The PortalFuse Microsoft Intune and Security Report Podcast

Welcome back to the Deep Dive, seasoned Windows 365 and Intune administrators! This session is tailored for you, focusing on the latest Microsoft updates impacting management, security, and monitoring of your Cloud PC environments. We're cutting through the noise to bring you the essentials on new reporting capabilities, the much-anticipated Cloud PC resizing for Frontline (in preview), and critical enhancements to Conditional Access through token protection.
 
Get ready to explore how these features can refine your daily operations and bolster your overall Cloud PC strategy. We'll cover the general availability of the Connected Frontline Cloud PCs report, the nuts and bolts of resizing dedicated Frontline Cloud PCs, and a detailed look at implementing security token protection with Conditional Access policies. Plus, we touch on other key security enhancements now default in Windows 11 Cloud PCs and compliance updates for forensic snapshots.
 
High-Level Timeline:
[00:00:22] - Connected Frontline Cloud PCs Report (Now GA): Dive into enhanced reporting for concurrent license usage. Learn how to leverage real-time and historical data (last 28 days) to optimize your Frontline licenses, identify peak usage, manage the concurrency buffer, and even restart Cloud PCs directly from the report. We'll cover necessary permissions and how to locate this vital tool in Intune.
 
[00:04:03] - Resizing Windows 365 Frontline Cloud PCs (Public Preview): Explore the new Cloud PC resizing capabilities for dedicated mode Frontline Cloud PCs. We discuss admin role requirements, critical technical prerequisites (like the need for a temporary secondary IP for Microsoft Entra Hybrid Join & BYON scenarios), and a step-by-step guide to initiating a resize through provisioning policies.
 
[00:06:51] - Security Token Protection & Conditional Access (Public Preview): A significant segment on bolstering security with token protection for the Windows App on Windows devices. Understand how it cryptographically ties refresh tokens to devices, mitigating token theft. We cover its extension to Windows 365 and AVD sessions, recent changes in sign-in log reporting ("Signin token protection"), incompatible join methods, licensing (Entra ID P2), supported devices/apps, known limitations, and how to troubleshoot using sign-in logs (error code 1003 for unsupported registrations). Crucially, learn how to roll out this feature using Conditional Access policies in "Report-only" mode, including specific app targeting and device filtering for unsupported configurations.
 
[00:13:54] - General Security Enhancements & Compliance: Discover default security uplifts for newly provisioned Windows 11 Cloud PCs, including Virtualization Based Security (VBS), Hypervisor-Enforced Code Integrity (HVCI) / Memory Integrity, and Microsoft Defender Credential Guard. We also touch on an important compliance update for the "Place a Cloud PC under review" feature, allowing admins to configure Azure Blob WORM storage for immutable forensic snapshots, aiding in regulatory adherence (e.g., SEC Rule 17a-4).
We encourage you to get hands-on with these updates in your tenants. Explore the new reporting, test out Cloud PC resizing, and strategically plan your token protection and Conditional Access rollout. These enhancements demonstrate Microsoft's continued investment in making Windows 365 a robust and secure platform for your users.
 
#Windows365 #Intune #CloudPC #ConditionalAccess #AzureAD #MicrosoftEntra #Windows365Reporting #CloudPCResizing #ITAdmin #SysAdmin #Microsoft365 #EndpointManagement #VirtualDesktop #Windows11 #Security #TechDeepDive

This week on the PortalFuse Weekly KB Report, we're delivering a crucial deep dive into a significant out-of-band update released on May 19th, 2025. This patch is absolutely vital for Microsoft Intune administrators and IT pros managing Windows 10 environments. We're breaking down everything you need to know about this urgent release that addresses a critical security vulnerability and, importantly, requires manual deployment.
 
🔗 Read our full supporting blog article here: https://portalfuse.io/blog/portalfuse-weekly-kb-update-report-may-20-2025
📑 Access the full PortalFuse KB Report (2250520) discussed: PortalFuse Weekly KB Update Report - 2025-05-20 23:59:59.644000+00:00
 
Tune in as we dissect this multi-OS update targeting various Windows 10 editions, including Enterprise LTSC 2021, IoT Enterprise LTSC 2021, and Windows 10 22H2. We explore a severe security flaw linked to Intel Trusted Execution Technology (TXT) on specific 10th gen or later Intel vPro processors. This vulnerability could unexpectedly terminate the Local Security Authority Subsystem Service (LSASS), leading to major authentication failures and system instability.
 
