1
00:00:03,325 --> 00:00:05,935
- Welcome to episode 373
2
00:00:05,935 --> 00:00:08,255
of the Microsoft Cloud IT Pro Podcast
3
00:00:08,815 --> 00:00:11,415
recorded live on March 22nd, 2024.
4
00:00:11,765 --> 00:00:14,135
This is a show about Microsoft 365
5
00:00:14,135 --> 00:00:16,215
and Azure from the perspective of it pros
6
00:00:16,215 --> 00:00:19,095
and end users where we discuss
the topic or recent news
7
00:00:19,395 --> 00:00:20,615
and how it relates to you.
8
00:00:20,965 --> 00:00:24,135
This episode wraps up our
discussion on Microsoft Intune
9
00:00:24,155 --> 00:00:27,095
and managing your
organization's devices, apps,
10
00:00:27,195 --> 00:00:28,335
and endpoint security.
11
00:00:28,635 --> 00:00:31,935
In this episode, we'll be delving
into the endpoint security
12
00:00:31,935 --> 00:00:35,415
pillar of Intune, which includes
antivirus, disc encryption
13
00:00:35,415 --> 00:00:36,615
and firewall settings.
14
00:00:36,865 --> 00:00:38,815
We'll explore the various tools
15
00:00:38,835 --> 00:00:39,975
and features available
16
00:00:40,155 --> 00:00:42,975
to help you secure your
organization's endpoints.
17
00:00:45,525 --> 00:00:47,535
Okay. I have a question for you completely
18
00:00:47,565 --> 00:00:49,095
unrelated to our topic today.
19
00:00:49,555 --> 00:00:51,415
Why? When I share a screen in teams,
20
00:00:51,965 --> 00:00:54,815
does it always put this little here?
21
00:00:54,935 --> 00:00:56,535
I can drag it over this little window
22
00:00:56,785 --> 00:00:58,015
right here with the little videos.
23
00:00:58,275 --> 00:01:00,495
Why does it always put it on
the window I'm sharing instead
24
00:01:00,495 --> 00:01:02,095
of one of my other monitors? Because
25
00:01:02,985 --> 00:01:05,895
- While that window is visible
for you, it is not visible
26
00:01:06,075 --> 00:01:07,695
to the people that you were sharing with.
27
00:01:08,035 --> 00:01:11,095
So, so only, only you see
only me that little pop, even
28
00:01:11,095 --> 00:01:13,695
- Though it shows up in my
preview of what I'm sharing?
29
00:01:14,155 --> 00:01:17,615
- Yes. Like I see no little
window right now. Well,
30
00:01:17,655 --> 00:01:19,455
- I moved it off, but you didn't see it
31
00:01:19,455 --> 00:01:20,535
when I was dragging it around.
32
00:01:20,835 --> 00:01:21,935
- All we see is your mouse. Yes.
33
00:01:21,935 --> 00:01:25,535
- Which I guess if it's not
showing, I always figured it was
34
00:01:25,535 --> 00:01:27,615
because it always shows in the
preview of what I'm showing.
35
00:01:27,725 --> 00:01:30,535
Like I expect the preview
to actually be indicative of
36
00:01:30,535 --> 00:01:31,615
what everybody else sees.
37
00:01:31,795 --> 00:01:33,895
Not, not what everybody sees.
38
00:01:34,255 --> 00:01:36,575
- I expect teams to use the right GPU
39
00:01:36,575 --> 00:01:38,335
and have color accuracy for my camera.
40
00:01:38,485 --> 00:01:39,855
They can't do those things either.
41
00:01:40,455 --> 00:01:42,695
like, you know,
42
00:01:42,775 --> 00:01:44,175
I think we all have our expectations,
43
00:01:44,475 --> 00:01:46,815
but yes, my my understanding is nobody
44
00:01:46,815 --> 00:01:48,655
ever sees that little window. Only you do.
45
00:01:48,685 --> 00:01:49,695
- Only I do. Okay.
46
00:01:49,895 --> 00:01:52,495
- I always minimize it 'cause
it just gets in the way.
47
00:01:52,645 --> 00:01:54,775
Like I do not need to see
it kind of thing. Right.
48
00:01:54,835 --> 00:01:56,055
But nobody else can see it either.
