Microsoft Endpoint Manager Support for Android 11

by | Sep 3, 2020 | Uncategorized

This article is contributed. See the original author and article here.

In September, we expect Android 11 to be released by Google. Both our App Protection Policy (APP) team and our Mobile Device Management (MDM) team have been testing each beta release and wanted to keep you posted on what we’ve been finding. So far, all major current Intune APP and MDM scenarios are compatible with this latest version of Android, but there are some changes and best practices to be aware of, which we share in the post below.

 

Here are a few things you’ll want to know:

  • Update apps: Encourage your end users to update to the latest version of the Company Portal, Edge, and other APP-supported apps. The latest version will provide the best experience with devices running Android 11.
  • APP and Shared Datasets: Note that requiring encryption by policy will have the following effect on the Shared Datasets introduced with Android 11. If encryption policy Is not required, then Shared Dataset storage will be allowed. If encryption is required by policy, then:
    • For a single-identity app, the blob storage (Shared Dataset) commit will be allowed if the data is private to the app. Otherwise, it will be blocked.
    • For a multi-identity app, the blob storage commit will be blocked.
  • Privacy messaging: Android 11 introduces some user experience changes to increase transparency for users. User may see new messaging, such as additional notifications about app permissions granted by their organization.
  • Device administrator management: Google has been communicating their plans to decrease their support for device administrator managed devices for several years. The release of Android 11 will cause changes and reductions in management capabilities on device administrator managed devices.
    • Camera: For device administrator managed devices running Android 11 (excluding Samsung), you will no longer be able to set the device restriction to block camera use. Policies blocking camera that are applied to devices before they update to Android 11 will continue to apply.
    • Trusted root certificates: With Android 11, trusted root certificates can no longer be deployed to devices enrolled with device administrator (except on Samsung devices). Users must manually install the trusted root certificate on the device. With the trusted root certificate manually installed on a device, you can then use SCEP to provision certificates to the device. In this scenario you must still create and deploy a trusted certificate policy to the device and link that policy to the SCEP certificate profile.
      • If the trusted root certificate is on the device, then the SCEP certificate profile will install successfully.
      • If the trusted certificate cannot be found, the SCEP certificate profile will fail.
  • Reminder about October device administrator changes on Android 10 and 11: Following the expected release of Android 11, Google is requiring all apps to update their API targeting to at least 29. The Company Portal will be making this change in October. This will cause different and decreased manageability on device administrator devices running Android 10 and later. Impacted settings include setting password requirements, blocking camera, blocking Smart Lock and other trust agents, and a change in the Wi-Fi end user experience. You can read full details of the changes in the blog about decreasing support for device administrator management.

 

As with previous major Android OS updates, check mobile app compatibility with your app providers to confirm your users’ apps work with Android 11. You’ll see a “What’s New for the app” in the Play Store or in-app details on an application’s website. Some apps provide Day 0 support, while others update over time. Ensure your users’ managed apps that are deployed through Intune have been updated to a version that supports Android 11.

 

How Can You Reach Us?

Keep us posted on your Android 11 experience through comments on this blog post, through Twitter (@IntuneSuppTeam), and request any new features on UserVoice. We will update this post with any additional information we learn when Android 11 releases.

September Webinars & Remote Work Resources

September Webinars & Remote Work Resources

by | Sep 3, 2020 | Uncategorized

This article is contributed. See the original author and article here.

September Edition Sections:

  • Highlighted 
  • Microsoft Ignite
  • Microsoft Teams – IT Admins & Planning
  • Microsoft Teams – End Users & Champions
  • Other M365 Topics
  • Security & Azure AD
  • Blogs of Interest

 

Highlighted

Remote Working Federal Training

The Microsoft Federal Customer Success team has been working hard to provide remote working skilling and instruction to our customers working remote on the following topics:

  • Teams Fundamentals: High-level Teams overview
  • Productivity in Teams: Best practices for using Teams
  • App Integration: Microsoft & 3rd Party apps that be utilized in GCC
  • Smart Meetings: Using meetings in Teams to their full potential
  • Live Events: Hosting virtual events up to 10K+
  • Best Practices: Various topics based on feedback

Below is a schedule of upcoming events. Join all sessions at https://aka.ms/LearnTeamsforGov (we will use the same links daily to host the sessions). Feedback will be available during each session.

