𝐇𝐎𝐖 𝐓𝐎 𝐀𝐋𝐋𝐎𝐖 𝐏𝐈𝐍 𝐑𝐄𝐒𝐄𝐓 𝐅𝐎𝐑 𝐖𝐈𝐍𝐃𝐎𝐖𝐒 𝐇𝐄𝐋𝐋𝐎 𝐅𝐎𝐑 𝐁𝐔𝐒𝐈𝐍𝐄𝐒𝐒

PIN is one of the login options in Windows Hello for Business. If a user forgets their PIN, they can reset it. Windows Hello for Business allows two types of PIN reset:
- Destructive PIN reset, which deletes everything in the Windows Hello for Business container. This is a forced reset, but it requires no additional configuration and works by default.
- Non-destructive PIN reset, which requires additional configuration but does not delete the existing Windows Hello for Business container and the keys stored in it.

Watch my YouTube video bellow on how to configure it
https://youtu.be/XdHrajCf-Tk

𝐇𝐎𝐖 𝐂𝐎𝐍𝐅𝐈𝐆𝐔𝐑𝐄 𝐆𝐑𝐀𝐃𝐔𝐀𝐋 𝐑𝐎𝐋𝐋𝐎𝐔𝐓 𝐏𝐑𝐎𝐂𝐄𝐒𝐒 𝐅𝐎𝐑 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐃𝐄𝐅𝐄𝐍𝐃𝐄𝐑 𝐅𝐎𝐑 𝐄𝐍𝐃𝐏𝐎𝐈𝐍𝐓

Microsoft Defender for Endpoint supports gradual rollout of all update types – Security Intelligence Updates, Engine Updates, and also Platform Updates.

Watch my YouTube video on how to configure gradual rollout process for the updates
https://youtu.be/DJ6k7BucK7Q

Microsoft announced via the Message Center message ID MC810406 that support is ending for User Enrollment with Company Portal for iOS devices in September 2024.

The reason for this change is that in iOS 18 Apple is no longer supporting profile-based user enrollment, which effectively means the end of support just for user enrollment through the Company Portal app. And given that most of the commonly used iOS/iPadOS devices get the update to iOS 18, it probably doesn't make sense to continue support for user enrollment through the Company Portal app.

Watch my YouTube video bellow for details
https://youtu.be/7uBCGNrU2oA

𝐒𝐌𝐀𝐑𝐓 𝐋𝐎𝐂𝐊𝐎𝐔𝐓𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃

Smart Lockouts in Microsoft Entra ID help protect Microsoft Entra ID accounts from password attacks. And smart lockouts are also called smart lockouts because they are smart in the meaning of that they should not negatively impact regular users.

Do you want to learn more about Smart Lockouts in Microsoft Entra ID? Watch my YouTube video bellow
https://youtu.be/7V7BJcqb5CM

The unstoppable xfixium has already released the next few parts of his great #video #tutorial on how to program a #SEGA #MasterSystem #videogame using the C language

The tutorial recreates the Ms. Pac-Man arcade classic from scratch - parts 11 to 13 are now available!

Here's the whole series: https://www.youtube.com/watch?v=9jGkoHX3BSk&list=PLBYs5vZbDPv6UPqtU_deDSihZjeoCkUsS&index=1

𝐃𝐈𝐅𝐅𝐄𝐑𝐄𝐍𝐂𝐄 𝐁𝐄𝐓𝐖𝐄𝐄𝐍 𝐄𝐍𝐓𝐄𝐑𝐏𝐑𝐈𝐒𝐄 𝐀𝐏𝐏𝐒 𝐀𝐍𝐃 𝐀𝐏𝐏 𝐑𝐄𝐆𝐈𝐒𝐓𝐑𝐀𝐓𝐈𝐎𝐍𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃

In Microsoft Entra ID, there are Enterprise Apps and App Registrations. Many administrators don’t know the difference between the two and confuse the two important concepts. But there is a major difference between them, and it is good to know it.

Watch my YouTube video bellow
https://youtu.be/4ljbruQOOiI

𝐇𝐎𝐖 𝐓𝐎 𝐃𝐄𝐏𝐋𝐎𝐘 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐃𝐄𝐅𝐄𝐍𝐃𝐄𝐑 𝐅𝐎𝐑 𝐄𝐍𝐃𝐏𝐎𝐈𝐍𝐓 𝐎𝐍 𝐈𝐎𝐒 𝐕𝐈𝐀 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐈𝐍𝐓𝐔𝐍𝐄

Unlike Android, Microsoft Defender for Endpoint can be installed and configured on Apple iOS in a completely zero-touch mode for the end user via Microsoft Intune. The end user does not need to confirm any settings, permissions or anything else on their iOS/iPadOS device afterwards.

