Posts

Showing posts from 2023

New Microsoft Defender app and bulk tagging for iOS\iPadOS using Intune

Image
  Credits: Microsoft In my recent blog about device tagging for macOS devices in Defender , I had mentioned about covering tagging feature for iOS\iPadOS platform as well. In this blog, I will cover the specifics for achieving this and my experience overall. The new Microsoft Defender apps Before we get into tagging, I want to touch base upon the recent change involving the renaming and feature offering of the MDE app both in Apple  and Google Play stores. The MDE app is now called Microsoft Defender: Security  in Apple store and is called Microsoft Defender: Antivirus in Google Play store, thus enabling All-in-one security functionality across both personal and work accounts.  Under the personal account, Microsoft Defender will function as a multidevice security app 'Microsoft Defender for individuals' allowing individuals and families to protect their data and devices by offering malware protection, timely security notifications, security tips, and recommendations. Microsof

Create and manage Microsoft Defender for Endpoint Device tags for macOS

Image
I recently worked on an implementation project for Microsoft Defender for Endpoint for macOS devices and while I will love to cover all the bells and whistles involving the setup, for now I will just focus on one particular aspect of the setup i.e. MDE device tags. What is an MDE Device Tag anyway? Tags are used primarily to label and classify devices in an environment. This helps in making the searching easy and streamlining the designating rules to specific groups or categories. Device tags support proper mapping of the network, enabling you to attach different tags to capture context and to enable dynamic list creation as part of an incident in Defender. Here are some common uses of device tags - 1. Device Filter - One can be use a filter in the Device inventory view, or to group devices. 2. RBAC - You can create device groups in Defender using tags for the purpose of enforcing Role Based Access Control in the Defender Portal. 3. Device Grouping - You can create device groups in Def

Windows Autopilot - Fixing Windows 11 VM 'No Internet' issue hosted in a Windows Server OS Hyper-V

Image
In my line of work, I have to work with all kind of devices spread across multiple OS platforms. Now when it comes to building and testing a configuration on Windows endpoints, I would normally use a physical device or in absence of it, I will turn to a virtual setup involving a Windows 10\11 VM or most recently a Cloud PC. For sometime now, I have been hosting the Windows 10\11 VM in a Hyper-V installed on a Windows 10 Azure VM enabled & configured for nested virtualization. While this got the job done, it couldn't really match the performance of what Hyper-V running on Windows Server OS could deliver. I recently setup a new test tenant and used it as an opportunity to cleanup and introduce some new configurations. I decided to setup a Windows Server 2022 OS VM and installed Hyper-V on it then created the guest Windows 11 VM inside it. While I followed the usual steps of putting the configuration together like I did before, I did encounter some issues and learnt some new thing

Why protecting BitLocker Recovery key retrieval is so important..

Image
Majority of organizations will allow end users to retrieve the BitLocker recovery key through self service. While this certainly eases the manageability and cuts down on support calls, the question to ask here is whether it is secure or not. To answer that, let me play out a scenario first. Let's say a bad actor has got access to a company device and is able to initiate a reboot into advance startup. Now a device that is encrypted with BitLocker protection, will be presented with the screen to enter the recovery key. At this stage one can retrieve the recovery key either through self service portal like https://account.microsoft.com/devices/recoverykey or reach out to service desk. Now what if the attacker has been successful in stealing the credentials of the owner of the device? In the absence of necessary security policies in place, the attacker can retrieve the recovery key from https://account.microsoft.com/devices/recoverykey, or even Entra admin portals by themselves if allo