Disclaimer: The opinions expressed on this blog is a personal opinion and and do not express the opinion of my employer, Microsoft, Winsec or any other party.

[out-of-band]: Intune learning resources

Tue 26 Apr 2016 Leave a comment

Actually the original credits go to @tonyszko and the Predica team posting interesting blog on Intune at Microsoft Intune for Beginners.

But, now it happens that a customer is asking for learning material on Intune, so I’m more than happy to share the gift.
Furthermore, I hope you benefit from the search I did today, given I’m not a SCCM nor Intune specialist (*).

(*) but becoming one… next mission😉 when Identity and Security are dead…

So, if ever, you need some starting point, as Intune beginner, check this out.

Microsoft Technet
Bring Your Own Device (BYOD) Design Considerations Guide

Microsoft Official Curriculum (Courses)
Administering System Center Configuration Manager and Intune (in development, classroom)

Microsoft Virtual Academy (Virtual Learning):

I can personally highly advise the “Microsoft Intune and System Center Configuration Manager Core Skills ” course.

Channel 9 (Videos)
Intune videos (NL + EN)

Intune Jumps – 12 Video lessons:

Microsoft Intune Core Skills

Virtual labs
Go to https://technet.microsoft.com/en-us/virtuallabs
Search for “intune” (but make sure to untick the ‘hot labs’ option, to get a better view)

Intune evaluation center

TechNet Wiki

Search TechNet wiki for intune.


Lots, most, if not all of these interesting links have been collected in the Microsoft Intune Survival Guide.

But most important of all, if you notice that info is missing or wrong, please take the time to correct/add it. Or send me a note.
The community will greatly appreciate your effort!

Categories: Security

Note-to-self: Channel9 – Azure Active Directory Connect: in-place upgrade from legacy tools

Thu 21 Apr 2016 Leave a comment

Source: https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Azure-Active-Directory-Connect-in-place-upgrade-from-legacy-tools

Andreas Kjellman has published an small, but very interesting bit of video on Channel 9.
You can read more in the Azure AD Connect documentation pages00https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Azure-Active-Directory-Connect-in-place-upgrade-from-legacy-tools/player

You can read more in the Azure AD Connect documentation pages

Additionally, I strongly suggest to have a look at the discussion/comments on the post.

Having a 2nd server is now supported. This is called a “staging server” and more information can be found here: https://azure.microsoft.com/documentation/articles/active-directory-aadconnectsync-operations/#staging-mode.

It is also possible to filter based on OUs. More information on filtering options can be found here: https://azure.microsoft.com/documentation/articles/active-directory-aadconnectsync-configure-filtering/.

Note-to-self: Hotfix rollup package (build 4.3.2124.0) is available for #MIM2016

Mon 14 Mar 2016 Leave a comment

Source: https://support.microsoft.com/en-us/kb/3134725

Initially posted by Jeff Ingalls at the FIM 2010 FB group: https://www.facebook.com/groups/155109068156/10153501281698157/?notif_t=group_activity

Except for an important set of fixed, there are some very interesting features added to MIM 2016

MIM Synchronization Service

This update adds the ability to override the default Synchronization engine behavior of changing run profile GUID after export and import of the server configuration.

This update extends the functionality of the AD MA configuration cmdlets to be able to handle multiple partitions.

This update adds a new cmdlet Add-MIISADMARunProfileStep.

MIM Portal

This update adds the ability to fully customize the portal header.

Privileged Access Management (PAM)

Some group memberships may not be removed by the MIM component service after the PAM request expiration period. This hotfix addresses removal of expired group memberships.


