by Alex Verboon
Hello there, In today’s blog post I want to share with you an advanced hunting query to detect audit policy modifications using Microsoft Defender 365 advanced hunting. Following the MITRE ATT&CK framework this would be T1484.001 Domain Policy Modification: Group Read More …
\ In this blog post I am going to show you how you can quickly (in 5 mintes) deploy Windows 11 in Hyper-V using the AutomatedLab PowerShell module. In fact the process is no different than when deploying other Windows Read More …
In an ideal world all of our devices are fully patched and the Microsoft Defender antivirus agent has the latest definition updates installed. Unfortunately reality is often different. When using Microsoft Endpoint Manager we can find devices with outdated definition Read More …
Hello there, In my earlier post Use Microsoft Endpoint Configuration Manager to stop the Windows Print Spooler Service – Anything about IT (verboon.info) I explained how to stop the Print Spooler service using Microsoft Endpoint Configuration Manager leveraging CMPivot to Read More …
Hello there, I guess by now, everyone has heard of the Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527). At this time Microsoft recommends disabling the Print Spooler service on domain controllers and on servers where it is not needed Read More …
During the past 5 years I have onboarded a couple of thousand devices into Microsoft Defender for Endpoint and can say that, provided that you done your homework with regards to network connectivity, onboarding devices into Defender for Endpoint usually Read More …
Hello everyone, last Friday I received an e-mail from one of my customers, asking how to identify users in AzureAD that have enabled passwordless sign-in with the Microsoft Authenticator app. Previously I usually made use of the Script for Azure Read More …
Hello everyone, today I wanted to see application guard for office in action. If you are not familiar with application guard for office, I suggest you read the following articles / documentation. Microsoft Defender Application Guard for Office Application Guard Read More …
Last week Microsoft released the DRAFT Security baseline for Windows 10 and Windows Server, version 20H2. Although available since Windows 10 1903, the attack surface reduction rule ‘Block persistence through WMI event subscription’ is now being included into the recommended Read More …
Here is a conversation between Jeffrey (Developer) and Marc (IT Admin) working for ECorp Ltd. Looks familiar? Take a look in your Azure Active directory, how many applications do you have there? In an ideal world you maintain an inventory Read More …