Back to all tools
OtherConfiguration

WinPEAP

WinPEAP is a WinPE-based workflow to transition devices to Entra Joined and auto-enroll them into Intune via Windows Autopilot. It uses OSDCloud to build a customized WinPE ISO, injects the 4kAutopilotHashUpload.ps1 script and oa3tool-based hardware hash capture, and uploads the Autopilot hash to Intune during WinPE. Automation spans OS deployment, driver injection, hash registration, and enrollment, with support for user-driven Autopilot profiles and VM testing considerations.

Security Analysis

6of 6
All Checks Passed

1 files scanned on Jun 11, 2026

No Obfuscated Code
No Remote Execution
No Credential Theft
No Data Exfiltration
No Malicious Patterns
No Hardcoded Secrets
AI Analysis

The script is a legitimate Intune/Graph API integration for Windows Autopilot hash upload in WinPE. Security concerns center on credential handling (AppSecret and defaults), integrity and trust of the TPM-related PCPKsp.dll loading, and logging of sensitive identifiers. No obfuscated payloads, no direct remote code execution, and no evident data exfiltration beyond required API interactions. Recommendations: replace placeholder/default credentials with secure vault retrieval, validate and sign any loaded DLLs, minimize logging of sensitive identifiers, and prefer stable Graph API endpoints with robust auditing.

You might also like

Other

FixMyADMX

FixMyADMX is a script-based tool that automatically repairs ADMX/ADML templates for Intune administrative templates. It replaces unsupported controls (comboBox) with textBox, injects explainText attributes for policies, and attempts to remove or report on Windows.admx references to improve import reliability. It builds on the approach used in Citrix ADMX cleanup and aims to streamline ADMX ingestion for Intune deployments.

Martin HimkenMartin Himken
Other

Deploy Windows 365

Professional-grade PowerShell script that automates deploying Windows 365 Cloud PC environments in Azure and Microsoft Entra ID. It creates or reuses security groups, applies user/admin settings policies, and provisions Cloud PCs regionally with intelligent Enterprise assignment preservation. It uses a lightweight Microsoft Graph authentication module and includes robust error handling, scalable naming conventions, and license-driven provisioning.

Jon JarvisJon Jarvis
Desktop App

InToolz

InToolz is a management tool for Microsoft Intune designed to simplify cross-tenant migrations and bulk configuration tasks. It enables tenant-to-tenant copy of Intune content, bulk assignment deployment and removal between groups, profiles, and applications, and mass updates to description fields. Note that the project is a work in progress, with several features planned for future releases.

Jørgen SundetJørgen Sundet
Desktop App

BrowserConfigEditor

BrowserConfigEditor is a macOS GUI tool that creates and edits browser policy configurations for enterprise deployments. It supports multiple browsers (Chrome, Edge, Safari, Firefox, Brave, and other Chromium-based browsers) and exports policies in plist, JSON, Intune XML, or shell scripts for deployment. It includes features like visual policy configuration, import/export, search/filter, built-in documentation, and deployment-ready outputs for MDM and Intune.

Gil BurnsGil Burns