Watch my YouTube video bellow for more details
https://youtu.be/QHJCDr49RhY

𝐇𝐎𝐖 𝐓𝐎 𝐔𝐒𝐄 𝐓𝐄𝐌𝐏𝐎𝐑𝐀𝐑𝐘 𝐀𝐂𝐂𝐄𝐒𝐒 𝐏𝐀𝐒𝐒 𝐈𝐍 𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓 𝐄𝐍𝐓𝐑𝐀 𝐈𝐃

When an organization uses passwordless authentication, they need to figure out how to onboard users. In other words, you need to solve the chicken/egg problem. If a user has not registered any passwordless authentication method, how can they authenticate to register a passwordless authentication method?

Temporary Access Pass (TAP) solves this problem.

Watch my YouTube video bellow on how to use Temporary Access Pass in Microsoft Entra ID
https://youtu.be/AqqvMqNcXRU

𝐇𝐎𝐖 𝐓𝐎 𝐃𝐈𝐒𝐀𝐁𝐋𝐄 𝐏𝐑𝐈𝐍𝐓 𝐒𝐏𝐎𝐎𝐋𝐄𝐑 𝐎𝐍 𝐃𝐎𝐌𝐀𝐈𝐍 𝐂𝐎𝐍𝐓𝐑𝐎𝐋𝐋𝐄𝐑𝐒

Print Spooler is a service that takes care of print management. This includes, but is not limited to, managing printer drivers, scheduling print jobs, etc.

Print Spooler had a critical vulnerability in the past referred to as PrintNightmare (CVE-2021-34527). This vulnerability allowed attackers to execute code with administrator privileges.

The Print Spooler vulnerability was patched promptly, so if you have updated systems, the immediate risk associated with PrintNightmare is no longer present. And for normal systems, it is usually not feasible to disable Print Spooler. It would make printing impossible, which is usually not desirable.

But domain controllers are a critical part of Active Directory and need to be as secure as possible, which means blocking everything that is not needed. And you certainly should not need to print on domain controllers, so it’s a good idea to disable Print Spooler on domain controllers.

Watch my YouTube video bellow on how to disable Print Spooler on Domain Controllers
https://youtu.be/O80HHKdnbcQ

Microsoft Entra ID serves as a robust identity and access management solution for modern businesses, enabling secure authentication and authorization across various devices and services. One critical aspect of Microsoft Entra ID management involves device join types, each playing a unique role in defining how devices establish trust and connectivity within the Microsoft Entra ID environment.

Watch my YouTube video bellow
https://youtu.be/RU1Sr-jNKCs

Introduction Videotutorial Wichtigste Features

https://peertube.casually.cat/videos/watch/e7fb58c9-47f2-41fb-9545-2f4719491d7a

𝐇𝐎𝐖 𝐓𝐎 𝐑𝐄𝐒𝐄𝐓 𝐃𝐎𝐌𝐀𝐈𝐍 𝐀𝐃𝐌𝐈𝐍 𝐏𝐀𝐒𝐒𝐖𝐎𝐑𝐃 𝐎𝐍 𝐀𝐍 𝐀𝐙𝐔𝐑𝐄 𝐕𝐌

There are cases when you forget the local admin password of a machine. Or worse, someone changes your password, such as a threat actor in a cybersecurity incident. This happens, and I’ve been there a few times, where a threat actor started resetting all the admins’ passwords to effectively cut them off so they couldn’t stop the ongoing attack.

With Azure VMs, it is possible to reset passwords directly from the Azure portal. Either by using a PowerShell script or by directly entering a command from the Azure portal. This works for both a local admin account and also a domain admin account if the VM in question is a domain controller.

Watch my YouTube video bellow
https://youtu.be/Lmug9xI3h24

𝐇𝐎𝐖 𝐓𝐎 𝐁𝐋𝐎𝐂𝐊 𝐄𝐌𝐀𝐈𝐋𝐒 𝐅𝐑𝐎𝐌 𝐓𝐇𝐄 𝐎𝐍𝐌𝐈𝐂𝐑𝐎𝐒𝐎𝐅𝐓.𝐂𝐎𝐌 𝐃𝐎𝐌𝐀𝐈𝐍 𝐈𝐍 𝐎𝐅𝐅𝐈𝐂𝐄 365

The onmicrosoft.com domain is a tenant address. It is the initial domain with which the tenant was created. This domain is also referred to as the MOERA (Microsoft Online Email Routing Address) domain.

