Secure DNS in Endpoint Manager

%3CLINGO-SUB%20id%3D%22lingo-sub-2022028%22%20slang%3D%22en-US%22%3ESecure%20DNS%20in%20Endpoint%20Manager%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2022028%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20my%20first%20post%20to%20this%20forum%20and%20its%20probably%20the%20wrong%20one%2C%20as%20there%20appears%20to%20be%20none%20for%20Edge%20public%20only%20preview.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20enabled%20secure%20DNS%20in%20Edge%20Chromium%20(version%26nbsp%3B%3CSPAN%3EVersion%2087.0.664.66)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThis%20was%20disabled%20via%20MEM%20by%20default%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAll%20systems%20within%20the%20network%20are%20managed%20by%20MEM.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAll%20systems%20are%20protected%20via%20Defender%20Endpoint%20(I%20seriously%20love%20this%20solution)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20router%20is%20set%20to%20use%20Cloud%20flare%26nbsp%3Bto%20provide%20DNS%20resolution%20but%20not%20SDNS%20by%20default.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EInvestigations%20have%20revealed%20to%20me%20that%20Google%20DNS%20cant%20be%20trusted%2C%20neither%20can%20my%20ISP%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E(I've%26nbsp%3Bhad%203%20DNS%20poisoning%26nbsp%3Battacks%20in%20the%20last%202%20years).%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EWindows%20systems%20are%20running%2020H2%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20solution%20I%20use%20is%20full%20cloud%2C%20no%20hybrid%2C%20no%20internal%20servers%2C%20its%20all%20cloud%20-%20Microsoft.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESo%20here%20is%20what%20I%20did.%26nbsp%3B%20It%20might%20help%20somebody%20it%20might%20not.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20guide%20is%20here.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fconfiguration%2Fadministrative-templates-configure-edge%3Ftoc%3Dhttps%3A%2F%2Fdocs.microsoft.com%2FDeployEdge%2Ftoc.json%26amp%3Bbc%3Dhttps%3A%2F%2Fdocs.microsoft.com%2FDeployEdge%2Fbreadcrumb%2Ftoc.json%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fconfiguration%2Fadministrative-templates-configure-edge%3Ftoc%3Dhttps%3A%2F%2Fdocs.microsoft.com%2FDeployEdge%2Ftoc.json%26amp%3Bbc%3Dhttps%3A%2F%2Fdocs.microsoft.com%2FDeployEdge%2Fbreadcrumb%2Ftoc.json%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20results%20are%20here.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hello,

 

This is my first post to this forum and its probably the wrong one, as there appears to be none for Edge public only preview.

 

I have enabled secure DNS in Edge Chromium (version Version 87.0.664.66)

This was disabled via MEM by default

All systems within the network are managed by MEM. 

All systems are protected via Defender Endpoint (I seriously love this solution)

The router is set to use Cloud flare to provide DNS resolution but not SDNS by default.

Investigations have revealed to me that Google DNS cant be trusted, neither can my ISP

(I've had 3 DNS poisoning attacks in the last 2 years).

Windows systems are running 20H2

The solution I use is full cloud, no hybrid, no internal servers, its all cloud - Microsoft.

 

So here is what I did.  It might help somebody it might not.

 

The guide is here.

 

https://docs.microsoft.com/en-us/mem/intune/configuration/administrative-templates-configure-edge?to...

 

The results are here.

 

 

 

 

 

1 Reply
Hi,
thanks for the post,
by the way Windows 10 will soon provide secure DNS (DNS over HTTPS) on OS level to consumers. it's been available for months in insider versions of Windows
https://techcommunity.microsoft.com/t5/networking-blog/windows-insiders-can-now-test-dns-over-https/...

when I test it and set Edge DNS to use system DNS, Cloudflare secure DNS checking website shows green all across the board.