User Profile

m_krone

Brass Contributor

Joined 7 years ago

33 Posts14 Likes1 Solution

View All Badges

User Widgets

Recent Discussions

Identity theft using Pass-the-Hash attack verify false positive
Hello, I have some messages about "Identity theft using Pass-the-Hash attack" in our ATA. Checked also some things on the client but cannot find some suspicious activities. I opened a MS ticket some weeks ago and did not get any information or at least a status mail. I think this is an false positive but its a good case for us to troubleshoot this. Can anyone from Microsoft have a look at the case and why we don't get any infos? Does anyone else have some ideas how to verify this? Regards Miguel
Nov 30, 2021 Place Microsoft Defender for Identity
5.5KViews
0likes
4Comments
Chrome installation failed due to ExploitGuard block
Hi all, we are facing the problem if Google Chrome should be installed by Intune via the Company Portal it gets blocked from the ExploitGuard. In Intune theres a Endpoint Protection Profile with Attack Surface Reduction rules: Flag credential stealing from the Windows local security authority subsystem = Enabled If now Chroe should be installed exactly this rule will block the installation. Did someone facing the same problem? I dont want do tisabled this setting....is the only way to use an Mitigation XML to allow the GoogleUpdater.exe acces to the lsass to have an complete installation? Regards Miguel
Solved
May 24, 2021 Place Microsoft Security
microsoft defender for endpoint
microsoft intune
security
3.8KViews
0likes
6Comments
Grades sorted decending by end date
Hello all, our teachers facing the issue that in the Grades tab the sort order is decending. So, the Assingment whch is ending soo is the last one not the first one. On the Assingments tab its all fine. All is sorted chron. by the end date. here is the one which si ending soon the first one. D someone facing the same or is it just an setting which we have to find? Regards
Sep 16, 2020 Place Microsoft Teams for Education
class
Grades
school
656Views
0likes
0Comments
Re: Stop syncing an already synced SPO document library
AMDMan64 Unfortunately I got no help on several social and support channels. What I implemented was: 1. Stop OneDrive process as is flushes the config after closing to the disk 2. Remove the ID and path information from the config in the onedrive folder and registry (per user) 3. Start OneDrive again and wait until its fully loaded (waiting for checking/merging files) after this the filesystemhandler will unlock the folder and files 4. I had to remove all files at first and than all folders as an normal recursive remove -Force wasnt working Really crappy this whole thing but thats the way I got it to work. I think its really sad that there is again no managed/admin interface/api or something else to handle this. Cannot imagine to use this for a company with several 1000 or 10000 emplyees....
Jun 05, 2020 Place OneDrive Developer
4.2KViews
0likes
1Comment
Microsoft Exchange Information Store service encountered a corrupt AD object
Having a problem with some ExchangeGuids. Does anyone seen that before? Couldnt find a solution as I also cannot find the GUID in Exchange or AD properties: Microsoft Exchange Information Store service encountered a corrupt AD object with ID (xxxxxxxxxxxxxxxxxxxx). Error text is (Lookup by ExchangeGuid returns inconsistent result for recipient xxxxxxxxxxxxxxxxxxxx LID: 60828 Correlation ID: 00000000-0000-0000-0000-000000000000 Database GUID: xxxxxxxxxxxxxxxxxxxx Database Hash: xxxxxxxxxxxxxxxxxxxx Mailbox GUID: xxxxxxxxxxxxxxxxxxxx Mailbox Number: 288 Operation source: MailboxMaintenance Client Type: Maintenance Hash Code: xxxxxxxxxxxxxxxxxxxx Logged on User Identity: 00000000-0000-0000-0000-000000000000 ). Microsoft Exchange Information Store service has encountered a permanent