We also cover the bundled latest servicing stack update (SSU) aimed at boosting the reliability of the entire Windows update pipeline – essential as Windows 10 nears its end-of-life. Plus, get the details on a known issue affecting Noto fonts (CJK text display) in Chromium browsers like Edge and Chrome at 96 DPI, and the all-important deployment guidance: this update is exclusively available via the Microsoft Update Catalog.
 
If you're involved in patch management or Windows administration, this episode is a must-watch for critical intel to keep your endpoints secure and stable!
Timeline:
00:00 🚀 Intro: Diving into the May 19th Out-of-Band Update
00:23 🎯 Focus Point: A Key Multi-OS Update for Intune Admins
00:41 ❗ Why Out-of-Band Updates Demand Immediate Attention
00:46 💻 Targeted Systems: Windows Versions & Update Goals (Security & Quality)
01:08 🛠️ Under the Hood: Latest Servicing Stack Update Inclusion
01:16 👍 Importance of the Servicing Stack Update for Update Stability
01:47 🔬 Deep Dive: Critical Vulnerability with Intel Trusted Execution Technology
01:58 ⚙️ Hardware Specifics: 10th Gen+ Intel vPro CPUs with TXT Affected
02:10 💔 System Impact: Local Security Authority Subsystem Service Termination & Auth Failures
02:28 ➡️ The Trigger: How a Previous Security Update Caused This Issue
03:07 ✨ Reliability Boost: Benefits of the Bundled Servicing Component
03:42 🤔 Clarification: "Medium Impact" Fix vs. "Critical" Underlying Risk
04:26 ⚠️ Known Issue: Noto Fonts & Blurry CJK Text in Chromium Browsers (96 DPI)
04:57 🔧 Workaround: Adjusting Display Scaling for Clearer Text
05:17 📢 Deployment Alert: Manual Download via Microsoft Update Catalog ONLY
06:02 ❓ CVE Status: Why No New CVEs for This Specific Fix?
06:46 📝 Summary: Out-of-Band Update Fixes LSASS, Bundles SSU
07:07 ✅ Recap: Font Glitch Workaround & Manual Deployment Reminder
07:23 💡 Final Thoughts: Navigating Complex Hardware-Specific Patch Management

✨ This week on the Intune Weekly Security Report, we're bringing you the essential security intel seasoned Intune administrators need for managing Windows 10, Windows 11, and Microsoft Edge environments. If you're tackling the ever-evolving world of Windows security, this episode is a must-listen! 🎧
We cut through the noise ✂️, focusing on the Portal Fuse Weekly Security Report from May 20th, 2025, crucial Microsoft updates, and a deep dive into that frustrating Windows 10 BitLocker recovery screen loop (now resolved! ✅). We're covering:
An important elevation of privilege vulnerability affecting older Windows Server versions (Server 2008 & 2008 R2).
Critical Microsoft Edge (Chromium-based) security updates – heads up, one has a known exploit in the wild!
A detailed breakdown of the BitLocker recovery loop issue: what caused it on specific Windows 10 setups and, most importantly, how it was fixed. This one offers lessons for all Windows admins! 👨‍💻👩‍💻
Tune in to get the scoop on the latest threats ⚠️, see which systems (including Windows 10 and Microsoft Edge) are in the hot seat, and learn the precise steps to mitigate these risks efficiently. We'll also discuss using tools like Intune for smooth deployment and management, plus clarify which issues don't affect Windows 11, helping you focus your efforts. 🎯
Dig deeper with our analysis on the blog: PortalFuse Weekly Security Report - May 20, 2025 | Blog | PortalFuse📄
And get the full report here: PortalFuse Weekly Security Update Report - (Windows and Edge Edition) 📂
Video Timeline:
00:00 🚀 - Welcome & Overview: Focusing on the Portal Fuse Weekly Security Report (May 20th, 2025), Microsoft updates (relevant for Intune admins), and a resolved known issue affecting Windows 10 BitLocker.
 
00:32 🛡️ - Windows Server Security: Deep dive into an elevation of privilege vulnerability affecting Windows Server 2008 & 2008 R2. We discuss the "use after free" nature, impact (kernel-level access), and the fact it requires no user interaction.
 
