WinPEAP
WinPEAP is a WinPE-based workflow to transition devices to Entra Joined and auto-enroll them into Intune via Windows Autopilot. It uses OSDCloud to build a customized WinPE ISO, injects the 4kAutopilotHashUpload.ps1 script and oa3tool-based hardware hash capture, and uploads the Autopilot hash to Intune during WinPE. Automation spans OS deployment, driver injection, hash registration, and enrollment, with support for user-driven Autopilot profiles and VM testing considerations.
Security Analysis
1 files scanned on Jan 13, 2026
Overall assessment: The script is a legitimate WinPE Autopilot hash collection and Graph API upload tool used in Microsoft Intune workflows. Key security considerations include guarding the AppSecret (prefer certificate-based authentication or managed identity), sanitizing error output to avoid leaking sensitive data, verifying the origin and signing of PCPKsp.dll used for TPM-related operations, and avoiding embedding secrets or credentials in logs or code. No evidence of unauthorized remote script downloads, obfuscated payloads, or hardcoded secrets beyond placeholders. Data transmitted to Graph (hardware hash, serial) is expected for Autopilot provisioning but should be tightly controlled with least-privilege permissions.
You might also like
FixMyADMX
FixMyADMX is a script-based tool that automatically repairs ADMX/ADML templates for Intune administrative templates. It replaces unsupported controls (comboBox) with textBox, injects explainText attributes for policies, and attempts to remove or report on Windows.admx references to improve import reliability. It builds on the approach used in Citrix ADMX cleanup and aims to streamline ADMX ingestion for Intune deployments.
Martin HimkenDeploy Windows 365
Professional-grade PowerShell script that automates deploying Windows 365 Cloud PC environments in Azure and Microsoft Entra ID. It creates or reuses security groups, applies user/admin settings policies, and provisions Cloud PCs regionally with intelligent Enterprise assignment preservation. It uses a lightweight Microsoft Graph authentication module and includes robust error handling, scalable naming conventions, and license-driven provisioning.
Jon JarvisInToolz
InToolz is a management tool for Microsoft Intune designed to simplify cross-tenant migrations and bulk configuration tasks. It enables tenant-to-tenant copy of Intune content, bulk assignment deployment and removal between groups, profiles, and applications, and mass updates to description fields. Note that the project is a work in progress, with several features planned for future releases.
Jørgen SundetEdge Favorites Builder
Edge Favorites Builder is a web-based tool that creates and manages Microsoft Edge bookmarks configurations for enterprise deployment. It offers a visual drag-and-drop interface, supports nested folders, and provides real-time previews. It exports to Windows Intune JSON and macOS mobileconfig for deployment via Intune or other MDMs; it runs offline with zero dependencies and requires no backend, and it can import existing configurations for quick updates.