configuration
1819 TopicsWindows Explorer preview pane not showing PDF previews
I have raised this issue with Adobe on their forum. I am unable to view previews of adobe PDF documents in the preview pane in Windows Explorer on my computer (i.e. local drive or network drive) unless it is via my OneDrive folder. When trying to view files on WE that are on local or network drives, the preview plane is blank and contains no error message or warning. I have tried the solutions posed in the Adobe forum - none of these have worked. I have tried completely uninstalling and reinstalling - again this has not worked. I refered it to my IT department who tried to edit the registry and use apps such as PowerTools - again this has not worked. Not sure why this has occured as randomly one day it just stopped working. Are there any solutions that actually work for this?180Views0likes3Commentstime synchronization keeps failing
yesterday my clock started to become ~5 minutes behind from the actual time, so i went to the date and time settings and clicked "synchronize time", but it failed to do so and gave me this error despite my internet connection being stable: i tried a few stuff; and then i tried to restart the time server, didnt work today i tried to change the server, didnt work either im still having this problem, how do i fix this?17Views0likes1CommentWindows Time Is Not Automatically Synchronizing
I am experiencing an issue with my Windows 11 laptop where the time is not synchronizing automatically with any NTP time servers. I have attempted various NTP time servers, but the problem persists. However, when I navigate to Settings > Time & Language > Date & Time and manually click on "Sync Now," the synchronization is successful. The "Set the time automatically" toggle is enabled. Upon inspecting the Services section, I can see that the Windows Time service is active and set to Manual (Trigger Start) on both my laptop and other computers. Given that my laptop is consistently losing time, the automatic time synchronization feature is crucial for maintaining accurate timekeeping. Are there any other factors that could be hindering the automatic sync of Windows time?40KViews1like7CommentsMicrosoft Defender for Office 365: Migration & Onboarding
This blog covers four key areas that are frequently missed, but they are essential for a secure and auditable deployment of Defender for Office 365. Before diving into the technical details, it is important to clarify a common misconception about Defender for Office 365 protections. Blocking Malicious File Downloads in SharePoint and OneDrive A common assumption during onboarding is that Microsoft Defender for Office 365 protections only apply to email. In reality, Safe Attachments also integrates with SharePoint Online, OneDrive for Business and Microsoft Teams. It scans files for malware even after they are uploaded or shared internally. However, this protection is only effective when the configuration explicitly prevents users from downloading files flagged as malicious. Without this setting, files detected as threats can still be downloaded locally. This creates a major risk particularly if the malware is detected post-delivery. In one investigation, I found that this setting had been left at its default, allowing users to download malicious files from SharePoint. This oversight created a significant exposure risk until it was corrected. This setting is part of the Safe Attachments for SPO/ODB policy and is critical in reducing internal exposure. Once enabled, this setting protects users in real time and acts as a powerful audit point. If someone disables this setting, whether intentionally or by accident, that action is recorded in Purview's Unified Audit Log under the DisallowInfectedFileDownloadDisabled operation. The video below offers a brief walkthrough on how to enable the setting, details the associated audit log events, and provides guidance on configuring alerts for any modifications: Regularly auditing for this event can help identify misconfiguration or potentially malicious administrative activity that could indicate insider threat behaviour. Including this check as part of your continuous security monitoring process is a smart, proactive move. Learn more at Step 2: (Recommended) Use SharePoint Online PowerShell to prevent users from downloading malicious files Once you have established protection against malicious files, the next step is ensuring your tenant is correctly set up to create and manage threat policies. Ensuring Organization Customization is Enabled A frustrating yet common hurdle during Defender for Office 365 onboarding is the inability to create threat policies such as anti-phishing or Safe Attachments policies. This confusion often stems from a basic configuration oversight: the tenant has not been enabled for organization customization. Without this step, the Microsoft 365 platform prevents the creation or editing of many critical security policies in Defender for Office 365. A few years prior with a new client being onboarded to Defender for Office 365, I encountered a situation where policy creation kept failing because this step wasn’t followed. It caused unnecessary delays and frustrated the security team until we identified the missing customization. The fix is simple. Run the Enable-OrganizationCustomization PowerShell cmdlet from Exchange Online. It is a one-time configuration task, but it is essential for policy management and overall service functionality. Including this step early in your deployment or migration plan prevents unnecessary delays and ensures the security team can fully leverage Defender for Office 365's capabilities from day one. This is particularly important for consultants who are brought in to assist after issues have already arisen. Getting ahead of this configuration means one less troubleshooting rabbit hole. With customization enabled, you can now take advantage of the preset security policies to quickly