The Quick and the PowerShell Bug Bounty

The Quick and the PowerShell Bug Bounty

This blog will be about setting up the combined MFA security information registration experience and while configuring it with PowerShell, I will show you how I ended up enabling it/or disabling it in the wrong tenant. Yes, you are reading it correctly! While I am showing you what got me the bug bounty, I will also show you some parts of our own tenant Deployment script. I will divide this blog into 3 parts: The combined security information registration experience…

Read More Read More

This is Network Protection: The sort of Sequel to Exploit Protection

This is Network Protection: The sort of Sequel to Exploit Protection

This blog will be the 8th part in the Endpoint Security series and will be about Windows Defender Exploit Guard Network Protection WDEG-NP. I will divide this blog into 6 parts Information about network protection Configure Microsoft Defender network protection (Smartscreen) for Edge Configure Microsoft Smartscreen for Explorer Configure Microsoft Smartscreen for Internet Explore. NO! just block IE! Logging / Testing Conclusion 1.Information about Network protection Microsoft Defender Exploit Guard Network Protection (MDEG-NP) extends the malware and social engineering protection…

Read More Read More

PowerShell: An unexpected Monitoring Journey

PowerShell: An unexpected Monitoring Journey

This short blog (but with a nice idea I hope and some PowerShell scripts) will show you why you could monitor some settings inside your Microsoft 365 tenant and of course, how you could set up your own monitoring solution. Again it’s all about the idea! I have been reading a lot about the Microsoft DSC. It’s a great tool for applying and monitoring your base configurations. Microsoft365DSC – Configuration-as-Code for the Cloud I really love the idea. I guess…

Read More Read More

A walk among the Credential Guards

A walk among the Credential Guards

This blog is the ninth part of the Endpoint security series. It will be about implementing Credential Guard and some insights. While writing the blog I added some more important stuff  I will divide this blog into multiple parts  Information about credential guard and his/her “predecessor”  Credential Guard vs Device Guard vs ASR Rules   Enable Credential Guard with Intune Endpoint Security  Enable Credential Guard with a CSP  Enable Credential Guard with PowerShell  What is Remote Credential Guard  The Problem  Results when credential Guard should be working  Testing Credential Guard with Mimikatz  Disabling Credential Guard  Conclusion 1.Information…

Read More Read More

65000 Days of Night

65000 Days of Night

This time a very short blog about an Intune Settings Catalog profile and the error code 65000. After reading a question on the Microsoft Technet forum I decided to dedicate a blog to it. Error 65000 with Settings Catalog – Microsoft Tech Community I will divide this blog into multiple parts: The Problem Troubleshooting it Another licensing Possibility Conclusion 1.The Problem So If you don’t know the answer immediately, test it yourself! configured the same setting inside my test tenant…

Read More Read More

Quality Updates: International Preview of Mystery

Quality Updates: International Preview of Mystery

This huge blog will about deploying Quality Updates, the  Update Health Tools and an alternative method to deploy the Quality Updates with proactive remediations within an hour! Of course, with the latest Printer Nightmare issue, we needed to update some devices quickly. Even with the update installed you are still vulnerable and you will get some issues with label printers with this update. But that’s not what this blog will be about. I am going to divide this blog into…

Read More Read More

O Removable Storage, Where Art Thou?

O Removable Storage, Where Art Thou?

I guess it’s time for the sixth part of the Endpoint Security Series. This time I will walk you through what Microsoft Defender Device Control is, how to configure it in Intune and how it works. I will divide this blog into 8 parts  Information about device control. Configuring Device Control in Intune Results of Blocking Specific Hardware Results of preventing Write Access Removable Storage Deploy printer protection on Windows Digger deeper Logging Removing/Changing the policy Conclusion 1.Information about device control  Microsoft Defender for…

Read More Read More

What about Printer Drivers

What about Printer Drivers

After reading a question on the Technet community about how to deploy printers with a printer driver to Azure Ad joined devices, I realized I only created a blog about the wonderful Microsoft Universal Cloud Print solution! So here we go! Of course, transforming to a modern workplace will also mean you need to do something with your existing Print solution. One of the best solutions would probably be to start using the Microsoft Universal Print solution. In one of…

Read More Read More

Proactive Remediations: Lost in PowerShell

Proactive Remediations: Lost in PowerShell

This time a blog about how to automate your deployment of Proactive Remediation scripts and maybe more important, how to get them back from Intune with PowerShell! Like always, I am going to devide this blog into multiple parts. About Pro Active Remediations (PAR) Manually configure PAR and my examples The CSV report option Deploying PAR with PowerShell and Graph Getting your Detection and Remediations Scripts back with PowerShell Conclusion 1.    About Proactive Remediations Proactive remediations are script packages that…

Read More Read More

The Exploit Protection Between us

The Exploit Protection Between us

This blog is the fifth part of the Endpoint Security Series and will be about Microsoft Defender Exploit Protection. Just like always, I need to divide this blog into multiple parts, so we can get a good understanding of what Exploit Protection is and how it works or doesn’t work Information about Exploit Protection First Look at Exploit Protection Deploy it with a Security Baseline? Configure EP in Intune Checking the configuration Event Logging Testing it! Removing EP! Conclusion 1.   …

Read More Read More