Security: Application Whitelisting with Microsoft Intune and AppLocker

While AppLocker has been around since Windows 7 and Windows Server 2008 R2, I have rarely found the solution in enterprises. The main reason was always that the implementation is very time and resource consuming and that you must constantly maintain a whitelist. This is a bummer, because the security gain is enormous when a solution like AppLocker is used. If you deal with the AppLocker rules intensively and have developed a good concept at the beginning, you will realize that you do not have to adjust the rule regularly and that the operation is not as complex as you thought.

This blog article shows the important things to consider when implementing AppLocker, how to create a usable basic ruleset that requires minimal maintenance, and how to manage with Microsoft Intune.

  1. Application whitelisting technology overview
  2. AppLocker basic recommendations
  3. AppLocker deployment considerations
  4. AppLocker OS Requirements
  5. AppLocker AppIDSvc Service Requirements
  6. Configure AppLocker and start with Audit Only Mode
  7. Configure Basic Ruleset
  8. Exceptions
    1. Path Exeptions
    2. Publisher Exception
  9. AaronLocker
  10. AppLocker deployment with Microsoft Intune
  11. Event monitoring
    1. AppLocker Event IDs
    2. _PSScriptPolicyTest*. PowerShell Scripts
    3. Azure Log Analytics / KQL
      1. Check for Audit Mode Events with KQL
      2. Check for Enforce Mode Events with KQL
    4. AppLocker Microsoft Intune Rules Storage Location
  12. Configure Enforce Mode
Continue reading

Security: First impressions of the new Windows 11 22H2 security feature Enhanced Phishing Protection

This blog article covers the new Windows 11 22H2 security feature Enhanced Phishing Protection in Microsoft Defender SmartScreen and gives first impressions.

  1. What is Enhanced Phishing Protection?
  2. How does Enhanced Phishing Protection work?
  3. How do I activate and configure Enhanced Phishing Protection?
  4. What are the first impressions?
    1. Warn me about malicious apps and sites
    2. Warn me about password reuse
    3. Warn me about unsafe password storage
    4. Phishing alerts in the Defender for Endpoint (MDE) portal
  5. Sources and additional links
Continue reading

News: My Top 10 Takeaways from Microsoft Ignite 2022

Microsoft Ignite 2022 took place from October 12-14, happily as a hybrid event, online and onsite in Seattle. Under the headline “Do more with less with the Microsoft Cloud“, Microsoft presented over 100 new solutions or updates to existing products. This blog article presents my top 10 takeaways from Microsoft Ignite 2022 with a focus on Modern Workplace, Microsoft 365 and Security. In conclusion, I will honor my favorite session and give my overall impression of Microsoft Ignite 2022.

  1. Modern Workplace
    1. #1 New Microsoft Intune name branding
    2. #2 New Microsoft Intune product family
    3. #3 New Microsoft Intune suite of advanced solutions
    4. #4 Deliver organizational messages with Windows 11 and Microsoft Intune
    5. #5 What’s new in Windows 365
  2. Microsoft 365
    1. #6 Office is becoming Microsoft 365 and New Microsoft 365 Announcements
    2. #7 New Microsoft Teams Premium Features
  3. Security
    1. #8 Conditional Access Authentication Strengths
    2. #9 Azure AD certificate-based authentication (CBA)
    3. #10 Workload Identities GA in November 2022
  4. Favourite session from Microsoft Ignite 2022
  5. My overall impression of Microsoft Ignite 2022
Continue reading

Security: How to achieve a Microsoft Secure Score for Devices above 95% in Microsoft Defender for Endpoint with Microsoft Intune

This blog article shows how to master the security recommendations of Microsoft Defender for Endpoint (MDE) with Microsoft Intune and achieve a device secure score above 95%.

  1. Security recommendations analysis and how to start
  2. Security recommendations covered by security baselines
  3. Security recommendations overview not covered by security baselines
Continue reading

Microsoft Intune: How to deploy Windows Features

This blog article covers how to deploy Windows Features like Windows Sandbox or Hyper-V with Microsoft Intune.

  1. Spoilt For Choice
  2. The approach
  3. PowerShell script for installation/uninstallation (WindowsSandbox.ps1)
  4. Custom Detection Script (DetectWindowsSandbox.ps1)
  5. Create Windows app (Win32) package
  6. Deploy Application with Microsoft Intune
Continue reading

Security: How to use Security Baselines and which policies can cause impact for your environment

This blog article covers the implementation options of the different Microsoft Intune security baselines and gives an overview of policies that can impact your users.

  1. For what purpose are the security baselines?
  2. What security baselines are available?
  3. How should the security baselines be used? How do I start?
  4. Which policies should be considered and checked in particular, as they could affect the user experience in your company?
Continue reading