Month: October 2015

Note-to-self: Microsoft Surface Data Eraser for Surface Pro 3, Surface Pro 2 and Surface Pro on Microsoft Download Center

Source: https://technet.microsoft.com/en-us/library/mt605308.aspx

Microsoft has released the Microsoft Surface Data Eraser for Surface Pro 3, Surface Pro 2 and Surface Pro on Microsoft Download Center.

In cases where the Surface needs to be shipped to Microsoft, ADR’s for repair or maintenance purposes – in order to make sure no data can leak to these external parties. As long as the disk still can read/write, this tool allows a secure data wipe – you don’t even need a working/booting OS on the Surface.

TechNet Article: https://technet.microsoft.com/en-us/library/mt605308.aspx

Microsoft Surface Data Eraser is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a Surface Pro 3, Surface Pro 2, or Surface Pro device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB tool is easy to create by using the provided wizard, the Microsoft Surface Data Eraser Wrapper, and easy to use with a simple graphic interface, no command line needed.

Download over Surface Pro 3, Surface Pro 2 and Surface Pro Download Center:http://www.microsoft.com/en-us/download/details.aspx?id=38826

On Surface Pro 3, Surface Pro 2, and Surface Pro devices, the Microsoft Surface Data Eraser tool is able to provide secure wiping to US Department of Defense (DOD) and National Institute of Standards and Technology (NIST) standards.

Note-to-self: Exchange recipient administration rights in ILM/FIM/MIM

Another great post to bookmark, using the blog as my external memory again:
Check Paul Williams’ post at : http://blog.msresource.net/2011/12/02/exchange-recipient-administration-overkill-in-ilm-and-fim/

“What am I talking about?  Reducing the privilege required to perform Exchange recipient provisioning using the Active Directory Domain Services Management Agent (ADMA).  The default documentation on the subject clearly states that in order to provision mailbox-enabled users or linked mailboxes the ADMA account needs to be a member of the Recipient Administrators role group.  Now, while it’s true membership in that group will allow you to run Update-Recipient and successfully invoke the RUS after creating a user and stamping the mandatory Exchange attributes that same membership also grants you access to perform a multitude of recipient administration tasks that the account doesn’t need to perform.”

And also : http://blog.msresource.net/2011/12/14/delegating-the-minimum-set-of-permissions-for-mailbox-enabled-user-and-linked-mailbox-provisioning/

Note-to-self: Podcast An Insider’s Look at the Security of Microsoft Azure – Assume the Breach!

Source: got this from Tom Shinder, https://twitter.com/tshinder

“Really interesting and informative podcast with David Cross, where he discusses a multitude of issues around Azure Security.

Definitely 5 stars!

An Insider’s Look at the Security of Microsoft Azure – Assume the Breach!