WinPEAP
WinPEAP is a WinPE-based workflow to transition devices to Entra Joined and auto-enroll them into Intune via Windows Autopilot. It uses OSDCloud to build a customized WinPE ISO, injects the 4kAutopilotHashUpload.ps1 script and oa3tool-based hardware hash capture, and uploads the Autopilot hash to Intune during WinPE. Automation spans OS deployment, driver injection, hash registration, and enrollment, with support for user-driven Autopilot profiles and VM testing considerations.
Security Analysis
1 files scanned on Jan 13, 2026
Overall assessment: The script is a legitimate WinPE Autopilot hash collection and Graph API upload tool used in Microsoft Intune workflows. Key security considerations include guarding the AppSecret (prefer certificate-based authentication or managed identity), sanitizing error output to avoid leaking sensitive data, verifying the origin and signing of PCPKsp.dll used for TPM-related operations, and avoiding embedding secrets or credentials in logs or code. No evidence of unauthorized remote script downloads, obfuscated payloads, or hardcoded secrets beyond placeholders. Data transmitted to Graph (hardware hash, serial) is expected for Autopilot provisioning but should be tightly controlled with least-privilege permissions.
You might also like
FixMyADMX
FixMyADMX is a script-based tool that automatically repairs ADMX/ADML templates for Intune administrative templates. It replaces unsupported controls (comboBox) with textBox, injects explainText attributes for policies, and attempts to remove or report on Windows.admx references to improve import reliability. It builds on the approach used in Citrix ADMX cleanup and aims to streamline ADMX ingestion for Intune deployments.
Martin HimkenDeploy Windows 365
Professional-grade PowerShell script that automates deploying Windows 365 Cloud PC environments in Azure and Microsoft Entra ID. It creates or reuses security groups, applies user/admin settings policies, and provisions Cloud PCs regionally with intelligent Enterprise assignment preservation. It uses a lightweight Microsoft Graph authentication module and includes robust error handling, scalable naming conventions, and license-driven provisioning.
Jon JarvisInToolz
InToolz is a management tool for Microsoft Intune designed to simplify cross-tenant migrations and bulk configuration tasks. It enables tenant-to-tenant copy of Intune content, bulk assignment deployment and removal between groups, profiles, and applications, and mass updates to description fields. Note that the project is a work in progress, with several features planned for future releases.
Jørgen SundetBrowserConfigEditor
BrowserConfigEditor is a macOS GUI tool that creates and edits browser policy configurations for enterprise deployments. It supports multiple browsers (Chrome, Edge, Safari, Firefox, Brave, and other Chromium-based browsers) and exports policies in plist, JSON, Intune XML, or shell scripts for deployment. It includes features like visual policy configuration, import/export, search/filter, built-in documentation, and deployment-ready outputs for MDM and Intune.
Gil Burns