49
00:01:56,375 --> 00:01:57,775
- I always tend to full screen it
50
00:01:57,775 --> 00:02:00,415
because that's the only
way I can see the chat
51
00:02:00,435 --> 00:02:02,775
unless I pull up my other
team's window to see the chat.
52
00:02:02,775 --> 00:02:03,975
Yeah. Huh. All right.
53
00:02:04,155 --> 00:02:06,735
Oh, so Tori just said he could
see a small window dragging
54
00:02:06,735 --> 00:02:07,975
around in the video share.
55
00:02:08,555 --> 00:02:09,695
Oh, you know what Tori?
56
00:02:09,695 --> 00:02:12,095
That's because you're not
seeing the teams share.
57
00:02:12,555 --> 00:02:17,055
You are seeing the OBS share
through a virtual camera, so
58
00:02:17,635 --> 00:02:18,695
you would be able to see
59
00:02:18,695 --> 00:02:19,255
- It. I'm seeing the teams
60
00:02:19,255 --> 00:02:21,255
- Share, but Scott is
seeing the teams share
61
00:02:21,365 --> 00:02:23,895
because we have sharing video windows
62
00:02:24,065 --> 00:02:25,095
going all over the place.
63
00:02:25,485 --> 00:02:27,135
This is not a convoluted setup at all.
64
00:02:28,375 --> 00:02:31,615
- not in the slightest.
65
00:02:31,995 --> 00:02:33,055
All right, you, you ready to go?
66
00:02:33,055 --> 00:02:35,935
- Yeah, I'm ready to
go. So we have managed
67
00:02:36,075 --> 00:02:39,495
to spend three entire
episodes talking about Intune.
68
00:02:39,505 --> 00:02:41,255
Scott and I have one.
69
00:02:41,755 --> 00:02:44,295
So we are gonna talk about
device security today.
70
00:02:44,515 --> 00:02:46,215
But someone had a question
71
00:02:46,795 --> 00:02:47,935
and for the life of me,
72
00:02:48,055 --> 00:02:50,135
I can't remember which
platform I saw it on,
73
00:02:50,475 --> 00:02:54,735
it may have been on
Twitter, XX, Twitter X,
74
00:02:54,965 --> 00:02:57,455
Twitter could have been on
threads, I can't remember.
75
00:02:58,035 --> 00:03:00,965
But remember last week we
talked about app installations
76
00:03:01,425 --> 00:03:05,885
and like deploying applications
to endpoints through Intune.
77
00:03:06,425 --> 00:03:08,605
And the question was could we talk about
78
00:03:09,185 --> 00:03:11,805
how you troubleshoot app installations?
79
00:03:11,955 --> 00:03:14,805
Like I'm in Intune, I'm
pushing this out to devices,
80
00:03:14,935 --> 00:03:16,965
presumably anywhere.
81
00:03:17,385 --> 00:03:20,645
It isn't necessarily
within proximity to me.
82
00:03:21,495 --> 00:03:24,365
Inevitably because
devices are different and
83
00:03:24,365 --> 00:03:27,605
because apps are apps, you
might get installation failures,
84
00:03:27,635 --> 00:03:32,045
whether it's on Android,
iOS, windows, et cetera.
85
00:03:32,175 --> 00:03:33,925
There is some documentation out there.
86
00:03:34,225 --> 00:03:37,525
So there are some app
installation troubleshooting steps
87
00:03:37,535 --> 00:03:39,005
where they do give you some
88
00:03:39,005 --> 00:03:40,765
of the error codes that can help.
89
00:03:41,185 --> 00:03:44,125
So they have like Android app
installation, error codes,
90
00:03:44,995 --> 00:03:47,285
they have some for iOS
91
00:03:47,945 --> 00:03:50,845
and that's one method
to get some of those.
92
00:03:51,035 --> 00:03:55,285
There's also some troubleshooting
guidelines as well for
93
00:03:55,865 --> 00:03:58,885
things you can go through to support
94
00:03:59,345 --> 00:04:01,405
or to diagnose those app installations.
95
00:04:02,065 --> 00:04:06,085
The documentation is pretty
good in how you do it, in terms
96
00:04:06,085 --> 00:04:09,805
of guiding you through where
you would go about finding it,
97
00:04:10,185 --> 00:04:12,165
how to go pull some of the diagnostics
98
00:04:12,555 --> 00:04:15,685
because there is logging out there for it.
