While searching for this scenario, came across a topic called "tatooing" from https://docs.microsoft.com/en-us/archive/blogs/grouppolicy/gp-policy-vs-preference-vs-gp-preferences
I then looked at the registry entry and found this.
Changed the NoAutoUpdate value set to 0, did another gpupdate /force and now I dont see any GP policies on the windows update settings!
Will need to restart and confirm once more
I am trying to use Widows update rings on intune replacing our old group policy. Our machines were set with "disable automatic updates" via gpo. Our service provider at that time who managed our infrastructure used the default domain policy to disable windows updates!
I disabled those policies from the default domain policies, did gpupdate on my computer and found that the policy was changed to MDM managed. The next day, the 3 policies are back on the machine and now I am not able to figure out where is this policy from. Checked each and every GPO settings on my server and confirmed that there are no policies related to windows update.
Checked gpedit.msc as admin on my computer
User configuration:
Computer configuration
My gpresult html report which has Windows update search result
Not sure where else to look at and possibly remove this policy
Hello everyone,
I finally managed to get another video out and really hope I could continue this! 
This time, its about Microsoft Defender ATP.
Would love to hear your feedback on this.
@DustinB3403 this time, I've used Streamlabs OBS, used the filters as you suggested and I believe the audio quality is improved. Still need to fine tune it. Thanks a lot for that.
@DustinB3403 Thanks for the feedback, will tweak this on the next videos
Next video published, this time about ios device enrollment via intune, publishing apps and pushing it to iPAD, device compliance etc.
About windows information protection
Helping prevent accidental data disclosure to removable media. WIP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesnβt.
@Dashrender said in DLP (Data Loss Prevention) solution:
Is anyone using a DLP with Windows and/or Mac?
I've been tasked with finding a solution - Other than google searches, not sure where to start.
Client has mostly Windows 10 Pro and 1 bloody Mac - Everyone is on O365 E3.
I know MS has a DLP solution, and I just barely started to read about it last night.
anything else I should look at?
Goal:
Log any data written to USB attached devices.This is literally the only goal at this point. An insurance company we are getting data from is obsessed with blocking/controlling data being copied onto USB devices - they don't about NAS devices, or Cloud services, or CD-Roms, etc... they are just simply obsessed with USB.
Have used McAfee (won't recommend that!). You could check from the below list:
https://www.devicelock.com/
https://www.secudrives.com/
https://www.forcepoint.com/product/dlp-data-loss-prevention
https://zecurion.com/products/data-loss-prevention/
Some more details about investigation on malware. Malwarebytes endpoint detection and protection has similar functionalities and I am sure most vendors would have such capabilities with them
As you could imagine, this product has an overwhelming amount of information, which is why I wanted to do a full POC with MS team to understand the right approach on using this product effectively. Will post my experience here as and when I get more infor
@marcinozga said in Evaluating Defender ATP:
@Obsolesce said in Evaluating Defender ATP:
@marcinozga said in Evaluating Defender ATP:
I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.
While it may be more expensive than one's current A/V solution, it's definitely not 15-18 times more than a different centrally-manageable enterprise solution.
The cheapo 3rd party solutions really only offer definition based protection. That's pretty standard and is just the tip top of the iceberg of enterprise end-point protection. I'm not saying any blanket statements here, perhaps simple cheapo a/v is fine for some traditional or legacy environments, they are all different. I'm also not saying everyone needs all the features of DATP. My point is that while some can get away with a simple cheapo or free A/V or definition based protection, there's a ton of need for more than that.
I really haven't seen any AV in years that offered only definition based protection, well except maybe ClamAV. Every commercial solution has included advanced heuristic/behavioral detection, and a lot more features. Yearly cost is usually what Defender ATP cost monthly - including required subscriptions.
If you are already on O365 subcription like ours, it makes sense to move to E5 covering more areas or just get add-on for the ones you need.
@Obsolesce said in Evaluating Defender ATP:
@marcinozga said in Evaluating Defender ATP:
I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.
While it may be more expensive than one's current A/V solution, it's definitely not 15-18 times more than a different centrally-manageable enterprise solution.
The cheapo 3rd party solutions really only offer definition based protection. That's pretty standard and is just the tip top of the iceberg of enterprise end-point protection. I'm not saying any blanket statements here, perhaps simple cheapo a/v is fine for some traditional or legacy environments, they are all different. I'm also not saying everyone needs all the features of DATP. My point is that while some can get away with a simple cheapo or free A/V or definition based protection, there's a ton of need for more than that.