01:12 💻 - Affected Server Systems & Action: Pinpointing the specific older server operating systems vulnerable and the immediate need for out-of-band updates, even if recently patched.
 
02:14 🌐 - Critical Microsoft Edge Vulnerabilities: Discussion of two critical security flaws in Chromium-based Microsoft Edge.
 
02:20 🔥 - Microsoft Edge Vulnerability 1 (Exploited!): Details on an insufficient policy enforcement issue in the browser loader, rated critical, with Google confirming an exploit exists in the wild.
 
02:52 ⬆️ - Microsoft Edge Update Required: The specific Microsoft Edge version (136.0.3240.76) needed to address these critical flaws, released May 15th.
 
03:05 👾 - Microsoft Edge Vulnerability 2 (Arbitrary Code Execution): Examining a Chromium-derived issue involving the Mojo framework that could lead to arbitrary code execution.
 
03:49 🔧 - Resolved: Windows 10 BitLocker Recovery Loop: Addressing the disruptive issue where Windows 10 devices were stuck on the BitLocker recovery screen.
 
04:03 🎯 - BitLocker Issue - Trigger Conditions: Detailing the very specific combination of Windows 10, Intel Trusted Execution Technology (TXT) enabled on 10th gen or later vPro processors, and a particular May 2025 security update (KB5058379) that caused the BitLocker problem.
 
04:40 📉 - BitLocker Issue - Technical Cause & Indicators: Explanation of how the LSASS could crash on Windows 10, leading to the BitLocker loop, and event log IDs to look for (Event ID 20, Event ID 1007).
 
05:41 🖥️ - BitLocker Issue - Affected Platforms (Windows 10 focus): Clarifying this only impacted specific Windows 10 versions (22H2 & LTSC 2021) with the precise hardware, not Windows 11 or Server.
 
06:00 🩹 - BitLocker Issue - Resolution & Patch: The out-of-band update (KB5061768) released to fix this Windows 10 issue, available only via the Microsoft Update Catalog.
 
06:17 👉 - BitLocker Fix - Guidance (Proactive for Windows 10): Advice for Intune admins on how to handle the problematic May update for relevant Windows 10 machines.
 
06:31 🛠️ - BitLocker Fix - Guidance (Affected Windows 10 Devices): Multi-step recovery process for Windows 10 machines already stuck in the BitLocker loop, including the need for the recovery key and temporary BIOS/UEFI changes (disabling Intel VT-d/TXT).
 
07:28 🔑 - Critical Reminder: BitLocker Recovery Keys: Emphasizing that Microsoft Support cannot recover lost BitLocker keys for Windows 10 or any OS.
 
07:40 📝 - Summary of Key Actions (for Intune Admins):
Server 2008/R2: Deploy specific out-of-band updates.
 
Microsoft Edge: Update to the latest version (136.0.3240.76) to fix two critical flaws.
 
Windows 10 (specific configurations): Obtain the out-of-band BitLocker fix (KB5061768) from the Microsoft Update Catalog.
 
08:32 🤔 - Final Thoughts: Discussing the increasing complexity of security across the Windows ecosystem (including Windows 10, Windows 11, Microsoft Edge) and the critical need for precise patching (often managed via Intune) and robust testing

🚨 Get ready to dive deep into the shadowy world of cybercrime! 🕷️ In this electrifying episode, we unravel the twisted connection between the notorious ALPHV/BlackCat ransomware gang 🐈‍⬛ and the sneaky Latrodectus malware loader! 💥
 
Did you know these cyber baddies might be working together? Our investigation, drawing straight from the intel, reveals how Latrodectus, a sophisticated piece of malware also known as BlackWidow, could be opening doors for ALPHV/BlackCat to wreak havoc! 🚪
 
We'll explore:
• The lowdown on ALPHV/BlackCat, the ransomware-as-a-service (RaaS) group with ties to infamous predecessors like BlackMatter and REvil. Their Rust-based ransomware is fast, flexible, and tough to detect.
 
• The nitty-gritty of Latrodectus, the malware loader developed by the Lunar Spider group – the same crew behind the IcedID banking trojan! 🕷️ This loader is designed to sneak into systems and drop other malicious payloads.
 
