Category: Security

Azure AD
Thomas Kurth

Automatic Azure AD Conditional Access Documentation

Creating configuration documentations is always hassle. Therefore, I extended the Intune documentation with a new option to also document Azure AD Conditional Access policies. The new function Invoke-ConditionalAccessDocumentation will document: Azure AD Conditional Access Policies Translate referenced id’s to real object names (users, groups, roles and applications) Important: The Conditional

Read More »
Pop up when pasting into a personal application
Dataprotection
Philip Büchler

Edge Version 81 now supports Windows Information Protection

Introduced a long time ago, Windows Information Protection (WIP) still lives in a niche of configurations that only very few actually use. Which is a shame, as its very powerful and easy(-ish) to configure. You can read everything about it in Microsofts documentation for the feature.  One thing that was

Read More »
Security
Thomas Kurth

Defense in depth on an example: Office Macro Protection

Office Macros are one of the things every IT department tries to block, but will never really be able to 100% eliminate them. The reason is simple the documents with macros are sometimes produced by business apps, sent by business partners via e-mail or created by employees to improve business

Read More »
MDATP
Thomas Kurth

Configure Intune to deploy Microsoft Defender ATP for macOS

Since this summer Defender Advanced Threat Protection supports also macOS. Now I had time to review the functionality and share my experience in this blog. First of all, my starting position is a MacBook Air, which is enrolled to Microsoft Intune and is able to retrieve Configuration Profiles. The device

Read More »

Implementing Azure AD Privilege Management for Azure IaaS

Two years ago, we implemented AzureAD PIM in our baseVISION infrastructure to rise the security level. But after some time, we recognized, that it has too many drawbacks because the activation of the requested role took sometimes longer than a few hours. Especially in Exchange, Skype or Intune this was

Read More »

Exploiting Active Directory Administrator Insecurities

After a weekend, full of computer enthusiasts and knowledge transfer at the Defcon 26 in Las Vegas, I am working again and wanted to share a few things I learnt there. There were a few things shown about administering active directory. In this post, I want to tell you about

Read More »