We've been using Microsoft Cloud App Security for a while as an add-on to M365 E3 package and been really helpful in many situations, where user account got compromised and attempts made to login from risky IPs/infrequent countries! We got them on the fly and had preset alerts to disable the accounts. I am assuming that with defender ATP add-on, the coverage gets better. I personally am evaluating the portal and impressed with the amount of details they have covered.
Few screens from my personal tenant. I've been blasting these test vms with malwares!
I love secure score, with defender you get that extended to windows as well!
Automatic remediation
Extensive reporting
and the best part!
Evaluation lab! You can fire up an Azure VM for free and test out any malware and other settings and tweak policies accordingly. The VM only stays active for few days, but you can fire up new machines (current limit is 3)
@marcinozga said in Evaluating Defender ATP:
I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.
Not sure how did they gave you that info! An average pricing structure as below
And security products straight from O365 admin portal subscriptions page:
@Dashrender said in Evaluating Defender ATP:
@manxam said in Evaluating Defender ATP:
@Ambarishrh : Please keep us in the loop on this. Very curious...
Ditto. While I don't see us deploying a solution that pumps 18 additional processes on our machine, a few of those options could be nice... and while it might be considered unfair by the competition, MS's own internal knowledge I can mostly only hope would make their products better.
Now that said - how many of those 18 points you have for McAfee would simply have to be replicated no matter how who's solution you used? I'm assuming many of them aren't running on typical machines today - i.e. Bitlocker, DLP, not things in use by most Windows shops today.
@manxam sure!
@Dashrender we do have all this in most machines. Issue with McAfee is even for single component, there are several services running.
One such machine that is not responding, see the number of process running!
With the switch possibly to Defender ATP, since its using windows defender, all the malware security/endpoint protection is handled by defender. Azure Information Protection should take care of the DLP part. Encryption, already moving to bitlocker. I am expecting a huge improvement for end users along with all the features that we could use with defender ATP
we had similar issues with mailgun few months back and switched to sendgrid after that.
@Obsolesce I am actually working with MS on the poc and starting with a demo this Tuesday
Hello everyone!
Had a big break and now back in track, trying to do more videos about O365. Slowly picking it up again and publishing on YT.
Now with part 5 discussing about bitlocker encryption. Would love to hear from you all!
We are (finally!!) getting out of our 3 year long McAfee contract soon and slowly started replacing features that we used with McAfee ePO suite to alternate products, mostly with Microsoft. Already started moving from McAfee drive encryption to Bitlocker encryption, and now about to evaluate defender ATP. I tried it in my lab and looks good, but wanted to get some feedback on what needs to be tested with this evaluation.
I have few things in my mind already;
Run malware on the machines (got few sample of malware with me to test out) and test out features like automatic investigation and remediation, isolate endpoint etc.
Already tried out knowbe4 ransim:
Installed with no tweaks on the policy
After making some changes (cloud detection)
Test out application blocking to only Microsoft signed application
Check machine performance (this was a major killer with McAfee suite, with all the drive encryption, DLP, endpoint security etc, we have around 18 processes running on each machine for McAfee and has severe impact on users performance). With defender atp, since its baked into windows and not as agent for each module, I am expecting a huge improvement on performance.
Test out conditional access triggers; to restrict MS signed applications when a critical malware found on endpoint
Check integration with MS flow, Cloud App Security etc
Are there anything else that comes to anyone's mind?
@EddieJennings I've previously worked with a large enterprise and during my time there, we used yammer and jive all access to internal employees that was used for discussions and helping temas to solve issues, new deployments etc.
Not for MSP, but for our company internal users, we initially used solarwinds web helpdesk which was bad and then moved to servicedesk from manageengine. Started with the standard edition and on the next renewal we moved to enterprise edition getting project, change and asset management.
Works really well for our use, AD integration for user login, set sla per category, business rules to assign tickets to group, tech etc and much more
I have Samsung S9+ and the completing the contract by September. Was planning to get note 10 as I never tried a note but also checking Oneplus 7 pro. The only thing thats holding me back from getting 7 pro is the lack of wireless charging which I got used to with my s9+
Heard great things about one plus oxygen os as its much lighter and usually gets faster updates
You could try cisco umbrella (previously opendns) https://umbrella.cisco.com/products/packages or mimecast web security https://www.mimecast.com/products/web-security/
I've previously used untangle and clearos for these as well