build a solid baseline. Using Preset Security Policies for a Strong Starting Point One of the best tools Microsoft has provided for onboarding is the Preset Security Policies feature. These come in two flavors: Standard and Strict. Figure 4 - Defender for Office 365 Preset security policies (Standard & Strict protection) They represent Microsoft’s recommended baseline configurations for anti-malware, anti-phishing, and spam protection. Learn more at Preset security policies in cloud organizations. For customers with limited security maturity or time to deeply understand the inner workings of Defender for Office 365, these presets are a game-changer. Figure 5 - Microsoft recommendation is to apply standard protection to all users In several cases, I have seen organizations with limited security teams benefit from activating these presets early. This approach gave them immediate protection while freeing up time to better understand and tune policies over time. For incident response, having a consistent and known-good baseline also helps reduce noise and false positives in the initial stages of deployment. Figure 6 - Apply strict Defender for Office 365 protection for priority users After setting foundational policies, controlling who has access to what within Defender for Office 365 is crucial to maintaining a secure environment. Implementing Unified RBAC for Least Privilege Access As more business units engage with Defender for Office 365 for everything from investigation to reporting, it is important to ensure each role has access only to what they need. Unified Role-Based Access Control (RBAC) in Defender for Office 365 makes this possible by allowing granular control over who can see and change what within the security portal. Figure 7 – Example least privilege role configuration for a Defender for Office 365 Incident Responder (image trimmed). This becomes critically valuable in larger or more complex organizations where responsibilities are split between security, compliance, IT, and operations teams. Figure 8 - Activating Microsoft Defender for Office 365 Workload in Defender XDR Roles. By using unified RBAC, you can avoid the dangerous and often default behavior of assigning Security Administrator rights to everyone involved. Instead, define roles based on function. For example, Tier 1 analysts might only need view and investigation access, while admins can manage policies. Figure 9 - Assigning a user to a Custom Microsoft Defender for Office 365 role, Entra Security Groups are also supported. This approach aligns with zero trust principles and makes it easier to audit who has access to sensitive areas. During onboarding, I recommend mapping stakeholders to the available roles and applying this model as early as possible. This helps establish accountability and improves your security posture before an incident occurs. Learn more at Map Defender for Office 365 permissions to the Microsoft Defender XDR Unified RBAC permissions Having set the right roles and permissions, it is vital to understand how these configurations contribute to a resilient and well-prepared security posture. Final Thoughts Successful onboarding to Microsoft Defender for Office 365 is not just about flipping switches. It is about making intentional configuration choices that support operational efficiency and long-term security goals. The points covered here are often missed in quick start guides but they are essential for building a solid foundation. Those who invest time in proper configuration are far better prepared when incidents arise. Migration is just the beginning. Set up Defender for Office 365 right to reduce risk and build real resilience. Please take two minutes to take this survey to let us know what you think of this blog (series), video, and community content. Questions or comments on this blog "Microsoft Defender for Office 365 Migration & Onboarding" for the author or other readers? Please log in and post your response below! _____________ This blog has been generously and expertly authored by Microsoft Security MVP, Purav Desai. with support of the Microsoft Defender for Office 365 product team. Lead M365 Incident Responder, Financial Services | Dual Microsoft Security MVP Log in and follow this Microsoft Defender for Office 365 blog and follow/post in the Microsoft Defender for Office discussion space. Follow = Click the heart in the upper right when you're logged in 🤍 Learn more about the Microsoft MVP Program. Join the Microsoft Security Community and be notified of upcoming events, product feedback surveys, and more. Get early access to Microsoft Security products and provide feedback to engineers by joining the Microsoft Customer Connection Community. Join the Microsoft Security Community LinkedInDisabling PIN-based login on Entra-joined PCs
Hi guys. Yesterday I took two machines off the domain and Entra joined them. The goal was 1) remove their access to domain resources 2) have tenant users login to the machine and get enriched tokens every time. this works as desired. The problem is every user gets prompted to set a pin. these are both shared secondary/tertiary PC's - there is no point to having a 6 digit PIN on them. I thought the new Authentication Methods tools had controls for this, but apparently not. A script was run to change certain related Reg Keys (by my onsite tech) but this had no change on reboot. textreg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v Enabled /t REG_DWORD /d 0 /freg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v DisablePostLogonProvisioning /t REG_DWORD /d 1 /f HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork Enabled key was set to 0, and DisablePostLogonProvisioning was set to 1. These are from various help threads I found here and other resources. Unfortunately, they do not work. Not sure what to do here. I've read there are InTune controls for this - but I don't really have the time to work out WindowsPC ennrollment profiles for 2 machines. The site has InTune, but only for iOS mobile management. Thoughts?26Views0likes1CommentHow to Install or Uninstall RSAT in Windows 11
