Intune - Microsoft Tunnel VPN Gateway A really neat but lesser known feature of Intune is Microsoft's Tunnel VPN solution which can do full device or per-app VPN tunneling on iOS and Android. This allows us to provide access to on-prem resources, restricted cloud resources, or ensure access to SaaS apps are coming from
Lab - Certificate Authority Setup I know there are hundreds of posts out there on how to do this, but I really documented this for my future self as something that is really fast, easy, and repeatable when I need to stand up a lab for testing with Azure AD and Intune :) π‘I am not
Featured Azure Automation - Device Cleanup v2 Almost a year ago, I shared how we can use Azure Automation to clean up devices in Azure AD. Unfortunately, Graph API only supported Disable as an option at the time (when using Application permissions), but apparently that changed some time around February 1! Another thing I was unhappy about
Intune - Discover Defender AV exclusions using Proactive Remediation For almost a decade, Microsoft Defender Antivirus has had a feature called Disable Local Admin Merge that "prevents" local admins from creating AV exclusions. As you can imagine, this makes it harder for attackers to create exclusions for their malware, but it can also be a huge pain
Intune - Block mounting of ISO files This short article was actually written last year but never published because Microsoft started applying Mark of the Web to virtual disk formats including ISO files in November. At the time, I didn't feel it was necessary anymore... 1) We are finally propagating MotW to Virtual Disk containers!
AWS - Integrating PIM with Azure AD SSO for AWS Single-Account Access Previously I showed how we can configure SAML SSO with AWS IAM Identity Center which can make many things easier, especially for larger companies, but it may not be an ideal fit for smaller companies who have one or two accounts and want to manage groups, permissions, and governance in
AWS - Integrating PIM with Azure AD SSO for AWS IAM Identity Center I've been working in AWS a fair bit lately (Defender for Cloud posts coming soon) and thought it would be fun to set up SSO from Azure AD. But I also wanted to see if there was a way I could integrate Privileged Identity Management into it for
Azure - Securing Subscriptions I recently shared a list of things I like to take a look at when adding Azure Subscriptions, and I'd encourage you to check out the Twitter thread for ideas from other folks as well. I'm adding this blog post simply to capture the content for
Azure Arc - Onboarding Servers with Group Policy As organizations migrate endpoint management to Intune, a common question I get asked is "What do I do with my servers since Intune only supports clients?" Whether you are looking to move away from Active Directory and Group Policy, Microsoft Configuration Manager, or just trying to figure all
Azure Automation - Advanced Auditing In Office 365, applying an E5 license with the Advanced Auditing component to a user does not enable all auditable events. For tenants created more than a few years ago, it's possible MailItemsAccessed and Send are not enabled by default, especially if audit events were previously modified. Another
Lab - Server Build Back in May of last year, I started building a new server and had planned to fully share the process of putting it together, setting up the OS, templates, etc. Instead, we had a baby, remodeled and sold our home, moved over 1500 miles, and had job constraints that forced
Archive - Using transport rules as a security tool π‘I'm working on getting the images back for this article, or I may just revamp it when I get a chance. I didn't realize I'd have to pull it from the Wayback machine, so it's missing some stuff :( Introduction At a conference
Intune - Using Access Packages to Enable User Device Enrollment Many organizations use device compliance with Conditional Access to provide protection against MFA capable phishing attacks such as Modlishka, evilginx2, or @mrd0x's browser in the browser attack. This protection works well because Conditional Access uses certificate based authentication with the device and pulls compliance data from Intune, and
Defender for Endpoint - Implementing ASR Rules Phase 1: Discover and create exceptions To get started, we will create a policy to set all Attack Surface Reduction rules to Audit mode to ensure applications are not impacted. This allows us to gather telemetry data for any applications that might be affected by these rules. Data should be
Intune Intune - Edge in iOS Kiosk Mode Getting a web app to run in Edge in Kiosk mode on iOS has been a journey, so here's a guide on how I did it :) Every example I found online used either a 3rd party app or Safari with a Web Content Filtering policy, but Edge was
Azure AD Azure AD - Integrating Azure AD logs with Azure Monitor Hey, let's ship Azure AD platform logs to a Log Analytics workspace :) For many smaller orgs, this will likely be free, and it provides a huge amount of insights that help facilitate things like removal of Legacy Authentication and fine tuning of Conditional Access policies β Nathan McNulty (@NathanMcNulty)
Archive Archive - MyStaff - Simplified Administrative Password Reset I am really excited to share this solution! We have had an internal password reset portal that was designed a decade ago, doesn't scale, can't be easily accessed, is not mobile friendly, and doesn't natively support MFA. As we started school this year, thousands
Defender AV Archive - Defender AV - Improving Windows Defender Update Efficacy Defender/SCEP ProTip (not from the product team but somebody else that sees how it fucks up): SCCM is the absolute weakest link in AV update distribution for most enterprises. The layers of complexity, lack of monitoring, and general aloofness by staff means it just stays broken. β SwiftOnSecurity (@SwiftOnSecurity) January
OSINT Archive - OSINT - Using Shodan.io to protect your school district https://t.co/vTZO8QvQBx should be used by every K12 sys admin. It's free for the educational sector and it helps identify your external exposure for your network. "net:x.x.x.x/24 port:3389" shows RDP data but there are many other filters which
Defender for Endpoint Defender for Endpoint - Removable Storage Access Control Who wants to play with Defender for Endpoint's Removable Storage Access Control? Yeah, me neither, but I'm doing it anyway So what is it? Well, it lets us do things like block writing to all removable media except specific ones using serial numbers Microsoft Defender for
Azure Automation Azure Automation - Device Cleanup π‘This article has been superseded! I will be updating this post to show how we can migrate to the new method. Please use this article instead: Azure Automation - Device Cleanup v2 (nathanmcnulty.com) Please use this method moving foward π Azure Automation - Device Cleanup v2Almost a year ago, I
Free Microsoft 365 E5 Developer Subscription Did you know that you can get a free M365 E5 subscription with 25 user licenses to learn, create automation, and develop applications? I know most folks never get the chance to admin this stuff, so sign up now, and let's walk through this together :) https://developer.microsoft.
