Privileged Identity Management or PIM is a way to allow the ability for users to escalate their rights on demand via approvals as well as being audited. This video shows you locations in the Azure portal where these logs are located for both the user escalating and the tenant administrator.
Video link = https://www.youtube.com/watch?v=uXYZXiN8Of8
Once you have set up your PowerShell environment the next thing is to use it to connect to Microsoft 365 services like Exchange Online and Teams.
I have created several free automation scripts at:
to make that process easy.
In this video, I’ll walk you through the steps of using what I have created to make it simple to connect to any Microsoft 365 service using PowerShell quickly and easily.
Here is a direct link to the video:
Windows Defender Application Control, like Windows AppLocker is a way to control what executes on your Windows 10 Professional and Enterprise workstation. For more information have a look at this article from Microsoft:
Windows Defender Application Control and AppLocker Overview
You can easily configure WDAC using PowerShell and Microsoft provides a number of example policies that you can use to get started. This video will demonstrate that process on a stand alone Windows 10 Enterprise workstation:
Both WDAC and AppLocker can be used together but the recommendation is use WDAC as it is a more modern approach to whitelisting and has greater security controls and enforcements.
You can also deploy WDAC using Intune and Endpoint Manager which I’ll look to demonstrate in an upcoming article.
So, much like AppLocker, you can use WDAC to prevent executables on your Windows 10 environment. This is a great way to minimise the risk of ransomware and should be part of your defence in depth strategy.
Windows AppLocker is an inbuilt component of Windows 10 that allows you to do applications whitelisting. This is really good way to help minimise the chances of ransomware infections.
To use it in stand alone more or or with Group policy you are going to need to use Windows 10 Enterprise. However, you can use a tool like Intune to also manage AppLocker with Windows 10 Professional. For more details see:
Requirements to use AppLocker
The video takes you through the basic setup and operation of Windows AppLocker in a stand alone environment so you can get a feel for how it is configured and works.
In an upcoming post I’ll also details how to configure AppLocker using Intune via Microsoft Endpoint Manager.
I’ve create this video to give you a basic walk through of the free security testing PowerShell script I’ve created. You’ll find the script here:
In the video you’ll see how to quickly get and run the script as well the results it generates on a stand alone Windows 10 device.
Apart from Windows 10, PowerShell and Word there are no special requirements and it can be used on stand alone, domain or Azure Ad joined, etc. It doesn’t matter. It is designed to help you better evaluate your security posture.
Slides from this month’s webinar are at:
April 2020 Microsoft 365 Need to Know Webinar
If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:
Watch out for next month’s webinar.
I’ve covered a lot in recent articles around using the Microsoft Graph to manage a tenant. You can find those previous articles here:
Reporting on multiple tenants with the Microsoft Graph
Making PowerShell automation easier with the Microsoft Graph
To bring this all together I have created a summary video which you’ll find here:
In it, you see how to use the code that I created to install Azure AD applications in tenants, provide permissions to these Azure AD applications and then finally run a report routine to extract the desired information.
Hopefully, this summary provides a nice easy way to see this concept in action end to end.