Information about SharePoint, Microsoft 365, Azure, Mobility and Productivity from the Computer Information Agency
Taking inspiration from:
https://github.com/gentilkiwi/mimikatz/tree/master/mimispool#readme
I’ve updated my own security testing script here:
https://github.com/directorcia/Office365/blob/master/sec-test.ps1
to check for the PrintNightmare vulnerability.
The video
https://www.youtube.com/watch?v=LvmRlc40WWI
gives you a walk through of the process when you run my security testing script and results on a vulnerable system.
I am pleased to announce the new CIAOPS Patron Power Platform Community (3PC). The growing need for applications in modern businesses and the increasing functionality provided by the Microsoft Power Platform has created a need for skilled professionals. It is the aim of the CIAOPS Patron Power Platform Community to provide somewhere that people interested in solving business challenges with the Microsoft Power Platform can come together, share learn and grown their knowledge.
One of the things that makes the CIAOPS Patron Power Platform Community unique will be it’s focus on providing solution for small businesses. There are lots of resources available for larger businesses but we wanted to bring a similar set of resources plus more for smaller businesses. This community is also not solely focused on technology, it is designed as place to solve business challenges with technology, specially, with the Microsoft Power Platform. This means you don’t need to be a developer, and IT administrator or even have any experience with the Microsoft Power Platform to join. You just need to want to learn more about the Microsoft Power Platform and how it can be harnesses inside a business to improve productivity.
Another major difference with the CIAOPS Patron Power Platform Community is the desire to ensure that is an active community. This means that there is an expectation that to invest at least one hour a week in the community forums, attending events and contributing to group projects. We also encourage all member to obtain at least one Microsoft Power Platform certification (the PL-900 certification being the recommended starting point) within 6 months of joining. the community is full of all the resources you’ll need to pass these exams and there are members who are more than willing to help mentor you through your certification journey.
We want the CIAOPS Patron Power Platform Community to be a place where people can contribute to group projects that aim to build solutions such as the
Power Automate Drink Ordering System
Projects like these are the best way to learn about the Microsoft Power Platform as well as learn from those more experienced. We also love it when people bring a project they wish to develop with the help of the community. The more projects we work on the more we all learn.
We have big plans for the CIAOPS Patron Power Platform Community and we are just getting started. As such are offering a never to be repeated foundation membership of A$15 per month to be part of what we think will become much bigger in the not to distant future. Now is therefore the time to jump on board at this specially discounted rate and enjoy the benefits of membership for life! You’ll find the links to sign up here:
scroll down the page until you see the Power Platform option.
We are super excited to launch this community publicly and we hope that you can join us on this journey with the Microsoft Power Platform.
Slides from this month’s webinar are at:
July 2021 Microsoft 365 Need to Know Webinar
If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:
http://www.ciaopsacademy.com.au/p/need-to-know-webinars
Watch out for next month’s webinar.
Windows Defender Application Control (WDAC) is the more modern approach to application white listing on a windows 10 device when compared to AppLocker. It is however, just as easy to deploy using Intune as this video shows:
https://www.youtube.com/watch?v=M2cZrV-mRlo
You firstly need to create your WDAC policy as an XML file. Then you use the PowerShell command:
ConvertFrom-CIPolicy
to ‘compile’ it into a .bin file. You upload this .bin file into an Intune device configuration policy and apply that to all the desired machine.
Remember, unlike AppLocker, WDAC applies to the whole machine, not individual users of that machine.
Remember, WDAC is already part of Windows 10 so there is no additional cost and using Intune, it will work with both Windows 10 Enterprise and Professional to help you secure your environment.
One of the great things about deploying Windows AppLocker via Microsoft Intune is that it supports both Windows 10 Enterprise and Professional. It is also quite straight forward to deploy as I hope the video conveys.
Once you have your base policies, you create a custom Windows 10 device Configuration policy with Intune and deploy it to your device fleet. Once that process is complete you’ll have the same application control you had on a single device but now across as many machines as you wish.
Remember, that Windows AppLocker is free with Windows 10 and easily deployed to machined from the cloud using Microsoft Intune.
I am please to announce the inaugural product release from the CIAOPS Patron Power Platform Community:
Power Automate Drink Ordering System
This is a PDF document that takes your step by step through creating an automated process for bulk ordering of drinks. This solution was developed to solve the challenge or ordering many drinks at events, however it could be used for much more mundane things such as preparing complimentary drinks when guests attend a business.
This project can also be seen as a great way to start learning the Microsoft Power Platform by creating a real world process using Power Automate (Microsoft Flow). The information provided run to over 130 pages and includes screen shots and easy to follow instructions.
To celebrate the release of this inaugural product, it is being offered at a special 75% discount which you can take advantage of here:
https://directorcia.gumroad.com/l/lDekX/foundation
This special offer is available for the first 25 purchases! So if you are interested in getting your hands dirty with the Microsoft Power Platform, here’s a great opportunity to get started.
Look out for more projects coming soon from the CIAOPS Patron Power Platform Community.
Windows Defender Application Control, like Windows AppLocker is a way to control what executes on your Windows 10 Professional and Enterprise workstation. For more information have a look at this article from Microsoft:
Windows Defender Application Control and AppLocker Overview
You can easily configure WDAC using PowerShell and Microsoft provides a number of example policies that you can use to get started. This video will demonstrate that process on a stand alone Windows 10 Enterprise workstation:
https://www.youtube.com/watch?v=Nj5vBloAWy0
Both WDAC and AppLocker can be used together but the recommendation is use WDAC as it is a more modern approach to whitelisting and has greater security controls and enforcements.
You can also deploy WDAC using Intune and Endpoint Manager which I’ll look to demonstrate in an upcoming article.
So, much like AppLocker, you can use WDAC to prevent executables on your Windows 10 environment. This is a great way to minimise the risk of ransomware and should be part of your defence in depth strategy.
Windows AppLocker is an inbuilt component of Windows 10 that allows you to do applications whitelisting. This is really good way to help minimise the chances of ransomware infections.
To use it in stand alone more or or with Group policy you are going to need to use Windows 10 Enterprise. However, you can use a tool like Intune to also manage AppLocker with Windows 10 Professional. For more details see:
The video takes you through the basic setup and operation of Windows AppLocker in a stand alone environment so you can get a feel for how it is configured and works.
In an upcoming post I’ll also details how to configure AppLocker using Intune via Microsoft Endpoint Manager.
CIAOPS 