Date

1-2pm (EST)
Thursday September 3, 2020 Teams Fundamentals focus on Structures and Channel Management
Tuesday September 8, 2020 App Integration with Teams
Thursday September 10, 2020 Smart Meetings with Teams
Tuesday September 15, 2020 Teams Fundamentals
Thursday September 17, 2020 Productivity in Teams
Tuesday September 22, 2020 Teams Live Events
Thursday September 24, 2020 Teams Fundamentals with Emphasis on Best Practices
Tuesday September 29, 2020 App Integration

Above times don’t work? Check out our on-demand recordings of previous sessions.

 

Microsoft 365 Adoption Portal

Microsoft recently announced its launch of a comprehensive adoption portal. Here you’ll find numerous resources, including: Adoption Guides in flipbook format, Day in the Life training cards, Links to key scenario guidance such as enabling remote work and virtual events, Links to our newly expanded Microsoft 365 Champion program information, Microsoft 365 learning pathways overview, and more.

 

Microsoft Teams: Master working from home

Working from home offers the opportunity to maintain your workflow while allowing flexibility in how and where you get your work done. Shifting to a remote worker status can be an adjustment as you look for ways to balance home and work life, maintain focus and be fully productive. Microsoft Teams can help you stay connected to your team while providing access to all of the tools and resources you need to get your work done. Join us to learn tips that can help set you up for success as you transition into a ‘work from home’ scenario. During this session, we’ll share: (1) Guidance for setting up your home environment for work, (2) Best practices for maintaining your workflow while working at home, (3) Tips for staying connected to your team while remote, and (4) Insights for effectively supporting a remote team.

 

Microsoft Ignite

Enabling Remote Work with Microsoft Teams: Microsoft Ignite 2020 Pre-Show

When: Tuesday, September 15, 2020 at 9:00am PT | The recent shift to remote, hybrid and on-premise work has IT professionals across every industry looking for more solutions and support for deploying Microsoft Teams. That’s why we’re excited to launch this new live webcast series. In this special episode, you’ll get a preview of what’s coming up at Microsoft Ignite. Hear about upcoming sessions you don’t want to miss, as well as new resources that will help you make the most of your experience. Be sure to add this event to your calendar!

 

Enabling Remote Work with Microsoft Teams: Microsoft Ignite 2020 Wrap-Up Part 1

When: Wednesday, September 23, 2020 at 9:00am PT | The recent shift to remote, hybrid and on-premise work has IT professionals across every industry looking for more solutions and support for deploying Microsoft Teams. That’s why we’re excited to launch this new live webcast series. Join us for a wrap-up of day 1 at Microsoft Ignite. You’ll hear all the highlights and we’ll talk about what’s coming up on day 2. Be sure to add this event to your calendar!

 

Enabling Remote Work with Microsoft Teams: Microsoft Ignite 2020 Wrap-Up Part 2

When: Friday, September 25, 2020 at 9:00am PT | The recent shift to remote, hybrid and on-premise work has IT professionals across every industry looking for more solutions and support for deploying Microsoft Teams. That’s why we’re excited to launch this new live webcast series. Join us for a complete wrap-up of day 1 and 2 at Microsoft Ignite. You’ll hear all the highlights and talk with product experts. Be sure to add this event to your calendar!

 

 

Microsoft Teams – IT Admins & Planning

New_UpgradeBanner.jpg

 

Microsoft Teams: Plan your upgrade (Start here!)

Discover everything you need to facilitate a successful upgrade to Teams. By the end of this workshop, participants will be able to: (1) Understand why a formal plan is crucial for upgrade success, (2) Identify the steps to the upgrade success framework, (3) Recognize common attributes of successful customers, and (4) Create and implement their own upgrade plan. The audience for this session is All (Business Sponsors, IT Admins, User Readiness/Change Manager, Project Lead).

 

Microsoft Teams: Identify your upgrade approach

Determine the most suitable approach based on your current Skype for Business implementation and upgrade goals. By the end of this workshop, participants will be able to: (1) Understand common scenarios and upgrade approaches, (2) Visualize the user experience for each approach, and (3) Determine the optimal upgrade approach for your organization.  IT Admins are the primary audience for this session.

