Microsoft Endpoint Manager ATP: Onboarding Methods For Windows 10

Hey fellow humans, how are you guys doing? With this covid-19 happening around us, hope that you are cautions about your health and safety of yourself and others too. I still can not believe that there are people still thinks that this virus is a myth. It really hurts to see the increases of cases in Malaysia has reach 4 thousand covid-19 cases yesterday in a day.

Anyway, lets start this blog post with another ATP, if you are new with this technology ATP stands for Advanced Threat Protection. My last post about ATP , is Azure ATP / Microsoft Endpoint Identity Defender ATP, do feel free to read about it.

This blog post would be about onboarding methods Endpoint to Microsoft Endpoint Defender ATP, if you haven’t notice Microsoft has launch 1 new onboarding methods that you can enroll for your lab environment or customers.

If you are new to the ATP here are the steps to get these methods;

  1. Sign up for a Office E3 trial license
  2. Setup the account
  3. Sign in to Office 365 Admin center> Billing > Select Purchases Services
  4. Under the purchases services select M365 E5 trial license
  5. Assign your Office 365 account with M365 E5 license
  6. Would take an hour or few minutes for the ATP Admin portal to setup for ready to use
  7. Head to Microsoft Endpoint Manager Admin Center
  8. At the side bar you can see “Endpoint security” > Setup > Microsoft Defender ATP
  9. There you would need to start setup of the Microsoft Defender ATP, it only takes 5 mins to setup, yes from the setup page here you may able to view the onboarding methods too but is only one-time setup page, so the actual location of this onboarding is at their Microsoft Defender ATP Admin portal.
  10. Enter the Microsoft Defender ATP Admin portal and there it will direct you to another portal where all the Endpoint’s onboarding , offboarding, analytics and etc.. located
  11. At the side bar > Select Settings icon > Device Management > Onboarding
Onboarding methods

As you can see the above image, these are the following onboarding methods that you can use to onboard your endpoint devices.

  1. Local Script
    • Has limitation, per script only for 10 devices. Meaning that Script 1 has been used for 10 devices and to enroll the number 11 device you would need to re-download the new script package from the onboarding method.
    • If you are doing a quick lab this would be the best method to test the onboarding
  2. Group Policy
  3. Microsoft Endpoint Configuration Manager current branch and later
  4. System Center Configuration Manager 2021 /2012 R2/1511/1602
  5. MDM/Microsoft Intune
  6. VDI onboarding scripts for non-persistent devices

Onboarding are run at the backend of your endpoint, and it dependent on the licenses that you purchase and also the environment type. Meaning if your environment has SCCM then you would need to use the SCCM onboarding method to enroll the devices to Microsoft Defender ATP.

Microsoft has really ease quite a lot for administrators work in enroll their devices to ATP services and having integration between ATP and other security features inside. I will write more about it on the next blog post. Have a nice weekend!

References:

  1. https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-configure
  2. Microsoft Defender for Endpoint – Windows security | Microsoft Docs
  3. https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints

Azure Exam: AZ-500 How to pass the exam?

Good day, I’ve been receiving requests asking me how did I manage to pass the AZ-500 exam, which I just recently took it, on 22nd December 2020. I’m writing a blog post about it because I can’t go one by one to reply you guys.

There was 60 questions, including (1) case study, (10) true and false questions and (40) objective questions. If not mistaken.

There were no labs in this exam. If you were the earlier adopters for this exam and yes there was a requirement of completing a lab in this exam.

The exam was mainly focusing on

  1. Your understanding of OSI layers *
  2. Steps on encryption and decryption of SQL and databases.
  3. RBAC
  4. Azure AD Connect deployments
  5. Network access and privileges
  6. Access and privileges of virtual servers
  7. Where to get Reports from, for different platform based on the types of Azure services

To be honest, without proper understanding and reading the questions and OSI layers concept you would have slight chances of passing this exam. If you have experiences with Azure services, then you won’t need to worry much about the exam. I would recommend you to prepare yourself with the following reference links below, it would give you help on passing this exam.

All the best and good luck ahead!

References

  1. https://microsoftlearning.github.io/AZ500-AzureSecurityTechnologies/

Azure ATP: Azure ATP capabilities and mechanism

Hey everyone, hope you guys had a wonderful day. Starting of a new year 2021. I hope everyone stay healthy and stay safe distance from one another or avoid crowded places.

I know that this pandemic has test us in many ways, in terms of physically and mentally. If you manage to get through year 2020 challenges, then give yourself a pad on the back, you did good.

This blog post I’m going to write about what is Azure ATP, before I jump into the topic, I want to say that security is a journey. If you guys have read about the recent news about attacks rises double/triple in the year 2020 and also the news about solarwinds attack, then these are enough proof that hackers are given more chances to attack in this situation, because they know majority businesses or corporates are still vulnerable or not up to par in terms of securing their environment and providing security training to users. Users mistakes in allowing attackers are also risk to the corporate that is why users training is still important to corporates. Losing money/profit to attackers is twice painful to the corporates then purchasing and implementing security technologies/products in the environment. Let’s take ransomwares as an example for this case. Due to this pandemic, I notice quite an amount of corporates are now implementing the concept of “Zero-trust“. If you would like to know what is “Zero-trust”, do feel free to Google them up.

Anyway, alright lets start our topic. The ATP term has been quite awhile in the security industry, or if you still not too sure what is ATP, ATP stands for Advanced Threat Protection. It contains advanced intelligent technology and combination of algorithms to identify and investigate types of malicious behavior and it will select appropriate action to quarantine/block the malicious actions before doing any harm to the environment and provide deep dive detailed reports to administrators.

Azure ATP has been known quite awhile in Microsoft 365, and Microsoft had given a different naming, Microsoft Identity Defender. It’s capability is to:

  1. Identify compromised accounts
  2. Investigate malicious activities of accounts
  3. Provide best practice security actions to administrators on how to handle accounts that reported by Azure ATP as suspicious or compromised
  4. Provide detail visibility authentication of attacks
  5. Azure ATP able to provide details of attack’s source
  6. Reports are real-time and signals back to Microsoft Identity Defender portal

This is just a summary of the entire structure looks like implementing Azure ATP into the environment with Domain Controllers only.

Azure ATP agent is only for on-premises like Domain controllers and ADFS and the agent will send a signal back to Microsoft Identity Defender if detected malicious activities or compromised accounts. I do recommend that you read more about requirements of deploying Azure ATP, before deploying into your customer’s environment. There is a medium impact required.

References

  1. What is Microsoft Defender for Identity? | Microsoft Docs
  2. Microsoft Defender for Identity architecture | Microsoft Docs