How to remediate Defender for Endpoint onboarding with ConfigMgr

During the past 5 years I have onboarded a couple of thousand devices into Microsoft Defender for Endpoint and can say that, provided that you done your homework with regards to network connectivity, onboarding devices into Defender for Endpoint usually Read More …

Deploying Defender ASR – Block persistence through WMI event subscription

Last week Microsoft released the DRAFT Security baseline for Windows 10 and Windows Server, version 20H2. Although available since Windows 10 1903, the attack surface reduction rule ‘Block persistence through WMI event subscription’ is now being included into the recommended Read More …

Extract ConfigMgr Script Status Results with PowerShell

During a recent customer engagement I had to collect the size of user profiles across a large number of devices. I was first thinking of using a script that would collect the information we need, store it into a custom Read More …

Monitoring Windows Defender Cloud Protection Service connectivity with ConfigMgr

Hello everyone, earlier this week I wrote a blog post how to test Microsoft Defender Cloud Protection Service (MAPS) with PowerShell. Today I would like to share a possible approach how to actively monitor MAPS Connectivity across all your devices Read More …

Configuring Windows Defender Credential Guard with ConfigMgr

I’m currently engaged in multiple customer projects where Windows 10 is already in production, but unfortunately without Windows Credential Guard enabled. For those who think “Credential ….what?” Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only Read More …

ConfigMgr Client Policy Settings – Get-CMclientpolicysettings

Here’s a function i wrote recently to retrieve the ConfigMgr Client Policy settings. To use the function you must have the System Center Configuration Manager Cmdlet library installed.