 

Microsoft Teams: Implement your upgrade approach

Execute your defined upgrade approach as part of your formal upgrade plan. By the end of this workshop, participants will be able to: (1) Recognize the upgrade settings in your O365 tenant admin portal, (2) Understand technical tips and considerations for a successful upgrade, and (3) Apply the appropriate settings in the Portal to execute your upgrade. The primary audience for this session is IT Admins.

 

Microsoft Teams: Ready your end users

Design a user readiness strategy to help your users love and adopt Teams. By the end of this workshop, participants will be able to: (1) Recognize factors that influence user acceptance and adoption, (2) Define core value messaging for Teams in your organization, and (3) Outline your awareness, training and support activities. The audience for this session is: User Readiness/Change Manager.

 

Enabling Remote Work with Microsoft Teams: Microsoft Teams Security

When: Tuesday, September 8, 2020 at 9:00am PT | The recent shift to remote, hybrid and on-premise work has IT professionals across every industry looking for more solutions and support for deploying Microsoft Teams. That’s why we’re excited to launch this new live webcast series. Let’s talk security in Episode 3. The top challenge IT pros are facing right now is securing data. Join our product expert for a deep dive discussion on identity and authentication. Be sure to add this event to your calendar!

 

 

Microsoft Teams – End User & Champions

 

Get Started with Microsoft Teams

Whether you are switching from Skype for Business or brand new, join us to learn the basics of how to use Teams to chat with your colleagues and collaborate on projects. Through a series of live demonstrations and best practices, you’ll leave this session with everything you need to start using Teams. After this session, you will be able to: (1) Set up your profile and notifications in Microsoft Teams, (2) Use chat and calling for 1:1 and group conversations, sharing and collaboration in Microsoft Teams, (3) Schedule and conduct meetings in Microsoft Teams, and (4) Align your team and teamwork in Microsoft Teams.

 

Go Deeper with Microsoft Teams: Build collaborative workspaces in Microsoft Teams

Designed for those who are already familiar with Microsoft Teams, our ‘Go Deeper’ sessions offer insights and best practices. Learn how Teams can help organize your workday and make it easier to stay connected with colleagues. Explore ways to determine the best approach for creating workspaces for projects and workgroups. After this session, you will be able to: (1) Determine the best approach for your collaboration needs (chat versus teams & channels), (2) Create workspaces for your team to provide the best teamwork experience​, and (3) Determine best practices in Microsoft Teams​ to enhance productivity. Note: This session was previously called ‘Learn tips for taking Microsoft Teams to the next level – Part 1’.

 

Run Effective Meetings with Microsoft Teams

Have you spent significant time and resources to prepare for a meeting and still felt it wasn’t productive? Have you attended a meeting only to leave feeling like not much was accomplished? Join this class to learn how to make your meetings engaging, productive and effective. Microsoft Teams can help make your meetings worth showing up for. After this session, you will be able to: (1) Use Teams for your entire meeting experience, (2) Record your meeting, making it easy for those who couldn’t attend to get caught up, (3) Keep important meetings at your fingertips by pinning them for easy access, and (4) Assess which audio and video devices are best for your meeting needs.

 

Integrate apps to do more in Microsoft Teams

Do you want to get more done in Teams? Receive targeted and timely updates? Access services directly through Teams? Apps let you complete tasks, receive updates and communicate. This session introduces you to the key activities needed to get started with adding applications, bots and connectors in Microsoft Teams today. Through a series of live demonstrations and best practices, you’ll leave this session with everything you need to start using apps in Teams. After this session, you will be able to: (1) See how applications, bots and connectors can help you be more efficient while working in Teams, (2) Select an application, bot or connector for your workspace, (3) Install an application, bot or connector, and (4) Use an application, bot or connector in your workspace.

 

Microsoft Teams: Do more with apps

Join Microsoft Teams experts as we review how you can deploy commonly-used applications directly within Teams, enabling your users to work more efficiently and effectively by accessing everything they need in a single interface. This foundational workshop covers basic capabilities across app management and security. With over 400 out-of-the-box applications available (and growing), you’re sure to find an app, or two, that your team can begin using today in Teams. After this session, you will be able to: (1) Identify suitable apps to meet the needs for your organization, (2) Recognize common attributes of successful app deployment, (3) Navigate security and compliance considerations for Teams’ apps, and (4) Determine the next steps to deploy an app to your environment.

