Use Azure Backup for Active Directory forest recovery requirements | Part 1

In this series I will demonstrate how to configure Azure Backup to protect a Domain Controller deployed in Azure. An initial backup will be performed which will then be used to restore the Azure Virtual Machine (VM) to an isolated Virtual Network. The VM restore will be tested by signing into the Domain Controller with the built-in Administrator account. This validates the successful backup and restore of the Domain Controller VM. Part 1 covers the configuration of Azure Backup and creation of backups for two Domain Controllers in Azure. I will configure backup for a Domain Controller in the forest root domain and a Domain Controller in the child domain.

Field Notes: Zerologon | CVE-2020-1472 | Manage Netlogon secure channel changes

The Netlogon vulnerability (CVE-2020-1472) is well documented and includes all the required remediation and preparation steps for the next update coming February 2021. We are less than a month away from the enforcement phase, and I have found that some customers are still unsure of what they need to do in regards to this vulnerability and the security updates. I've decided to publish this post to clarify the required actions, and tools available after deploying the August 2020 security update.

Collect and export SMBv1 audit events using Azure Log Analytics

In this blog I will demonstrate how to collect the SMBv1 audit events in Azure Log Analytics. I will also show a simple query to extract the IP information from these events which can be exported to a CSV file if needed.

Microsoft Edge: Configure IE Mode (Part 2)

IE Mode on Microsoft Edge provides compatibility for legacy sites that require Internet Explorer 11. IE Mode enables users to access modern and legacy sites using a single browser. Users no longer need to switch between browsers to access legacy intranet sites. IE mode supports ActiveX controls such as Java and Silverlight, and it also supports Internet Explorer settings and group policies that affect Protected Mode and security zone settings. In this final post of the two-part series, I will create the Enterprise Site Mode List XML file and test the configured sites to confirm that the specified sites can be successfully opened in IE Mode on Microsoft Edge.

Microsoft Edge: Configure IE Mode (Part 1)

IE Mode on Microsoft Edge provides compatibility for legacy sites that require Internet Explorer 11. IE Mode enables users to access modern and legacy sites using a single browser. Users no longer need to switch between browsers to access legacy intranet sites. IE mode supports ActiveX controls such as Java and Silverlight, and it also supports Internet Explorer settings and group policies that affect Protected Mode and security zone settings. In part one of this two-part series, I will configure IE Mode using Group Policy and Microsoft Intune.

Resources on Servicing the Modern Workplace and WFH

We recently published a bunch of great articles with regards to Servicing Windows and Microsoft Apps for Enterprise (formally known as Office 365 Pro Plus) to help you overcome challenges you might face when it comes to Work from home scenarios. So as we want our devices stay healthy and secure as well in those … Continue reading Resources on Servicing the Modern Workplace and WFH →

The 7 Habits of a Highly Effective Azure Lab for OnPrem Scenarios

From unlimited resources to public IPs in a lab and blazing fast Internet. Azure is much better than your laptop or test servers.

How to reset the Directory Service Restore Mode (DSRM) password

The Directory Services Restore Mode (DSRM) password is first set when promoting a new Domain Controller. I have encountered many Active Directory environments where the DSRM password for the Domain Controllers is not known or safely stored for retrieval when needed. In this article I revisit the options to reset the DSRM password.

How To: Graph API to export Intune Managed Devices

Hi, I am Jyoti Prakash, part of SI IGD, based out of Bangalore, India. This blog gives you a glimpse of what Intune Graph API is all about and how to use it. What is Graph API? The Microsoft Graph API for Intune enables programmatic access to Intune information for your tenant; the API provides … Continue reading How To: Graph API to export Intune Managed Devices →

Machine account password expiry while working remotely

Due to the COVID-19 outbreak, most employees are now working from home. Many of these employees are not making use of any VPN solutions to connect to the corporate network. Some of the most frequent questions we receive since the shift to remote work are related to secure channel / machine account password changes.