Check it out in the detailed content of the KB article (https://support.microsoft.com/en-us/kb/3134725)



Note-to-self: Normalization of deviance in security: how broken practices become standard [must read]

Fri 26 Feb 2016 Leave a comment

If you would search the internet you’ll quickly find the original quote… “Normalization of deviance in software: how broken practices become standard”

All credits go to the original post: http://danluu.com/wat/

And to honor the truth completely, the hint was posted by Joe Richards at http://blog.joeware.net/2016/01/04/5683/
Joe has highlighted some important remarks in his blog post. But there is more…

What reasons do people or companies have NOT to implement best practices or ‘forget’ to implement them.
What easily becomes accepted as normal, why not speak up if you think something is wrong…

Just replace the ‘software’ in the article and title by ‘security’ …

Simply must read!
[Or actually, simply must implement, every day.]

#FIM2010 upgrade/update failure and roll back

Fri 19 Feb 2016 Leave a comment

Recently I have been working with several customer that experienced a similar situation:

  • update FIM with a hotfix fails
  • upgrade FIM 2010 to FIM 2010 R2 fails
  • during installation of FIM he FIM services won’t start

All of them result in a roll-back of the installation.

Let me spoil the root cause right away (and then explain): using an SQL port number in the installation wizard.

The installation wizard is not able to connect to the database with a port number.

Solution: use an SQL alias


The FIM Sync Service and/or the FIM servers check the registry for the database server and instance and then connect to SQL and start the service.

The use of a port number seems to break the wizard.
Normally the FIM Services and FIM Sync Services CAN use an SQL port…

Easy fix: set an alias in the SQL Server client network utility






Then change the registry to use the FIM SQL ALIAS (as server), you don’t need the instance and port anymore (as the alias will take care of it).

For the FIM Sync:


Check the server and instance configured for the FIM Sync database

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\Server (use SQL Alias)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\Instance (empty)

for FIM Service

Check the server and instance configured for the FIM Service database




I’ve updated the Wiki article with more detailed info at http://social.technet.microsoft.com/wiki/contents/articles/14551.fim-2010-r2-troubleshooting-syncservice-installation-or-upgrade-failure-and-roll-back.aspx

See also:

Some new #MIM2016 CTP stuff on the Connect site

Wed 10 Feb 2016 Leave a comment

Check out the MIM 2016 connect site: https://connect.microsoft.com/site433.

The Identity and Access Management Connect site is used for:

– Microsoft Identity Manager 2016 SP1 Preview (MIM 2016 SP1)
– FIM Sync Connectors
– Azure Active Directory Sync Services

If you would like to try out this preview in a lab environment, it is available for download on Connect at  https://connect.microsoft.com/site433/Downloads

Check : https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=57668

If you do not see this available for download, ensure that “Active Directory Identity and Access Management CTP” is in your Connect programs list, or add this connect program from the directory https://connect.microsoft.com/directory/ .  You can provide feedback directly by email to aadmimfeedback@microsoft.com or in Connect site feedback.

It’s important to carefully check the description of the download: “These CTPs are intended solely for integration testing and to help us gather community feedback on specific changes or scenarios. As such these previews are for evaluation use only, and are not licensed, supported or intended for production use.  If you need updates for a production deployment of MIM, please contact your Microsoft support representative to ensure you have the latest hotfix for MIM 2016.”

Note-to-self: EMET 5.5 released

Tue 9 Feb 2016 Leave a comment

Source: http://blogs.technet.com/b/srd/archive/2016/02/02/enhanced-mitigation-experience-toolkit-emet-version-5-5-is-now-available.aspx

Microsoft announced “the release of EMET 5.5, which includes the following new functionality and updates:

  • Windows 10 compatibility
  • Improved configuration of various mitigations via GPO
  • Improved writing of the mitigations to the registry, making it easier to leverage existing tools to manage EMET mitigations via GPO
  • EAF/EAF+ pseudo-mitigation performance improvements
  • Support for untrusted fonts mitigation in Windows 10″

Download is available at: https://www.microsoft.com/en-us/download/details.aspx?id=50766

More interesting information at:

EMET 5.5 FAQ: https://support.microsoft.com/en-us/kb/2458544

EMET at the Security TechCenter: https://technet.microsoft.com/en-us/security/jj653751


Get every new post delivered to your Inbox.

Join 84 other followers