Configure Bitlocker on TCG Opal 2 SSD
Is it possible to configure Windows 10 Pro BitLocker to use the hardware encryption built into a TCG Opal 2.0 SSD and a startup PIN? I have previously setup software BitLocker with a startup PIN and hardware BitLocker without a PIN. To configure the two together I installed a new 870 Evo SSD in a separate computer, used Samsung Magician to set SSD security to "security ready to be enabled", moved the SSD to the target computer and performed a fresh Windows 10 pro installation. I then enabled the local computer policy BitLocker setting "Configure use of hardware-based encryption for operating system drives" to prevent software-based encryption and enabled the setting "Require additional authentication at startup" to allow TPM + PIN. However, on beginning BitLocker, an error message appeared stating software encryption is not available because of the registry setting. After reversing the BitLocker hardware setting, software BitLocker with TPM and PIN proceeded as usual. Is it possible to have BitLocker hardware encryption with a PIN?Live response sessions and Zscaler
Has anyone managed to get live response sessions from Defender XDR working with Zscaler enabled? I have bypassed all necessary URLs from SSL inspection but still getting blocked from performing actions on live response. It is definitely Zscaler as when it's disabled live response works perfectly.RPC Endpoint Mapper Client Authentication uses NTLM
Introduction The main goal is to secure existent windows 10 clients. As there a few hardening recommendations from for example CIS and Microsoft concerning secure OS configuration i discovered a potential misleading dependency regarding NTLM and RPC. How it happened On windows 10 clients in the computermanagement (local admin group) the therein contained domain-members were only shown with their SID. Long story short, the actual name of the ADuser was not displayed anymore. Solution In the end it turned out that the following configuration based on a hardening configuration of CIS was the root cause: "18.8.37.1 Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' (MS only)" More information here Basically there should not be a problem when enabling the RPC Endpoint Mapper Client Authentication. But if you configured "Restrict NTLM: Outgoing NTLM traffic to remote servers" to "Deny all" More information here then the enabled RPC Endpoint Mapper Client Authentication will not work anymore because it does rely on NTLM. Conclusion A risk assessment must now be carried out here. Even Microsoft says that "It's encouraged to move away from NTLM to better secure your environment. If faced with a choice between restricting NTLM and using EnableAuthEpResolution, the recommended approach is that you restrict NTLM in your environment." More information here --> To sum up, even CIS recommends to enable the RPC Endpoint Mapper Client Authentication, but they do not make any statement in their benchmarks with regard to the denying of outgoing NTLM traffic to remote servers. Question Which configuration will have a more severe risk and what should be the recommendation here regarding to achieve an overall secure configuration?
Secure Score Improvement Recommended actions information sheet
Hello All I am starting a project to Improve our Secure score following the "Recommended Actions" section in the M365 Defender portal. Now each action comes with its own set of General information and remediation options. Rather than get the actions on each of the 208 recommendations by clicking through all the tabs and recording every step required to complete the recommendation , does anyone know if Microsoft has an Excel sheet with all the relevant Secure Score Improvement actions/information in one place? Will make running this project so much easier! Thanks in advance ! Kind Regards Christo
AIP, Sensitivity Labels, and DLP protects for data on a Windows File Server
We are implementing DLP protections for data stored on a Windows File share. We have the AIP scanner setup and labeling data. We have some test data labeled. We published DLP rules to prevent the data from being copied to USB or uploaded to the web. The rules work and block data if: 1) From Word, do File Save As and attempt to save to USB. 2) Data stored in One Drive and attempt to use File Explorer to copy to USB. 3) Data stored on local C: drive and attempt to use File Explorer to copy to USB. Rules do NOT work if data is stored on a Windows File share. I can use File explorer to copy the data to a USB drive. Same with Edge and web uploads: appropriately blocks if One Drive or C: drive. Does NOT block if on a Windows File share. Any ideas on this? Does the Windows File server have to have Defender installed? I thought the workstation Defender would protect the data, but maybe I am wrong. Thanks.
