Microsoft 365 security, Intune, and Entra ID
for enterprise IT teams.
// real production experience, documented from the field, so you skip the trial and error.
Himanshu Arora has spent 11+ years in the Microsoft ecosystem — from frontline cloud support at a Microsoft vendor to delivering enterprise-grade M365 security, Intune, and Entra ID projects for organisations globally. He documents everything: the real fixes, the actual scripts, and the root causes that never make it into the official docs.
From the blog.
Field notes from real production work on Microsoft 365, Intune, and Entra ID. Short, practical, no marketing fluff.
WLapsAdmin or Administrator? Auditing Windows LAPS at fleet scale.
The reason some devices show Administrator instead of WLapsAdmin in the recovery portal is one Windows 11 build number nobody talks about. The end-to-end Microsoft Graph PowerShell audit, with cross-reference, OS eligibility, and the per-device account name lookup Microsoft blocks in bulk.
read post →Legacy BIOS to UEFI, then on to Windows 11 25H2, without nuking the disk.
A non-destructive upgrade path for the boxes still running CSM. MBR2GPT, the firmware switch, and the actual 25H2 install, including the gotchas that brick the boot loader if you skip a step.
read post →Bulk mailbox cleanup with Microsoft Graph: CSV-driven, dry-run first, throttle-aware.
When legal asks you to remove specific senders from two hundred mailboxes by Friday. App-only Graph, a sender allowlist, multi-pass deletes, and the per-mailbox transient ceiling that stops one bad mailbox stalling a six-hour run.
read post →