Category Archives: Windows 11

Security: Exploring Windows LAPS for Azure Active Directory – Initial Impressions in a Cloud-Only Setting

Posted on by
Reply

Recently, Windows LAPS for Windows Server Active Directory was made available to the public, and I shared my initial test impressions:
Getting to Know Windows LAPS for Active Directory – First Look

As of April 21st, 2023, Windows LAPS for Azure Active Directory is now also accessible in a public preview. This presents an opportunity to test it in a cloud-only environment, and in this blog post, I will be sharing my initial testing impressions of Windows LAPS with Azure Active Directory in this scenario.

Continue reading

Security: Getting to Know Windows LAPS for Active Directory- First Look

Posted on by
Reply

In October 2022, I published a blog post titled The 10 most important details about the upcoming Windows LAPS solution, which revealed that Microsoft was developing a new LAPS solution called Windows LAPS. This solution would address the long-awaited support for cloud-only devices. As of April 11, 2023, Windows LAPS for Windows Server Active Directory is now publicly available. Previously, Windows LAPS was only accessible through private preview. Unfortunately, Windows LAPS for Azure Active Directory remains in private preview and is not open to new customers. However, the Azure Active Directory LAPS scenario is anticipated to enter public preview in Q2 2023. In this blog post, I will be sharing my initial testing impressions of Windows LAPS with the Windows Server Active Directory (on-premises) scenario.

  1. Supported platforms
  2. The advantages of Windows LAPS over Legacy Microsoft LAPS
    1. # Seamless integration
    2. # Password encryption
    3. # More New capabilities
  3. Windows LAPS for Windows Server Active Directory – Configuration
    1. Windows LAPS Requirements
    2. Prepare Windows LAPS ADMX templates
    3. Update the Windows Server Active Directory schema
    4. Grant the managed device permission to update its password
    5. Delegate Windows LAPS permission
    6. Configure policy settings for Windows LAPS
  4. Windows LAPS for Windows Server Active Directory – Admin Experience
    1. Read Windows LAPS Password
    2. Windows LAPS password rotation
    3. Get Windows LAPS Password History
    4. Password backup for DSRM accounts
  5. Conclusion
Continue reading

Microsoft Intune: First impressions of Endpoint Privilege Management (EPM)

Posted on by
Reply

Endpoint Privilege Management (EPM) is one of the most anticipated features of the Microsoft Intune premium add-on suite and was already announced at Microsoft Ignite 2022. With EPM, Microsoft has finally developed a solution for assigning temporary administrator rights. Users no longer need to be made local administrators. Instead, your users can be given standard account permissions and be designated administrators for specific tasks. Microsoft has now released a first public preview. This blog article covers first test impressions about the new Microsoft Intune Endpoint Privilege Management feature.

  1. Licensing
  2. Windows Client requirements
  3. What files can be elevated
  4. Documentation
  5. Activate Endpoint Privilege Management (EPM)
  6. First test run – First impressions
    1. Admin Configuration – Elevation settings policy
    2. User Experience with Elevation settings policy in place
    3. Admin Configuration – Elevation rules policy
    4. User Experience with elevation rules policy in place
  7. Troubleshooting and further testing
  8. Conclusion
Continue reading

Security: First impressions of the new Windows 11 22H2 security feature Enhanced Phishing Protection

Posted on by
Reply

This blog article covers the new Windows 11 22H2 security feature Enhanced Phishing Protection in Microsoft Defender SmartScreen and gives first impressions.

  1. What is Enhanced Phishing Protection?
  2. How does Enhanced Phishing Protection work?
  3. How do I activate and configure Enhanced Phishing Protection?
  4. What are the first impressions?
    1. Warn me about malicious apps and sites
    2. Warn me about password reuse
    3. Warn me about unsafe password storage
    4. Phishing alerts in the Defender for Endpoint (MDE) portal
  5. Sources and additional links
Continue reading

Security: How to achieve a Microsoft Secure Score for Devices above 95% in Microsoft Defender for Endpoint with Microsoft Intune

Posted on by
Reply

This blog article shows how to master the security recommendations of Microsoft Defender for Endpoint (MDE) with Microsoft Intune and achieve a device secure score above 95%.

  1. Security recommendations analysis and how to start
  2. Security recommendations covered by security baselines
  3. Security recommendations overview not covered by security baselines
Continue reading

Security: First impressions of the new Windows 11 22H2 security feature Smart App Control

Posted on by
1

This blog article covers the new Windows 11 22H2 security feature Smart App Control (SAC) and gives first impressions as well as recommendations.

  1. What is Smart App Control (SAC)?
  2. How does Smart App Control (SAC) work?
  3. How do I activate and configure Smart App Control (SAC)?
  4. What are the first impressions?
  5. My recommendations
  6. Summary
Continue reading

Security: How to use Security Baselines and which policies can cause impact for your environment

Posted on by
1

This blog article covers the implementation options of the different Microsoft Intune security baselines and gives an overview of policies that can impact your users.

  1. For what purpose are the security baselines?
  2. What security baselines are available?
  3. How should the security baselines be used? How do I start?
  4. Which policies should be considered and checked in particular, as they could affect the user experience in your company?
Continue reading