alignment; mixed packaging will be rejected. Stricter code eligibility: Only production-quality binaries, free of GPLv3 licensing, free of known vulnerabilities, and free of malware-prone components will be signed. Enhanced security posture: Requirements for NX compatibility, memory safety, and SBOM inclusion in PE sections are now enforced. Special handling for SHIM and iPXE: SHIM submissions require review board approval or SAFE audits; iPXE submissions must meet additional security criteria.Official Download links for Microsoft Edge Stable Enterprise
I'm not 100% sure it's final but anyone who wishes/wants can test it. Microsoft Edge Stable Enterprise X64.msi http://go.microsoft.com/fwlink/?LinkID=2093437 X86.msi http://go.microsoft.com/fwlink/?LinkID=2093505 MicrosoftEdgePolicyTemplates.cab http://go.microsoft.com/fwlink/?LinkID=2099616 MicrosoftEdgeIntunePolicyTemplate.cab http://go.microsoft.com/fwlink/?LinkID=2099617 macOS.pkg http://go.microsoft.com/fwlink/?LinkID=2093438 Blocker Toolkit to disable automatic delivery of Microsoft Edge https://docs.microsoft.com/en-us/deployedge/microsoft-edge-blocker-toolkitMicrosoft Technical Takeoff 2026: Windows + Intune
Deep dives. AMAs. Windows, Intune, Windows 365, and Azure Virtual Desktop. Tune in for virtual technical skilling that takes you deep inside the latest features, capabilities, and scenarios for commercial organizations and the IT professionals that support them. Microsoft Technical Takeoff 2026 for Windows + Intune is a great opportunity to skill up and learn from engineering and product teams behind the features. Day 1 - now on demand! Let's talk Windows and Intune: 2026 edition The latest in Windows 11 security Uplevel business continuity with Windows 365 Reserve Hotpatch updates demystified: answers to real-world questions Zero Trust in action: securing endpoints with Intune AMA: Windows Autopilot The AI‑powered admin: emerging trends in endpoint management Eliminating NTLM in Windows One platform, many industries: smart Android management with Intune Resiliency with Windows 365 and Azure Virtual Desktop Day 2 - now on demand! The latest in security for Windows 365 and Azure Virtual Desktop Secure Boot certificate updates explained Feedback wanted: App management in the enterprise Ready day one: how to get Windows users up and running fast Making the most of your Intune data Windows 365 reporting and monitoring updates Least privilege on Windows with Endpoint Privilege Management Windows 365 Frontline expands with Cloud Apps and more From panic to productive: point-in-time restore in Windows The Intune playbook for iOS management at scale Day 3 - now on demand! Why smarter Windows management starts with Intune Reporting at scale with Windows Autopatch update readiness User experience updates: Windows 365 Boot and more AI roundup: Intune agents for outcome-oriented innovation AMA: Getting the most from Security Copilot in Intune Manage Apple devices at scale: Intune security best practices Click less, manage more: simplify app deployment with Intune App Control for Business: same roots, new playbook Intune timing demystified: what really happens behind the scenes Migrating from VDI to Windows 365 Day 4 - now on demand! AMA: The latest in Windows hardware security Zero Trust DNS: Securing Windows one connection at a time AMA: Secure and manage AI and agentic capabilities in Windows Deploy and manage Windows 365 with Microsoft Intune Unpacking Endpoint Management: Live from Tech Takeoff 2026 Azure Virtual Desktop for hybrid environments Protect users, stop attacks: Passkeys on Windows AMA: AI and agentic features for Windows 365 Transitioning to post-quantum cryptography Resilience for the modern era: Windows quick machine recovery Please share your thoughts so we can keep bringing you these types of events!Important change released for Guest Configuration audit policies
An important change has been released to policies in category Guest Configuration. The policy format has been updated to address customer feedback, to simplify the experience of auditing settings inside machines. Existing policies that were assigned prior to this release will continue to display accurate results and will not be deleted in the near future. For new policy assignments, only the updated definitions are available. In the new experience, a single initiative handles all prerequisite requirements. Once the prerequisites are completed, Audit policies may be added/removed without needing to run remediation tasks. Switching to the new experience requires assigning the new definitions.
Configure Dial Out policies for all users
HI, Is there a way to configure a policy I can assign to users to block them from making international calls and limit them to domestic only. By default users seem to have international calling permission. I know I can go into each user one at a time and set this setting, but with hundreds of users this isn't a sensible approach. I want the default policy to be to block international, then a 2nd policy to Allow that I can apply to specific users. Thanks.Federated vs Trusted organizations in Meeting Policies
Hi Team gurus! I have been testing out the Microsoft Teams meeting policies for a client and I'm curious if anyone else is experiencing the same behavior in the Lobby option as I am: The global policy set in the Teams Admin Center is set to Automatically admit people who is a part of the organization or federated organization: However, when i choose the Meeting Options for the specific Teams meeting, the policy looks like this: In my test scenario, all authenticated organizations (in my example my other Microsoft account, that is not in any way federated with the tenant) can join by bypassing the Lobby function. When using my gmail account, the user shows up as a "Guest" and I'm told to enter my Display name when joining the meeting and then I'm placed in the lobby. Can anyone specify the difference between federated and trusted (unless federated actually means trusted as in my test case?), as I cannot find this in the Meeting Policy docs or anywhere else. Thanks in advance
