Browsed by
Category: Applocker

Exodus: Teams and Applocker

Exodus: Teams and Applocker

This blog will show you when you are deploying the Microsoft 365 Apps from Intune why teams sometimes is being installed in the Programdata folder and other times in the user’s localappdata folder and why the teams update functionality could break. I am going to split this blog into 2 parts. First, some background information about the two installations options you have and the second part will be about the issue itself and how to solve it. Installations options: Before…

Read More Read More

Applocker on the Company portal Express

Applocker on the Company portal Express

This short blog will be about why baselines are very important and why you need to keep them up to date. I am not talking about security baselines this time. What I will be talking about, is the app baseline you need to deploy to your users Windows 10 devices to make sure users can install apps on their own. It’s best practice to implement adminless. *Source: Microsoft Vulnerabilities Report 2021 | BeyondTrust (great report!!) Of course, nowadays users are…

Read More Read More

Public Desktop icons and Adminless: The far side of Intune

Public Desktop icons and Adminless: The far side of Intune

This short blog will be about, why users don’t need admin permissions to delete the public desktop icons. There are not a lot of reasons why your Azure Ad users need to be local admins on their devices. You can do a lot even without admin permissions. To summon a few: -Restarting services can be done without local admin permissions The non admin user: The battle of restarting services – Call4Cloud -Installing applications The PowerShell Win32 App Express – Call4Cloud -Installing…

Read More Read More

The Applocker Games: Catching the events

The Applocker Games: Catching the events

The past year I blogged a lot about securing and monitoring your devices. Of course, Microsoft 365 E5 is the way to go when you want to maximize your security, but for the SMB the license can be too expensive. For these customers, Microsoft 365 business premium is the best choice. But when you choose Microsoft 365 Business premium you can’t make use of the advanced security features. Of course, by now you have implemented adminless and AppLocker on your…

Read More Read More

Applocker: The Meltdown

Applocker: The Meltdown

This short blog will be about what to do when you have locked yourself out of your device when implementing Intune Applocker device configuration policies. Some time ago I blogged about how a not configured DLL rule can break your devices. The Appocker Dilemma – Call4Cloud At that time, just changing the Applocker device config inside Intune did the job. But what if the new Applocker policy just won’t sync to the device and the old policies still apply. The…

Read More Read More

Not yet another AppLocker Blog.

Not yet another AppLocker Blog.

Provisioning your non (for now) Azure ad enrolled Windows 10 Pro devices with AppLocker can be very hard because AppLocker won’t work on Windows 10 Pro devices without Intune… at least that’s what I thought.  When configuring AppLocker on a Windows 10 pro device, you will notice this message inside the event log: component not available on this SKU.  Take a look at the operating system requirements… Some time ago I created a blog about how you can automatically wipe and reset your domain joined devices to enroll them with autopilot.  In this PowerShell script…

Read More Read More

The Appocker Dilemma

The Appocker Dilemma

This blog will be about how a “NotConfigured“ AppLocker policy can come back to haunt you. Implementing  AppLocker is always a wise thing to do even when there is a possibility it “breaks” your Windows 10 installation. In one of my last blogs, I pointed out that implementing Microsoft 365 will help you with your ISO 27001 certification journey.  When you have implemented AppLocker correctly you’re able to cross off some of the categories: A.9.4.4 Use of Privileged Utility Programs…

Read More Read More