Group-Policy on Ru Campbell MVP

Microsoft Defender for Endpoint - Offline Onboarding for Windows 10 via a Proxy

Thu, 18 Feb 2021 07:30:40 +0000

Getting your devices into Defender for Endpoint is referred to as onboarding and can be done in lots of different ways, depending on the scenario. The tools you use for Windows Server 2008 R2, for example, are different from the tools you use for Windows Server 2019, which are different from the tools you use for Windows 10, and so on.

The common denominator behind most onboarding methods is internet connectivity. Your device connects directly to the cloud service and provides all that telemetry goodness via a direct line of sight.

Block LSASS.exe using Attack Surface Reduction

Sat, 13 Feb 2021 21:10:23 +0000

Register Domain-Joined Computers as Devices - The Redundant and Broken Hybrid Azure AD Join GPO

Tue, 19 May 2020 19:11:46 +0000

The group policy object Register domain-joined computers as devices, or Automatically workplace join client computers in older templates, was previously a requirement for enabling Hybrid Azure AD Join. After configuring Azure AD Connect and your Seamless SSO GPOs, this had to be enabled.

Since Windows 10 1607 (“Anniversary Update”), in Azure AD Connect environments, on-premises Active Directory joined computers become Azure Active Directory registered when a synchronised user signs in to a synchronised computer; regardless of the GPO existing. Prior to this, on Windows 10 1511 (“November Update”) and before, only if this GPO, or other configuration to create this registry value, was used.