MDAC or (the Unexpected Virtue of Ignorance)

MDAC or (the Unexpected Virtue of Ignorance)

This blog is the fourth part of the Endpoint Security Series and it will show you how to configure Windows/Microsoft Defender Application Control(WDAC/MDAC).  It could be a great addition to securing your environment. I will divide this blog into multiple parts. MDAC/WDAC/Device Guard Explained Choosing between MDAC and Applocker How to configure MDAC Automatically with an Endpoint Protection Policy Manually with a CSP Monitoring / Testing/ Troubleshooting it Creating a golden Image Adding and merging policies The Microsoft Store/Blocking Apps…

Read More Read More

Married with Controlled Folder Access(CFA)

Married with Controlled Folder Access(CFA)

This blog is the second part of the Endpoint Security series. This part will be about enabling and configuring Microsoft/Windows Defender controlled folder access (CFA) in Intune. I guess when you haven’t implemented Applocker, this feature can be of good use to you. I decided to create this blog after a question on the Discord WinAdmin/Intune channel on how to exclude the Onedrive Process. I am going to divide this blog into several parts. Introduction Event Logging Enabling Controlled Folders…

Read More Read More

Those Magnificent Drivers in Their Flying Microsoft Store, Or How I Flew From The Enrolment Status Page To Paris in 25 hours 11 minutes

Those Magnificent Drivers in Their Flying Microsoft Store, Or How I Flew From The Enrolment Status Page To Paris in 25 hours 11 minutes

After you have read this enormous blog title, I guess you will know this blog will be about some weird behaviour during the ESP. I couldn’t find any documentation about the ESP, this could happen? I will divide this blog into 4 parts. Background Information about the ESP. The problem. Troubleshooting. Fixing it 1.    Background information I thought I already created a blog about this at some point, but I guess not. So here we go! The Enrolment Status Page…

Read More Read More

External sender tagging: “Dumb & Dumber”

External sender tagging: “Dumb & Dumber”

So, my first very own blog post. In this post I’ll try and highlight the new built-in external sender tagging feature for Exchange online. I’ll show you how to implement it, an alternative, and why I think neither are perfect. Without further ado… Let’s dig in. Some companies use exchange transport rules to put the prepend [EXTERNAL] (or something alike) in their subject line when receiving e-mails from the outside. This can help users recognize potential phishing attempts. My company for…

Read More Read More

Let the Right Chromebook in

Let the Right Chromebook in

This blog will be about Chromebooks and MAM. I will also introduce a colleague of mine. He will co-author my blogs from now on, this will be our first joint effort. His name is Mark Uijtdewilligen. Please follow him on LinkedIn: Mark Uijtdewilligen | LinkedIn Today we received a call from a customer who wanted to buy Chromebooks. Our first reaction was “Huh? Why?” (his company is currently undergoing a transformation from a remote desktop environment to a modern MS365…

Read More Read More

Cloudy: With a chance of Winget

Cloudy: With a chance of Winget

This blog will be about my experience I had with Winget. Until now we only made use of Chocolatey but I was intrigued if Winget could be a good replacement. After reading some other blogs and information I decided to test it out myself. Just like always I am going to divide this blog in. There are 8 parts. Background information Installing the App installer Installing/removing applications Upgrading applications Winget ADMX Troubleshooting Winget Upload your own Apps Deploy all the…

Read More Read More

Microsoft Edge: And the Fantabulous Security of One Browser

Microsoft Edge: And the Fantabulous Security of One Browser

This time a simple blog about creating an Edge baseline with the settings catalog (and administrative tools) and deploy it with PowerShell. While writing this blog, I decided to also add some information on how you could retrieve and push settings with PowerShell. In the blog, I am also pointing out my updated blog about Fiddler I have created a lot of blogs about securing your endpoints, securing your data, securing your Microsoft 365 but I have not talked about making…

Read More Read More

The Windows Driver Games

The Windows Driver Games

This blog will about what options you have when you need to deploy drivers while using Intune. I received a private message on the Technet community asking me to help out with some driver installation problems.  There were 100 devices that needed a WLAN driver update.   The devices had the build-in Microsoft Driver installed and for some reason, they need the have the Intel driver from 2020 installed. I guess I forgot to ask why? So what options do…

Read More Read More

The Texas Chain Saw Bitlocker Remediations

The Texas Chain Saw Bitlocker Remediations

This blog will be about some pro-active remediations and Intune Role Assignments to make sure your service desk can help your users when they need to enter the Bitlocker recovery key and nothing more. I was inspired to check if I can come up with an idea to solve this problem (until Microsoft comes up with a solution) What admin role grans permission to view devices’ bitlocker recovery keys? – Microsoft Tech Community So why not using proactive remediations to…

Read More Read More

The LAPS: Reloaded / Revolutions

The LAPS: Reloaded / Revolutions

First, A shout out to Peter Rising | LinkedIn for delivering the blog title. We had a nice movie discussion, which movie is better: Terminator 1 and 2…. We also talked about the Matrix… Guess where the blog name came from. This blog will be about an Idea I had to use proactive remediations to create a sort of LAPS (Local administrator password solution). I have mentioned it a lot, you will need to make sure your end-users do not…

Read More Read More