 

Microsoft Teams: Master working from home

Working from home offers the opportunity to maintain your workflow while allowing flexibility in how and where you get your work done. Shifting to a remote worker status can be an adjustment as you look for ways to balance home and work life, maintain focus and be fully productive. Microsoft Teams can help you stay connected to your team while providing access to all of the tools and resources you need to get your work done. Join us to learn tips that can help set you up for success as you transition into a ‘work from home’ scenario. During this session, we’ll share: (1) Guidance for setting up your home environment for work, (2) Best practices for maintaining your workflow while working at home, (3) Tips for staying connected to your team while remote, and (4) Insights for effectively supporting a remote team.

 

Microsoft Teams: Enabling Real-time Collaboration for Cross-functional Teams

How do you bring various stakeholders together across multiple teams to achieve your goal? Do you wish you could reduce the number of meetings or e-mails while still being able to solicit feedback, keep everyone informed, and get consensus? Join us to explore how to bring everything together in a shared workspace with Microsoft Teams. Learn how to chat, meet, share files, and work with other business applications to effectively engage others. This interactive 2-hour session will give you the opportunity to try it for yourself and test drive Microsoft Teams in a live cloud environment. A trained facilitator will guide you as you apply these tools to your own business scenarios and experience how they can work for you. Each session is limited to 12 participants, reserve your seat now.

 

Go Deeper with Microsoft Teams: Leverage pro tips and tricks for Microsoft Teams

Designed for those who are already familiar with Microsoft Teams, our ‘Go Deeper’ sessions offer insights and best practices. Learn how Teams can help organize your workday and make it easier to stay connected with colleagues. Learn tips and tricks for managing and organizing work and communications in Teams. After this session, you will be able to: (1) Leverage formatting best practices to help get your messages noticed (and responded to), (2) Easily find files, chats and projects, (3) Implement strategies to manage and organize your work, and (4) Simplify your workday. Note: This session was previously called ‘Learn tips for taking Microsoft Teams to the next level – Part 2’.

 

Microsoft Teams: Seamless Collaboration with Microsoft 365

Are you still sending an e-mail with an attachment to your teammates when you want to collaborate on a file? How fast do they respond? How do you know if they are working on the file? How do you manage version control? With Microsoft 365 tools for teamwork, you can seamlessly collaborate on files with your team members. Using Microsoft Teams, you can invite your teammates into an environment where they can effectively collaborate and engage in a persistent conversation. Join us for this session and explore how to avoid productivity sinkholes and increase productivity. This interactive 2-hour session will give you the opportunity to test drive Microsoft Teams in a live cloud environment. A trained facilitator will guide you as you apply these tools to your own business scenarios and experience how they can work for you. Each session is limited to 12 participants, reserve your seat now.

 

Microsoft Teams: Staying connected with your team while remote

We designed Microsoft Teams to be a virtual office you can take anywhere you go. Work seamlessly and transparently with your remote team and discover greater collaboration and productivity. Join us for this session and explore how to avoid communication sinkholes and do more together, no matter where you are. Each session is limited to 12 participants, reserve your seat now.

 

Other M365 Topics

Ask Microsoft Anything (AMA): Upcoming Changes to Office Support

When: Wednesday, September 9, 2020 at 9:00am PT | Join us for an opportunity to “Ask Microsoft Anything” (AMA) about upcoming changes to support for Office 2016 for Mac, Office 2010 and Office 2013 connectivity to Office 365 services. To join, simply visit the Office End of Support AMA space at 9:00am Pacific and submit a question. An AMA is a live, online, text-based question-and-answer event similar to a “YamJam” on Yammer or an “Ask Me Anything” on Reddit. Note: While we’ll only be answering questions in real-time from 9am – 10am Pacific, you can post your questions for the AMA to the Office End of Support AMA space up to 24 hours in advance. We look forward to seeing you there!

 

Security & Azure AD

Enabling Remote Work with Microsoft Teams: Microsoft Teams Security

When: Tuesday, September 8, 2020 at 9:00am PT | The recent shift to remote, hybrid and on-premise work has IT professionals across every industry looking for more solutions and support for deploying Microsoft Teams. That’s why we’re excited to launch this new live webcast series. Let’s talk security in Episode 3. The top challenge IT pros are facing right now is securing data. Join our product expert for a deep dive discussion on identity and authentication. Be sure to add this event to your calendar!

