2025
Feburary
February 2, 2025 1 min read Solutions
Operational Collections 2.0
Log Analytics Intune Remediations Microsoft Graph
Automate security group membership based on device hardware, software, vulnerabilities, and other inventory data
February 1, 2025 2 min read Notes
Getting more data from the CA Insights and Reporting Workbook
Conditional Access
Quick tip on using workbooks to create KQL queries and get more data than provided by the workbook
January
January 27, 2025 1 min read Solutions
Super Advanced Auditing
Ensure all available audit records are collected to Unified Audit Log
January 26, 2025 1 min read Solutions
Defender AutoConfig
Defender
A tool to assess and automate configuration in the Defender portal
January 26, 2025 1 min read Solutions
One Full Scan
Defender
Improve Defender performance by performing one full scan
January 23, 2025 1 min read Solutions
CAPremortem
A tool to assess historical impact of report-only policies
January 22, 2025 1 min read Solutions
MDE Analyzer²
Defender
Automate analysis of MDE Client Analyzer output for common issues
January 22, 2025 1 min read Solutions
Device cleanup
Comprehensive automation for device cleanup
January 20, 2025 2 min read Notes
Enable all auditable events
Purview
The defaults are better than they used to be, but you can still do better.
2024
March
March 29, 2024 0 min read Media
Trimarc Happy Hour
Trimarc Happy Hour
2023
May
May 4, 2023 6 min read Blog
Lab - Certificate Authority Setup
Lab - Certificate Authority Setup
PKI Azure
This step-by-step tutorial is ideal for those looking to experiment with Certificate Authority setups in a lab environment. Learn how to configure an offline CA using OpenSSL, use it to sign an Enterprise ADCS Intermediate CA, and publish CRLs in an Azure Static Web App.
May 1, 2023 8 min read Blog
Intune - Microsoft Tunnel VPN Gateway
Intune
Note This article was last updated on 01/30/2025 for readability and updated URLs. I am working on updating this for the UI changes that have been made to Intune :)
April
April 22, 2023 7 min read Blog
Azure Automation - Device Cleanup v2
Azure Automation - Device Cleanup v2
Entra Azure Automation
Note This article was last updated on 01/30/2025 for readability and updated URLs. We no longer need to manually load modules as shown, and this article will be completely overhauled to include backup of LAPS passwords and BitLocker keys to Azure Key Vault as well :)
April 5, 2023 6 min read Blog
Intune - Discover Defender AV exclusions using Proactive Remediation
Intune - Discover Defender AV exclusions using Proactive Remediation
Intune Defender
Note This article was last updated on 01/30/2025 for readability and updated URLs. I am working on updating this for the UI changes that have been made to Intune :)
April 3, 2023 2 min read Blog
Intune - Block mounting of ISO files
Intune - Block mounting of ISO files
Intune
Note This article was last updated on 01/30/2025 for readability and updated URLs
April 1, 2023 7 min read Blog
AWS - Integrating PIM with Azure AD SSO for AWS Single-Account Access
AWS - Integrating PIM with Azure AD SSO for AWS Single-Account Access
Entra AWS PIM SSO
Note This article was last updated on 01/30/2025 for readability and updated URLs
March
March 30, 2023 6 min read Blog
AWS - Integrating PIM with Azure AD SSO for AWS IAM Identity Center
AWS - Integrating PIM with Azure AD SSO for AWS IAM Identity Center
Entra AWS PIM SSO
Note This article was last updated on 01/30/2025 for readability and updated URLs
March 9, 2023 4 min read Blog
Azure - Securing Subscriptions
Azure - Securing Subscriptions
Azure
Note This article was last updated on 01/30/2025 for readability and updated URLs
Feburary
February 14, 2023 8 min read Blog
Azure Arc - Onboarding Servers with Group Policy
Azure Arc - Onboarding Servers with Group Policy
Azure Arc Group Policy
Note This article was last updated on 01/30/2025 for readability and updated URLs
January
January 29, 2023 8 min read Blog
Azure Automation - Advanced Auditing
Azure Automation - Advanced Auditing
Purview Azure Automation Auditing
Note This article was last updated on 01/27/2025 for readability and updated URLs, and the content itself will be updated in the near future :)
January 22, 2023 5 min read Blog
Lab - Server Build
Lab - Server Build
Lab
Back in May of last year, I started building a new server and had planned to fully share the process of putting it together, setting up the OS, templates, etc. Instead, we had a baby, remodeled and sold our home, moved over 1500 miles, and had job constraints that forced me to rush putting it together :( New home server :D Dell R630 with 2x 14 core E5-2680 v4 CPUs Already ordered 1.2TB SAS drives (best bang for buck currently at $20 each). Working on 32GB sticks as I can find them around $60. Goal is 8x 1.2TB drives, 2x 1TB NVMe via PCI-Express adapters, and 16x 32GB sticks :p pic.twitter.com/2p3jEdKOZG
January 21, 2023 11 min read Blog
Using transport rules as a security tool
Using transport rules as a security tool
Archive Email
Note Unfortunately, the images from this article were never able to be recovered, and it is unlikely I will be able to recreate them. Email security has come a long way, but there is still a lot of value in using this method if you don’t have access to better tools :)
2022
November
November 14, 2022 7 min read Blog
Intune - Using Access Packages to Enable User Device Enrollment
Intune - Using Access Packages to Enable User Device Enrollment
Intune Access Packages
Note This article was last updated on 01/27/2025 for readability and updated URLs, but content review and image updates are in process :)
November 9, 2022 10 min read Blog
Defender for Endpoint - Implementing ASR Rules
Defender for Endpoint - Implementing ASR Rules
Defender KQL Intune
Note This article was last updated on 01/27/2025 for readability and updated URLs, but content review is in process. New guidance is to enable the credential theft rule out of the box, and there are new rules to put in audit mode and add to the queries.
May
May 24, 2022 6 min read Blog
Intune - Edge in iOS Kiosk Mode
Intune - Edge in iOS Kiosk Mode
Intune
Getting a web app to run in Edge in Kiosk mode on iOS has been a journey, so here's a guide on how I did it :)
May 19, 2022 2 min read Blog
Azure AD - Integrating Azure AD logs with Azure Monitor
Azure AD - Integrating Azure AD logs with Azure Monitor
Entra Log Analytics
Note This article was last updated on 01/26/2025 for readability and updated URLs
May 15, 2022 4 min read Blog
MyStaff - Simplified Administrative Password Reset
MyStaff - Simplified Administrative Password Reset
Archive Entra Azure Automation
Note This article was last updated on 01/26/2025 for readability and updated URLs. Unfortunately, images were not able to be restored from a previous hosting provider :(
May 15, 2022 6 min read Blog
Defender AV - Improving Windows Defender Update Efficacy
Defender AV - Improving Windows Defender Update Efficacy
Defender
Note This article was last updated on 01/26/2025 for readability and updated URLs. Unfortunately, images were not able to be restored from a previous hosting provider :(
May 15, 2022 3 min read Blog
OSINT - Using Shodan.io to protect your school district
OSINT - Using Shodan.io to protect your school district
OSINT
Note This article was last updated on 01/26/2025 for readability and updated URLs. Unfortunately, images were not able to be restored from a previous hosting provider :(
May 4, 2022 4 min read Blog
Defender for Endpoint - Removable Storage Access Control
Defender for Endpoint - Removable Storage Access Control
Defender Intune Remediations
Note This article was last updated on 01/26/2025 for readability and new images due to UI changes made in Intune. I tried to keep the original style and flow, and the original post content can be found in the Twitter link at the end. A new article will revisit this and add new capabilities.