Discover and read the best of Twitter Threads about #Intune
Most recents (3)
In #Intune BitLocker & Defender can be set via Configuration Profile, Security Baseline & Endpoint Security; Password complexity in Compliance Policies & Device Restrictions.
Why in multiple places?
Does it matter?
What's the benefit?
What's the drawback?
What's leading practice?
Why in multiple places?
Does it matter?
What's the benefit?
What's the drawback?
What's leading practice?
We've been digging into why some ASR rules weren't getting applied. Documentation states ASR rules merge but that's not happening.
learn.microsoft.com/en-us/mem/intuā¦
learn.microsoft.com/en-us/mem/intuā¦
In peeling this progressively stinky onion we learned that the configuration overlap isn't unique to ASR's but multiple settings making it really easy to create conflicts, discrepanciesor unexpected results.
What are the pros & cons for figuring things in one area over another?
What are the pros & cons for figuring things in one area over another?
Thread incoming:
I just sat on a roundtable with @IASME1 (and @NCSC) on upcoming '23 changes to #CyberEssentials.
I have lost *all* confidence that they know what they're doing, what requirements they're setting, or the impact on implementing associated technologies.
1/9
I just sat on a roundtable with @IASME1 (and @NCSC) on upcoming '23 changes to #CyberEssentials.
I have lost *all* confidence that they know what they're doing, what requirements they're setting, or the impact on implementing associated technologies.
1/9
Example: One of #Windows365's key use cases is the quick onboarding of staff and enabling a secure, managed desktop before a user gets, or possibly instead of a corporate device. Access can be secured via CA & MFA enforced. This could mean accessing via a "BYOD" device.
2/9
2/9
As far as they're concerned, W365 is a Cloud Service, so in scope (fine), but access to this from BYOD would _also_ be in scope (not fine).
This means that either: You can *only* access W365 from an existing corp device, OR you're forced to manage someone's PERSONAL PC!
3/9
This means that either: You can *only* access W365 from an existing corp device, OR you're forced to manage someone's PERSONAL PC!
3/9
In the last months, I have collected some awesome new #KQL sources, and this š§µlists them.
Are you using Defender For Endpoint, Sentinel, Intune or do you want to learn KQL then have a look!
#MDE #Sentinel #Intune #Detection #ThreatHunting
Are you using Defender For Endpoint, Sentinel, Intune or do you want to learn KQL then have a look!
#MDE #Sentinel #Intune #Detection #ThreatHunting
Type: Query
By: @msftsecurity
Link: github.com/Azure/Azure-Seā¦
Community-based repository for a lot of available data sources in Sentinel. For the E5 detections take a look in the Microsoft 365 Defender Folder.
By: @msftsecurity
Link: github.com/Azure/Azure-Seā¦
Community-based repository for a lot of available data sources in Sentinel. For the E5 detections take a look in the Microsoft 365 Defender Folder.
Type: Query
By: @reprise_99
Link: github.com/reprise99/Sentā¦
Repository with 100s of KQL queries you can directly use. They are categorized into different Microsoft product categories. You are guaranteed to find useful queries here.
By: @reprise_99
Link: github.com/reprise99/Sentā¦
Repository with 100s of KQL queries you can directly use. They are categorized into different Microsoft product categories. You are guaranteed to find useful queries here.
