Microsoft Defender for Identity | Enable NTLM Auditing

If you recently deployed Microsoft Defender for Identity on your Domain Controllers and haven't gone through all the prerequisites, you may find that you receive health alerts indicating NTLM Auditing is not enabled. You can also enable NTLM Auditing on your Domain Controllers if you are planning to deploy Microsoft Defender for Identity.

Field Notes: Service running with gMSA account not starting

I recently deployed a new Active Directory Forest in my lab on Windows Server 2022. I wanted to configure the Microsoft On Demand Assessments for Active Directory and also needed to deploy Microsoft Defender for Identity (MDI). I wanted to use a Group Managed Service account to run these instead of a normal service account. … Continue reading Field Notes: Service running with gMSA account not starting

How to Enroll a Huawei Device in Intune

In May 2019, then-United States President Donald Trump announced that Huawei, along with several other Chinese companies, was now on something called the Entity List. Companies on this list are unable to do business with any organization that operates in the United States. This made the lives of administrators difficult, to ensure that these devices … Continue reading How to Enroll a Huawei Device in Intune

How to use the Intune Group Policy Analytics Migration Tool

In my blog Using PowerShell to create Windows 10 Custom Device Policy from the output of Endpoint Manager Group Policy Analytics - Azure Cloud & AI Domain Blog (azurecloudai.blog) we looked at using PowerShell to assist with GPO migration. Today we a new migration tool available in the Microsoft Endpoint Manager admin center and we … Continue reading How to use the Intune Group Policy Analytics Migration Tool

Manually add a MacOS device to Apple Business Manager

In my blog Setup Apple Business Manager in Intune – Azure Cloud & AI Domain Blog (azurecloudai.blog) we looked at how to setup ABM. One of the prerequisites is to purchase devices from a supported channel and thus devices will be added to your ABM. In this blog we will look at how to manually … Continue reading Manually add a MacOS device to Apple Business Manager

How to Manually Reset the Remediation Policy when Microsoft Sentinel Azure Activity Connector Shows Not Connected

A short while ago, we started recommending that customers use the new Policy-based method of connecting the Azure Activity log to Microsoft Sentinel. Azure Policy-based assignment Recently, we have started to see some customers that have used this method where the Data Connector shows as not connected in the Microsoft Sentinel console. While we diagnose … Continue reading How to Manually Reset the Remediation Policy when Microsoft Sentinel Azure Activity Connector Shows Not Connected

Must Learn KQL Part 3: Workflow

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you’d like the 90-second post-commercial recap that seems to be a standard part of every TV show these days… The full series index (including code and queries) is located here: https://aka.ms/MustLearnKQL The book … Continue reading Must Learn KQL Part 3: Workflow