All articles tagged with #intune
Microsoft has introduced a RemoveMicrosoftCopilotApp policy that lets IT admins uninstall the Copilot AI assistant from Windows 11 25H2 enterprise devices via Group Policy or Policy CSP, applicable when Copilot is installed and not recently used; users can reinstall if they choose, with management through Intune or SCCM after the April 2026 Patch Tuesday.
CISA urged U.S. organizations to harden Microsoft Intune following Stryker's breach, recommending least-privilege admin access, MFA, RBAC, and multi-admin approvals to prevent the wipe of nearly 80,000 devices.
Last week’s Stryker cyberattack, linked to the Handala hacktivist group, targeted its internal Microsoft environment and used the Intune wipe command to remotely erase data on about 80,000 devices after an admin account was compromised; attackers claimed wiping 200,000 devices and stealing 50 TB, but investigators found no data exfiltration and no malware was deployed. Medical devices remain safe, while electronic ordering systems are offline and orders must be placed via sales reps as restoration proceeds. Microsoft’s DART and Unit 42 are leading the investigation, with full operations and shipping expected to resume as systems recover.