 

Customer Immersion Experience: Simplifying Your Privacy and Compliance Journey

Your business needs to control how sensitive data is managed. Join us and explore how to assess your compliance risk, protect sensitive and business critical data, and respond efficiently to data discovery requests. During this 2-hour interactive session, you will explore how to: (1) Simplify assessment of compliance risk, (2) Integrate protection and governance of data, and (3) Intelligently respond to data discovery requests. Each session is limited to 12 participants, reserve your seat now.

 

Customer Immersion Experience: Protecting Identity, Apps, Data and Devices

Identity is at the center of security: don’t compromise when it comes to your company’s valuable information. Join us to explore how to use secure authentication, govern access, get comprehensive protection and set the right identity foundation. During this 2-hour interactive session, you will explore how to: (1) Enable password protection, (2) Bring multi-factor authentication to your Windows 10 users, (3) Protect your users and data through Office 365 multi-factor authentication, and (4) Use conditional access to protect across devices, locations and apps. Each session is limited to 12 participants, reserve your seat now.

 

Blogs of Interest

Public Sector Blog Website | RSS Feed

 

Microsoft Teams Blog Website | RSS Feed

 

Office & Microsoft 365

Enterprise identity, mobility, and security

Microsoft Azure and Development

Windows, Operations, Management, and Deployment

Support and adoption

Misc

 

Thanks for stopping by and reading our monthly resources. Feel free to reach out in the comments below with any comments, questions or ideas on other events to add to the list. Here in Public Sector we want to make sure we are giving you the information and insights to best serve your needs in this community.

 

Join the Azure SQL/ SQL Server Experts at Microsoft Ignite 2020

by | Sep 3, 2020 | Azure, Technology, Uncategorized

This article is contributed. See the original author and article here.

Microsoft Ignite 2020 is launching as a free, 48-hour digital event this year (shifting from a week-long, in-person event as it had been in the past). With Ignite going all-digital, it now will now be split into two global events, the first is September 22-24 and the second in early 2021.

 

With registration now open, I encourage you to register to connect with the Azure SQL/ SQL Server experts as well as other technology professionals from around the world. Sessions will be delivered in 3 time zones (Americas, Asia, Europe) so you’ll have an opportunity to learn from your favorite speakers no matter where you are in the world!

 

More details about the events, including session times/dates are being updated online as it gets closer to show time, but below I’ve listed the sessions you can expect from the Azure Data team:

 

Rap with Rohan​

Join Rohan Kumar, Corporate Vice President of Azure Data Engineering, for his “ask me anything” session covering all things Data & AI.  Interview with Anna Hoffman​.

Speakers: Rohan Kumar, Anna Hoffman

 

Deep dive in Azure SQL: What to use when and updates from the Product Group

Come learn about the latest capabilities in the Azure SQL family (VM, SQL Managed Instance, SQL Database) in the past year, along with the latest “game changers” that Azure SQL brings to the table for organizations, including hyperscale, serverless, intelligence, and more.

Speaker: Ajay Jagannathan

 

Enjoy 3 Digital Breakouts

Attend “Ask the Experts” after you virtually attending digital breakouts. You can connect with product teams, feature teams, community experts, and advocacy teams directly and get your questions answered live!

Migrate, Modernize .NET applications on Azure

Learn how to modernize .NET Framework Apps, by migrating to App Service or porting to .NET core on Azure. We’ll cover the latest product updates, new options for networking, and increased performance.

Speaker: Venkata Raj Pochiraju

 

Building a Hybrid data platform with Azure Arc enabled data services

Azure Arc extends Azure’s management services and other Azure data services like Azure SQL Managed Instance and PostgreSQL Hyperscale to run anywhere – on your on-premises datacenter, on the edge, or even on other public clouds. This session will update you on the latest hybrid innovations on data with Azure Arc enabled data services.

Speaker: Travis Wright

Running real-time data analytics on the edge with Azure SQL Edge

Azure SQL Edge has taken the same SQL database engine you already know, and optimized it for the Edge and IoT Workloads. With a small resource footprint and built-in capabilities, like data streaming, time series, and Machine Learning discover how Microsoft is creating the ability to “develop once, deploy anywhere” with its database offering at the Edge. This session explores popular customer implementations with Azure SQL Edge, along with new product features for the Intelligent Edge.

