Basics of deploying Windows Defender Application Control (WDAC) using Intune

Windows Defender Application Control (WDAC) is the more modern approach to application white listing on a windows 10 device when compared to AppLocker. It is however, just as easy to deploy using Intune as this video shows:

https://www.youtube.com/watch?v=M2cZrV-mRlo

You firstly need to create your WDAC policy as an XML file. Then you use the PowerShell command:

ConvertFrom-CIPolicy

to ‘compile’ it into a .bin file. You upload this .bin file into an Intune device configuration policy and apply that to all the desired machine.

Remember, unlike AppLocker, WDAC applies to the whole machine, not individual users of that machine.

Remember, WDAC is already part of Windows 10 so there is no additional cost and using Intune, it will work with both Windows 10 Enterprise and Professional to help you secure your environment.


Basics of deploying AppLocker using Intune

One of the great things about deploying Windows AppLocker via Microsoft Intune is that it supports both Windows 10 Enterprise and Professional. It is also quite straight forward to deploy as I hope the video conveys.

Once you have your base policies, you create a custom Windows 10 device Configuration policy with Intune and deploy it to your device fleet. Once that process is complete you’ll have the same application control you had on a single device but now across as many machines as you wish.

Remember, that Windows AppLocker is free with Windows 10 and easily deployed to machined from the cloud using Microsoft Intune.

Power Platform product release

pexels-clem-onojeghuo-175711 (1)

I am please to announce the inaugural product release from the CIAOPS Patron Power Platform Community:

Power Automate Drink Ordering System

This is a PDF document that takes your step by step through creating an automated process for bulk ordering of drinks. This solution was developed to solve the challenge or ordering many drinks at events, however it could be used for much more mundane things such as preparing complimentary drinks when guests attend a business.

This project can also be seen as a great way to start learning the Microsoft Power Platform by creating a real world process using Power Automate (Microsoft Flow). The information provided run to over 130 pages and includes screen shots and easy to follow instructions.

To celebrate the release of this inaugural product, it is being offered at a special 75% discount which you can take advantage of here:

https://directorcia.gumroad.com/l/lDekX/foundation

This special offer is available for the first 25 purchases! So if you are interested in getting your hands dirty with the Microsoft Power Platform, here’s a great opportunity to get started.

Look out for more projects coming soon from the CIAOPS Patron Power Platform Community.

Windows Defender Application Control (WDAC) basics

Windows Defender Application Control, like Windows AppLocker is a way to control what executes on your Windows 10 Professional and Enterprise workstation. For more information have a look at this article from Microsoft:

Windows Defender Application Control and AppLocker Overview

You can easily configure WDAC using PowerShell and Microsoft provides a number of example policies that you can use to get started. This video will demonstrate that process on a stand alone Windows 10 Enterprise workstation:

https://www.youtube.com/watch?v=Nj5vBloAWy0

Both WDAC and AppLocker can be used together but the recommendation is use WDAC as it is a more modern approach to whitelisting and has greater security controls and enforcements.

You can also deploy WDAC using Intune and Endpoint Manager which I’ll look to demonstrate in an upcoming article.

So, much like AppLocker, you can use WDAC to prevent executables on your Windows 10 environment. This is a great way to minimise the risk of ransomware and should be part of your defence in depth strategy.

Windows AppLocker basics

Windows AppLocker is an inbuilt component of Windows 10 that allows you to do applications whitelisting. This is really good way to help minimise the chances of ransomware infections.

To use it in stand alone more or or with Group policy you are going to need to use Windows 10 Enterprise. However, you can use a tool like Intune to also manage AppLocker with Windows 10 Professional. For more details see:

Requirements to use AppLocker

The video takes you through the basic setup and operation of Windows AppLocker in a stand alone environment so you can get a feel for how it is configured and works.

In an upcoming post I’ll also details how to configure AppLocker using Intune via Microsoft Endpoint Manager.

CIAOPS Secwerks 1 is now totally virtual

In the face of continued COVID uncertainty locally I have decided to move the whole Secwerks 1 event online. The event will now be conducted fully using Microsoft Teams. Registrations are still open for the event starting on August the 5th, but now spread over 4 half day sessions to lower fatigue levels. You can register now and find a link to more details at:

www.ciaops.com

The event times will be during Thursday and Friday afternoons here in east coast Australia (GMT+10) and may not suit other locations. However, every business that registers will receive a copy of the recordings as well as the training materials. Registration is also now per business not per individual.

The Secwerks event is focused on giving you actionable information around Microsoft 365 as well as best practices, automations and understandings about how to improve the security of these environments. If you manage an Office 365 or Microsoft 365 environment, this, now, virtual event is for you.

I am working hard to add some unique sessions to the agenda and will be confirming those soon. Thanks to those who have already registered for being so accommodating in the face of this unexpected pivot but I look forward to seeing you at the event from the 5th of August 2021.

Creating a file location with unique permissions in Microsoft Teams

I wrote and article about:

Creating unique file permissions with Microsoft Teams

but I thought I’d also do a video:

https://www.youtube.com/watch?v=13BifpwKTt4

as I do get this question a lot about having a different set of file permissions for users inside a Microsoft Team. Best practice is NOT to alter any of the existing permissions that are provisioned by channel creation. Instead, create a separate area, with the permissions you want, and then link that back into your team.

That provides a lot more flexibility and doesn’t ‘break’ any of the standard settings.

Getting Message Center information into Teams

Recently, I wrote the following article:

Syncing M365 Message Center to Microsoft Planner

which took you through the process of getting Message Center information into Microsoft Planner. as good as that it is, the best place for that information should really be in Teams. The reason? With Teams people can ‘chat’ about the topics which adds far more value for an organisation in my opinion.

The good news is that it is very easy to not only sync messages with Microsoft Planner but also have them displayed in Microsoft Teams. It is all accomplished using Power Automate.

image

Create a new Flow and use the When a new task is created trigger as shown above. You’ll then need to configure this trigger action to point to the same Microsoft Plan into which you have already set up to sync with the Microsoft Message Center.

image

The next action should Get task details as shown above. You’ll need this to actually read the notes from each task, which contains the details of each item from the Message Center.

image

In my case, I save the Description field from the task into a string variable using the Initialize variable action as shown. I then use a number of separate Compose actions to search and replace text inside that variable to tidy up and format the Description field for posting into a Teams chat.

For example I remove the /r/n characters and replace them with the HTML line feed tag </br> using the following expression:

replace(variables(‘description’),decodeUriComponent(‘%0D%0A’),'</br>’)

image

Once I have the Description field formatted the way I want it then I use the Post a message (V3) action as seen above. The Title of the new task from Planner is the subject of the thread and the body is my now nicely formatted Description field, which is the data from the Message Center item.

SNAGHTML210e1093

You can see the result in a channel in Microsoft Teams above. Now others can easily add their reactions, comments and generally collaborate far easier than within Microsoft Planner.

I think having the Message center information delivered to Microsoft Teams make a lot of sense since it is a place more people will be spending more of their time generally. However, getting the Message Center information into Microsoft Teams still requires the sync configuration to a Plan first. However, once that is done, Power Automate allows you to achieve just about anything!