CrowdStrike faces a major outage due to a driver channel file causing widespread BSOD. Intune scripts detect and remove problematic files. Intune can also enable users to self-service BitLocker keys. Conditional Access can control key access and Audit Logs can monitor key usage. Compliance ensures key access from compliant devices only.
Since COVID, focus has been on BCP and DR. Windows 365 now offers new capabilities like Cross Region Disaster Recovery, Enterprise State Roaming, and Cloud PC resiliency. These features ensure 99.9% uptime, RPO of ~0, and easy activation and deactivation of fallback devices. The new DR feature costs $4.50/user.
This article explores the importance of Microsoft Word security policies and the issues that can arise with Office security baselines. It covers challenging settings such as add-in signing and trust bar notifications, and provides a solution using Microsoft Intune to address trusted publisher issues. Proper implementation of security baselines is emphasized to avoid potential problems.
The article discusses the concept of Temporary Access Passes (TAP) as an alternative to passwords for authentication. It covers the configuration of TAP, its use during onboarding, and for web-based sign-in. The author recommends using TAP to enroll in Microsoft Authenticator and activate passkeys for a seamless and secure user experience.
This multi-part series on Windows 11 best practices has covered onboarding, security, and advanced security. Part 4 delves into user experiences, addressing Windows Hello for Business with Cloud Kerberos Trust, OneDrive best practices, Microsoft Edge configuration, user password solutions, 3rd party ADMX integrations with Intune, self-service password reset, and Office 365 cloud app policies. These components aim to enhance the end user’s experience.
The latest article delves into advanced security technologies for Windows 11, including Endpoint Privilege Management (EPM), Windows Defender Application Control (WDAC), Application Patch Management, and Device Control. EPM leverages Microsoft Intune and features automatic elevation and reporting capabilities. WDAC focuses on restricting app execution, requiring signed apps, and managing policies. Additionally, it provides a detailed outlook on managing WDAC policies and policy considerations, such as managing internal and 3rd party apps, enforcing code signing, and ensuring a scalable approach. The article also explores options for Windows Application Patch Management and Device Control in Microsoft Defender for Endpoint (MDE), emphasizing the importance of tailoring security capabilities to organizational needs to avoid creating an unmanageable security environment.