Speaker: Vasiya Krishnan

 

Looking forward to seeing you there! Tweet us at @AzureSQL for sessions you are most excited about.

Microsoft Security Matters – Aug 2020

by | Sep 3, 2020 | Uncategorized

This article is contributed. See the original author and article here.

General News

Microsoft Security | Fall 2020 Public Webinars edition

Microsoft Security: What cybersecurity skills do I need to become a CISO?

Microsoft Security: How to cultivate a diverse cybersecurity team

Securing MEM at Microsoft

Rethinking IoT/OT Security to Mitigate Cyberthreats

How do I implement a Zero Trust security model for my Microsoft remote workforce?

New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security

Zero Trust: From security option to business imperative overnight

How to organize your security team: The evolution of cybersecurity roles and responsibilities

Afternoon Cyber Tea: Revisiting social engineering: The human threat to cybersecurity

How Microsoft Mission Critical team helped secure AAD

Microsoft joins Open Source Security Foundation

 

Azure Security & Compliance News

Become an Azure Security Center Ninja

Automation to Block Brute-force Attacked IP detected by Azure Security Center

Threat Protection for SQL IaaS VMs running on-premises using Azure Security Center

Threat Protection for SQL IaaS VMs hosted on Azure Arc using Azure Security Center

Built-in vulnerability assessment for VMs in Azure Security Center

Azure Security Center Secure Score Reduction Alert

Best practices for layering on cloud security through Azure Marketplace

Detect attacks using Application Gateway and Web Application Firewall

Remediate Vulnerable Secure Channel Connections with the Insecure Protocols Workbook

What’s New: Query line numbering, Azure Sentinel in the schema pane

MSTIC Notebooklets – Fast Tracking CyberSec Jupyter Notebooks

Monitoring Azure Kubernetes Service (AKS) with Azure Sentinel

Guided Hunting Notebook: Base64-Encoded Linux Commands

Ingesting log files from AWS S3 using AWS Lambda

Azure Sentinel Insecure Protocols Workbook Reimagined

What’s new: SOC operational metrics now available in Azure Sentinel

Whats new: Azure Sentinel and Microsoft Defender ATP improved alert integration

 

Microsoft 365 Security (All Up News)

Microsoft Office 365—Do you have a false sense of cloud security?

Security baseline for Microsoft Edge version 85

Security baseline (FINAL): Windows 10 and Windows Server, version 2004

Application Guard for M365 Apps public preview

Security best practices for Windows Server Update Services (WSUS)

Managing BitLocker with Microsoft Endpoint Manager

 

M365 Identity & Data Protection (Azure AD, Intune, AIP, MCAS)

Conditional Access policies now apply to all client applications by default

Microsoft Authenticator app lock now enabled by default

Risky Business in Azure AD…

Automated user provisioning from SAP SuccessFactors is now GA

ALERT! New Blog Series: Automation in Cloud App Security

New study by Forrester shows customers who deploy Azure AD can benefit from a 123% ROI

Assigning groups to Azure AD roles is now in public preview!

Using Azure PIM for the AIP Super User feature management

Let’s Talk About Azure Active Directory and the Microsoft Identity Platform

Gartner announces the 2020 Magic Quadrant for Unified Endpoint Management

 

M365 Threat Protection (Office ATP, Windows Defender ATP, Azure ATP/ATA)

Microsoft Defender ATP Ninja Training: August 2020 update

Webinar: How to maximize Microsoft Defender ATP configuration using attack simulations

On-demand webcast series: “Tracking the adversary”

Pull in more intelligence and act fast while you hunt

Microsoft Defender ATP Daily Operation – Part 1

Microsoft Threat Protection now uses more descriptive incident names

Introducing an improved timeline investigation with event flagging

Introducing EDR in block mode: Stopping attacks in their tracks

Microsoft Defender ATP: Web Content Filtering

A new look for threat analytics

Microsoft Defender ATP for Mac is moving to system extensions

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning

How can Microsoft Threat Protection help reduce the risk from phishing?

