Microsoft Edge: Configure IE Mode (Part 1)

IE Mode on Microsoft Edge provides compatibility for legacy sites that require Internet Explorer 11. IE Mode enables users to access modern and legacy sites using a single browser. Users no longer need to switch between browsers to access legacy intranet sites. IE mode supports ActiveX controls such as Java and Silverlight, and it also supports Internet Explorer settings and group policies that affect Protected Mode and security zone settings. In part one of this two-part series, I will configure IE Mode using Group Policy and Microsoft Intune.

Understanding Microsoft Security Baselines and Applying Them – Part 1

What are security baselines? Why do I need them? Security Baselines are published by various companies however I will focus strictly on Microsoft Security Baselines, and how to apply them safely in your environment. Microsoft Security Baselines are created to give our customers a benchmark and to utilize the latest features possible, while also guiding … Continue reading Understanding Microsoft Security Baselines and Applying Them – Part 1

Side-Channel Attack Mitigation via GPO (Group Policy Objects)

What is the side-channel attack we need to be aware of? The main side-channel attack we refer to in IT are more specifically the Spectre and Meltdown vulnerabilities. Both of these leveraged a cache-based vulnerability in modern-day CPU's. There have been numerous vulnerabilities linked to the same core-issue but they are treated as individual CVE's and as such have … Continue reading Side-Channel Attack Mitigation via GPO (Group Policy Objects)

Microsoft Edge: Viewing applied policies

The new Microsoft Edge browser based on Chromium was released in January 2020. Unlike the original Edge browser, which is only available for Windows 10, the new Microsoft Edge Chromium based browser can be installed on Windows 7/8/8.1/10 and is also available for MacOS. Microsoft Edge is ready for business and has dedicated deployment resources … Continue reading Microsoft Edge: Viewing applied policies

AppLocker – Part 3

Introduction:In the previous blog we looked at the AppLocker Rules, Rule Conditions and how to enforce them. In this blog we will look at AppLocker in audit mode. By using the Audit only enforcement setting, you can ensure that the AppLocker rules are properly configured for your organization. When AppLocker policy enforcement is set to … Continue reading AppLocker – Part 3

AGPM: The case of the missing GPT.ini file – a possible workaround

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory, amongst other technologies, including Advanced Group Policy Manager (AGPM). Have you ever deployed a GPO via AGPM only to experience either of the two situations? EventID 1058 (GroupPolicy) in a client’s System log or The follow message when … Continue reading AGPM: The case of the missing GPT.ini file – a possible workaround

Most Common Mistakes in Active Directory and Domain Services – Part 1

As a Premier Field Engineer (PFE) at Microsoft, I encounter new challenges on a daily basis. Every customer has its own uniqueness, and each environment is different from the other. And yet, there are several things I repeatedly encounter over and over again. Common mistakes that IT administrators make because lack of knowledge or changes … Continue reading Most Common Mistakes in Active Directory and Domain Services – Part 1