However, this domain is never normally used to send emails. Therefore, it is a good idea to block all emails coming from any onmicrosoft.com domain. These domains could be abused by attackers who register their own tenant for more credibility, but do not register a custom domain.

Watch my YouTube video bellow
https://youtu.be/1AQuxO0Labo

Application updates can be managed through Intune or through external tools. External tools typically provide significantly more configuration and customization options.

But external tools need to be purchased, set up, integrated, and maintained. In addition, it is not infrequent that external tools, nowadays typically in the form of a service, have security incidents. Such an incident can then directly endanger your environment through a so-called supply chain attack. There are many examples of supply chain attacks in the history.

For the reasons mentioned above, I recommend using the native capabilities within Microsoft Intune. For Microsoft 365 Apps, there is native support in Intune for update configuration, so there is not much reason to even address this with another tool.

Watch my YouTube video bellow
https://youtu.be/WtX-eoGWCfQ

Microsoft Edge updates can be configured via Microsoft Intune. Microsoft Edge updates are configured through Device Configuration Profiles.

Watch my YouTube bellow for more details
https://youtu.be/vTFk7iMKYfk

HOW TO DEPLOY MICROSOFT DEFENDER FOR ENDPOINT ON MACOS VIA MICROSOFT INTUNE

Microsoft Defender for Endpoint supports all commonly used platforms. Including Apple’s macOS.

Many macOS device owners believe they don’t need a security product. They tend to say that there are no viruses or malware on macOS. Unfortunately, this is a very naive and risky opinion. The opposite is true actually, and even macOS is targeted by threat actors. Therefore, you need a security product on macOS as well.

And it’s not just viruses or malware. But what about phishing? You receive a fraudulent link via email, some messenger or iMessage, you click on it and it leads to a phishing site. You need to protect yourself against such threats too.

Watch my YouTube video bellow
https://youtu.be/R631h3di898

Geospatial Python - Full Course for Beginners with GeoPandas
--
https://youtu.be/0mWgVVH_dos?si=KHenBnxdeStppvnH <-- shared video tutorial
--
https://moderngis.xyz/courses/geopandas-free-certification/ <-- shared course files
--
[sharing of this course should not – necessarily - be considered as an endorsement]
#GIS #spatial #mapping #tutorial #onlinelearning #free #training #python #geopandas #pandas #beginners #video #videotutorial #workflows #automation #spatialanalysis #spatialdata #DuckDB #leafmap #lonboard #certification

RECOMMENDED CONDITIONAL ACCESS POLICIES IN MICROSOFT ENTRA ID

Conditional access policies in Microsoft Entra ID allow for very granular security management. The problem is that organizations usually do not have conditional access policies properly defined. There tend to be blind spots, policies don’t cover all applications, all users, and all scenarios.

Many organizations have conditional access policies defined but do not think about them properly. This is because they often target only specific applications or specific users. And when I ask them why the MFA policy only targets Office 365 for example, they tell me they don’t use anything else. Or when I ask why they only target one group of users, they tell me that other users don’t use cloud services.

But that’s just the wrong approach. You are not primarily protecting the services from your users, but from attackers. And just because you don’t use anything other than Office 365 doesn’t mean an attacker will not use it. Or just because some users don’t use cloud services doesn’t mean those accounts can’t be exploited by an attacker. If those apps or accounts exist in the cloud, they need to be protected whether regular users use them or not. Attackers are looking for the most insecure places, the weakest links.

Watch my YouTube video bellow where I talk about the conditional access policies that I recommend implementing
https://youtu.be/LtIgFBDJzXs

One of the configuration options for Windows Firewall is called Local Policy Merge. In general, Local Policy Merge exists in other settings as well, for example, it appears in several places within Microsoft Defender.

It is generally recommended to disable Local Policy Merge. This is because Local Policy Merge means that in addition to the centrally defined rules, the local configuration will also be taken into account. And this is usually undesirable.

Watch my YouTube video bellow for more details
https://youtu.be/eZQlld82TRQ

"The ultimate guide to building maintainable Machine Learning pipelines using DVC"

Déborah Mesquita

https://towardsdatascience.com/the-ultimate-guide-to-building-maintainable-machine-learning-pipelines-using-dvc-a976907b2a1b?source=rss-dd9e06a0a640------2