Skip to content

2023

Windows 365 and ThinkPhone

Windows 365 Motorola

This article will serve as a basic walkthrough for bringing the full Windows 365 experience to your Lenovo ThinkPhone.

"... The power and security of the Microsoft cloud with the versatility and simplicity of the PC" is now in your pocket!

Autopilot + Thin Installer = Current Drivers/BIOS/Firmware

Revisiting a solution from 2020 that leverages Lenovo System Update to update drivers during Autopilot which provided a way to ensure devices were up-to-date before handing off to end users.

Fast forward to this 2023 Configuration Manager OSD solution that will update drivers, BIOS, and firmware got me thinking: How awesome would it be to migrate this to Autopilot world and really provide users with completely up-to-date devices right out of the gate?

Enabling Logging for Commercial Vantage

As noted in our docs, logging is not enabled by default any longer for Commercial Vantage. This is in regards to the System Update add-in. Historically, a log file is generated when a device checks for or installs updates.

Lenovo’s Product Security team wanted to ensure that enabling logs was a customer choice, and not something that was enabled by default without customer knowledge. This blog will provide example solutions for enabling logging for devices managed by Intune and ConfigMgr.

Certificate-based BIOS Authentication

Beginning with 2022 ThinkPad models, it is now possible to configure systems to use a digital signing certificate instead of a supervisor password. Although this feature does not eliminate the challenge of initially securing the device, it does eliminate the need to exchange passwords in plain text when scripting BIOS settings changes.

Updating Lenovo Thin Installer with Proactive Remediations

If your endpoints rely on Thin Installer to update drivers/BIOS/firmware, it should always be on the latest release. As part of the certificate verification process for installing updates with Thin Installer, older versions of Thin Installer cannot validate packages signed with newer certificates. The only solution is to upgrade Thin Installer, hence the reason for this article.

Creating Local Repository Using PowerShell

There are various scenarios where one might want to quickly generate a local repository of Lenovo updates that can be consumed by Thin Installer or System Update in a scripted manner. This article will describe a PowerShell script that can be leveraged to create a repository for a specified machine type and OS. A scenario where this script might be used will also be described.

Adding Model Friendly Name to Intune Device Notes

As of today, there's still a limitation within the Intune portal to easily find the friendly name of a Lenovo system, i.e. ThinkPad T14 Gen 3. Instead, you're left with the Machine Type Model (21AH).

I'm sure there's a small group of people, if any, that have memorized what every MTM translates to for its respective friendly name.

To make this a bit easier, and with the help of Damien Van Robaeys' blog post, we can use the Graph API to populate the device notes property of an Intune device by matching the Model (aka MTM) to its friendly name.