Analyzing Windows Defender Application Control events in audit mode

This week is all about Windows Defender Application Control (WDAC). That’s not a new subject for this blog. The main difference, however, with previous posts is that this time the focus will be on monitoring the different events when the WDAC policy is running in audit mode. Audit mode enables IT administrators to discover applications, binaries, and scripts that are missing from the configured WDAC policy, but actually should be included. Instead of the action actually being blocked, audit mode will only write an event in the Event Log. Those events can be used to further tune the WDAC policy, and to make sure that it’s production ready. For centrally logging that event information, this blog will be relying on using the the Azure Monitor …

Read more

Enhance Microsoft Intune data with Log Analytics: A summary

This week an extra blog post about my session at Experts Live Netherlands 2022. I did my session about Enhance Microsoft Intune data with Log Analytics. During that session – after battling some technical challenges – I shared a lot of information around the four most obvious options for using Microsoft Intune in combination with Log Analytics. I showed the direct integration, the combination with Update Compliance, the use of the Azure Monitor HTTP Collector API and even the use of the Azure Monitor Agent. This post will provide a quick summary of that session, by briefly touching those different options. The slides (PDF) of that session are available for download here. Collecting log data via a direct integration The first option was all about …

Read more

Alternatives for querying and visualizing Update Compliance data

This week is follow-up on the post of last week about enhancing Update Compliance with a custom Workbook in Microsoft Endpoint Manager admin center. There were multiple questions on that post regarding alternatives for querying and visualizing the Update Compliance data. The good news is that there are actually multiple alternatives for querying Update Compliance data, but, in all fairness, all the alternatives rely on the same API. The Azure Log Analytics REST API. That API can be called by specifying the workspace, providing a token and running the required query. Pretty straight forward. Also, that API is an important part of most other methods that are used for querying Update Compliance data. This post will provide a quick introduction to the Azure Log Analytics …

Read more

Enhance Update Compliance with a custom Workbook in Microsoft Endpoint Manager admin center

This week is all about enhancing Update Compliance by using a custom Workbook within the Microsoft Endpoint Manager admin console. The Update Compliance Workbook. That Update Compliance Workbook enables the IT administrator to get a quick view on the most important details. Besides that, adding that Update Compliance Workbook in the Microsoft Endpoint Manager admin center enables the IT administrator to pin the different queries of that Update Compliance Workbook to the dashboard. That provides the IT administrator with a dashboard that contains all the status information about the Microsoft Intune environment and a quick overview of the update status of the Windows 10 devices within that environment. This post provides that Update Compliance Workbook with the most important status information coming from the Update …

Read more

Enhance inventory reporting with local administrator information

This week is all about enhancing inventory reporting with information about the local administrators on the managed Windows 10 devices. This time is not about managing the different local administrators on those Windows 10 devices, but this time is about creating a report that provides insights to the different local administrators that are configured on those Windows 10 devices. The solution to enhance the inventory reporting, relies on PowerShell, Log analytics, Workbooks and the Azure Monitor HTTP Data Collector API. PowerShell is used to gather the information on the local device and uses the Azure Monitor HTTP Data Collector API to write the gathered information to Log analytics. Workbooks are used to visualize the gathered data from Log analytics. This solution is inspired and based …

Read more