You’ve just implemented a Cloud Management Gateway to help your hybrid joined Windows devices communicate to Configuration Manager over the internet, but what if they’re orphaned and unable to communicate to Configuration Manager to get the new Client Settings?

This is the last part in the series around the CIS (Center for Internet Security) benchmark for Windows 11, and we’d like to say that we’ve saved the best post for last, but we’d be lying. Surely the Level 2 settings can’t be worse than the Level 1?

I’m not sure what I’m doing playing around with Power Automate, but here we are. Like many people, I have a habit of forgetting to set an Out of Office message when I’m actually on holiday, or when I’m working with customers. Let’s see if we can make something do this for us.

When did Microsoft go all covert ops (maybe don’t answer that question) and start making changes to your very own Firewall Rule policies in Microsoft Intune without letting anyone know? Or did they?

The impact of the CIS settings on BitLocker and Windows Autopilot now done and dusted, we should broaden our horizons and start to look at what other problems the CIS level 1 benchmark brings to Windows 11 as a whole. Are there any? Will it be smooth sailing? Yeah, no.

So Microsoft released Windows Autopilot Device Preparation, or more commonly known as APv2, into General Availability a little while ago. So with this production release we should be able to name our corporate owned Windows devices right Microsoft? Right?

With the CIS BitLocker and associated DMA settings reviewed and updated, now is time to delve into the Windows 11 specific settings that exist in the CIS Level 1 benchmark. What issues do they bring to Windows Autopilot, what solutions can we find? Honestly, who knows.