April 25 is when Australia and New Zealand pause to remember those who sacrificed, now and in the past. It is the anniversary of the very first time that we fought as nations and fought together.

In military terms the whole campaign that gave birth to this day was ill fated and failed to meet its objectives making it a historical failure, but from it was born a sense of nationhood that is probably more what we celebrate today.

How the world has changed from all those years ago in 1915. How the world will continue to change in the years ahead. But let’s hope that the coming together and respect we see here is something that continues beyond just today and into the future. We lives in times that are perhaps more focused on the ‘me’ than the ‘we’ and ANZAC day is a reminder that one of our purposes in life is to serve others.

So today, take a moment to say thanks on those who have served you not just in the armed forces but anywhere. Pay them service by offering to serve others without desire for compensation. These are the things that make a society great. Let what we see today extend beyond the ceremonies and festivities into something that is evident everyday. ANZAC day demonstrates that the spirit is present but we need to manifest on more than just one day a year. Do it for them, if no one else. Commit as many did all those years ago.

Lest We Forget

If you want to learn more about the ANZAC battlefields in northern France, visit my web site – www.anzacsinfrance.com.

Source – Cyber-Safety and IT efficiency fueled by Microsoft Intune Suite – https://secure.microsoft.com/en-US/sessions/b36d5f8d-62f1-440b-9dbe-7b0eea13cdce?source=sessions

Today marks the anniversary of the cessation of hostilities in the First World War. It was a multi year bloodbath that killed millions, many in the most terrible of ways. Many of whom have no known grave.

Today we pause to remember all those whose lives have been affected by war. Any war.

Today, many people are still experiencing war and many live with the threat of imminent war. For them we hope that horrors of the past remain in the past. Unfortunately, all too often, history repeats and brings death and destruction to their door step through no fault of their own. Let us hope that todays brief remembrance reminds everyone of the immense and continuing impact war has and why it should be prevented at all costs, not with empty promises and gestures, but real action.  

Times may change but the impact of war hasn’t. This seems to be a lesson we fail tor learn.

In times like these we celebrate and remember the human spirit of the those that sacrificed for others. Those that put the needs of others ahead of their own, and for those that put their lives on the line to save others from harm. These are the special people, who come from all walks of life but had the single purpose of service to a greater good. They are special and worthy of our utmost respect.

War is a human construct. born of the worst aspects of the human condition. It is however also something that we can just as easily could and should prevent. As those that went before, we can prevent these horrors by thinking of others before ourselves and working for the common rather than individual good.

Every day is a blessing and life is far too short. For those that we remember today, it was cut short for reasons that fad with the passing years. Let the memory of the reasons fad but never those who have paid the ultimate price.

Lest We Forget.

I am once again happy to report that I have been renewed as an MVP for 2022-23. This is now my 11th year as an MVP and I am honoured to have been recognised.

Many people are not aware that the MVP award is annual. It isn’t something you ‘apply’ for, it is given is recognition of the work you do from the community around a Microsoft product or service in the previous year. For me, that is Microsoft 365. Thus, to continue to be recognised as an MVP you need to make relevant community contributions annually.

As always, I take this opportunity to thank Microsoft for this award. I have made so many great contacts there that help me every day in all sorts of ways. I am truly grateful for their assistance. Of course I also thank other members of the MVP community who also help me everyday by providing information that I simply couldn’t find elsewhere. Their real world application and implementation of Microsoft technologies is amazing! Finally, there is community of people using and implementing Microsoft cloud technologies that continue to provide real world questions that challenge me to assist and find solutions for. For all these people I also say thanks because this is where the rubber hits the road.

Hopefully, as we move to a world that is more open, it will be possible to once again travel and catch up with all these marvellous people face to face and strengthen the bonds that we have and share yet more information that I can then provide to my community, again face to face I hope.

Again I say thanks for the recognition and being award as an MVP for another year and I’m ready to continue to share my learnings and knowledge with the community at large.

Today we take a moment to commemorate ANZAC day here in Australia. It is probably the one day that truly unites unites Australia. This is largely due to it harking back to a time when Australia came together as a nation for the first time. The benefit of historical hindsight may question the value of that military action all those years ago but the core values that came from that are what should be celebrated. It cemented the bond between unknown individuals who came together in truly terrifying circumstance to survive, flourish and in many ways, give birth to a nation on the back of their commitment to each other.

The actions all those years ago, across many battlefronts, brought many Australians face to face with other Australians they would have probably never met had the circumstances been different. It thrust them into life and dead experiences that many would have never expected. It thrust the average Australian into circumstances that would truly demonstrated man’s inhumanity to man. Yet, through all this adversity, Australians began to forge a bond, a concept of mateship, that lives on today.

This is something that perhaps we now need more than ever as we face an uncertain and divided world. The past few years have seen many live through life changing and unexpected circumstances that have irrevocably altered our community and the world. They have perhaps, cemented the fragility of life in people’s mind and hopefully made them appreciate how truly lucky we are every day. Our celebration today should look to the example these people provided us all those years ago.