99
00:04:16,025 --> 00:04:19,845
And the one thing that is
a little odd about this,
100
00:04:20,145 --> 00:04:23,165
and this is kind of what I
wanted to hit on, it goes along
101
00:04:23,165 --> 00:04:25,365
with the documentation,
but it didn't feel like the
102
00:04:25,565 --> 00:04:30,005
documentation was super
clear when it came to this is
103
00:04:30,925 --> 00:04:34,165
a lot of times when you're
dealing with Intune,
104
00:04:34,585 --> 00:04:36,445
you would think I should go to the Intune
105
00:04:36,585 --> 00:04:37,805
and go to the application.
106
00:04:38,545 --> 00:04:40,645
And in the application you get a report
107
00:04:41,025 --> 00:04:44,245
of it succeeded on 20
devices and failed on five
108
00:04:44,545 --> 00:04:46,605
and then you can go look at
those five failed devices
109
00:04:46,825 --> 00:04:48,365
and click on those failed devices.
110
00:04:49,125 --> 00:04:52,125
I would expect to like see
some more information there.
111
00:04:52,475 --> 00:04:53,965
It's like a dumb screen
112
00:04:54,095 --> 00:04:56,045
where it literally gives
you a little bit of text
113
00:04:56,345 --> 00:04:58,245
and doesn't show anything at all.
114
00:04:58,615 --> 00:05:02,005
Super, not helpful. And that part
115
00:05:02,385 --> 00:05:04,165
for me at least, is a little confusing.
116
00:05:04,165 --> 00:05:05,365
I always forget, I'm like, okay,
117
00:05:05,365 --> 00:05:06,765
here's the report of all the failures.
118
00:05:06,765 --> 00:05:08,645
Let me go look at the diagnostic data.
119
00:05:09,995 --> 00:05:12,885
What you can actually
do to help diagnose it
120
00:05:13,065 --> 00:05:14,605
and if you're watching the video
121
00:05:15,505 --> 00:05:18,005
is I'll throw it on the
screen in a screenshot
122
00:05:18,205 --> 00:05:19,285
'cause I grabbed it from my clients
123
00:05:19,345 --> 00:05:21,325
and then obfuscated a bunch of the data.
124
00:05:21,745 --> 00:05:23,685
But you actually go
like into your devices.
125
00:05:24,185 --> 00:05:28,445
So instead of going through
the applications, if you go
126
00:05:28,505 --> 00:05:30,805
to Intune and click on devices,
127
00:05:31,585 --> 00:05:35,125
and then within the
devices screen in Intune is
128
00:05:35,365 --> 00:05:36,405
a managed app section.
129
00:05:36,545 --> 00:05:38,125
So it's like down the left side
130
00:05:38,125 --> 00:05:39,325
where once you're on the device,
131
00:05:39,325 --> 00:05:41,405
you have hardware discovered
apps, device compliance,
132
00:05:41,405 --> 00:05:43,245
app configuration, all of those
133
00:05:43,265 --> 00:05:46,525
and eventually get to managed
apps where you can see a list
134
00:05:46,525 --> 00:05:48,605
of those applications on that device
135
00:05:48,605 --> 00:05:50,005
that are deployed through Intune.
136
00:05:50,425 --> 00:05:52,885
If you then go into those managed apps
137
00:05:52,985 --> 00:05:57,045
and click the application
from that report that failed
138
00:05:57,585 --> 00:06:00,725
an installation, you can actually click,
139
00:06:00,725 --> 00:06:03,165
there's a link in there
to show the details
140
00:06:03,385 --> 00:06:04,845
of an app installation failure
141
00:06:05,215 --> 00:06:06,605
where you can go look at details,
142
00:06:06,705 --> 00:06:10,205
but you also have a collect
diagnostics option in there
143
00:06:10,455 --> 00:06:12,725
where you can go essentially pull a bunch
144
00:06:12,725 --> 00:06:16,245
of diagnostics from that
device to help you look
145
00:06:16,245 --> 00:06:17,885
through the logs and troubleshoot why
146
00:06:17,885 --> 00:06:18,885
that application failed.
147
00:06:19,135 --> 00:06:21,965
- Funny enough, ,
this is covered in the docs
148
00:06:22,645 --> 00:06:24,045
, it's just,
149
00:06:24,155 --> 00:06:27,565
it's just the next doc
down from the error codes.
