Detect and Remediate Lenovo Vantage vulnerabilities using Proactive Remediations and Microsoft Endpoint Manager

December 18, 2021December 17, 2021 by Martin Bengtsson

Introduction

Just a quick blog post, on how to detect and remediate the Lenovo Vantage Vulnerabilities disclosed this week.

More information here: Lenovo Vantage Component Vulnerabilities – Lenovo Support CY
And here: Lenovo laptops vulnerable to bug allowing admin privileges (bleepingcomputer.com)

This surely has been an eventful week for most IT professionals, beginning with the #Log4j nightmare, and now ending with some Lenovo Vantage fun. Joking aside, this fix is pretty easy, but making sure and proving the vulnerability has been mitigated throughout your environment, might be something else. This post explains how I did.

Enable ‘Block abuse of exploited vulnerable signed drivers’ in a jiffy using PowerShell and ConfigMgr

December 2, 2021December 1, 2021 by Martin Bengtsson

Introduction

I find this highly relevant to share at this day. Especially in regards to yesterday’s ‘false positive’ situation, where a lot of system admins got a good scare, when Defender for Endpoint reported that “Suspicious ‘PowEmotet’ behavior was blocked’ on a high percentage of the enrolled devices.

Martin Bengtsson [MVP] on Twitter: “We are seeing a ton of activity in #Defender at this hour: “Suspicious ‘PowEmotet’ behavior was blocked”

What I really mean by this, is that when you have the option to reduce the attack surface of your environment, you should look into doing so ASAP.

Let’s say yesterdays situation was real, and you for whatever reason didn’t have behavior monitoring enabled in Microsoft Defender Antivirus. You would regret that pretty soon after being hit, when you realize that it could have been prevented.

Same goes for above. Rather look into enabling this new ASR (Attack Surface Reduction) rule today, rather than later after being compromised.

Using Filters with Conditional Access: Protect your privileged users with an additional layer of security

September 7, 2021September 7, 2021 by Martin Bengtsson

Introduction

So, I’m quite far behind in my blogging schedule, and I’m merely picking up on a feature which released in preview back some time in May. Luckily, this doesn’t impact the importance of the topic, and therefore I’m still putting it out there.

A neat example of putting Filters to use with Conditional Access, is by protecting your privileged users, like your Global Administrators, with an additional layer, only allowing access to resources if coming from specific devices.

Curious? This post will walk you through how to achieve just that. 🙂

Setting up Microsoft Tunnel Gateway with Microsoft Endpoint Manager and Linux VM(s) in Azure

December 5, 2020December 4, 2020 by Martin Bengtsson

Introduction

I typically blog about topics, that I’m currently addressing in my own daily work, and this time is no different.

Covid-19 surely has a saying on this particular topic as well, and empowering our users to do more, working securely from home and remote, is key.

In that regard, we needed a simple VPN solution for our iOS devices, and while making my way through the setup and configuration of Microsoft Tunnel Gateway, I decided it was worth blogging as well.

This post will walk you through everything you need know, in order to successfully setup Microsoft Tunnel Gateway as a proof of concept.

This includes:

Creating the VM(s) in Azure
Assigning static public IP
Hardening of the inbound traffic
Configuring public DNS record
SSH’ing to the Linux server
Installing Docker on Linux
Setting up configuration in Microsoft Endpoint Manager
Installing Microsoft Tunnel on Linux
- Copying down TLS certificate to Linux
Deploying VPN profile in Microsoft Endpoint Manager
Verifying connection to VPN on iOS is successful

Comparing Security Baselines in Endpoint Manager using PowerShell and Microsoft Graph API

April 6, 2022September 27, 2020 by Martin Bengtsson

Introduction

I just very recently discovered, that a new version of the Security Baseline for Windows 10 was made available in Microsoft Endpoint Manager Intune.

It’s been a while since the last version, more than a year in fact, so it was a pleasant surprise seeing an update on this area.

Security Baselines, and those for Windows 10 in particular, consist of a lot settings. So I wondered what’s changed and started browsing and comparing the various settings via the admin portal.

Then I realized how that’s not very optimal, and began looking for alternatives. I eventually got myself into trying something new, and went on to compare the Security Baselines Profiles using Powershell and the Microsoft Graph. The result of that journey is this post. 🙂