Secure Socket Layer (SSL) and Transport Layer Security (TLS, which builds on the now deprecated SSL protocol) allow you...
Restricting registration to Azure AD MFA from trusted locations with Conditional Access policy

You may be familiar with the Conditional Access policy feature in Azure AD as a means to control access...
Azure AD MFA with number matching and temporary access passes

Microsoft will enable the new number matching feature by default in February 2023. Number matching for Azure AD MFA...
Microsoft 365 compliance policy: Control access with compliant devices

With the procedure described in this post, you can ensure that only devices with an assigned Microsoft 365 compliance...
When did users last change their password in Active Directory?

Changing passwords regularly is no longer recommended, and the Security Baseline for Windows doesn't include a corresponding setting. Nevertheless,...
Active Directory passwords: All you need to know

All Windows administrators need to know the essential concepts of Active Directory passwords: how passwords are stored in Active...
Configuring Defender Exploit Guard network protection

One of the features of Defender Exploit Guard is network protection. It blocks communication with dangerous domains or IP...
Disable UAC with Group Policy and set PIN in Windows Hello

User Account Control helps to implement proper permission levels for users accessing systems. Instead of needing administrator privileges, UAC...
Configure Defender SmartScreen, activate enhanced phishing protection

Microsoft includes several Windows security components under the term "Defender." One of them is Defender SmartScreen, which aims to...
UserAccountControl attribute: Checking and configuring security settings for Active Directory accounts

The UserAccountControl attribute can be used to configure several account settings in Active Directory. This applies, for example, to...
Duo 2FA: Two-factor authentication for RDP

In this post, you will learn how to enable two-factor authentication (2FA) for Remote Desktop Protocol (RDP). We will...
Manage Windows Defender Firewall with Intune

For a home user, it's easy to manage the Windows Firewall. However, if you have more than 50 devices...
Endpoint security analytics with uberAgent ESA 7.0

The uberAgent solution from vast limits GmbH is a premier user experience monitoring (UXM) and endpoint security analytics (ESA)...
Custom error message for access denied

When you access a file share in Windows and the conditions for access are not met, you are normally...
Configuring Defender Antivirus: Exclusions, real-time protection, scans, and remediations

On most PCs, Defender Antivirus runs with the default settings. However, Microsoft offers admins many options to customize the...
How to install the PfSense firewall on a virtual machine

PfSense is a free open-source network firewall and router based on FreeBSD. PfSense is known for its reliability and...
Change Windows startup programs with Sysinternals Autoruns

Did you know there are more than 200 configuration locations for Windows startup programs? These are often used to...
Microsoft Defender: Control updates for malware signatures using Group Policy or PowerShell

Obtaining effective protection by virus scanners requires that they always use the latest definitions. Therefore, Microsoft Defender is not...
Common BitLocker errors

In my previous post, I explained how to enable BitLocker with PowerShell and how to unlock, suspend, resume, and...
Enable BitLocker for Windows 10 and Windows 11 with Intune on multiple computers

This post explains how you can enable BitLocker for Windows 10 and Windows 11 with Intune on multiple computers...