The German Federal Office for Information Security (BSI) has published new documents on Microsoft Windows 10 and how to secure it. I looked at the BSI security recommendations for Windows 10 before I wanted to report on them. The background to this is that in the past, publications in this direction were sometimes more than outdated when they were published or they were very superficial.
Security
The Windows 10 Sandbox
The Microsoft Windows 10 Sandbox is a new security feature in Windows 10 Pro and Enterprise. The idea behind it is to try something out in a safe “sandbox”. For example, installing a potentially insecure application.
Let’s get started with the sandbox game….
Administrative Templates in Intune (Version 2101)
In October 2019, I had already published a list of administrative templates. After that time, I thought I should update it.
“Domain Controller Enforcement mode” will be activated as of 9 February 2021
With the security update of 11 August 2020, Microsoft has addressed a security vulnerability (CVE-2020-1472). This has not yet been closed automatically, as compatibility problems may occur. How to close the vulnerability beforehand is explained in KB article 455722.
Microsoft identified a critical vulnerability and closed it via the Microsoft Store
I have already addressed the question of the correct handling of the Microsoft Store several times, for example in the article “Windows 10 and the Microsoft Store“. Now it is all more important that the IT departments deal with the topic again.
Setting up Office 365 – Part 2
This article is part of my migration from my old Office 365 to my new Microsoft 365 Tenant. It is also about setting up Office 365, the other Microsoft 365 topics will follow later. I also have written this article intentionally so that it can also be used for setup outside of a migration scenario. Part 1 was about choosing the right edition, setting up the account and configuring the domains and DNS.
Website monitoring with PRTG
This time an article slightly outside the Microsoft world. This time there is an excursion into monitoring and the monitoring of web servers under Linux. Some know this, nothing is worse than when the website you want to visit is not reachable. Since this happened to me 2 times in 2 days, the web server has hung up and I could not find the error, something had to be done.
Ignite day 2 – Modern Management recap
Today was day 2 of the Microsoft Ignite in Orlando. Today I was in the focus in sessions about modern management on the move. That means, for example, Microsoft Intune, but especially the newly announced function of the “Microsoft Endpoint Manager”.
Local Administrator Password Solution (LAPS)
In the past, a company-specific standard was usually always used for local administrator passwords. But what do you do if an employee who knows the default password leaves the company?
Right, it should be changed. In the past, Group Policies (GPO) were often used for this, even if the password was in clear text in SysVol. This was fortunately stopped by Microsoft. What other solutions are available? In practice I have seen VBS or PowerShell scripts, the good ones have random passwords, the bad ones only a standard.
But isn’t there a well designed solution from Microsoft? Yes, there is, Local Administrator Password Solution (LAPS).