Resolving Windows Application Guard Issues

A while back I wrote about a issue I was having with Windows Defender Application Guard (WDAG). You’ll find it here:

Microsoft Defender App Guard issue

I have now managed to find a solution for this. In short, the issue, as it turns out, has to do with disk encryption. I found some information about the general issue here:

Why does my encryption driver break Windows Defender Application Guard?

which says:

Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (“0x80070013 ERROR_WRITE_PROTECT”).

Chatting with good people at Microsoft, it seems that in my particular case was solved by this update:

https://support.microsoft.com/en-us/help/4550945/windows-10-update-kb4550945

and was due to a BitLocker issue (being drive encryption).

So, the good news is that my issue is resolved and I can run Windows Defender Application Guard without any errors.

If you can’t install the KB for some reason and you need a quick work around, the issue was linked the BitLocker “Deny write access to fixed drives not protected by Bitlocker” policy and you should clear any group policy and set the following in Intune to Not configured as well as a work around.

image

image

So in the end it was an issue with drive encryption that was rectified with an update. Yeah!

Thanks to the people at Microsoft for the assist on this one. Now onto the next challenge.

Ignite 2019 sessions on YouTube

Not everyone, including me, is able to get to Microsoft Ignite for various reasons. Microsoft, to their credit, live streams and records the sessions. Eventually, these sessions make their way onto YouTube which is my preferred viewing platform. However, what is missing is a catalogue of the links to each session.

image

As in previous years:

Ignite 2017 sessions on YouTube

Ignite 2018 sessions on YouTube

I have started building this index and making it available on my GitHub:

Ignite session 2019 on YouTube

Please note, all the session are not there as yet. I add them as I discover them along the way through the year.

Of course, if you have a link to a session that I don’t have up there yet, please send it along so I can add it and we can all benefit.

Thanks again to Microsoft for doing this and uploading the sessions to YouTube. They are a great source of learning and allows people like me would couldn’t get to Ignite the ability to work through the content.

Swapped “ and @ on keyboard

One day you are merrily typing away as you always have, and all of a sudden you find that what you typed is wrong. You retype it again and find that the key you press is not actually the key that appears! What the??

In my case the @ (SHIFT+2) was being replaced by “ (SHIFT+’).  Luckily, I remembered that this had happened before and involved the English pound (£) symbol.

SNAGHTML6446008

The reason is because I have 2 keyboards types installed on my desktop PC as you can see above. You can view your keyboards by selecting the language icon in the system tray which is next to the clock.

Once I re-selected the English (Australia) keyboard I was back in business with the correct keys.

image

Always wanting to know how this could happen, I received my answer when I moused over that same icon as shown above. The keyboard is swapped when you press the Windows key + space. I use the Windows key + another key on my keyboard all the time so I had obviously fat fingered the secret sequence to change the default keyboard! The things my subconscious does to try and distract me.

Hopefully, this helps someone else out because it can be very frustrating to solve the first time it happens.

Allowing extensions with Edge Baseline

image

One of the handy things that Microsoft has now enabled is the ability to control the modern Edge browser (i.e. the one based on Chromium) via policy and services like Intune. In fact, if you visit Intune and look for Security Baseline you’ll find a new Microsoft Edge Baseline policy as shown above.

image

There are lots of great settings you can enforce by using this baseline to create a policy as you can see above.

I enabled the policy without making any changes initially so I could determine the impact, if any. It turns out that the default baseline actually disables any and all existing browser extensions you may have and also prevents you from adding new extensions.

I understand that this approach makes your environment more secure but I really can’t live with both the Lastpass and GetPocket extensions.

image

Unfortunately, by default with the baseline policy, these got blocked as you see above. This meant that I needed to adjust the policy.

image

As it turned out, you need to set the option:

Control which extensions can be installed = Not Configured

Just disabling and removing other options didn’t seem to do the trick.

image

After making that change and forcing the updated policy to sync to the workstation, I was back in business as you see above. I didn’t need to do anything in the browser, the previously disabled extensions were re-enabled automatically.

Enabling extensions is the only change I have made to the default baseline policy so far and now everything is working as expected and is more secure which I like.

I’d like the option to select ‘approved’ extensions so the baseline policy could be applied in total. Hopefully, that feature will make an appearance in the policy soon as I thing many will want it. However, this is quick and easy way to lock down the new Edge browser and another reason that, like me, it is my primary browser.

Edge Enterprise Preview

image

Just in case you weren’t aware, the Edge Insider Preview has an Enterprise option that allows you to sign in with your Office 365 credentials.

image

and is also available for MacOS.

I will also say that having now used Edge Insider Preview for a while, I can thoroughly recommend it and have never had any troubles. I really like all this integration when you look at Windows 10, Azure AD, Microsoft 365, Office and now Edge.

CIAOPS Techwerks 4–Perth April 12

bw-car-vehicle

The next instructor lead, all day, technical whiteboarding workshop session I’ll be doing on Microsoft Cloud Technologies (Office 365, Microsoft 365, Azure, Intune, Windows 10, etc) will be held in Perth on Friday April 12th, 2019. The course is limited to 15 people and you can sign up and reserve your place now!

The content of these events is driven by the attendees. That means we cover exactly what people want to see and focus on doing hands on, real world scenarios. Attendees can vote on topics they’d like to see covered prior to the day and we continue to target exactly what the small group of attendees wants to see. Thus, this is an excellent way to get really deep into the technology and have all the questions you’ve been dying to know answered. Typically, the event produces a number of best practice take aways for each attendee. So far, the greatest votes are for deeper dives into Intune, security and PowerShell configuration and scripts, however that isn’t finalised until the day.

Recent testimonial – “I just wanted to say a big thank you to Robert for the Brisbane Techworks day. It is such a good format with each attendee asking what matters them and the whole interactive nature of the day. So much better than death by PowerPoint.” – Mike H.

The cost to attend is:

Patron Level

Price inc GST

Gold Enterprise Free
Gold $ 33
Silver $ 99
Bronze $ 176
Non Patron $ 399

To learn more about the benefits of the CIAOPS Patron program visit www.ciaopspatron.com.

To register, simply email me – director@ciaops.com and I’ll take care of everything from there.

The CIAOPS Techwerks events are run regularly in major Australian capital cities, so if you can’t make this one or you aren’t in Perth on that date, stay tuned for more details and announcements soon. If you are interested in signing up please contact me via emails (director@ciaops.com) and I can let you know all the details as well as answer any questions you may have about the event.

I hope to see you there.