Device Stuck on Restart Screen After Update - Error Code: ATTEMPTED WRITE TO READONLY MEMORY
Hi everyone, I’m experiencing an issue with my Windows device that started after a recent update. For the past three days, my device has been stuck on a restart screen with the following error message: Your device ran into a problem and needs to restart. We'll restart for you. For more information about this issue and possible fixes, visit https://www.windows.com/stopcode If you call a support person, give them this info: Stop Code: ATTEMPTED WRITE TO READONLY MEMORY I’ve tried restarting the device multiple times, but it keeps returning to this screen. I’m unable to access my system or troubleshoot further. Has anyone else encountered this issue after an update? Any suggestions on how to resolve this would be greatly appreciated. Thank you in advance for your help!AMA: Microsoft Defender for Cloud
Ask Microsoft Anything…about Microsoft Defender for Cloud and get your questions answered! Join our panel of experts to discuss our latest innovations announced at Microsoft Ignite, including Endor Labs integration for supply chain security, multiple posture management enhancements, and new container security features. This session is part of Tech Community Live: Microsoft Security edition.AMA: Microsoft Security Copilot
Have questions about how to best use Microsoft Security Copilot to respond to cyberthreats quickly and assess risk exposure in minutes? Ask Microsoft Anything! This session is your opportunity to get answers from the product team to help you configure Microsoft Security Copilot and process signals at machine speed! This session is part of Tech Community Live: Microsoft Security edition.
Secure score power BI dashboard
We are following https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Secure%20Score to deploy secure score over the time dashboard for MDC. however steps for the deployment are very old when we had azure security center instead of MDC and prerequisites are not properly documented. As per the article we need to: Export the secure score data to Log analytics workspace by using continuous report option in MDC portal. Deploy Secure Score over the time workbook which can export the secure score data to Log Analytics workspace (not clear if this will pull reports every 24 hours and what permissions are required on Log Analytics workspace and to deploy the workbook) Do we need to export the secure score data to same Log Analytics workspace on which MDC is deployed or a separate workspace is needed ? If MDC already uses Log analytics workspace in the backend to store the logs then why can't we pull the secure score log data directly? why we need to export the secure score data to Log Analytics workspace first then to connect it to dashboard ?Securing Microsoft M365 Copilot and AI with Microsoft's Suite of Security Products - Part 1
Microsoft 365 Copilot and AI applications created in Azure AI Foundry are transforming productivity, but they also introduce new security challenges for businesses. Organizations embracing these AI capabilities must guard against risks such as data leaks, novel AI-driven threats (e.g. prompt injection attacks), and compliance violations. Microsoft offers a comprehensive suite of products to help secure and govern AI solutions. This multipart guide provides a detailed roadmap for using Microsoft’s security services together to protect AI deployments and Copilot integrations in an enterprise environment. Overview of Microsoft Security Solutions for AI and Copilot Microsoft’s security portfolio spans identity, devices, cloud apps, data, and threat management – all crucial for securing AI systems. Key products include: Microsoft Entra (identity and access), Microsoft Defender XDR (Unified enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications), Microsoft Purview (data security, compliance, and governance), Microsoft Sentinel (cloud-native SIEM/SOAR for monitoring and response), and Microsoft Intune (device management), among others. These solutions are designed to integrate – forming an AI-first, unified security platform that greatly reduces the complexity of implementing a cohesive Zero Trust strategy across your enterprise and AI ecosystem. The table below summarizes the main product categories and their roles in securing AI applications and Copilot: Security Area Microsoft Product Role in Securing AI and Copilot Identity and Access Management Microsoft Entra and Entra Suite (Entra ID Protection, Entra Conditional Access, Entra Internet Access, Entra Private Access, Entra ID Governance) Verify and control access to AI systems. Enforce strong authentication and least privilege for users, admins, and AI service identities. Conditional Access policies (including new AI app controls) restrict who can use specific AI applications Endpoint & Device Security Microsoft Defender for Endpoint, Microsoft Intune Secure user devices that interact with AI. Defender for Endpoint provides EDR (Endpoint Detection & Response) to help block malware or exploits while also identifying devices that may be high risk. Intune helps ensure only managed, compliant devices can access corporate AI apps, aligning