Remote Server Administration Tools (RSAT) is an essential tool for Windows administrators. This tool is designed to help administrators manage and maintain the servers from a remote location. Remote Server Administration Tools (RSAT) are used by IT administrators to handle Windows Server roles and features. It was introduced in Windows Server 2008 R2. Viewing Remote Server Administration Tools List in Windows 11 Open the Command Prompt App with Administrative Privileges. Type the below command and press Enter key. Get-WindowsCapability -Name RSAT* -Online | Select-Object -Property DisplayName, State You'll get a list of all RSAT features and their current state whether installed or not present. Related: (external link removed by moderator) Installing Remote Server Administration Tools in Windows 11 Launch the Windows 11 Settings app. Select Apps from the left pane. Choose Optional features. Read More At: (external link removed by moderator)2.3MViews7likes105CommentsStart menu "Best Match" allowing access to run command
We operate an educational network of PCs which we restrict quite strictly to prevent students accessing certain programs. We use a number of group policy settings already to restrict the command prompt, hide or restrict certain drives and prevent access to the run command (via right click on start button and within the start menu). However, the recent updates to the start menu in Windows 11 allow users to search (and run) applications and network UNC paths, which they previously wouldn't have access to. We have found that the "Best Match" on the start menu search, allows users to open UNC paths to servers which are normally blocked by group policy when keying in to the address bar in explorer. Disabling the run command has always been effective at preventing apps being run which we don't directly present in the past. This creates a bit of a vulnerability for us as we need to run as tight a setup as possible to prevent students tampering. We need students to be able to write to shares, but we don't want them to be able to browse directly to the root of server shares (even if the permissions are tight around the shares). The only way we've found to prevent access to this is to fully disable the search UI. As this policy is a computer policy we cannot disable this for only certain users which is frustrating. The DisableSearchBoxSuggestions setting has no effect on the "Best Match" suggestion. We feel that Microsoft need to address this issue, as being able to prevent access to the "run" command is important to many Network Admins in Education.44Views0likes1CommentWindows Defender Service Crashing with 0xc0000374 on Windows 11 24H2 Lenovo X13 Laptops
Environment: Devices: Lenovo ThinkPad X13 laptops OS: Windows 11 24H2 Management: Microsoft Intune/Entra ID managed Started: Approximately 1 month ago Symptoms: Intermittent system freezing - devices become unresponsive requiring hard reboot Windows Defender service stops and cannot be restarted manually Event Viewer errors: Event ID 7031 (Service Control Manager): "The Microsoft Defender Antivirus Service service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service." Application Error Event ID 1000: MsMpEng.exe crashing with exception code 0xc0000374 (heap corruption) Pattern: Issue affects devices from only 1 of multiple Intune/Defender tenants we manage Not all X13 laptops affected - only random subset Other tenants with identical hardware models not experiencing issues Started approximately 1 month ago across multiple devices Current Status: MsMpEng.exe keeps crashing repeatedly Real-time protection cannot stay running Service recovery attempts fail Has anyone else experienced this specific error on 24H2? Any known issues with recent Defender platform/definition updates causing heap corruption?25Views0likes0CommentsHow to force Windows 11 to reuse the former Recovery Partition?
Before migrating from Windows 10 to Windows 11 I had decrypted my BitLocker-encrypted C:-partition - just to be on the safe side if anything goes wrong during the migration. Now, after the successful migration to Windows 11 I wanted to re-encrypt that partition. When I started BitLocker it explained that it would first need to create a recovery partition. When I clicked OK it declared it would now first shrink my C:-drive to create space for that partition and then create a new recovery environment on it. However, I already do have a recovery partition at the end of my current system drive (at least it is labeled as Recovery Partition, its size is 1000MB/1GB). Why does Windows 11 try create me yet another recovery partiation and does not reuse that existing one? I don't want end up having two recovery partitions one of which is useless. Would I first have to delete that existing recovery partition, then add it to the (i.e. grow the existing) C:-drive partition such that this process can then shrink it again in order to recreate a new recovery partition? Is there no shortcut to force this process to simply re-use the existing recovery partition?29Views0likes1CommentProblem connecting 2 monitors to my laptop
Hi guys, for my laptop ASUS VivoBook with Windows 11, I purchased two MSI monitors. I'm having trouble extending the display to both of them. Only one monitor works. Here my setup: Monitor 1: direct HDMI cable. Connection is made via an HDMI cable from Monitor 1 to my laptop Monitor 2: since no more HDMI entries are available, I'm using an HDMI to USB adapter. This officially supports Windows 11. When I identity the monitors, only the one directly linked is correclty available. The other one is off. To troubleshoot monitors and setup, I switch monitors and connection with all possible combinations: no matter what, only one monitor, that one which is correctly linked is available. Do you have any ideas4Views0likes0Comments