WinPEAP
WinPEAP is a WinPE-based workflow to transition devices to Entra Joined and auto-enroll them into Intune via Windows Autopilot. It uses OSDCloud to build a customized WinPE ISO, injects the 4kAutopilotHashUpload.ps1 script and oa3tool-based hardware hash capture, and uploads the Autopilot hash to Intune during WinPE. Automation spans OS deployment, driver injection, hash registration, and enrollment, with support for user-driven Autopilot profiles and VM testing considerations.
Security Analysis
1 files scanned on Jun 11, 2026
The script is a legitimate Intune/Graph API integration for Windows Autopilot hash upload in WinPE. Security concerns center on credential handling (AppSecret and defaults), integrity and trust of the TPM-related PCPKsp.dll loading, and logging of sensitive identifiers. No obfuscated payloads, no direct remote code execution, and no evident data exfiltration beyond required API interactions. Recommendations: replace placeholder/default credentials with secure vault retrieval, validate and sign any loaded DLLs, minimize logging of sensitive identifiers, and prefer stable Graph API endpoints with robust auditing.
You might also like
FixMyADMX
FixMyADMX is a script-based tool that automatically repairs ADMX/ADML templates for Intune administrative templates. It replaces unsupported controls (comboBox) with textBox, injects explainText attributes for policies, and attempts to remove or report on Windows.admx references to improve import reliability. It builds on the approach used in Citrix ADMX cleanup and aims to streamline ADMX ingestion for Intune deployments.
Deploy Windows 365
Professional-grade PowerShell script that automates deploying Windows 365 Cloud PC environments in Azure and Microsoft Entra ID. It creates or reuses security groups, applies user/admin settings policies, and provisions Cloud PCs regionally with intelligent Enterprise assignment preservation. It uses a lightweight Microsoft Graph authentication module and includes robust error handling, scalable naming conventions, and license-driven provisioning.
InToolz
InToolz is a management tool for Microsoft Intune designed to simplify cross-tenant migrations and bulk configuration tasks. It enables tenant-to-tenant copy of Intune content, bulk assignment deployment and removal between groups, profiles, and applications, and mass updates to description fields. Note that the project is a work in progress, with several features planned for future releases.
BrowserConfigEditor
BrowserConfigEditor is a macOS GUI tool that creates and edits browser policy configurations for enterprise deployments. It supports multiple browsers (Chrome, Edge, Safari, Firefox, Brave, and other Chromium-based browsers) and exports policies in plist, JSON, Intune XML, or shell scripts for deployment. It includes features like visual policy configuration, import/export, search/filter, built-in documentation, and deployment-ready outputs for MDM and Intune.