Co-management with ConfigMgr and Intune and a little something about Microsoft Defender antimalware policies

November 12, 2019 by Martin Bengtsson

Introduction

Originally when the Endpoint Protection workload for co-management was introduced with Configuration Manager 1802, this was done without antimalware policies.

That essentially meant that antimalware policies was still being managed solely by Configuration Manager, while a feature like Exploit Guard was managed by Intune.

Now, this has since changed (at the time of writing, I’m not sure when they snug in the addition, but that’s not related to the post anyway) and the workload now includes antimalware policies enabling us to manage all aspects of Microsoft Defender with Microsoft Intune.

So what does that mean, and are there anything specifically I need to be aware of? I believe there is. 🙂

Deploy RSAT (Remote Server Administration Tools) for Windows 10 v1909 using SCCM (System Center Configuration Manager) and Powershell

October 21, 2019October 21, 2019 by Martin Bengtsson

Introduction

Windows 10 v1909 was released to MSDN users last week, and true to tradition, I’m updating my Powershell script, enabling you to install RSAT for Windows 10 1909 automatically and unattended.

I received quite some feedback on my 1903 script, and thanks to that I made some improvements to the 1909 edition. That includes:

Added test for pending reboots. If reboot is pending, RSAT features might not install successfully
Added test for configuration of WSUS by Group Policy
- If WSUS is configured by Group Policy, history shows that additional settings might be needed for some environments

A brief first look on Microsoft Defender ATP Tamper Protection

October 17, 2019October 16, 2019 by Martin Bengtsson

Introduction

Late last night my time, Tamper Protection in the Microsoft Defender stack went Generally Available.

In short and as the name implies, this is a feature which essentially locks Microsoft Defender and prevents your security settings from being tampered with, including changes made by an administrator.

From a security perspective, this is a great and welcomed addition – let’s take a closer look. 🙂

PS. I did find some oddities in some of the behavior when trying to disable Microsoft Defender through Group Policy. More on that in the end of the post.

Remind users to enroll into Windows Hello for Business using Toast Notifications and ConfigMgr

November 12, 2019October 8, 2019 by Martin Bengtsson

Introduction

I recently did a tweet about doing a toast notification to lure end-users into enrolling their device with Windows Hello for Business voluntarily.

Find the tweet here: https://twitter.com/mwbengtsson/status/1179343506898329601
And another WHfB inspirational tweet here: https://twitter.com/mwbengtsson/status/1182346707302076416

Prior to doing the tweet, I found my self wrestling with Powershell and a way to locate devices not enrolled into WHfB yet. Seeing I only wanted to nag people not enrolled yet, this was a requirement for the entire process.

So this post is a little something on both the actual toast notification, but also on how I ended up locating devices not enrolled into WHfB yet using a Compliance Baseline in ConfigMgr.

Windows 10 Toast Notification Script Update: Check for Active Directory Password Expiration

September 26, 2019September 24, 2019 by Martin Bengtsson

Introduction

My Windows 10 Toast Notification Script has received another update, now being on version 1.4. What’s new and delicious are mentioned in details below.

Note: I know that expiring passwords are not ideal, but reality is that many still have them configured like so while trying to find their way out with Windows Hello for Business, Password-Less etc.

The toast notification might even serve as a good entry point into enrolling into WhFB when one are ready to do so. I’ll make an example of such in the future 🙂

Find the original page for the Windows 10 Toast Notification Script here: https://www.imab.dk/windows-10-toast-notification-script/

CMPivot use case: Hunt down devices infected with malware (WannaCry ransomware)

September 20, 2019September 20, 2019 by Martin Bengtsson

Introduction

CMPivot is a utility which was introduced with SCCM 1806 (System Center Configuration Manager).

In short, it’s a utility which enables us to query all currently connected devices for information in real-time.

This is extremely useful in a variety of situation, where a great example of such will be in case of a malware outbreak.

In case of a malware outbreak, a lot of questions becomes relevant to answer quickly:

How many devices are infected?
Which devices are not infected?
Are the malware spreading?
etc.

CMPivot to the rescue!

Modify Windows HOSTS file using SCCM (System Center Configuration Manager) and Powershell

September 13, 2019September 12, 2019 by Martin Bengtsson

Introduction

I was just doing some work today where I needed to modify the content of the HOSTS file in Windows on a good bunch of devices. (This is the file being located in C:\Windows\System32\drivers\etc)

I figured this is something anybody might find useful, so I wanted to share the Powershell script I ended up creating for the purpose.

For your convenience, I’m also illustrating how this can be used in combination with ConfigMgr as this was a requirement for automation purposes 🙂

Windows 10 Toast Notification Script updated to version 1.3

August 21, 2019August 21, 2019 by Martin Bengtsson

Introduction

As the topic suggests; my Windows 10 Toast Notification Script has been updated to version 1.3 and here’s what’s new and delicious. 😀

Note: The screenshot below is intentionally in jibberish (danish). This is to illustrate that all text elements now are customizable through the config file.

Find the Windows 10 Toast Notification Script here: https://www.imab.dk/windows-10-toast-notification-script/

Windows as a Service: Example of fixing Compat Scan errors (A driver is installed that causes stability problems)

August 21, 2019August 20, 2019 by Martin Bengtsson

Introduction

Sooner or later you will encounter some Compatibility Scan errors with your Windows 10 upgrades.

And if you like me run the Compat Scan prior to the actual Windows 10 upgrade, you will have time to fix these errors before the end-user is aware. Clever, right? 😀

So this post is an example of such and is based on a really simple approach to fixing an incompatible driver. Curious? Read on 🙂

Managing Microsoft Edge Chromium settings with SCCM (System Center Configuration Manager)

August 15, 2019August 14, 2019 by Martin Bengtsson

Introduction

The new Microsoft Edge Chromium browser is a real treat, and not too long ago this delicious new browser was deemed ready for testing in the enterprise.

Therefore I figured it would make a decent blog post to give some insights on, how you can manage the new settings using SCCM (System Center Configuration Manager).

I have previously shown how you can install Google Chrome extensions also using SCCM. This post is based on the same approach: https://www.imab.dk/forcefully-deploy-the-windows-defender-google-chrome-extension-using-configuration-manager/