Showing items from Monitoring

Monitor Security Baseline Insights Recommendations

Microsoft has updated their security baselines in Microsoft Intune which you can read in the What is new in Intune. A part of the updates is that Microsoft has added recommended settings based on your organisation. In this blog post, I show how to monitor these recommendations that are part of the security baseline and generate a response when a setting does not met Microsoft’s recommendation.

Continue Reading

Monitor assigned roles outside PIM and sent to MS Teams using OpenAI

Another big helper in implementing a Zero Trust environment is the use of Privileged Identity Management, aka PIM. It is a best practice assigning the least permissions as needed for the shortest amount of time. PIM helps you with that. After implementing PIM you have left-overs of admins assign roles to identities without PIM. In that case there is a mechanism that check if there are roles assign outside PIM.

Continue Reading

Enroll Defender For Endpoint automated

https://learn.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure

Microsoft Intune Connection -> On

Find the if there is a connector already. Otherwise, create one.

$url = "https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/fc780465-2017-40d4-a0c5-307022471b92"  #/fc780465-2017-40d4-a0c5-307022471b92
$request = Invoke-RestMethod -Uri $url -Method Get -Headers $authHeader
$request.value | ConvertTo-Json -Depth 9


$body = @{
  androidEnabled = $false
  iosEnabled = $false
  androidDeviceBlockedOnMissingPartnerData = $false
  iosDeviceBlockedOnMissingPartnerData = $false
  partnerUnsupportedOsVersionBlocked = $false
  windowsEnabled = $false
  partnerUnresponsivenessThresholdInDays = 6
} | ConvertTo-Json
$postRequest = Invoke-RestMethod -Uri $url -Method Patch -Headers $authHeader -Body $body
$postRequest

available-dfe-connector.png

Continue Reading