Defender for Identity Audit Deleted Objects

So recently I noticed in my new Server 2019 DFI lab I was not getting auditing when an object was deleted. This was curious to me as I have always in the past gotten this type of info from the product. Turns out there is one line I missed on pre-reqs that I have never ... Read More

Audit All Mailbox Activity

Note: Updated 11/12/2021 to include SearchQueryInitiated Ever wanted to make sure you are auditing all available activities in Exchange Online? Me too! So I wrote a PowerShell to turn on logging for every possible item EXO can audit. Adjust to your liking and license level! So why would you want this? Isn’t logging enabled by ... Read More

Find EOP – MDO Misconfig with KQL

One of the biggest/most common misconfigurations I have seen with EOP/MDO is an overuse of IP or domain allow lists. MSFT has updated its guidelines to no longer recommend customers use those features. However, the hard thing is determining how many emails are coming into your environment without scanning due to those settings. I needed ... Read More

Blog Update

Had a lot of life updates since Covid, New Job, New Home all the Covid stuff. As life is starting to normalize again I am again thinking blogging would be fun! And maybe just maybe some of the stuff I post helps someone else. So my goal is to start publishing more on this blog ... Read More

Deploy MDATP Tags with Intune

Do you feel its a little funny that Microsoft doesn’t have a built-in way to deploy MDATP tags Via Intune? Well, so do I! To get around this weakness I went and wrote a little Powershell script to help take care of it. Deploy it via intune script policy and you should be set/manage any ... Read More

Export Azure backups in VHD format

Have you ever run into an issue where you need to export a backup of an Azure vm? No? Just me? Okay, well It can be a pain because there is no native way to just get the VHD of the backup file. If you want to restore a backup point, it’s no problem. If ... Read More

Cloud app security – admin changes alert

I really love Microsoft’s Cloud App Security tool. It is quickly becoming the one place I go to check all logs, as well as remediate any security issues with my Office 365 environments. The hardest thing about this tool is out of the box it can be a little chatty- alerting you to too many ... Read More

Powershell admin tool launcher

I Often find my self needing to open tools such as AD or DNS as a different user account. This is because as a security best practices I usually recommend organizations run dual account security. Where an IT team member uses a separate account for admin activity vs their day to day account that has ... Read More

Deploying Password Policy’s

When its time to setup an AD password policy for your company you are going to google the process and you are going to find 1 Million ways to enforce passwords. Unfortunately most of the ways that are listed there are really geared toward older options Pre 2008 Active Directory. Most involve trying to use ... Read More

Office 365 Updating email distro with contacts

Ever run into a user request where they need you to update a distribution list with users that are not on your system? No Problem you say, only to discover its a excel spread sheet with 100 or more people. AGH…. PowerShell to the rescue. Here is a script I used to create and add ... Read More