150
00:06:27,635 --> 00:06:28,925
- From the error codes one. Yeah.
151
00:06:28,925 --> 00:06:31,645
See and I saw that, but
it's like they walk you
152
00:06:31,645 --> 00:06:34,365
through the Intune center and
then support and troubleshoot
153
00:06:34,585 --> 00:06:36,245
and users and all of that.
154
00:06:36,665 --> 00:06:38,445
I'm like, just go to the device list.
155
00:06:38,635 --> 00:06:41,005
- Yeah, so, so, so you can
get to where you need to be.
156
00:06:41,585 --> 00:06:43,325
So, so a couple interesting things here.
157
00:06:43,825 --> 00:06:47,405
So, uh, I, I don't know that
folks ever pick up this nuance
158
00:06:47,905 --> 00:06:50,605
and this is kind of a, a pro tip
159
00:06:50,605 --> 00:06:54,725
that goes across at least
the Azure documentation.
160
00:06:54,745 --> 00:06:57,205
It appears to across
Intune and things as well.
161
00:06:57,985 --> 00:07:00,045
So even though you're in Microsoft Learn,
162
00:07:00,305 --> 00:07:03,645
you're in a different
repo for docs right now.
163
00:07:04,065 --> 00:07:07,285
So quite often troubleshooting
docs don't manifest in
164
00:07:07,285 --> 00:07:08,405
like product docs.
165
00:07:08,825 --> 00:07:10,445
So it's, it's, it's interesting, right?
166
00:07:10,445 --> 00:07:13,605
If you look across like all these, all,
167
00:07:13,605 --> 00:07:15,485
all these headings in the
table of contents here.
168
00:07:15,485 --> 00:07:17,845
Yep. Or like your TOC
on the left hand side,
169
00:07:18,055 --> 00:07:20,285
these are totally things that
don't appear in the regular
170
00:07:20,425 --> 00:07:21,685
Intune docs and that's
171
00:07:21,685 --> 00:07:23,845
because this is all part of
the troubleshooting docs,
172
00:07:23,845 --> 00:07:26,045
which is owned by a different team,
173
00:07:26,075 --> 00:07:27,885
blah blah blah, all those kinds of things.
174
00:07:27,885 --> 00:07:30,125
So if you're ever looking to do
175
00:07:30,665 --> 00:07:33,165
troubleshooting in a given area,
176
00:07:33,825 --> 00:07:36,165
and like I said, this looks
like it holds true across Intune
177
00:07:36,165 --> 00:07:37,565
and it's certainly true across Azure.
178
00:07:38,075 --> 00:07:40,085
Just go to Google, Bing, duck, go your,
179
00:07:40,115 --> 00:07:41,525
your favorite search engine of choice
180
00:07:41,525 --> 00:07:42,645
and type in, you know, blah
181
00:07:42,645 --> 00:07:43,765
blah blah thing, troubleshooting.
182
00:07:44,385 --> 00:07:46,565
And that will usually take
you to like the overview
183
00:07:46,905 --> 00:07:50,605
for the troubleshooting repo,
which even though it's part
184
00:07:50,605 --> 00:07:53,285
of support or part of
learn not microsoft.com,
185
00:07:53,905 --> 00:07:57,805
it takes you into like that
different area of learn so
186
00:07:57,805 --> 00:08:01,805
that you can get to all of that
troubleshooting information.
187
00:08:02,235 --> 00:08:04,325
It's such a weird thing.
I don't know why it's done
188
00:08:04,325 --> 00:08:05,445
that way, but it's,
189
00:08:05,665 --> 00:08:06,665
- I'm with you.
190
00:08:06,665 --> 00:08:09,085
I feel like it should be in
with the Intune documentation
191
00:08:09,085 --> 00:08:11,205
because that's normally
where you'd go to find
192
00:08:11,755 --> 00:08:13,845
what do I do if it doesn't
work like it's supposed to.
193
00:08:13,915 --> 00:08:16,045
- Yeah. I take all like my documentation
194
00:08:16,305 --> 00:08:19,765
for my product areas, I use
like a copy as an example.
