S01E22 - Configuring AppLocker Policies and Advanced Hunting - (I.T)

Published: Jan 15, 2020 by Intune.Training

This is a re-shoot of episode 22, so sorry it’s out of order…

Steve and Adam talk about configuring AppLocker Policies and take a look at Advanced Threat Hunting.

00:00 - Intro
02:28 - Deploy Windows Defender Application Control policies by using Microsoft Intune
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune
04:39 - Application Control for Windows
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control
05:41 - Essential Eight
https://www.cyber.gov.au/acsc/view-all-content/essential-eight/essential-eight-explained
08:01 - Reduce attack surfaces with attack surface reduction rules
https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction
11:48 - Review attack surface reduction events in the Microsoft Defender Security Center
https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#review-attack-surface-reduction-events-in-the-microsoft-defender-security-center
13:24 - Proactively hunt for threats with advanced hunting
https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview
15:25 - SQL to Azure Monitor log query cheat sheet
https://docs.microsoft.com/azure/azure-monitor/log-query/sql-cheatsheet
16:55 - Create and manage custom detection rules
https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules
23:57 - Exploit protection
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exploit-protection
29:29 - Microsoft Defender Advanced Threat Protection baseline settings for Intune
https://docs.microsoft.com/mem/intune/protect/security-baseline-settings-defender-atp?pivots=atp-april-2020
34:06 - Wrapping up

Share

Latest Posts

S02E30 - What's new in Intune Reporting w/ Spencer Shumway - (I.T)

S02E30 - What's new in Intune Reporting w/ Spencer Shumway - (I.T)

00:00 - Intro
00:30 - Spencer Shumway introduction
https://twitter.com/spencershum
03:25 - Reporting in MEM
06:40 - Reporting the new way
19:36 - Log analytics
31:25 - S02E01 - Easily Create Power BI Reports with the Intune Data Warehouse - (I.T)
https://youtu.be/2ICPKRBIews
31:44 - Paging vs Export
36:54 - Deprecating application inventory in datawarehouse
https://docs.microsoft.com/en-us/mem/intune/fundamentals/in-development#intune-data-warehouse-updates
https://docs.microsoft.com/en-us/mem/intune/fundamentals/in-development#export-underlying-discovered-apps-list-data
41:07 - Available reports/data today
45:52 - Roadmap
47:02 - Useful resources
Initial reporting blog: https://techcommunity.microsoft.com/t5/intune-customer-success/new-reporting-framework-coming-to-intune/ba-p/1009553
2009 Reporting Blog Update: https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-endpoint-manager-reporting-blog-for-2009-release/ba-p/1685655
2011 Reporting Blog Update: https://techcommunity.microsoft.com/t5/intune-customer-success/introducing-new-policy-reports-amp-more-in-microsoft-endpoint/ba-p/1898027
Getting started with Intune and Log Analytics: https://techcommunity.microsoft.com/t5/device-management-in-microsoft/microsoft-intune-and-azure-log-analytics/ba-p/463145
Intune reporting export API documentation: https://docs.microsoft.com/mem/intune/fundamentals/reports-export-graph-apis
Ignite reporting session 2020: https://techcommunity.microsoft.com/t5/video-hub/microsoft-endpoint-manager-reporting-graph-apis-and-log/m-p/1681560
Intune Automated reporting Github: https://github.com/phmehta94/IntuneAutomatedReporting

Read more

S02E29 - Beginners Guide to Accessing On-Premises Resources with Azure AD Joined Devices - (I.T)

S02E29 - Beginners Guide to Accessing On-Premises Resources with Azure AD Joined Devices - (I.T)

Sorry about Adam’s keyboard noise and yes, this could be a very short video but we felt like there are people who could use a more in-depth discussion.

00:00 - Intro
00:10 - Jóhannes Geir Kristjánsson introduction
01:10 - Access on-premises resources from an Azure AD-joined device
https://docs.microsoft.com/microsoft-365/business/access-resources
02:36 - Windows admins discord
http://aka.ms/winadmins
04:31 - Migration process
06:40 - Blockers
10:24 - Lab environment
15:50 - Install Azure AD Connect
37:57 - Assign licences
52:40 - Enable single sign-on
1:03:38 - Internal websites and certificates
1:09:08 - Wrap up

Read more

S02E28 - First Look at Win32 Application Supersedence in Microsoft Intune - (I.T)

S02E28 - First Look at Win32 Application Supersedence in Microsoft Intune - (I.T)

00:00 - Intro
02:12 - S01E07 - Publishing Win32 Applications using Microsoft Intune
https://youtu.be/x-RMjhzGXxA
02:54 - Win32 Application Supersedence
https://docs.microsoft.com/mem/intune/apps/apps-win32-supersedence
08:54 - Create a Supersedence relationship in Intune
13:13 - Supersedence behavior
https://docs.microsoft.com/mem/intune/apps/apps-win32-supersedence#supersedence-behavior
14:33 - Supersedence limitations
https://docs.microsoft.com/en-us/mem/intune/apps/apps-win32-supersedence#supersedence-limitations
23:19 - Discussion
28:58 - Wrap up

Read more