Microsoft Defender ATP: Remediate Apps Using MEM

Linux ATP Configuration and Operation Command List

Microsoft Advanced Threat Protection for Linux

 

M365 Compliance & Governance

FAQ for Teams compliance

New features and improvements to Sensitivity labels for Containers Webinar

Classification Depth Private Preview

 

Regards,

 

Jeremy Windmiller | Enterprise Security Architect, CISSP, CEH, ITIL | Microsoft – Healthcare

New & Updated Security Tools

New & Updated Security Tools

by | Sep 3, 2020 | Uncategorized

This article is contributed. See the original author and article here.

It took us a little longer than we wanted but we are finally ready to announce new versions of LGPO and Policy Analyzer as well as two new tools, GPO2PolicyRules and SetObjectSecurity.

 

The goal is to keep this post as short as possible so let’s just jump into the details.

 

LGPO v3.0

Two new options were added in LGPO.exe.  The first, /ef which enables Group Policy extensions referenced in the backup.xml. The second, /p which allows for importing settings directly from a .PolicyRules file which negates the need to have the actual GPOs on hand. Additionally, LGPO.exe /b and /g now capture locally-configured client-side extensions (CSEs) (which we had an issue with previously).   Lastly, /b also correctly captures all user rights assignments, overcoming a bug in the underlying “secedit.exe /export” that fails to capture user rights assignments that are granted to no one.

 

Policy Analyzer v4.0

The “Compare to Effective State” button has replaced the “Compare local registry” and “Local Policy” checkboxes that used to be in the Policy Analyzer main window.  Press it to compare the selected baseline(s) to the current system state. If the selected baseline(s) contain any user configuration settings, they are compared against the current user’s settings. “Compare to Effective State” requires administrative rights if the selected baseline(s) include any security template settings or Advanced Auditing settings. The effective state corresponding to the selected baseline(s) settings are saved to a new policy rule set.

 

Rick_Munck_0-1599136789454.png

 

Policy Analyzer now captures information about Group Policy Client-Side Extensions (CSEs) when you import GPO backups. From a Policy Viewer window, choose View Client Side Extensions (CSEs) to view the Machine and User CSEs for each baseline in the Viewer. (Note that LGPO.exe’s improved support for CSEs includes the ability to apply CSE configurations from Policy Analyzer’s .PolicyRules files.)

 

Rick_Munck_1-1599136789470.png

 

Policy Analyzer now maps settings and sub-settings to display names more completely and more accurately, including mapping the GUIDs for Attack Surface Reduction (ASR) rules to their display names, and improved localization.

 

GPO2PolicyRules

You can now automate the conversion of GPO backups to Policy Analyzer .PolicyRules files and skip the GUI. GPO2PolicyRules is a new command-line tool that is included with the Policy Analyzer download. It takes two command-line parameters: the root directory of the GPO backup that you want to create a .PolicyRules file from, and the path to the new .PolicyRules file that you want to create. For example:

 

 

GPO2PolicyRules.exe C:BaselinePkgGPOs C:UsersAnalystDocumentsPolicyAnalyzerbaseline.PolicyRules

 

 

SetObjectSecurity v3.0

SetObjectSecurity.exe enables you to set the security descriptor for just about any type of Windows securable object (files, directories, registry keys, event logs, services, SMB shares, etc). For file system and registry objects, you can choose whether to apply inheritance rules. You can also choose to output the security descriptor in a .reg-file-compatible representation of the security descriptor for a REG_BINARY registry value.

 

Use cases include:

  •              Restoring default security descriptor on the file system root directory (which sometimes gets misconfigured by some system setup tools)
  •              Restricting access to sensitive event logs that grant access too broadly (examples include AppLocker and PowerShell script block logs that grant read or read-write to NT AUTHORITYINTERACTIVE)
  •              Locking down (or opening access to) file shares, directories, registry keys

 

SetObjectSecurity.exe is a 32-bit standalone executable that needs no installer, has no dependencies on redistributable DLLs, and works on all supported x86 and x64 versions of Windows. (x64 systems must support WOW64)

 

Terms of Use

We have now included standard use terms for the tooling that is delivered as part of the Security Compliance Toolkit.

 

We continually try to process all your feedback and make improvements along the way so please give the new and updated tooling a try and as always let us know any feedback in the comments below.