Exploring Microsoft 365’s NOBELIUM Defence Capabilities

Exploring Microsoft 365’s NOBELIUM Defence Capabilities

I recently read through an excellent article by Mandiant, which recently split with FireEye, on their findings and analysis of the continued actions of suspected nation-state actor NOBELIUM.  This group appeared on most IT pro's radar because of their SolarWinds' software supply chain.  You are probably familiar with it by now, but if not, the tl;dr is that SolarWinds' Orion IT software was "trojanised" via an attack on their software supply chain.  Orion is…
Reauthorise Windows Server DHCP with One Line of PowerShell

Reauthorise Windows Server DHCP with One Line of PowerShell

This will be a brief blog, as I am certainly not a DHCP expert or day-to-day administrator.  I do, however, run a DHCP server on Windows Server 2019 constantly in my lab environment, but sometimes encounter a problem whereby the server is no longer authorised, and when I use the GUI to do so, I get the error the specified servers are already present in the directory service. The PowerShell I use to resolve…
Microsoft Defender for Endpoint – Offline Onboarding for Windows 10 via a Proxy

Microsoft Defender for Endpoint – Offline Onboarding for Windows 10 via a Proxy

Getting your devices into Defender for Endpoint is referred to as onboarding and can be done in lots of different ways, depending on the scenario.  The tools you use for Windows Server 2008 R2, for example, are different from the tools you use for Windows Server 2019, which are different from the tools you use for Windows 10, and so on. The common denominator behind most onboarding methods is internet connectivity.  Your device connects…
Register Domain-Joined Computers as Devices – The Redundant and Broken Hybrid Azure AD Join GPO

Register Domain-Joined Computers as Devices – The Redundant and Broken Hybrid Azure AD Join GPO

The group policy object Register domain-joined computers as devices, or Automatically workplace join client computers in older templates, was previously a requirement for enabling Hybrid Azure AD Join.  After configuring Azure AD Connect and your Seamless SSO GPOs, this had to be enabled. Since Windows 10 1607 ("Anniversary Update"), in Azure AD Connect environments, on-premises Active Directory joined computers become Azure Active Directory registered when a synchronised user signs in to a synchronised computer;…