Browsed by
Month: July 2020

Basic Authentication and the Last Crusade

Basic Authentication and the Last Crusade

In this blog I’ll show you a new option to disable basic authentication protocols. Like most of you probably know, Microsoft is going to disable basic authentication for ActiveSync, PowerShell, Exchange Web Service, POP3 and IMAP4. You should especially disable POP3 and IMAP basic authentication as soon as possible. Of course, implementing conditional access rules is the way to go. Read my other blog to learn how to automate your conditional access deployment. When not having the proper licensing for…

Read More Read More

Sherlock Holmes: A Game of Powershell

Sherlock Holmes: A Game of Powershell

My second blog in just one day, but sometimes you get scared as hell! Today at 13:00 AppLocker suddenly began blocking the famous psscriptpolicytest files on all our 2019 Remote desktop servers. That’s very weird behaviour. Why on earth is this happening at the same time on all our 2019 servers?  You almost feel like you need to prevent the collapse of the western civilization… no pressure. We are using Solarwinds as part of our SIEM (more on this subject…

Read More Read More

No Country For Not Monitoring

No Country For Not Monitoring

SIEM (security information and event management) is a set of tools used to monitor, identify, analyze and record security events. Of course, you could use Azure log analytics and Azure Sentinel as your SIEM. But for small businesses (SMB) I’d recommend starting with Solarwinds as your Microsoft 365 SIEM moving forward! But who’s checking all these security events? That’s why you probably need a SOC (Security operation center). SMB don’t necessarily need to set up a full-blown SOC. So why…

Read More Read More

Microsoft and Solarwinds, the holy grail

Microsoft and Solarwinds, the holy grail

Solarwinds announced a collaboration with Microsoft to enhance monitoring and management. And since we use Solarwinds as our RMM solution, I think that’s really nice. In this blog, I will try to explain why I think it’s useful to use Microsoft and Solarwinds together! When you have multiple customers, you want to have a single monitoring dashboard. You can simply create a template and attach it to a customer site. When you enrol a new device, the custom made  Solarwinds…

Read More Read More

The Windows firewall rises

The Windows firewall rises

In this blog I’ll explain how to deploy your Windows firewall baseline policy rules into Intune. Configuring firewall rules on your Windows 10 device shouldn’t be forgotten. If you remember my blog about securing Windows 10 endpoints, you’ll know I recommend deploying it with a PowerShell script. When writing this blog, the Microsoft defender firewall rule migration tool was released. Of course, I tested it, but it didn’t work out great at the time. Trying to change imported firewall rules…

Read More Read More

The LAPS and the furious!

The LAPS and the furious!

LAPS is a solution that makes sure you have unique administrator passwords on each device which will be changed automatically after a certain time period has passed. It makes sure that when a device is compromised, the attacker has no access to all devices in the company domain. So, life is simple. You make choices and you’ll implement LAPS. LAPS is very easy to deploy within an existing active directory. When going full Microsoft 365, you still need LAPS. There…

Read More Read More

Along came MCAS Automation

Along came MCAS Automation

MCAS, I’m not going to explain why you need it. There’s plenty of other folks who do a perfectly good job of explaining exactly why it’s such a great tool. This blogpost will contain all the information you need to automate the MCAS deployment. Tips and tricks are included at the end of this blog. How to best explain how MCAS works?  Microsoft Cloud App Security is a Cloud Access Security Broker that supports various deployment modes including log collection,…

Read More Read More

The magnificent ASR Rules

The magnificent ASR Rules

Windows Defender is one of the key pillars within Microsoft’s security products. Windows defender is enabled out of the box when deploying Windows 10. But only relying on the basic configuration is not the best practice. As mentioned in my last blog, it’s very important to harden your Office apps. A good addition is “attack surface reduction” (ASR). ASR can be configured by setting the ASR rules in the device endpoint manager. By default, they’re not configured, so you’re not…

Read More Read More

How I Learned to Stop Worrying and Love Onedrive

How I Learned to Stop Worrying and Love Onedrive

In the past, there have been quite a few sync problems with OneDrive. Fortunately, this is a thing of the past now. In this article we’ll go deeper into why you should choose OneDrive as your Cloud storage solution and what to look out for when migrating to OneDrive. Why Onedrive? Onedrive is the ideal storage space for files.  Collaborating with files and it isOneDrive is the ideal platform for file storage, collaboration and accessing your files anywhere in the…

Read More Read More

There will be Office Security

There will be Office Security

Nowadays everyone should be securing their Microsoft 365 Tenant, their identity and the endpoints. Also, hardening your Office 365 apps is necessary because your devices are often targeted by malicious emails/websites. In one of my latest blogs (the forgotten fruits of securing your Windows 10 endpoint), I pointed out the DIF and Sylk extensions. There is more, much more. Today I’ll show you how to this in Intune: Open Intune and create a new Administrative Template.  There are about 60…

Read More Read More