195
00:08:20,145 --> 00:08:23,445
So like in easy copy when
you go to the overview page,
196
00:08:23,605 --> 00:08:26,285
I have links on the overview
page that I've put there over
197
00:08:26,345 --> 00:08:28,285
to all our troubleshooting guides just
198
00:08:28,285 --> 00:08:30,645
to make it a little bit
easier for customers to kind
199
00:08:30,645 --> 00:08:33,845
of like not have to the mental
math of like, yeah, where,
200
00:08:33,915 --> 00:08:36,525
where's the troubleshooting
information for this thing
201
00:08:37,065 --> 00:08:38,365
and how does that come together?
202
00:08:38,545 --> 00:08:40,605
So yeah, if, if folks are interested,
203
00:08:40,755 --> 00:08:44,445
like usually troubleshooting
also provides you not just,
204
00:08:44,445 --> 00:08:45,845
hey, it's broken kind of guidance,
205
00:08:46,025 --> 00:08:48,685
but you can also derive
like how is it supposed
206
00:08:48,685 --> 00:08:49,765
to work guidance out of it.
207
00:08:50,025 --> 00:08:51,085
So for something that's kind
208
00:08:51,085 --> 00:08:53,005
of massive like Intune the suite,
209
00:08:53,635 --> 00:08:55,605
it's kinda worth coming
over here and taking a look
210
00:08:55,625 --> 00:08:58,045
and seeing what kind of
trouble do people run into
211
00:08:58,595 --> 00:09:00,165
because you, you know,
212
00:09:00,165 --> 00:09:02,445
even in your case like
app installation here,
213
00:09:03,185 --> 00:09:05,005
app installation and app deployment
214
00:09:05,625 --> 00:09:08,045
is different depending on the device.
215
00:09:08,115 --> 00:09:10,605
Like there's a big difference
between Windows versus say
216
00:09:10,605 --> 00:09:14,285
like iOS or deploying an A PK
on Android, things like that.
217
00:09:14,745 --> 00:09:16,805
So even like the
troubleshooting steps you take
218
00:09:17,105 --> 00:09:19,685
and how you diagnose that could be
219
00:09:20,405 --> 00:09:22,125
slightly different across the stack.
220
00:09:22,545 --> 00:09:24,245
- Yes, a hundred percent.
221
00:09:24,585 --> 00:09:27,525
So that is how I go through and
start troubleshooting these.
222
00:09:27,795 --> 00:09:29,365
Hopefully you can troubleshoot
223
00:09:29,365 --> 00:09:32,445
and get to the bottom of
all this without having
224
00:09:32,705 --> 00:09:34,565
to physically get access to the device.
225
00:09:34,945 --> 00:09:38,845
Um, but there is that option
to go into those devices
226
00:09:39,745 --> 00:09:42,805
or see this is where the
documentation for me, it's like go
227
00:09:42,805 --> 00:09:44,005
to troubleshoot support.
228
00:09:44,265 --> 00:09:46,885
And I was like, I've never
even seen this UI before.
229
00:09:46,885 --> 00:09:48,445
If you go through troubleshoot support,
230
00:09:48,925 --> 00:09:50,085
I just go straight to devices.
231
00:09:50,485 --> 00:09:52,485
- I think they're taking you, there's kind
232
00:09:52,485 --> 00:09:55,845
of a canonical URL for
troubleshooting for Intune
233
00:09:56,225 --> 00:09:57,765
and they've got it
linked in the doc there.
234
00:09:58,525 --> 00:10:00,805
I think they're kind of trying
to direct you into that.
235
00:10:01,045 --> 00:10:05,085
AKA ms, uh, URL that that
pops up along the way.
236
00:10:05,145 --> 00:10:07,765
So yeah, it's in there. Where is it?
237
00:10:09,185 --> 00:10:11,365
Oh, it's right above the user in group.
238
00:10:11,665 --> 00:10:12,885
- Oh, down here. Yeah,
239
00:10:13,015 --> 00:10:14,365
- Again, why not make that easier?
240
00:10:14,685 --> 00:10:15,765
I don't know. I don't know. In the do
241
00:10:15,765 --> 00:10:18,205
- Right up at the top where
it says select, troubleshoot
242
00:10:18,205 --> 00:10:20,725
and support or sign into the
windows at Intune center.
243
00:10:21,065 --> 00:10:23,645
Why not? Like put that
ak.ms link right up here
244
00:10:23,645 --> 00:10:25,045
by select troubleshoot and support
245
00:10:25,385 --> 00:10:29,565
or go to aka.ms into troubleshooting.