with a Zero Trust strategy. Cloud & Application Security Microsoft Defender for Cloud (CSPM/CWPP), Defender for Cloud Apps (CASB/SSPM), Azure Network Security (Azure Firewall, WAF) Protect AI Infrastructure and cloud workloads (IAAS/SASS) Defender for Cloud continuously assesses security posture of AI services (VMs, containers, Azure OpenAI instances) and detects misconfigurations or vulnerabilities. It now provides AI security posture management across multi-cloud AI environments (Azure, AWS, Google) and even multiple model types. Defender for Cloud Apps monitors and controls SaaS AI app usage to combat “shadow AI” usage (unsanctioned AI tools). Azure Firewall and WAF guard AI APIs and web front-ends against network threats, with new Copilot-powered features to analyze traffic and logs. Threat Detection & Response Microsoft Defender XDR, Microsoft Sentinel (SIEM/SOAR), Microsoft Security Copilot Detect and respond to threats. Microsoft’s Defender XDR suite provides a single pane of glass for security operations teams to detect, investigate, and respond to threats, correlating signals from endpoints, identities, cloud apps, and email. Microsoft Sentinel enhances these capabilities by aggregating and correlating signals from 3rd party, non-Microsoft products with Defender XDR data to alert on suspicious activities across the environment. Security Copilot (an AI assistant for SOC teams) further accelerates incident analysis and response using generative AI – helping defenders investigate incidents or automate threat hunting. Data Security & Compliance Microsoft Purview (Information Protection, Data Loss Prevention, Insider Risk, Compliance Manager, DSPM for AI), SharePoint Advanced Management Protect sensitive data used or produced by AI. Purview enables classification and sensitivity labeling of data so that confidential information is handled properly by AI. Purview Data Loss Prevention (DLP) enforces policies to prevent sensitive data leaks – for example, new Purview DLP controls for Edge for Business can block users from typing or pasting sensitive data into generative AI apps like ChatGPT or Copilot Chat. Purview Insider Risk Management can detect anomalous data extraction via AI tools. Purview Compliance Manager and Audit help ensure AI usage complies with regulations (e.g. GDPR, HIPAA) and provide audit logs of AI interactions. AI Application Safety Azure AI Content Safety (content filtering), Responsible AI controls (Prompt flow, OpenAI policy) Ensure AI output and usage remain safe and within policy. Azure AI Content Safety provides AI-driven content filters and “prompt shields” to block malicious or inappropriate prompts/outputs in real-time. Microsoft’s Responsible AI framework and tools (such as evaluations in Azure AI Studio to simulate adversarial prompts) further help developers build AI systems that adhere to safety and ethical standards. Meanwhile, M365 Copilot has built-in safeguards – it respects all your existing Microsoft 365 security, privacy, and compliance controls by design! How the Pieces Work Together Imagine a user at a company is using Microsoft 365 Copilot to query internal documents. Entra ID first ensures the user is who they claim (with MFA), and that their device is in a compliant state. When the user prompts Copilot, Copilot checks the user’s permissions and will only retrieve data they are authorized to see. The prompt and the AI’s generated answer is then checked by Microsoft Purview’s DLP , Insider Risk, DSPM, and compliance policies – if the user’s query or the response would expose, say, credit card numbers or other sensitive information, the system can block it or redact it. Meanwhile, Defender XDR's extended detection and response capabilities are working in the background: Defender for Cloud Apps logs that the user accessed an approved 3rd party AI service, Sentinel correlates this with any unusual behavior (like data exfiltration after running the prompt), an alert is triggered, and the user is either blocked or if allowed, forced to label and encrypt the data before sending it externally. In short, each security layer – identity, data, device, cloud, monitoring – plays an important part in securing this AI-driven scenario. Stay tuned for Part 2 of this Multi-Part Series In the following articles, we break down how to configure and use the tools summarized in this article, starting with Identity and Access Management. We will also highlight best practices (like Microsoft's recommended Prepare -> Discover -> Protect -> Govern approach for AI security) and include recent product enhancements that assist in securing AI.How to easily apply DISA STIGs with Intune