• The shocking link: Evidence suggests that Lunar Spider, the developers of Latrodectus, has connections with ALPHV/BlackCat! Could Latrodectus be the key that unlocks the door for ALPHV/BlackCat's ransomware attacks? Our previous conversation highlighted this collaborative relationship, where LUNAR SPIDER acts as an initial access broker, potentially using Latrodectus to pave the way for ALPHV/BlackCat's ransomware deployments [Our Conversation History].
 
Tune in to uncover the intricate web connecting these cyber threats and learn why understanding their relationship is crucial for staying safe in the digital landscape!
 
🎧 Don't miss out on this thrilling cybersecurity exposé! 🔥
 
Also, see our briefing document over here: https://portalfuse.io/blog/detailed-briefing-document-alphv-blackcat-latrodectus-and-associated-threat-actors

🌱💻 Spring into Cybersecurity: Critical Edge Updates & USB Printer Glitches! 🎧🔒
As we shake off the winter blues and dive into the fresh energy of spring 🌸, it's time to refresh not just our surroundings but also our digital defenses! 🚀 This week, we’re tackling urgent Microsoft Edge security updates 🛡️ and a pesky USB printer issue that’s causing some chaotic printouts. 🖨️💥
🔹 Microsoft Edge Alert! 🚨A fresh security update is here! Microsoft Edge v134.0.3124.62 patches multiple vulnerabilities, including:⚠️ Out-of-Bounds Write (CVE-2025-24201) – Actively exploited! 🛑⚠️ Type Confusion Bugs (CVE-2025-2135, CVE-2025-1920) – Risk of arbitrary code execution! 🏴‍☠️⚠️ Use After Free (CVE-2025-2136) – A dangerous Inspector component flaw! 🔎
📢 Update ASAP! Delaying puts your system at risk! 🚀
🖨️ USB Printer Chaos! 🤯Ever seen your printer spew out random gibberish, starting with "POST /ipp/print HTTP/1.1"? Yeah, it’s a thing now! 🙄💀 After the latest Windows update, dual-mode USB printers are misbehaving. Microsoft has issued a Known Issue Rollback (KIR) to ease the pain, but IT admins, keep an eye out for a permanent fix coming soon! 🔄
🎧 Stay Secure on the Go! 🚀Tap into our weekly security podcast for expert analysis and the latest Microsoft security updates! 🎙️💡 Plus, join the conversation on r/PortalFuse to chat with fellow IT pros and security enthusiasts.
🔗 Full PortalFuse Weekly Report → PortalFuse Weekly Security Update Report - (Windows and Edge Edition)
💡 Stay updated, stay secure, and keep your tech in check! 🔐✨#MSIntune #Windows11 #WUfB

📢 Get ready, IT aficionados! 💻⚙️ Welcome back to the podcast, where we delve into the future of device management. Today, we're taking a sneak peek into the crystal ball 🔮, specifically at the exciting updates coming to Microsoft Intune in March 2025.
We've got two major announcements that are going to make your lives easier and your device fleet more secure. First up, for all you managing modern Windows devices, especially those sleek ARM64 machines 📱, get ready! Endpoint Privilege Management (EPM) is expanding its horizons to support ARM 64-bit architectures. That means you'll soon be able to manage file elevations on even more of your devices, building upon the existing compatibility with 64-bit operating systems. This is a big win for broader EPM adoption!
But wait, there's more! 🤖 We're also seeing the dawn of a new era in device querying with the introduction of the Copilot assistant for device query. Imagine being able to ask plain English questions 🤔 and having Copilot generate those complex Kusto Query Language (KQL) queries for you to retrieve data from single or multiple devices! Whether you want to know which devices haven't been encrypted or see the top memory-hogging processes on a specific machine, Copilot is here to help. You can even see how Copilot generated the query, offering a fantastic learning opportunity!
So, buckle up! 🚀 We're about to dive deeper into these game-changing features outlined in the "Intune: March 2025 Feature Briefing - EPM & Copilot" and the "What is new in intune for the Week of March 17, 2025". Get ready to enhance your understanding of Intune's future and how these updates, expected around the week of March 17, 2025, will revolutionize your Windows device management experience.
#MSIntune #Windows11

