Skip to main content

Blocking access to Cloud apps by integrating Microsoft Cloud App Security with Microsoft Defender Advanced Threat Protection

Microsoft has quietly introduced the option to automatically block connections to unsanctioned cloud apps from the Microsoft Cloud App Security (MCAS) console. This is accomplished by integrating MCAS with Microsoft Defender Advanced Threat Protection (MDATP).

Based on the information available in Cloud App Security, the app’s domains are used to create domain indicators in the Microsoft Defender ATP portal. Within Windows Defender the Exploit Guard Network Policy option is used to block the access to the URLs. This will eventually result in the following notification sent to the user.

Windows 10 Notification

In this blog post I will explain how to setup this functionality when Microsoft Intune is used and what the behavior is within Windows 10. This assumes that you are licensed for both MCAS and MDATP, in my case by using a Microsoft365 E5 license.

Read More
Cloud App Security, Uncategorized, ,

Did you already enable DKIM and DMARC for your Office 365 domains?

When you host your email on the Exchange Online (EXO) platform part of Office365 you can implement several security measures to make sure that email send from your domain gets delivered to the mailbox of the recipient.

The most known solution for this is by implementing a Sender Policy Framework (SPF) DNS record. By creating a SPF DNS record in your DNS you provide receiving email servers the option to check if the originating IP of the email is also the authorized email server for the domain. If not the email can be considered suspicious and the email system from that point forward can decide to threat the email as spam, phishing and so forth. 

If you decide to make the nameservers of Microsoft authoritative, which allows you to manage your DNS settings from the Office administration portal, the SPF record needed can automatically be enabled for you.

Read More
Uncategorized, ,

What are Intune Policy Sets?

Starting with the Intune release from October 14th 2019, Microsoft made available a new functionality called “Policy Sets”.   Even though there a now (at time of writing this article) still in preview, they are a very welcome addition to the Intune options available.

Added November 29th: Please make sure to also read about Guided scenario’s – a preview feature in Intune which makes it possible to create policy sets based on predefined scenarios – What are Guided Scenarios in Microsoft 365 Device Management/Intune?

Disclaimer: This post is written on Oktober 25th 2019 and reflects the state of this functionality at this point in time.

So what are policy sets?

Read More
Uncategorized,

Litetouch deployment failed, Return Code = -2147467259 0x80004005 when installing Surface Pro 6 devices using MDT

TL;DR; – When reinstalling Windows on a Surface Pro 6 and it fails, make sure that you “temporarely” disable the ” Enable boot configuration lock” option and try again.

At one of my customers we are using MDT to install Surface Pro 6 devices in order to make sure that the latest version of Windows 10 is available when starting the Out of the Box Experience (OOBE).

While testing this solution, we experienced some machines starting to fail to install Windows 10, where MDT would exit with the following error code:  Litetouch deployment failed, Return Code = -2147467259  0x80004005

Time for a deepdive:

Read More
Uncategorized, , , , ,

Ask yourself if you still really need ADFS

In Q1 2017 Microsoft released the Pass Through Authentication (PTA) functionality as part of Azure AD connect. With the release of Azure Active Directory (Azure AD) Pass-through Authentication allowed for your users to sign in to both on-premises and cloud-based applications using the same passwords without the need to implement a Active Directory Federation Services (ADFS) environment.

With this options we now have the following authentication options available when setting up a hyrid identiy:

Read More
Uncategorized

Service Manager Related Links

  • There was a problem with your feed! The error is A feed could not be found at http://delicious.com/v2/rss/kenneth.van.surksum/servicemanager?count=100. A feed with an invalid mime type may fall victim to this error, or SimplePie was unable to auto-discover it.. Use force_feed() if you are certain this URL is a real feed.

Uncategorized

Windows Management User Group Netherlands: Meeting on the 17th of September

wmug_logoOn Tuesday evening the 17th of September the Windows Management User Group Netherlands organizes its 3rd meeting. The announcement, which is in Dutch can be found here.

The subject of the evening is virtualization, and its hosted by PQR and we have three fantastic speakers for this evening, session summaries will be communicated soon:

Program:

  • 17:30 – 18:30 Registration and food
  • 18:30 – 19:30 Sessie 1, Ruben Spruijt
  • 19:45 – 20:45 Sessie 2, Henk Arts
  • 21:00 – 22:00 Sessie 3, James van den Berg

The sessions will be in Dutch, tickets can be reserved here at no additional costs.

 

Uncategorized