Forum Widgets
Latest Discussions
[On demand] The latest and greatest in the world of Windows LAPS
Windows LAPS continues to evolve. Find out what's new - from automatic account management and passphrases to disaster recovery and bug fixes. Watch The latest and greatest in the world of Windows LAPS – now on demand – and join the conversation at https://aka.ms/LatestInLAPS. To help you learn more, here are the links referenced in the session: Automatic account management demo Passphrase support demo Rollback detection demo Password recovery demo What is Windows LAPS? Windows LAPS feedback For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.[On demand] Secure corporate data and privacy with Win32 app isolation
Learn how to use Win32 app isolation to help contain the damage an application may cause in case of compromise. Watch Secure corporate data and privacy with Win32 app isolation – now on demand – and join the conversation at https://aka.ms/AboutWin32AppIsolation. To help you learn more, here are the links referenced in the session: Win32 app isolation overview Repo Issues Public preview: Improve Win32 app security via app isolation For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.[On demand] How to protect your administrator users on the device
Get tips to help you enforce least privilege with Windows 11—and minimize the risk of admin users making a system-level change by mistake. Watch How to protect your administrator users on the device – now on demand – and join the conversation at https://aka.ms/ProtectAdminUsers. To help you learn more, here are the links referenced in the session: Admin experience: via Intune setting catalog – The feature is configurable in the LocalPoliciesSecurityOptions – policy CSP. Administrator protection on Windows 11 blog For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.[On demand] Data protection with hardware-based security and Windows 11
Do you know how to combine Windows 11 security features like Personal Data Encryption and BitLocker integrate with hardware features like TPM 2.0, Microsoft Pluton, and VBS to keep users and data protected? Watch Data protection with hardware-based security and Windows 11 – now on demand – and join the conversation at https://aka.ms/HardwareBasedSecurity. For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.[On demand] Get to know Windows security and resiliency in the cloud
Explore the investments and capabilities that strengthen security and enhance resiliency across Windows 365 and Azure Virtual Desktop. Watch Get to know Windows security and resiliency in the cloud – now on demand – and join the conversation at https://aka.ms/WindowsCloudResiliency. To help you learn more, here are the links referenced in the session: I QUIT Patching Windows And You Should Too video Azure Proactive Resiliency Library v2 For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.Microsoft Defender fails to update from File Share
Hello! I've tried to configure my Windows system to use Defender Updates through File Share. On my domain controller I've set two GPOs to make it possible. Define file shares for downloading security intelligence updates -> \\fileserver\DefenderUpdates Define the order of sources for downloading security intelligence updates -> FileShares When running the command Get-MpPreference I can see that the GPOs were successful with the following output: SignatureDefinitionUpdateFileSharesSources : \\fileserver\DefenderUpdates SignatureDisableUpdateOnStartupWithoutEngine : False SignatureFallbackOrder : FileShares The file structure on the file share looks like the following: \---DefenderUpdates \---x64 mpam-fe.exe Then I tried to run the command Update-MpSignature and I get the following error message: Update-MpSignature: Virtus and spyware definitions update was complated with errors. At line:1 char:1 + Update-MpSignature + + CategoryInfo : NotSpecified: <MSFT_MpSignature:ROOT\Microsoft\...SFT_MpSignature> [Update-Signature], CimException + FullyQualifiedErrorId : HRESULT 0x8024402c,Update-MpSignature This has worked previously but I don't know what has changed. Does any one have a clue? Best regards, dedicated-worker.
WDAC Managed Installer and Applocker Audit logs
Hello, I am looking to deploy WDAC to Intune managed Windows 11 devices. In testing I have followed guidance (link below) to create the required supporting Applocker ManagedInstaller rule: Allow apps deployed with a WDAC managed installer (Windows) | Microsoft Learn In testing, whilst this appears to work (in that an app deployed by Intune is allowed, but the same app installed locally by an admin is not), I have noticed that the configuration results in a excessive amount of logging to the Applocker Microsoft-Windows-AppLocker/EXE and DLL log, i.e. a 8003 audit event for pretty much every DLL execution: Does anyone know if this is expected? Seems an obvious question as I see how the configuration of the Applocker ManagedInstaller rule collection in audit mode could cause this: Just looking for some clarification that this is expected as I had not anticipated the use of this (MDAC) option to result in such aggressive logging by Applocker (which I am otherwise not looking to use)? I have seen no mention of this in the documentation, so I guess it is either deemed obvious (which one could argue is the case!) or I have miss configured something? Does anyone else have this configured and if so, do you see the same? Many thanks, Phil
WDAC DLL-Blocking
Hi everyone, I am currently trying to implement WDAC with Intune as a managed installer and have followed the documentation (Allow apps deployed with a WDAC managed installer - Windows Security | Microsoft Learn) for this. This works pretty well so far, most applications that are packaged and deployed via Intune are allowed to run. What surprises me, though: In the WDAC policy, I left out policy rule option 19 (Enabled: Dynamic Code Security) because we don't want to block DLLs. Nevertheless, it happens from time to time that DLLs are blocked. Nevertheless, it happens from time to time that DLLs are blocked. The errors then look like this: Code Integrity determined that a process (\Device\HarddiskVolume3\Users\xxxxx\AppData\Roaming\Autodesk\ADPSDK\bin\AdpSDKUtil.exe) attempted to load \Device\HarddiskVolume3\Users\xxxxxx\AppData\Roaming\Autodesk\ADPSDK\bin\AdpSDKIdentityWrapper.dll that did not meet the Enterprise signing level requirements or violated code integrity policy (Policy ID:{xxxxxxxx). Is there any way to disable this behavior or have I overlooked something here? Is it at all possible to disable blocking of DLLs completely? The AppLocker configuration for the managed installer: The Rule Options selected in the WDAC Wizard:
WDAC not applying via Group Policy
Hello and greetings from Portugal! I'm trying to implement WDAC via group policy. I've used WDAC Wizard and if I copy the *.cip file to "C:\Windows\System32\CodeIntegrity\CiPolicies\Active" I see that WDAC get enabled, for example using the MSInfo32. But, I cannot enable WDAC via GPO. I've converted the *.xml to *.bin and enable the "Deploy Windows Defender Application Control". I see the event id 7010 "Device Guard successfully processed the Group Policy: Configurable Code Integrity Policy = Enabled" but the thing is MSInfo still doesn't show that WDAC is activated. Can someone please help?
