Microsoft Defender ATP’s diary: From a SecAdmin’s Perspective

This blog post is an introduction of a series of blogs to cover the game changing risk-based approach Microsoft Defender ATP offers to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.

As mentioned in “The evolution of Microsoft Threat Protection” by Debraj Ghosh, PM of Microsoft Threat Protection, security comes
in general with two responsibilities: 1) Security Operations (SecOps) and 2) Security Administrations (SecAdmins).

SecOps act by incident response via a centralized alert view and powerful hunting capabilities enabling ad-hoc investigations.

SecAdmins will gain the visibility, control, and guidance necessary to understand and act on the threats currently impacting their organization, as well as information on past and future threats.

In this series of blogs I will focus exclusively on the responsibility of a SecAdmin and all aspects that Microsoft Defender ATP has to offer in regards. Therefore we kick off this serie starting with Configuration Management and Threat & Vulnerability Management.

Continue reading “Microsoft Defender ATP’s diary: From a SecAdmin’s Perspective”

Moving away from passwords with Windows 10, Windows Hello for Business & Microsoft Intune

In 2004, long before we went online massively concepts like phishing or ransomware were on the rise, Bill Gates, predicted at the RSA Conference that year the demise of passwords saying “they just don’t meet the challenge for anything you really want to secure.”

For years, we’ve been discussing the vulnerabilities of passwords (80 percent of security breaches are down to stolen passwords & credentials) and the need to ditch them for more robust & secure solutions. Many initiatives have been launched like Microsoft’s CardSpace, the Higgins project, the Liberty Alliance, NSTIC, the FIDO Alliance and various Identity 2.0 proposals. All with the explicit goal of eliminating passwords.

Continue reading “Moving away from passwords with Windows 10, Windows Hello for Business & Microsoft Intune”

Windows Defender ATP: Onboarding your Windows 10 endpoints, do it the right way!

In the early days of onboarding Windows 10 endpoints to Windows Defender ATP you had to define a custom device configuration policy via Intune, in order to enable and register your Windows Defender ATP agents at scale.

Onboard Windows Defender ATP via custom device configuration policy.

Continue reading “Windows Defender ATP: Onboarding your Windows 10 endpoints, do it the right way!”

Unleash your Azure CSP subscription for Cloud Management Gateway deployments

The cloud management gateway (CMG) provides a simple way to manage Configuration Manager clients on the internet. By deploying the CMG as a cloud service in Microsoft Azure, you can manage traditional clients that roam on the internet ‘without’ additional (on-premise) infrastructure.

Merged_Azure_CSP_and_Visual_Studio_subscription

Create & deploy cloud services with an associate Azure subscription.

However, there is a limitation when deploying CMG using Azure CSP subscription.

This capability does not enable support for Azure Cloud Service Providers (CSP). The CMG deployment with Azure Resource Manager continues to use the classic cloud service, which the CSP does not support. For more information, see available Azure services in Azure CSP.

As CSP model is becoming more and more popular as Azure subscription, this scenario is a potential blocker for many customers having a CSP subscription which wants to deploy a CMG. The Microsoft product teams are aware of this situation and I’m sure they will solve this the sooner or later.

Converting your CSP subscription to an eligible Azure subscription is no option here (managed by CSP Partner). Therefore I would like to take you how to deploy a CMG while you’re on a CSP subscription. Yes it’s possible! In this blog I’ll describe what it takes to achieve this. Continue reading “Unleash your Azure CSP subscription for Cloud Management Gateway deployments”

Keep your Microsoft Intune tenant clean and tidy /w Azure Automation & Graph API

Nowadays Microsoft provides us a lot of flexibility to empower end-users to be productive as never before. Users are able to register their devices in order to access corporate resources anytime, anywhere on devices they love. Provisioning of Windows 10 devices to your enterprise has never been easier for end-users. They are even able to join their brand new devices to the corporate from home taking benefit of Windows Autopilot & Azure AD MDM auto-enrollment.

From an end-user perspective this is great, productivity can be restored in minutes instead of hours or even days. However the flexibility we provide for the end-users has a downside from an IT Admin perspective. As we’re able to join or register devices to Microsoft Intune/Azure AD, it causes a lot of obsolete device objects in your tenants. Continue reading “Keep your Microsoft Intune tenant clean and tidy /w Azure Automation & Graph API”

Microsoft Intune introduced High Available (HA) support for SCEP/PFX Connector

Since December 2017 Microsoft Intune introduced support for multiple active SCEP/PFX connectors per tenant in order to provide high availability for certificate handling.

Initially the Microsoft Intune SCEP/PFX connector didn’t provide support for high availability. The SCEP/PFX connector could be installed as an single instance with no option for multiple active connectors.

Microsoft Intune SCEP-PFX Connector
Microsoft Intune SCEP/PFX connector support multiple active connectors per tenant.

Continue reading “Microsoft Intune introduced High Available (HA) support for SCEP/PFX Connector”

Enable Windows 10 Multifactor Authentication with Windows Hello Multifactor Device Unlock & Microsoft Intune

In this blog post I’ll explain how to configure and enable Windows Hello Multifactor Device Unlock using Microsoft Intune. Windows Hello Multifactor Device Unlock provides multifactor device authentication for login or unlocking  Windows 10 devices.

Windows Hello for Business

Continue reading “Enable Windows 10 Multifactor Authentication with Windows Hello Multifactor Device Unlock & Microsoft Intune”