New IoT device with a servo motor

I had a recommendation to move to a different IoT device to make connection to Azure and programming easier going forward. The recommendations was to use a:

SparkFun Thing Plus – ESP32-S2 WROOM

So the first thing I needed to do was get the right board selection working with PlatformIO. The end result of this was the need to use this platformio.ini file in the project:

[env:sparkfun_esp32s2_thing_plus]
platform = espressif32
board = sparkfun_esp32s2_thing_plus
framework = arduino

and you can look at this for further reference:

https://docs.platformio.org/en/latest/boards/espressif32/sparkfun_esp32s2_thing_plus.html#board-espressif32-sparkfun-esp32s2-thing-plus

Once I had the board being recognised and accepting uploads the next challenge was to execute some code. I went back to start and did the standard stuff I’d done with other devices like:

External flashing LED

but with the SparkFun Thing Plus – ESP32-S2 WROOM device instead. All of that is pretty straight forward on any device, so I won’t repeat the details here. What I though I’d cover off is something new on attaching a servo motor to the device.

The configuration is pretty simple as shown above. I used a:

SG92R Micro server motor

that basically has three connections – Power, Ground and Control as shown above.

I found some simple example code that I could use here:

Using Servo Motors with ESP32

I have also put all the code I’ve actually used for my ESP32-S2 device here:

https://github.com/directorcia/Azure/tree/master/Iot/ESP32-S2

I also needed to add the

ESP32Servo

library from Kevin Harrington to the project.

The code that I used to make the servo ‘sweep’ backwards and forwards is here for your reference:

https://github.com/directorcia/Azure/blob/master/Iot/ESP32-S2/servo.cpp

and here’s what it looked like when it ran on the device:

With this new device under control, it’s time to move onto bigger projects.

Microsoft Defender for Business post setup wizard recommendations

Let’s say that you have kicked off the Microsoft Defender for Business setup wizard as shown above. For the purposes of this article I’ll also assume that this is part of a Microsoft 365 Business Premium tenant.

Let’s assume that you have now completed that process, which you can read about here:

Use the setup wizard in Microsoft Defender for Business

After the wizard has completed I suggest you head to the Settings options in https://security.microsoft.com and then select Endpoints and finally, select Advanced features, where you should see the above screen full of options on the right.

At this point I’d suggest you go and enable all the options listed. Now, not all of them will be relevant but I’d still recommend they be turned on none the less. Do it once and you won’t need to come back is my philosophy.

Leave that location open as we’ll be coming back here.

Next, head over to your Microsoft Endpoint Manager and select Endpoint security on the left, then Microsoft Defender for Endpoint, which should result in the above screen.

Here you want to ensure the Connection status is Enabled (i.e. green check mark) as shown.

If it isn’t for some reason, then head back to https://security.microsoft.com, Settings, Endpoint, Advanced features.

Scroll through the list of items until you find the Microsoft Intune connection as shown above. Ensure that it is turned On. If it isn’t, turn it On, wait at least 15 minutes and check back in Endpoint Manager for the Connection status to be Enabled (i.e. you see the green check mark). If it is already On and the green check mark doesn’t appear, turn the setting Off for at least 15 minutes and then turn it back On. You know, kinda reboot it. The connection status should go green after that in my experience.

When the Connection status is Enabled go and turn all the options on the page to On as shown above.

Return to https://security.microsoft.com and select the Onboarding option as shown above.

My recommendation is that you manually onboard the first Windows 10 device in your environment using a local script. That will ensure everything is working quickly and easily.

Simply download the script provided and run it on one of the Endpoint Manager enrolled devices in your environment.

Once the script has run successfully return to the console and select Device inventory from the menu on the left as shown. Within 15 minutes or so, you should see the machine that you ran the script on appear here.

Congratulations, you have successfully onboarded your first device to Defender for Business in your tenant. You are now free to continue to configure additional devices using the policies provided. I always like to do the very first device in the environment manually so I know everything is working as expected. If I then get issues, I know to troubleshoot my deployment policies.

Windows 10 in cloud configuration

Microsoft has released a handy guide called

Windows 10 in cloud configuration

that walks you through a recommended best practice configuration of you Windows 10 devices using Endpoint Manager. what they are now doing, as highlighted by my video, is begin to roll this into a wizard inside the Endpoint Manager portal, allowing you to quickly and easily create and apply policies to protection your Windows 10 machines.

I believe this in only the beginning of what Microsoft plans to roll out and I expect to see lots more configuration coming very soon, not only for Windows 10 but also iOS and Android.

Watch this space.

Intune policy sets

The modern way to manage and configured devices in the Microsoft Cloud is to use Intune to handle device enrolment and configuration. This can become complex quickly when you at look configuring across the different operating systems (iOS, Android, Windows, MacOS, etc) and the different policies (endpoint, compliance, restrictions, etc) because there are so many possible variations. If you then layer on a variety of users and their requirements, being consistent across the organisation can be a challenge.

Luckily, Intune now gives us something called Policy Sets which you can find in the Microsoft Endpoint Manager admin center as shown above.

As the opening screen, shown above, notes – Policy sets are basically a way to group a set of individual policy configurations together and have them applied as a group. Handy eh?

Basically, you follow through the wizard and select the policies you wish to group together and then users you wish that to apply to. You save that as an individual Policy set, of which you can create as many different ones as you like.

Once you create the policy it will be applied exactly the same as if you did each policy individually, but now you can do all that together via a single setting! You can go back in at anytime and edit the Policy sets you created.

Device manager Policy Sets allow you to easily group a variety of individual Intune policies together and apply them together to a group of users quickly and easily. This should save you lots of time over creating an individual enrolment policy and applying, then an individual compliance policy and applying, then an individual endpoint protection policy individually and so on.

Changing client Log Analytics workspaces

I have been using Azure Log Analytics solutions for a while now to do things like report on client machine changes, updates, inventory, security and so on. However, I wanted to change my workspace for these clients from one Azure tenant to another.

I was thinking that I’d have to do into the registry and change the workspace id and key but when I searched the registry there were far too many entries. Turns out you don’t need to do that at all! All you need to do is got to the control panel and find the Microsoft Monitoring Agent as shown above.

When you run that you’ll see any workspaces you are current joined to. You can Edit or Remove what is there.

Then you you can add a new workspace as shown above.

All you then need to is plug in the new Workspace ID and Key from new workspace and you are away.

I also discovered that you can configure the agent to report to multiple workspaces, even in different tenants if you want. That makes things really easy.

How easy is that?