🚨 New cyber threat alert! 🚨
Dive into the murky world of StilachiRAT, a novel and sophisticated Remote Access Trojan (RAT) uncovered by Microsoft researchers 🕵️‍♂️. This isn't your run-of-the-mill malware; StilachiRAT has its sights set on your digital wallets 💰 and personal data 💾.
In this episode, we unpack the inner workings of this stealthy RAT, exploring its arsenal of techniques:
• System reconnaissance: Learn how StilachiRAT meticulously profiles infected systems, gathering everything from OS details to camera presence 📸.• Cryptocurrency theft: Discover its laser focus on 20 different cryptocurrency wallet extensions for Chrome, including MetaMask and Trust Wallet 🦊, and how it sniffs out those precious crypto keys from your clipboard and files 🔑.• Credential theft: Find out how it swipes your saved browser passwords 🤫.• Persistence mechanisms: We'll reveal how StilachiRAT digs in its heels, using sneaky methods to ensure it stays on your system, even if you try to remove it ⏳.• Evasion tactics: Uncover the anti-forensic tricks this RAT uses to hide from security software and analysts, including clearing event logs and obfuscating its code 👻.• Command and Control (C2): Understand how it communicates with its masters using common ports, even delaying its initial contact to avoid detection 📞.While not yet widespread, StilachiRAT's advanced capabilities make it a significant threat, especially for cryptocurrency users. We'll also discuss mitigation strategies recommended by Microsoft to help you protect yourself.
 
Briefing Document: StilachiRAT Malware Analysis | Blog | PortalFuse
 
Stay informed, stay safe! 🛡️ #cybersecurity #malware #crypto #StilachiRAT

In this episode, we dive deep into the March 2025 Patch Tuesday updates, covering critical security vulnerabilities in Windows and Microsoft Edge. From remote code execution (RCE) threats to elevation of privilege (EoP) exploits, these updates are essential for IT admins, security professionals, and system administrators to keep their environments protected.
🚀 Key Topics Covered: ✅ RCE vulnerabilities allowing external attackers to take control✅ EoP flaws that can grant unauthorized system-level access✅ Denial of Service (DoS), Spoofing, and Information Disclosure risks✅ Microsoft Edge Chromium-based security patches✅ Essential security updates and mitigation strategies
🛑 Don't leave your systems vulnerable! Stay ahead of cyber threats by applying these patches ASAP.
🎧 Tune in now to get the full breakdown and expert analysis! 🔊💻 #CyberSecurity #WUfB

💡 New Update Substate in Feature Updates Report!🔹 A new "Not supported" substate has been added! 🆕 This helps admins identify devices with Active Directory issues that might block updates.
📖 Where to Learn More?🔗 Microsoft Learn has a deep dive into Windows Update for Business reports and how to configure them in Intune! 📚
📊 Understanding Data Sources for Windows Update for Business Reports🔹 Service-based Data ⚡ – Collected automatically from Windows Update, appearing in less than an hour.🔹 Client-based Data 🔄 – Requires configuration in Intune and refreshes every 8 hours.
⏳ How Fast is Data Available?⏱️ Service-based Data – Instant updates on registration issues & update status.⏱️ Client-based Data – Tracks feature update progress, including disk space issues.
⚙️ Do You Need to Enable These?✅ Service-based Data – No action needed! 📡 It’s automatic.✅ Client-based Data – Needs Intune policies set up to send device data.
🛠️ What’s in Client-based Data?🔍 Tracks update progress, installation steps, and issues like disk space problems! Perfect for troubleshooting.
🎧 Stay ahead with the latest Intune updates! 🚀 Subscribe now to keep your devices up to date! 🔗🔊

🚀 Intune Update Bonanza: Exciting New Features Unveiled for February 24, 2025 🎉
Welcome to this week's episode where we dive into the latest updates in Microsoft Intune! 🎧✨ Get ready for a comprehensive overview of the exciting new features, including:
🍏 Improvements for managing Apple devices📱 Groundbreaking QR code authentication for Managed Home Screen on Android🤖 Granular control over Windows AI settings that prioritize data privacy 🔐
🔍 Stay tuned as we explore the enhanced security measures, such as:🛡️ New settings for Microsoft Defender device control on Windows🔗 Anticipated update to the Intune connector for Active Directory
These updates aim to balance user control, security, and convenience ⚖️, helping IT admins stay ahead in the ever-evolving tech landscape. 🌍💡
Resources:Frequently Asked Questions about Microsoft Intune Updates (Week of February 24, 2025) | Blog | PortalFuse