With the general availability of Windows 11 organizations might be looking at ways to ensure devices are NOT automatically upgrading to Windows 11 or looking to upgrade only selected devices. This blog will look at how to achieve this by utilizing Intune. Note. This blog assumes that you are managing Updates via Intune and does … Continue reading How to control or stop Windows 11 assignments in Intune
Category: Windows
Field Notes: Active Directory tombstone lifetime
The days of updating the default tombstone lifetime for Active Directory may be long forgotten, but if your Active Directory Forest has been running since Windows Server 2000/2003 and you have never verified the tombstone lifetime, it may be worthwhile to do so. As I have found first-hand with my customer, there are some deployments out there that may still be using a tombstone lifetime of 60 days. Expecting a value of 180 days and realizing too late that this is not the case may cause unnecessary complications in the future.
Internet Explorer | End of Life
We have been using Internet Explorer since Windows 95, perhaps not so much in recent years since we started using modern browsers. Microsoft recently announced the retirement of the Internet Explorer desktop application. There are some organizations however that still rely on Internet Explorer for legacy sites who may be impacted by this announcement. These legacy sites can still be supported using the Microsoft Edge browser.
End of support for Microsoft Edge Legacy browser
Microsoft announced in August last year that support for the Microsoft Edge Legacy application will end on March 9 2021. The new Microsoft Edge browser based on Chromium will be made available as part of the Windows 10 cumulative monthly security update that will be released on April 13 2021.
Use Azure Backup for Active Directory forest recovery requirements | Part 2
In part one of this series, we used Azure Backup to enable a daily backup schedule on two Domain Controllers, one from each domain in the Active Directory forest. A few days have passed since Azure Backup was configured. Multiple backups (restore points) should be available for each of the Domain Controllers. In this post, one of these recovery points will be used to restore the forest root Domain Controller in an Azure isolated virtual network (VNET), while having no impact on the production environment. We should be able to successfully logon to this Domain Controller after the restore, to perform the remaining Active Directory recovery steps.
Use Azure Backup for Active Directory forest recovery requirements | Part 1
In this series I will demonstrate how to configure Azure Backup to protect a Domain Controller deployed in Azure. An initial backup will be performed which will then be used to restore the Azure Virtual Machine (VM) to an isolated Virtual Network. The VM restore will be tested by signing into the Domain Controller with the built-in Administrator account. This validates the successful backup and restore of the Domain Controller VM. Part 1 covers the configuration of Azure Backup and creation of backups for two Domain Controllers in Azure. I will configure backup for a Domain Controller in the forest root domain and a Domain Controller in the child domain.
Field Notes: Zerologon | CVE-2020-1472 | Manage Netlogon secure channel changes
The Netlogon vulnerability (CVE-2020-1472) is well documented and includes all the required remediation and preparation steps for the next update coming February 2021. We are less than a month away from the enforcement phase, and I have found that some customers are still unsure of what they need to do in regards to this vulnerability and the security updates. I've decided to publish this post to clarify the required actions, and tools available after deploying the August 2020 security update.
Collect and export SMBv1 audit events using Azure Log Analytics
In this blog I will demonstrate how to collect the SMBv1 audit events in Azure Log Analytics. I will also show a simple query to extract the IP information from these events which can be exported to a CSV file if needed.
Microsoft Edge: Configure IE Mode (Part 2)
IE Mode on Microsoft Edge provides compatibility for legacy sites that require Internet Explorer 11. IE Mode enables users to access modern and legacy sites using a single browser. Users no longer need to switch between browsers to access legacy intranet sites. IE mode supports ActiveX controls such as Java and Silverlight, and it also supports Internet Explorer settings and group policies that affect Protected Mode and security zone settings. In this final post of the two-part series, I will create the Enterprise Site Mode List XML file and test the configured sites to confirm that the specified sites can be successfully opened in IE Mode on Microsoft Edge.
Microsoft Edge: Configure IE Mode (Part 1)
IE Mode on Microsoft Edge provides compatibility for legacy sites that require Internet Explorer 11. IE Mode enables users to access modern and legacy sites using a single browser. Users no longer need to switch between browsers to access legacy intranet sites. IE mode supports ActiveX controls such as Java and Silverlight, and it also supports Internet Explorer settings and group policies that affect Protected Mode and security zone settings. In part one of this two-part series, I will configure IE Mode using Group Policy and Microsoft Intune.
You must be logged in to post a comment.