Frustration is my fuel
In Intune guide number 15 we covered configuring ASR Rules with an Intune policy to harden our endpoints and reduce their attack surface. In this guide we are going to show how granular these controls are by creating an exclusion for a specific executable, for a specific ASR Rule, for two specific devices. In our …
Continue reading "Microsoft Intune 19 – Add ASR Rule Exclusion"
In our previous post we looked at how to create app based policies which can be used on mobile devices which are not enrolled in Intune as corporate devices. We looked at how we can control and protect corporate data within Microsoft apps by blocking copy and paste, access to local storage and non-approved apps …
Continue reading "Microsoft Intune 18 – Selective Wipe of Mobile App Data"
Introduction Mobile Application Management Policies can used to secure data on both managed and unmanaged devices. If you have Intune, and you have a problem with BYOD in your organisation, then this is the guide for you. We will be configuring a policy for iOS devices, but the steps for the Android devices are exactly …
Continue reading "Microsoft Intune 17 – Mobile Application Management Policies for iOS."
Introduction. We are going to cover the initial deployment of a Sentinel Workspace, and onboard the free data sources. Even though Microsoft lists the free data sources in the handy table shown below and available here, there are some caveats we need to be mindful of. The Microsoft documentation states; "Although alerts are free, the …
Introduction Microsoft Sentinel is a cloud native Security Information and Event Management (SIEM), and Security Orchestration Automation and Response (SOAR) solution. It allows organisations to ingest log feeds from most sources, contextualise the data with threat intelligence before making use of machine learning models to assist in providing actionable information and intelligent alerts. The ingested …
It's taken 16 blogs in this series to get here, but here we are, updating! Before we start, let's put it out there that we should all be working towards auto updating. Yes it's easier said than done, yes there are some very complicated infrastructures with legacy apps, different builds, oddities and exceptions, but even …
Continue reading "Microsoft Intune 16 – Windows and Driver Updates."
In previous series' and blogs we have covered disabling legacy authentication to protect Exchange Online, Azure and Office 365, however while going through the Microsoft Cloud Security Benchmark and something caught my eye. "Ensure modern authentication for SharePoint applications is required" NOTE: We have covered the Cloud Security Benchmark previously, and the blog can be …
Continue reading "Securing SharePoint 1 – Block legacy authentication."
If you haven't been following this series from the start, we have gone from setting up Intune from scratch which included device onboarding, autopilot, MDE, LAPs and compliance and configuration policies. This is part 15 in a step by step approach to securing endpoints and devices, with this guide covering Attack Surface Reduction (ASR) Rules. …
Continue reading "Microsoft Intune 15 – Attack Surface Reduction Rules."
Intune allows us to control which device types can join Microsoft Entra based on the platform they have installed. As we have covered many times previously, there are no technical control silver-bullets in cyber security, however lot's of small configurations will add up to provide large returns in security posture and a reduction overall in …
Continue reading "Microsoft Intune 14 – Block and Control Device Enrolment."
We're back with another blog, and this week we're looking at privileged access, explaining its importance, and some considerations for implementation. Why is privileged access so important? We need to look at this in a few ways. As cyber security professionals we need to not only consider the risk from a security standpoint, but also …
Continue reading "Cyber Security is easy, right? – Understanding Privileged Access."
@2codemonte 