Topic Hub
Patch Management
WSUS, Windows Update for Business, patch rings, and compliance reporting. Operational guidance for keeping enterprise endpoints current and secure.
83+ articles, guides, and scripts
Scripts & Automation
Get-StaleDevices
Identifies devices inactive for a configurable threshold across Intune, Entra ID, and on-premises Active Directory. Outputs CSV and HTML reports with remediation actions.
PowerShell · 318 stars
Invoke-WindowsHardening
Applies a configurable subset of CIS Level 1 and Level 2 controls to Windows 10/11 endpoints. Runs locally or via Intune remediation script. Generates a pre/post compliance delta report.
PowerShell · 502 stars
Get-PatchComplianceReport
Queries WSUS or Windows Update for Business status via WMI and Graph API. Produces a per-device patch lag report with severity breakdown and exportable HTML dashboard.
PowerShell · 241 stars