Of course, not everyone is lucky. As with that day back in 1915, many paid the ultimate price and had their lives cut sort by simply being in the wrong place at the wrong time. A unique fact about Australian troops throughout World War One was that they were a total volunteer force. Each one, chose to be there. Many chose to remain, through the horrors of war, to be with their mates and do what they could for each other above all else. Today we also remember those in our community that continue to live and demonstrate that spirit to service.

This is the sacrifice and commitment we honour today. It is about what people do for others. It is about what people did that they thought was right. It is about what people did for what they believed was the greater good. You can judge their motives and ideals through the lens of history but you can’t question their devotion to each other and to their commitment. Today, we celebrate their devotion to each other.

Their hope, after enduring war, was that no one else would have to go through the same experience. The ‘war to end all all wars’ as it was known, sadly did not eventuate. That failure lies on the shoulders of modern society, who do not readily learn the lessons of history. Who lets their world view become full of negativity, impatience, violence and revenge all too readily. We should take a leaf from our ANZAC forebears and focus on what is truly important, our mates.

Lest We Forget

If you want to learn more about the ANZAC battlefields in northern France, visit my web site – www.anzacsinfrance.com.

I have detailed how you can offboard Windows 10 devices from Microsoft Defender for Endpoint using an Intune policy here:

Offboarding Windows 10 devices from Microsoft Defender for Business

You can also offboard all devices centrally using an API and PowerShell quite easily.

The first thing you’ll need to do is create an Azure AD app in the destination tenant. I’ve covered off how to do this via the web interface here:

https://blog.ciaops.com/2019/04/17/using-interactive-powershell-to-access-the-microsoft-graph/

and using a PowerShell script I wrote here:

https://blog.ciaops.com/2020/04/18/using-the-microsoft-graph-with-multiple-tenants/

You’ll also need to provide this Azure AD app the appropriate permissions in the Defender for Endpoint API to offboard devices (as well as have a license for Defender for Endpoint in your tenant). To see how to set these permissions you can review my previous article:

Using the Defender for Endpoint API and PowerShell

To permit device offboarding you’ll need to provide your Azure AD application with these additional permissions from the Defender API as shown above:

Machine.Offboard

Machine.Read.All

Machine.ReadWrite.All

Don’t also forget to consent to these after you have added them.

In summary, an Azure AD app is used to provide access to the Defender for Endpoint API. This access also requires the appropriate permissions be assigned to that Azure AD app for the Defender for Endpoint API to offboard devices.

When the Azure AD app was initially created the following parameters should have been available:

1. Client (or Application) ID

2. Tenant ID

3. Client (or Application secret)

You’ll need to enter these into the script I have created here:

https://github.com/directorcia/Office365/blob/master/mde-apioffboard.ps1

around line 35:

Ensure your values these are kept secure! I have discussed ways of doing this using the Azure Keyvault or encrypted XML files previously.

After updating the values in the script and running it, the script will firstly get a list of all the devices currently onboarded with Defender for Endpoint.

You should then be presented with a list of devices currently onboarded to Microsoft Defender for Endpoint as shown above. Select the device or devices you wish to offboard. Multiple selections are available here using the CTRL and SHIFT plus select. When the selection is made press the OK button to continue.

The devices selected will then be offboarded via the API. As you can also see above, if a device has already commenced the offboarding process you will receive a warning.

Although using an API to offboard devices is no faster than using an Intune policy or a local script, it still provides a handy centralised approach for offboarding management.

If you also have a look at this article I wrote:

Using the Microsoft Graph with multiple tenants

you’ll probably see how you can easily extend this script so that it enables you to offboard devices from multiple tenants. I have already done this and that premium script is available for CIAOPS Patrons.

Once you have an Azure AD application in place within your tenant with the appropriate permissions, offboarding devices from Microsoft Defender for Endpoint via an API is pretty straight forward. Hopefully, my free script takes care of most of the heavy lifting for you as well making it a simple process to select and offboard devices for Microsoft Defender for Endpoint in any number of tenants you manage.

I’ve added three more security testing options to my free script here:

https://github.com/directorcia/Office365/blob/master/sec-test.ps1

The Word document Backdoor drop will download and open a Word document that contains a macro that will itself, download an EXE file to the desktop.

The PowerShell script fileless attack if successful will open Notepad.exe on the device.

The Dump credentials using SQLDumper.exe will download the SQL utility SQLDumper.exe and use that to try and dump the credentials from the the system LSASS.EXE process.

All the tests are benign and designed to firstly, test your environment again common breach techniques and secondly, to generate alerts in your environment to ensure your protection is correctly configured.

It is getting hard for me to determine all the outcomes of these tests, so I’d love to hear any feedback you have on your own results so I can improve the script. Also, if you have any suggestions for what tests you’d like to see included please let me know.

Here is a walkthrough of the onboarding for Microsoft Defender for Business trial.

I’ll update you with more on this trial as I play with. so stay tuned.