Daniel

Thank you for posting such a great article!

Allowed by whom? Microsoft does not decide corporate security, which is just as well obviously. Like I said, is a great tool, but too powerful, and it is utterly irresponsible to advise users about this tool unless you also make clear that users in corporate settings must not operate such tools without the strict blessing of their IT/security teams.
That goes for any “fix” or action really. You actually need to be putting at the beginning of any article, “don’t do this on your business device unless you have the blessing of the relevant IT body” etc. Because it’s tools like this and other things that people download after reading about it on a helpful website that allow hackers to run amok once they can acquire entry via a compromised device.

Do not download any tool, Microsoft or otherwise, to your corporate device and attempt to “fix” things on your or other computers without the explicit approval of your IT team. Astounding that this even needs to be said.

i’m using windows 11, and still no DoH feature

Thanks for the good info. Microsoft’s ever-changing nature presents a challenge (and a rabbit-hole of searching).
In reviewing mail status, we trigger the stock monthly email & collaboration report. (Using Defender for O365 Plan 1 policy defaults). Most data is obvious (Edge Block Spam, Good Mail, Malicious URL etc.) but there’s a column labeled ‘others’ – in our case tallying as much as 10% of total volume.

Any idea what that is? (and are these messages delivered? quarantined? bit-bucketed? returned to sender?)

Your expertise appreciated.

There are some great plugins for Terraform, I use the Pycharms on every day: code completion, refactoring support, colour coding etc.

Getting the below error when running the Flow:

“There is no such object on the server. (Exception from HRESULT: 0x80072030)”
Could you please advise?

Thank you very much for your effort. I’ve enabled the log file and it works!

cheers

By mistake I have tried this simulation ( Malware Attachment) in my personal laptop directly, worried how to remove that malicious thing running in my personal laptop, any idea like where that malicious file gets stored, Thanks in Advance

Thank you!

The new portal is a bit confusing as the reports are scattered.

Thanks a lot!

I mean, the audit mode is useless if I can’t see what is blocked and what not. And tuning becomes a very difficult task

Please be aware of this issue:

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6813

I mean, adding rules for scripts it’s a matter of trial and error…
Do you know any workaround?

[…] (Source: Set Internet Explorer as the default browser in Windows 10 with Group Policy) […]

—————————————————————————————————————-
New-CimInstance : The requested object could not be found.
At line:28 char:1
+ New-CimInstance -Namespace $namespaceName -ClassName $className -Prop …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (MDM_AppLocker_A…ictions01_EXE03:CimInstance) [New-CimInstance], CimException
+ FullyQualifiedErrorId : MI RESULT 6,Microsoft.Management.Infrastructure.CimCmdlets.NewCimInstanceCommand

Hi Vignesh,

Can we change the user training for those who click on these links and attachments?

Good info. I wanted to know about DISM as a non-sysop. Keep the articles coming.

Will it work for new domains?

thanks….great post