Posts

New LAPS for Windows 11 24H2

Image
  Windows LAPS automatically manages and backs up the password of a local administrator account on devices joined to Microsoft Entra ID (formerly Azure AD) or Windows Server Active Directory. This feature helps protect against pass-the-hash and lateral-traversal attacks, enhances security for remote help desk scenarios, and facilitates device recovery if they become inaccessible.   As many of you know, LAPS for Entra joined devices was announced around 2023 and has worked perfectly since then on Entra, Hybrid, joined, and On-premises devices via AD as well. One of the big challenges we all know is that the first version (if I can say that) of LAPS did not allow you to create a new custom admin account or change the existing admin account, which meant we had to use custom configuration or scripts to do that.   Microsoft announced the new LAPS about 3 weeks ago via Arnab Mitra, Sr. Program Manager at Microsoft, and it was a great announcement. Let us go ahead and co...
Post a Comment
Read more

Intune Security Policies – E1

Image
  Intune Security Policies – E1 Administrative Templates After more than seven years of working with Intune and recently focusing on securing environments by configuring Intune policies, I found that many companies are not implementing several policies, particularly those related to Administrators, Security, Access, etc. Also, most of these policies are required by Cyber Security. I decided to create this series on Intune Policies and discuss one category in each episode.   In this episode, I will discuss “ Administrative Templates Personalization ” Prevent enabling the lock screen camera. Prevent enabling the lock screen slideshow. Enable screen saver (User). Prevent enabling the lock screen camera: To stop the camera from opening on the lock screen, switch the toggle to’ Enabled. ‘ This action will prevent the user from enabling or disabling lock screen camera access in PC Settings. Consequently, the camera cannot be accessed on the lock screen. Prevent the lock screen slide...
Post a Comment
Location: United States
Read more

How to block TikTok or other social media

Image
Have you considered blocking social media platforms like Facebook, TikTok, and others on corporate devices?   Many government entities in our community want to restrict access to social media on their official devices rather than personally owned devices (BYOD). There are several reasons for this. For example, in the USA, TikTok was blocked and unblocked.   There are many ways to do this, such as Firewall, Network, Microsoft Defender, and so on. However, I will discuss how to do it via Intune. Create a Policy:         Create a New Policy: Name it as you want and add the description.     Configuration settings > add settings > and search for “URL blocking” and pick both Google Chrome and Microsoft Edge. And pick the one for the device, not the user, did not work for me. Then add the URL you want to block to “ Block access to a list of URLs (Device)”. I went a little further by disallowing the users to run the TikTok application “...
Post a Comment
Read more
Image
  Secure Microsoft Edge Browser Happy New Year, everyone! I was reading some Microsoft Articles about how to secure the Microsoft Edge Browser, and I wanted to test it. It was fun 😊. Many companies prefer to use Edge as their default browser, which is both fast and efficient. However, we want to ensure that end users are safe and secure while using it. I came across a couple of Intune settings for Edge to enhance security. There are many options, but in this demo, I chose three. 1. Enable Microsoft Edge Password Manager 2. Password Reused. 3. Enhance Password Phishing Protection.  Let us take them one by one Enable Microsoft Edge Password Manager: Allow users to save their passwords in Microsoft Edge. When this policy is enabled, Microsoft Edge will automatically fill in the password the next time a user visits the site.  If you disable this policy, users can't save new passwords, but they can still use previously saved passwords. If you enable or disable this policy, ...
Post a Comment
Read more