error while reading information from Active Directory. Details: Microsoft.Exchange.Server.Storage.DirectoryServices.DirectoryInfoCorruptException: ErrorCode: ADPropertyError, LID: 60828 - Lookup by ExchangeGuid returns inconsistent result for recipient xxxxxxxxxxxxxxxxxxxx LID: 60828 Correlation ID: 00000000-0000-0000-0000-000000000000 Database GUID: xxxxxxxxxxxxxxxxxxxx Database Hash: xxxxxxxxxxxxxxxxxxxx Mailbox GUID: xxxxxxxxxxxxxxxxxxxx Mailbox Number: 288 Operation source: MailboxMaintenance Client Type: Maintenance Hash Code: xxxxxxxxxxxxxxxxxxxx Logged on User Identity: 00000000-0000-0000-0000-000000000000 at Microsoft.Exchange.Server.Storage.DirectoryServices.Directory.CheckADObjectIsNotCorruptWithArgs(LID lid, IExecutionContext context, Boolean assertedCondition, Object adObjectId, String errorMessageTemplate, Object[] args) at Microsoft.Exchange.Server.Storage.DirectoryServices.Directory.LoadMailboxInfoByGuid(IExecutionContext context, TenantHint tenantHint, String domainController, Guid mailboxGuid, GetMailboxInfoFlags flags, Boolean& ours) at Microsoft.Exchange.Server.Storage.DirectoryServices.Directory.GetMailboxInfoHelper(IExecutionContext context, TenantHint tenantHint, String domainController, Guid mailboxGuid, GetMailboxInfoFlags flags) at Microsoft.Exchange.Server.Storage.DirectoryServices.Directory.GetMailboxInfoImpl(IExecutionContext context, TenantHint tenantHint, Guid mailboxGuid, GetMailboxInfoFlags flags) at Microsoft.Exchange.Server.Storage.DirectoryServices.DirectoryBase.GetMailboxInfo(IExecutionContext context, TenantHint tenantHint, Guid mailboxGuid, GetMailboxInfoFlags flags) at Microsoft.Exchange.Server.Storage.MapiDisp.MailboxCleanup.GetMailboxInfoFromAD(Context context, TenantHint tenantHint, Guid mdbGuid, Guid mailboxGuid, MailboxInfo& directoryMailboxInfo).
Feb 05, 2020 Place Exchange
2016
Exchange Server
7.2KViews
0likes
1Comment
Exposure level clarification
Hi everybody, I having some machines in Defender ATP and wondering about the Exposure level. As explained in the info icon the exposure level is only about the security recommendations. Is there any deeper explanation how this number is generated? Because I see some low level recommendations but in some cases the level is medium - this does not make sense to me. Anyone having the same? Regards
Jan 28, 2020 Place Microsoft Defender for Endpoint
ATP
defender
exposure
security
11KViews
0likes
1Comment
Re: No command line arguments since new Intune update
Oliver Kieselbach Yes thanks for the hint I am aware of that. Intune was fixed by today after some people reported this problem yesterday. Now the command line options ware available again.
Jan 28, 2020 Place Microsoft Intune
2.6KViews
0likes
0Comments
Working with PowerShell transcripts
Hi everyone, do you know any tool or way how to handle PowerShell transcripts like Splunk or HELK? Would be nice to know how many of you also uses transcripts 🙂 Regards
Jan 27, 2020 Place Windows PowerShell
Windows PowerShell
1.2KViews
0likes
1Comment
No command line arguments since new Intune update
Hello, I am facing the problem, that since the new Intune UI update was taking place the option to set up command line arguments for LOB apps is gone. Anyone having the same? Is there an option to get this back? Regards
Jan 27, 2020 Place Microsoft Intune
Intune
Mobile Application Management (MAM)
mobile device management (mdm)
Software Management
2.7KViews
1like
5Comments
Re: Chrome installation failed due to ExploitGuard block
Kazzan Did you deployed this manually or by the Intune native deployment option? In our environment it worked with the native Intune deployment. Regards
Jan 27, 2020 Place Microsoft Security
3.3KViews
0likes
1Comment
Re: Sync cannot be initialized 0x80190194
RyanWilson unfortunately i dont found any solution. It ended in reinstalling the device. Regards