246
00:10:29,885 --> 00:10:31,725
I mean that seems like it would be right
247
00:10:31,725 --> 00:10:32,725
- Up here at the top.
248
00:10:32,725 --> 00:10:33,965
A PR away from you to fix. Yeah.
249
00:10:33,995 --> 00:10:36,245
- Okay. , aren't
they going away from
250
00:10:36,545 --> 00:10:37,885
prs? I should go put one in.
251
00:10:38,465 --> 00:10:42,685
- No. So what is going away is I,
252
00:10:42,765 --> 00:10:44,885
I believe GitHub issues and triage.
253
00:10:45,465 --> 00:10:48,765
So the triage happens more
through the feedback mechanisms,
254
00:10:48,825 --> 00:10:50,805
but all this stuff is
still hosted in GitHub,
255
00:10:50,815 --> 00:10:52,365
still available for prs,
256
00:10:52,365 --> 00:10:54,405
community contributions,
all that kind of thing.
257
00:10:54,605 --> 00:10:57,365
- I can go find the GitHub
repo that this is in somewhere.
258
00:10:57,515 --> 00:10:58,605
- This is in like
259
00:10:58,745 --> 00:11:03,365
github.com/microsoft/support
docs or something like that.
260
00:11:03,885 --> 00:11:05,365
- Interesting. Yep. App troubleshooting.
261
00:11:05,455 --> 00:11:07,365
There you have it in a nutshell just
262
00:11:07,365 --> 00:11:09,325
- To loop it back around
like there's troubleshooting
263
00:11:09,325 --> 00:11:11,005
across all these areas. You're
264
00:11:11,005 --> 00:11:12,645
- Trying to get me to a
part four, you're gonna see
265
00:11:12,645 --> 00:11:14,725
how long you can drag this out. We can No,
266
00:11:14,865 --> 00:11:16,925
- No, I'm not, I think
this is important stuff
267
00:11:16,925 --> 00:11:18,125
for people to know, right?
268
00:11:18,155 --> 00:11:19,765
Like you gotta read the manual,
269
00:11:19,765 --> 00:11:21,005
there's lots of stuff out there.
270
00:11:21,455 --> 00:11:24,165
We'll, we'll put a link
in the show notes to Guy
271
00:11:24,665 --> 00:11:26,325
and I put a link in the chat just to kind
272
00:11:26,325 --> 00:11:28,005
of like the broad overview page
273
00:11:28,005 --> 00:11:29,405
for all the Intune support stuff,
274
00:11:29,985 --> 00:11:31,645
but it dives you in pretty quick.
275
00:11:32,105 --> 00:11:32,845
Um, but
276
00:11:32,845 --> 00:11:34,285
depending on what you're
doing, you gotta be careful.
277
00:11:34,395 --> 00:11:35,765
Like, so like one
278
00:11:35,765 --> 00:11:38,525
of the weird things about
like Intune support docs, I,
279
00:11:38,605 --> 00:11:41,525
I don't know if you caught
onto this, is you're like, Hey,
280
00:11:41,925 --> 00:11:43,285
I want to do app something.
281
00:11:43,865 --> 00:11:45,565
So usually they direct you into like
282
00:11:46,185 --> 00:11:47,965
app application policies first
283
00:11:48,185 --> 00:11:50,885
before they actually direct
you into like application
284
00:11:50,885 --> 00:11:52,365
installation or things like that.
285
00:11:52,585 --> 00:11:54,525
So, you know, make,
286
00:11:54,525 --> 00:11:56,685
make sure you make sure you're
reading all the words on the
287
00:11:56,685 --> 00:11:58,205
page and landing up at the right heading
288
00:11:58,305 --> 00:11:59,885
before you get too deep into it.
289
00:12:00,065 --> 00:12:01,885
- Oh yes, absolutely.
290
00:12:05,505 --> 00:12:07,085
Do you feel overwhelmed by trying
291
00:12:07,085 --> 00:12:09,205
to manage your Office 365 environment?
292
00:12:09,305 --> 00:12:11,125
Are you facing unexpected issues
293
00:12:11,365 --> 00:12:13,205
that disrupt your company's productivity?