Introduction In today's digital landscape, ensuring the security and compliance of IT infrastructure is paramount. The Defense Information Systems Agency (DISA) provides Security Technical Implementation Guides (STIGs) to optimize security for various software and systems. Utilizing Microsoft Intune, administrators can create configuration profiles that adhere to these STIGs, thereby enhancing their organization's security posture. This blog will walk you through the process of creating Intune Configuration Profiles for DISA STIGs, complete with screenshots and detailed steps. Prerequisites Before diving into the configuration process, ensure you have the following: Access to the Intune admin center. Appropriate administrative privileges to create and manage configuration profiles. Familiarity with DISA STIGs and their requirements. Step-by-Step Guide Step 1: Access Intune Acquire DISA STIG Files: The first step in this process is to acquire the DISA STIG files from their official website (Group Policy Objects – DoD Cyber Exchange). These files contain the specific security guidelines and requirements you need to implement. Visit the DISA website, locate the relevant STIG files for your systems, and download them to your local machine. Prep files: Unzip the file you just downloaded then inside you should find another zipped file named like “Intune STIG Policy Baselines.” Unzip this file as well. Login to Intune with proper permissions: To begin, navigate to the Intune admin center at https://intune.microsoft.com or https://Intune.microsoft.us for Intune Government GCC-H/DoD (I am using a GCC-H instance of Intune, but these steps should be the same no matter what impact level you are using). Sign in with your administrator credentials: If you are using RBAC and least privilege you will need to have at least the “Policy and Profile Manager” role. Step 2: Create a New Configuration Profile Once logged in, follow these steps to create a new configuration profile: In the left-hand menu, select Devices -> Configuration profiles. Click on the Create profile button at the top, select “import policy” Select “Browse for files” and browse to the location where you unzipped the Intune STIG Policy Baselines, inside that folder go to the Intune Policies folder then Settings Catalog. Select your STIG of choice and provide a meaningful name and description for the profile and select save. Step 3: Configure Profile Settings Next, verify the profile settings align with the DISA STIG requirements: Once the profile has been created select view policy. Navigate through the settings and ensure every setting is meticulously configured to meet the STIG compliance guidelines. This may include settings such as password policies, encryption, and network security configurations. Ensure every setting meets the compliance standards of your organization. For example, Windows Spotlight is a feature that rotates the wallpaper and screensaver randomly if your organization uses custom wallpaper or screensavers you may want to have this completely disabled. Step 4: Assign the Profile and TEST, TEST, and TEST Again!! After configuring the profile settings, assign the profile to the appropriate groups: Next to Assignments select edit. Select the user or device groups that the profile should apply to, this should be a small but diverse group of devices or users that can provide feedback on the user experience of the settings being applied and or issues they cause because STIGS never break anything right!? Once you have assigned your groups click Review & Save then Save. Conclusion Creating Intune Configuration Profiles for DISA STIGs is a crucial step in maintaining robust security and compliance within your organization. By following this step-by-step guide, you can effectively configure and deploy profiles that adhere to stringent security standards, safeguarding your IT infrastructure. Stay vigilant and periodically review your profiles to ensure they remain compliant with evolving STIG requirements. Disclaimer While DISA has made this a fairly easy process with Microsoft Intune there are some caveats. In the folder where we found the Intune policies is a “Support files” folder which hold an excel spreadsheet with valuable information. There are still several STIG settings that are not natively set by Intune for various reasons (Not in Windows CSP, organization specific settings, etc.) They have also provided the Desired State Configuration (DSC) files to set a lot of these settings that will need to be deployed as a Win32_APP. This is outside the scope of this blog but stay tuned! Lastly, the spreadsheet provides STIG settings that will be a false positive when you use the Security Content Automation Protocol (SCAP) tool. This is due to the settings being set now through the Configuration Service Providers (CSP) and the tool is looking at the legacy registry locations. Unfortunately, until that tool gets updated to look in the new locations we will need to provide that to prove the settings have been configured. All screenshots and folder paths are from a non-production lab environment and can/will vary per environment. All processes and directions are of my own opinion and not of Microsoft and are from my years of experience with the Intune product in multiple customer environments Additional Resources Microsoft Intune Documentation: Microsoft Intune documentation | Microsoft Learn DISA STIGs: Security Technical Implementation Guides (STIGs) – DoD Cyber Exchange Intune Admin Center: intune.microsoft.com (Commercial/GCC) or Intune.microsoft.us for government (GCC-High/DoD) Stay tuned for future posts where we delve deeper into advanced configurations and best practices. Happy securing!
