Is there a way to force the security portal recommendations to update?
Hi all, I'm currently going through and either uninstalling or updating a large number of EOL software through the "Security recommendations" page on https://security.microsoft.com. Is there anyway I can force an update/sync from the computers once I've completed a recommendation so that my colleagues don't try fixing things that are already fixed? For example, I just finished uninstalling an EOL program from 10 computers, but the portal still shows the program as being installed on these 10 computers, can I force this (either through endpoint or SCCM) to display real-time or up to date data?
Join Vasu Jakkal at the Microsoft Security Summit on May 12, 2022
Safeguard your future and be fearless with the latest from Microsoft Security Be the first to hear exciting announcements and learn how Microsoft Security can help you lay the foundation for a safer, bolder, more fearless future. To innovate fearlessly in a changing world, your organization needs comprehensive security it can trust. Attend the event to: Hear exciting announcements from leading voices in security—including Vasu Jakkal, Corporate Vice President of Security at Microsoft. See demos of brand-new technologies from Microsoft Security and get a closer look at the newest innovations in security, compliance, identity, privacy, and management. Get fresh security insights during a Live Chat Q&A with threat intelligence experts. Hear from front-line defenders about how they are helping Microsoft to stay ahead of threats. Discover how Microsoft solutions can empower your organization to deliver end-to-end security. Register now to attend this free digital event. Microsoft Security Summit Thursday, May 12, 2022 9:00 AM–12:00 PM Pacific Time (UTC-7)
WIP Vs AIP
Hi Community, One of our partner would like to pitch in AIP over WIP and looking for the specific differences: Could any experts help resolve the below questions? • When to use WIP over Azure Information Protection? • What scenarios would we use both WIP and Information Protection side by side? • Why would we need WIP for managed devices? • Should we limit access for unmanaged devices (access control) or WIP for unmanaged devices (BYOD)? Any guidance would be of great help. Many thanks in advance!DLP License Requirements
Hi everyone, I have using DLP endpoint as trial. Now I purchased an E5 license. What to do to continue use the DLP without losing any config or data? Does it matter who am i assigning or do I have to assign someone? One E5 license are enough for our company or how manyI need? CAn I use the DLP endpoint as long as E5 license expires or how? Do I need to take any action? Could you answer these questions please? Thank you so much.
Windows Defender Logs of PowerShell Commands
Hello, We were trying to execute a PowerShell command that trying to bypass the defender, and we integrate the Microsoft Defender with Microsoft Sentinel Solution, so, we need to check the logs of that powershell command, for example, if a user execute a powershell command like Set-ExecutionPolicy -scop CurrentUser The event log in Security Center and Sentinel Will display just "Set-ExecutionPolicy" without the options used in that command. Is it normal behavior for log collection for Defender, or there is a custom rule need to be applied? Thanks.
Multiple Companies in one Tenant
I have company A that owns Company B, C, & D. I would like to create one Tenant for Company A and add the domains of Company, B C, & D to it. This way everyone in that company can easily share files between on another. ALso, user creation is simple. For example, the Sharepoint site will be http://CompanyA.onmicrosoft.com/CompanyC *& http://CompanyA.onmicrosoft.com/CompanyD. Is this something that makes sense?
RPC Endpoint Mapper Client Authentication uses NTLM
Introduction The main goal is to secure existent windows 10 clients. As there a few hardening recommendations from for example CIS and Microsoft concerning secure OS configuration i discovered a potential misleading dependency regarding NTLM and RPC. How it happened On windows 10 clients in the computermanagement (local admin group) the therein contained domain-members were only shown with their SID. Long story short, the actual name of the ADuser was not displayed anymore. Solution In the end it turned out that the following configuration based on a hardening configuration of CIS was the root cause: "18.8.37.1 Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' (MS only)" More information here Basically there should not be a problem when enabling the RPC Endpoint Mapper Client Authentication. But if you configured "Restrict NTLM: Outgoing NTLM traffic to remote servers" to "Deny all" More information here then the enabled RPC Endpoint Mapper Client Authentication will not work anymore because it does rely on NTLM. Conclusion A risk assessment must now be carried out here. Even Microsoft says that "It's encouraged to move away from NTLM to better secure your environment. If faced with a choice between restricting NTLM and using EnableAuthEpResolution, the recommended approach is that you restrict NTLM in your environment." More information here --> To sum up, even CIS recommends to enable the RPC Endpoint Mapper Client Authentication, but they do not make any statement in their benchmarks with regard to the denying of outgoing NTLM traffic to remote servers. Question Which configuration will have a more severe risk and what should be the recommendation here regarding to achieve an overall secure configuration?
Blocking Personal Outlook and Gmail Accounts on Corporate Device
Hello Community, In my organization, we use the Microsoft 365 environment. We have a hybrid infrastructure, but we aim to deploy as many policies as possible through Microsoft 365 (Intune, Purview, Defender, etc.). One of our goals is to limit the use of corporate devices for personal purposes. We use Outlook as our corporate email service, and we would like to block employees from signing into their personal email accounts (either via web or desktop application). Additionally, we would like to block access to other email services, such as Gmail, both via web and desktop apps. Could you provide guidance on how to achieve this? I would greatly appreciate any help or suggestions. Thank you very much! Juan Rojas