Jan 27, 2020 Place Microsoft Intune
71KViews
0likes
15Comments
Re: Fotovorschau in Onedrive geht nicht mehr
ffmistlberg Ich hatte das gleiche Problem. Bei uns konnte man per Tracing (F12 - Network) sehen, dass eine URL nicht erreicht werden konnte. Nach freigabe von *.svc.ms funktionierte alles wieder. Kannst ja im Browser mal schauen ob es vllt etwas gleiches ist. Gruss
Oct 22, 2019 Place OneDrive
3.4KViews
0likes
0Comments
Re: Sync cannot be initialized 0x80190194
Thijs Lecomte yes, sorry for the late response. I also rejoined it already but its still not syncing. Getting an evententry: MDM Session: OMA-DM client stopped with status: (Not found (404).).
Oct 21, 2019 Place Microsoft Intune
70KViews
0likes
17Comments
Sync cannot be initialized 0x80190194
I have one device which cannot be synced since 2 month. I am getting the message: Sync cannot be initialized 0x80190194 Any idea about this? Best regards, Miguel
Solved
Oct 15, 2019 Place Microsoft Intune
Intune
Mobile Application Management (MAM)
mobile device management (mdm)
74KViews
0likes
19Comments
MDM Security Baseline vs Intune Profile
Hi all, I am testing currently the 2 profiles in the Security Baselines in default configuration. As they are now checked against the endpoint there is one Error in the Per-settings status: Type of system scan to perform Problem is now - I cannot see anything configured in the MDM Security Baseline for May 2019 the setting itself in the Intune profile is configured. Any idea? Best regards Miguel
Oct 11, 2019 Place Microsoft Defender for Endpoint
defender
Intune
Intune MDM
security
6.2KViews
2likes
5Comments
Re: Identity theft using Pass-the-Hash attack verify false positive
Hi, unfortunately, we couldn't got any solution for this. We are currently investigating by our self. Since Eli got a contact for us which was responding we tried to solve the problem but after 3 weeks of just standard mails that Microsoft has currently too many requests with an delay to up to 4 weeks we finally got a closure email of the ticket without and solution. Also a response to work on this ticket got denied and now its gone.
Jul 15, 2019 Place Microsoft Defender for Identity
5.2KViews
1like
0Comments
Kerberos Encryption downgrade on delegation
Hi all, we are facing a point on SQL-Servers when they are using Kerberos delegation and request a ticket, its requested as RC4. Are there any options or configurations where a SQL-Server can be hardened? Basically we want to remove the RC4 for SQL-Server for Kerberos tickets. Regards
May 24, 2019 Place SQL Server
2.8KViews
0likes
1Comment
Re: OneDrive client file sharing limitations
Hi ChrisHoardMVP yes it is the same on outside of the corporate network. Also i tested it on a fresh deployed Azure VM - so no corporate infrastructure or software and so on - its the same...waiting up to 10 minutes for OneDrive to be ready. Is there a way to read the log files? Maybe there is something in it. Regards
Mar 25, 2019 Place OneDrive
37KViews
2likes
2Comments
Re: OneDrive client file sharing limitations
ChrisHoardMVP It is happening for all users and every time OneDrive starts. Also with Fiddler we can see there is a normal call to SPO for logging in and have the personal OneDrive ready. After that the SPO document libraries are called and than nothing happens for minutes. Afte rlike 10 minutes the user ca use all items on the SPO document libraries. If a user tries to access a file which was not downloaded before (Files on Demand enabled) we are getting the message "Please make sure that <name of SPO doucment library> is running.
Mar 25, 2019 Place OneDrive
37KViews
1like
4Comments
Re: OneDrive client file sharing limitations
ChrisHoardMVP Thanks for that. We are facing the issue that OD takes up to 10 minutes to be ready...
Mar 25, 2019 Place OneDrive
37KViews
1like
6Comments

Recent Blog Articles

No content to show