294
00:12:13,205 --> 00:12:16,005
Intelligent is here to help
much like you take your car
295
00:12:16,005 --> 00:12:18,685
to the mechanic that has
specialized knowledge on how
296
00:12:18,685 --> 00:12:21,445
to best keep your car
running Intelligent helps you
297
00:12:21,445 --> 00:12:23,165
with your Microsoft Cloud environment
298
00:12:23,165 --> 00:12:24,725
because that's their expertise.
299
00:12:24,755 --> 00:12:26,045
Intelligent keeps up
300
00:12:26,045 --> 00:12:28,045
with the latest updates
in the Microsoft Cloud
301
00:12:28,065 --> 00:12:29,685
to help keep your business running
302
00:12:30,005 --> 00:12:31,285
smoothly and ahead of the curve.
303
00:12:31,315 --> 00:12:33,205
Whether you are a small organization
304
00:12:33,205 --> 00:12:35,685
with just a few users
up to an organization
305
00:12:35,685 --> 00:12:38,965
of several thousand employees,
they want to partner with you
306
00:12:38,985 --> 00:12:42,405
to implement and administer
your Microsoft Cloud technology,
307
00:12:42,935 --> 00:12:46,285
visit them at intelligent.com/podcast.
308
00:12:46,665 --> 00:12:51,285
That's I-N-T-E-L-L-I-G-I-N
309
00:12:51,405 --> 00:12:55,005
k.com/podcast for more information
310
00:12:55,025 --> 00:12:56,645
or to schedule a 30 minute call
311
00:12:56,645 --> 00:12:57,965
to get started with them today.
312
00:12:58,805 --> 00:13:01,445
Remember Intelligent focuses
on the Microsoft cloud
313
00:13:01,545 --> 00:13:03,205
so you can focus on your business.
314
00:13:05,905 --> 00:13:07,405
So all right, continuing on,
315
00:13:07,495 --> 00:13:08,495
- Let's get back.
316
00:13:08,495 --> 00:13:11,645
So yeah, we've gotta get
through pillar three today.
317
00:13:11,785 --> 00:13:15,085
So we've previously
discussed devices and apps
318
00:13:15,665 --> 00:13:19,405
and now that takes us to endpoints
319
00:13:19,825 --> 00:13:21,685
and endpoint security.
320
00:13:21,785 --> 00:13:23,525
So there's a whole bunch
of things that endpoint
321
00:13:23,525 --> 00:13:27,245
and endpoint security including antivirus,
322
00:13:28,075 --> 00:13:31,645
disc encryptions, say like
BitLocker on your Windows client
323
00:13:31,645 --> 00:13:35,525
devices also includes
firewall configurations.
324
00:13:36,105 --> 00:13:40,765
So you kinda wanna start at the
top, like let's talk through
325
00:13:40,765 --> 00:13:43,085
what endpoint security is and
we can touch on those items
326
00:13:43,345 --> 00:13:44,345
- For sure.
327
00:13:44,345 --> 00:13:45,165
And this is one of those two.
328
00:13:45,485 --> 00:13:50,205
I feel like Intune does this more so than
329
00:13:50,955 --> 00:13:53,805
some of the other admin
centers and maybe it's
330
00:13:53,805 --> 00:13:56,045
because they haven't
updated the navigation
331
00:13:56,065 --> 00:13:57,085
yet to be more modern.
332
00:13:57,305 --> 00:13:59,285
You know how like SharePoint
Exchange, we have headers,
333
00:13:59,285 --> 00:14:02,125
then you can expand it and
get to like some menu items.
334
00:14:02,305 --> 00:14:04,485
Yep. Intune, I feel like you click stuff
335
00:14:04,545 --> 00:14:08,365
and it like you just keep it's
layer on top of layer on top
336
00:14:08,365 --> 00:14:11,045
of layer where to your point
you see endpoint security
337
00:14:11,045 --> 00:14:13,245
and you're like, oh I can
go click check out endpoint
338
00:14:13,525 --> 00:14:17,085
security and then it absolutely
does go into antivirus
339
00:14:17,105 --> 00:14:21,725
and dis encryption and you
can even that from there.
340
00:14:21,725 --> 00:14:23,325
You get into Microsoft
Defender for endpoint,
341
00:14:23,355 --> 00:14:24,565
like there's a lot
342
00:14:24,585 --> 00:14:28,805
of stuff under endpoint
security in Intune itself. Well,
343
00:14:28,965 --> 00:14:30,125
- I mean we're back to that.
