Configuring the default credential provider

This week is a short post about configuring the default credential provider and this is basically a small addition to the blog posts of about two years ago around configuring credential providers. That time the focus was around actually making it impossible to use specific credential providers. This time the focus is around configuring the default credential provider. That can be a powerful combination, but that can also be a step in the direction of guiding users away from using username-password. So, guiding users instead of forcing users. From a technical perspective that could make it a bit easier, as it doesn’t involve removing functionalities. In this case, it simply provides the configured credential provider as the default credential provider. That default credential provider will …

Read more

Using Conditional Access for Remote Help

This week is a short post about a small nice addition to Remote Help. That small nice addition, however, can be an important piece towards the solid zero trust implementation within the organization. That addition is the ability to use Conditional Access specifically for Remote Help. That doesn’t mean, however, that Conditional Access was not applicable towards Remote Help before. When assigning a Conditional Access to all cloud apps that would (and will always) also include Remote Help. The main change is that it’s now possible to create a service principal for the Remote Assistance Service that can be used as a cloud app in the assignment of a Conditional Access policy. That enables organizations to create a custom Conditional Access policy specifically for Remote …

Read more

Understanding Windows Autopatch groups

This week something completely different, but maybe even more intriguing at some level. That something is Windows Autopach groups. Windows Autopatch groups are logical containers, or units, that can group several Azure AD groups and different software update policies, within Windows Autopatch. That’s a really nice addition to Windows Autopatch that is available starting with the latest service update of May 2023. Windows Autopatch groups enable organizations to create different selections of devices with as many as 15 unique deployment rings, custom cadences and content. And a tenant can contain up to 50 Windows Autopatch groups. That enables IT administrator to create nearly any structure for patching their devices within Windows Autopatch. This post will start with some more details for understanding Windows Autopatch groups, …

Read more

Resetting the managed local administrator password when using Windows LAPS

This week is a quick follow-up on the post of last week. Last week was all about getting started with Windows Local Administrator Password Solution (Windows LAPS), while this week is more specifically focussed on rotating the managed local administrator password. There are multiple methods for rotating – and with that, resetting – that managed local administrator password. In the end, that all comes down to the same, or similar, technology that’s used to achieve that goal. Besides that, it’s also good to know what doesn’t work when the password of the local administrator account is managed. This post will show just that, followed with the different methods for rotating the managed local administrator account. Manually resetting the password via Computer Management Before using Windows …

Read more

Getting started with Windows Local Administrator Password Solution

This week is all about another nice feature that was recently introduced in Windows, Microsoft Intune, and Azure AD. That feature is Windows Local Administrator Password Solution (Windows LAPS). Windows LAPS is basically the evolution of the already existing LAPS solution for domain joined Windows devices. Big difference, however, is that Windows LAPS is now a built-in solution in Windows that can be configured via Microsoft Intune and that can use Azure AD as a storage location for the local administrator password. Windows LAPS can be used to manage the password of a single local administrator account on the device. The most obvious account for that would be the built-in local administrator account, as that account can’t be deleted and has full permissions on the …

Read more

Getting started with Advanced Endpoint Analytics

This week is another post about one of the new Intune Suite add-on capabilities. This time it’s all about Advanced Endpoint Analytics. Advanced Endpoint Analytics adds-on to Endpoint Analytics by providing organizations access to more intelligence to gain even deeper insights into the user experience. It provides IT administrators with the tools to proactively detect and remediate issues that impact user productivity. All of that can be achieved with the new capabilities that are part of Advanced Endpoint Analytics. Those capabilities are anomaly detection, enhanced device timeline, and device scopes. Three powerful capabilities that enable IT administrators to use machine learning to identity anomalies, to have a detailed device timeline, and to have the ability to look at a specific set of devices. When an organization has …

Read more

Getting started with Endpoint Privilege Management

This week is another post about one of the new Intune Suite add-on capabilities. This time it’s all about Endpoint Privilege Management (EPM). At this moment EPM is still in preview, but once it becomes general available it will be licensed as part of the Microsoft Intune Suite. EPM enables organizations to provide standard user permissions to their users and still enable those users to complete tasks that require elevated permissions. Those tasks can include the installation of applications, updating device drivers, running diagnostics, and more. With that, EPM fits perfectly in the Zero Trust architecture of any organization. It enables the principle of using the least privilege, while still allowing users to run specifically approved tasks with elevated permissions. So, users remain productive and elevations are …

Read more

Analyzing Windows Defender Application Control events in audit mode

This week is all about Windows Defender Application Control (WDAC). That’s not a new subject for this blog. The main difference, however, with previous posts is that this time the focus will be on monitoring the different events when the WDAC policy is running in audit mode. Audit mode enables IT administrators to discover applications, binaries, and scripts that are missing from the configured WDAC policy, but actually should be included. Instead of the action actually being blocked, audit mode will only write an event in the Event Log. Those events can be used to further tune the WDAC policy, and to make sure that it’s production ready. For centrally logging that event information, this blog will be relying on using the the Azure Monitor …

Read more

Easily managing Microsoft Defender Antivirus updates channels

This week is all about managing the updates channels for the different Microsoft Defender Antivirus update types. On one hand to create some awareness for the different update types, and on the other hand to show the latest configurations options for managing the updates channels for those different update types. Microsoft Defender Antivirus contains three different update types and up to six updates channel configuration options. That provides IT administrators with quite some configuration options for the devices within the environment. And starting with the latest service release of Microsoft Intune (2302), the update channel configurations becomes easily configurable via a specific configuration profile. That enables IT administrators to also use different update channels throughout the environment to gradually rollout the different updates of Microsoft …

Read more

Deploying Microsoft Defender Application Guard for Office

This week is all about Microsoft Defender Application Guard (Application Guard) for Office. It’s a follow up on this post of almost 2 years ago. That time the focus was simply on getting started with Application Guard and it slightly missed out on Application Guard for Office. This time Application Guard for Office will be the main focus. Application Guard for Office uses hardware isolation to isolate untrusted Office files, by running the Office application in an isolated Hyper-V container. That isolation makes sure that anything potentially harmful in those untrusted Office files, happens within that isolated Hyper-V container and is isolated from the host operating system. That isolation provides a nice, but resource intensive, additional security layer. This post will start with a quick …

Read more