Ru Campbell MVP

Exploring Microsoft 365’s NOBELIUM Defence Capabilities

I recently read through an excellent article by Mandiant, which recently split with FireEye, on their findings and analysis of the continued actions of suspected nation-state actor NOBELIUM. This group appeared on most IT pro's radar because of their SolarWinds' software supply chain. You are probably familiar with it by now, but if not, the tl;dr is that SolarWinds' Orion IT software was "trojanised" via an attack on their software supply chain. Orion is…

Microsoft 365 Microsoft Defender for Endpoint Microsoft Defender XDR Windows

Updated October 2021: Availability of Defender for Endpoint Features by Operating System

In July, I released v1 of The Big Comparison of Defender for Endpoint Features by Operating System (or, what I think is much catchier, TBCMDEFOS). This was a "matrix" of the tons of features, services, and important components that make up Microsoft Defender for Endpoint. Three months later, it's overdue an update. So here it is :) The headline news is that, in preview anyway, there's a bunch of additions to Windows Server 2012…

Azure Microsoft Defender for Cloud

Security Hygiene, Azure Security Center, and Secure Score

The basics Let's start this article with some basic cybersecurity terminology. Security hygiene, or cyber hygiene, is a general term used to describe the ongoing practice of keeping your technology and IT estate in a healthy and protected state. The metaphor with physical hygiene is valid because we know with our bodies that there's no such thing as "set it and forget it": if we don't maintain regular hygiene practices and exercise, we atrophy. …

Microsoft 365 Microsoft Defender for Endpoint Microsoft Defender XDR Windows

The Big Comparison of Defender for Endpoint Features by Operating System

Microsoft Defender for Endpoint (MDE) is a massive platform. It's not a single product, and it's more than just a service. It's a platform of tons of security features, portals, services, and controls. The more you dig in, the more elements of general Microsoft security have been included in the MDE "branding". It's not only endpoint detection and response (EDR), but also Windows 10 security settings. It's not just the security software on the…

DHCP PowerShell Windows Server

Reauthorise Windows Server DHCP with One Line of PowerShell

This will be a brief blog, as I am certainly not a DHCP expert or day-to-day administrator. I do, however, run a DHCP server on Windows Server 2019 constantly in my lab environment, but sometimes encounter a problem whereby the server is no longer authorised, and when I use the GUI to do so, I get the error the specified servers are already present in the directory service. The PowerShell I use to resolve…

Autopilot Intune Microsoft 365 Microsoft Intune Office 365

Deploying Office 365 with Intune as a Win32 App (and Why You’d Want To)

Office 365, or Microsoft 365 Apps for Enterprise, or whatever it's called this month, can be deployed by Intune to Windows 10 devices using a built-in wizard. The advantage of this is you don't need to package anything: you fill out some nice drop-downs and options in a GUI, assign it like any other app, and Microsoft takes care of the rest. In the background, this is using the Office CSP to deploy the…

Microsoft 365 Sensitivity labels (Azure Information Protection)

Three Cool Things To Do With Azure Information Protection

In my last blog, I wrote about three considerations for your Azure Information Protection deployments and commented on often overlooked potential downsides, or at least areas with which to be cautious. In hindsight, it all feels a bit negative. I am, for the record, an advocate of Microsoft 365 customers using AIP (sensitivity labels) in basically any circumstance it's appropriate to do so. So in this blog, I'll counter the earlier post with three…

Microsoft 365 Sensitivity labels (Azure Information Protection)

Three Considerations for Azure Information Protection Deployments

Azure Information Protection (AIP) - more accurately exposed to Microsoft 365 now as sensitivity labels - is close to the top of my favourite wins for securing your data in a Microsoft ecosystem. While designing a detailed labelling and classification system is far from quick, it is quick to get up and running with baseline policies that protect your confidential company data from getting read outside the company. Simply by applying a sensitivity label…

Miscellaneous

Automatically Hide IP Addresses When Recording Demos or Screen Sharing

The Azure Mask browser extension is a really great tool when either recording on-screen demos or sharing your screen. Available for Edge/Chrome and Firefox, @_clarkio's extension censors sensitive tenant information, so that your recording or viewers can't see it. For example, the tenant ID within Azure AD's overview page is blurred out. If you're doing a demonstration of any kind of security software with logs and auditing information, chances are you'll get IP addresses…

Entra ID (Azure Active Directory) Intune Microsoft 365 Microsoft Intune Windows

Troubleshooting Hybrid Azure AD Intune Automatic Enrollment

As I have blogged about a lot, there are a bunch of hoops to be jumped through and prerequisites to be met for a successful hybrid Azure AD join and automatic, GPO-invoked Intune enrollment. But sometimes, you have to go back to the basics when you're banging your head off the table, and laugh off the embarrassment of not checking the fundamentals. I was recently setting up hybrid Azure AD join and Intune enrollment,…