WDAC feature limitations on Windows Server versions
Andrew Windows Defender Application Control (WDAC) is a core component of Windows, since Windows 10 and Server 2016, which can be used as part of your security posture to secure workstations…
#TIL WDAC logging and Policy Names from Windows Server 2016
In implementing a Windows Defender Application Control (WDAC) audit policy we discovered an interesting quirk with the information logged in the Windows Event Logs on Server 2016, that can make…
PowerShell script to convert WDAC XML file to binary CIP format
The Microsoft WDAC Wizard is a great tool for building and modifying WDAC policies, but there are times where it is necessary to manually modify the policy XML file. If…
Logic App security tips – Using a Key Vault
Logic Apps are amazingly powerful in what can be accomplished, and have a very low barrier to entry with their code-less approach, however care needs to be take to ensure…
#TIL converting a JSON date from a Dynamics 365 Business Event in a Logic App
While building a Logic App to perform actions based on business events in Dynamics 365, I faced a slight challenge – one of those challenges can sometimes be tricky in…
Generating a log file for an MSI or MSP
Recently when completing a MIM 2016 hotfix installation the upgrade process was failing with a very generic and largely unhelpful error message. It’s possible (and in the case of MIM…
Check when attributes were updated in Active Directory
I recently needed to determine when an attribute was updated by MIM in Active Directory for a particular user object. MIM itself provides details within Metaverse search to determine when…
TIL: Finding the location of a user’s desktop folder in PowerShell
In developing a script that drops the output file to a user’s desktop it begs the question – what is the best way to determine the full path to the…
Microsoft MFA with number matching
Multi-factor authentication (MFA) is critically important for securing accounts and limiting the risk of accounts being compromised. However one of the weaknesses of push based MFA, such as push notifications…
Bulk load devices to Azure AD Group
Recently I’ve been needing to put into Azure AD Groups large numbers of device objects and it turns out you can’t easily use the out of the box tools in…