Windows-Server on Ru Campbell MVP

Exploring Microsoft 365's NOBELIUM Defence Capabilities

Fri, 24 Dec 2021 19:37:50 +0000

I recently read through an excellent article by Mandiant, which recently split with FireEye, on their findings and analysis of the continued actions of suspected nation-state actor NOBELIUM. This group appeared on most IT pro’s radar because of their SolarWinds’ software supply chain. You are probably familiar with it by now, but if not, the tl;dr is that SolarWinds’ Orion IT software was “trojanised” via an attack on their software supply chain. Orion is (probably now “was”) used by enterprise customers to monitor their servers, network, etc, so not only was SolarWinds compromised, so too potentially were its customers.

Tons of Microsoft Defender for Endpoint Improvements for Server 2012 R2 & 2016

Fri, 08 Oct 2021 11:36:48 +0000

New protection capabilities for Microsoft Defender for Endpoint (MDE) customers have landed in public preview, Oct 7 ‘21, for Windows Server 2012 R2 and Windows Server 2016. With the public preview released today, Windows Server 2012 R2 and 2016 gain ’ functional equivalence’ to 2019, thanks to the use of a new agent that is being described as the ‘unified solution’.

Historically, a significant gap

Previously, as I’ve detailed here and here, there was a large feature gap between Windows Server 2019 and these “down-level” OSs. The onboarding process was also different. To get devices into MDE, you had to deploy the Microsoft Monitoring Agent (MMA). This was required as the EDR sensor wasn’t built-in, unlike with Server 2019. While Server 2016 shipped with Microsoft Defender Antivirus (MDAV) installed already, to get any kind of scanning and endpoint protection capability in Server 2012 R2, you had to install System Centre Endpoint Protection.

Reauthorise Windows Server DHCP with One Line of PowerShell

Sat, 26 Jun 2021 19:23:38 +0000

This will be a brief blog, as I am certainly not a DHCP expert or day-to-day administrator. I do, however, run a DHCP server on Windows Server 2019 constantly in my lab environment, but sometimes encounter a problem whereby the server is no longer authorised, and when I use the GUI to do so, I get the error the specified servers are already present in the directory service.

The PowerShell I use to resolve this does the following:

Microsoft Defender for Endpoint - Offline Onboarding for Windows 10 via a Proxy

Thu, 18 Feb 2021 07:30:40 +0000

Getting your devices into Defender for Endpoint is referred to as onboarding and can be done in lots of different ways, depending on the scenario. The tools you use for Windows Server 2008 R2, for example, are different from the tools you use for Windows Server 2019, which are different from the tools you use for Windows 10, and so on.

The common denominator behind most onboarding methods is internet connectivity. Your device connects directly to the cloud service and provides all that telemetry goodness via a direct line of sight.

Register Domain-Joined Computers as Devices - The Redundant and Broken Hybrid Azure AD Join GPO

Tue, 19 May 2020 19:11:46 +0000

The group policy object Register domain-joined computers as devices, or Automatically workplace join client computers in older templates, was previously a requirement for enabling Hybrid Azure AD Join. After configuring Azure AD Connect and your Seamless SSO GPOs, this had to be enabled.

Since Windows 10 1607 (“Anniversary Update”), in Azure AD Connect environments, on-premises Active Directory joined computers become Azure Active Directory registered when a synchronised user signs in to a synchronised computer; regardless of the GPO existing. Prior to this, on Windows 10 1511 (“November Update”) and before, only if this GPO, or other configuration to create this registry value, was used.