Alongside the announcement of down-level support for Windows 7 and Windows 8.1, there is more exciting news in regards to Windows Defender ATP. Since today Windows Defender ATP Security Analytics is extended with two new security controls; BitLocker and Firewall.
MBSA 2.3 Preview has been released on the Client Management Connect site to the ConfigMgr Open Beta community.
MBSA 2.3 release adds support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 2000 will no longer be supported with this release. The final release of MBSA 2.3 is expected to be available in Fall 2013.
You can download MBSA 2.3 Preview here.
Implementing Windows Intune might be for the most of us an ease approach because it is uses commonly used standards like http and https. Nevertheless, in organizations where internet access is controlled using firewall(s) and proxy servers this might be a challenge.
Specific services or websites has to be disclosed to work properly. The same applies to Windows Intune. For those who have to implement in such environments where internet access is limited the overview below outlines the required domain and ports in order to let Windows Intune work like a charm.
Required domains for documentation, online Help, and support
Domain Ports *.livemeeting.com 80 and 443 *.microsoftonline.com 80 and 443 onlinehelp.microsoft.com 80 *.social.technet.microsoft.com 80 blogs.technet.com 80 go.microsoft.com 80 http://www.microsoft.com 80
February this year Microsoft has released Service Pack 3 for Forefront UAG 2010. Today Microsoft Forefront Unified Access Gateway (UAG) product team has released Rollup 1 for Forefront UAG 2010 Service Pack 3.
Issues that are fixed in Rollup 1
The issues that are fixed in Rollup 1 are listed in the following articles. To view the issues, click the article number to view the article in the Microsoft Knowledge Base.
- 2810229 FIX: You cannot redirect local computer resources in an RDS session after you disable the client endpoint components in Forefront Unified Access Gateway 2010
- 2831570 FIX: "The URL you requested cannot be accessed" error message may be returned when a client sends an HTTP POST request to a portal in Forefront Unified Access Gateway 2010
- 2831573 FIX: Traffic is not forwarded or you receive an error message about ADVAPI32.dll when you use a Windows XP client to start an application from a Forefront Unified Access Gateway 2010 Service Pack 3 portal
- 2831865 FIX: The endpoint policy expression "Any Personal Firewall (Windows)" is incorrect for Windows 7 and Windows 8 in Service Pack 3 for Forefront Unified Access Gateway (UAG) 2010
- 2831868 FIX: Endpoint policies for existing trunks are not updated after you install Forefront Unified Access Gateway 2010 Service Pack 3
- 2832679 FIX: You receive a 500 Internal Server error when you run the File Access application from the Forefront Unified Access Gateway 2010 Service Pack 3 portal trunk
- 2832681 FIX: You receive a script error that prevents file access configuration in the Management Console in Forefront Unified Access Gateway 2010
- 2832685 FIX: The Forefront Unified Access Gateway 2010 portal may intermittently become unresponsive to clients after Service Pack 2 is installed
Rollup 1 for Forefront UAG 2010 Service Pack 3 can be requested here
In general and more specific for Configuration Manager there Antivirus Exclusions lists available in order to let Configuration Manager function optimally thorough security level from anti-malware and antivirus perspective.
During a Configuration Manager implementation I was running into an issue with Offline Servicing. Scheduled Offline Servicing ended up in unpredicted results like not all Windows Updates (randomly) were applied of even images which got corrupted.
This update extends the Key Management Service (KMS) for Windows 7 and Windows Server 2008 R2 to allow enterprise licensing of Windows 8 and of Windows Server 2012. KMS provides support for the following KMS activations:
- Windows Server 2008 R2 and Windows Server 2008 R2 Service Pack 1 (SP1)
- Windows Server 2008 and Windows Server 2008 Service Pack 2 (SP2)
- Windows 8
- Windows Server 2012
- Windows 7 and Windows 7 Service Pack 1 (SP1)
- Windows Vista and Windows Vista Service Pack 2 (SP2)
- Office 2013 (Preview)
This week I noticed some issues with DirectAccess on my Windows 7 client. For some strange reason both Infrastructure and Intranet tunnels are not established. When walking through the Advanced Firewall configuration I noticed that Internet Protocol security (IPsec) tunnel mode security associations (SAs) were not initiated. After some searching if found a post on Forefront forum which describes more or less the same behavior.
Thanks to Jason Jones if found my issue. By verifying the Name Resolution Policy Table (NRPT) configuration using netsh dnsclient show state and noticed that Direct Access Settings is misconfigured. The NRPT is configured using the DirectAccess Setup wizard. You can configure the rules also directly by yourself but take into account these settings are overridden when running the DirectAccess wizard!