344
00:14:30,395 --> 00:14:31,965
It's a whole suite of products, right?
345
00:14:31,965 --> 00:14:33,565
It's not a single product,
it's not just one.
346
00:14:33,625 --> 00:14:36,325
So you gotta find the right
part of that suite of products
347
00:14:36,325 --> 00:14:40,125
that you want to kind of tweak
and and play around with.
348
00:14:40,275 --> 00:14:44,285
- Yeah. In this will, since I
originally came up with this,
349
00:14:44,885 --> 00:14:47,085
I feel like Microsoft
has made some updates.
350
00:14:47,605 --> 00:14:49,285
I couldn't put my finger
on when it changed,
351
00:14:49,345 --> 00:14:50,725
but I was in here the other day
352
00:14:50,725 --> 00:14:52,685
and I'm like, I think this is different
353
00:14:52,785 --> 00:14:54,125
now than it used to be.
354
00:14:54,745 --> 00:14:55,925
And we can talk about that.
355
00:14:56,145 --> 00:14:59,125
So kind of going from the
top down to your point,
356
00:14:59,155 --> 00:15:00,565
once you get into endpoint security
357
00:15:00,585 --> 00:15:03,565
and Intune, you have
like your overview tab
358
00:15:03,665 --> 00:15:06,925
and you have your all devices
tab that similar to a lot
359
00:15:06,925 --> 00:15:10,485
of other areas where overviews
just kinda gonna give you a
360
00:15:10,485 --> 00:15:12,085
few links, some documentation,
361
00:15:12,905 --> 00:15:14,845
and then all devices just shows you a list
362
00:15:14,845 --> 00:15:17,565
of all your devices
similar to your device list
363
00:15:17,565 --> 00:15:20,325
that you'd pull up, um,
anywhere else in Intune.
364
00:15:20,825 --> 00:15:23,125
But the next one down that's interesting,
365
00:15:23,125 --> 00:15:24,165
and this is one of those
366
00:15:24,165 --> 00:15:26,605
that I feel like has changed
is the security baselines.
367
00:15:27,025 --> 00:15:29,365
So what Microsoft, one
368
00:15:29,365 --> 00:15:31,885
of the things they do at
endpoint security is they have
369
00:15:32,195 --> 00:15:36,645
several like default
baselines that you can apply
370
00:15:36,715 --> 00:15:40,525
that are Microsoft recommended
security configurations.
371
00:15:40,905 --> 00:15:44,165
So one of these is Windows
10, you have one that's
372
00:15:44,685 --> 00:15:48,045
Microsoft Defender for
endpoint, one that's Edge
373
00:15:48,585 --> 00:15:52,045
and then one that's Windows
365 if you're deploying the
374
00:15:52,045 --> 00:15:54,805
whole cloud PC thing, I think,
375
00:15:54,985 --> 00:15:59,125
or that one may even be, I
should look, is Windows 365?
376
00:15:59,125 --> 00:16:01,005
That might even be like desktop windows.
377
00:16:01,385 --> 00:16:02,525
No, uh, it should be desktop.
378
00:16:02,525 --> 00:16:04,085
Yeah, it should be
desktop like the E three
379
00:16:04,085 --> 00:16:05,885
and E five SKUs,
380
00:16:05,895 --> 00:16:08,845
which are slightly
different than Windows 10
381
00:16:08,845 --> 00:16:10,445
or Windows 11 primarily
382
00:16:10,605 --> 00:16:12,085
'cause of some stuff
that's included in them.
383
00:16:12,235 --> 00:16:13,645
That could be another discussion.
384
00:16:13,645 --> 00:16:14,725
Scott, what's the difference
385
00:16:14,725 --> 00:16:17,765
between Windows 365 and
Windows 11? .
386
00:16:18,405 --> 00:16:21,285
- ,
- All right, squirrel taking notes.
387
00:16:21,385 --> 00:16:24,005
And then Microsoft 365
apps for enterprise.
388
00:16:24,185 --> 00:16:27,205
So your desktop apps, word
Outlook, exchange, some of those,
389
00:16:27,735 --> 00:16:32,365
these used to, if I rem if I'm
remembering right in my head,
390
00:16:33,425 --> 00:16:37,525
not give you a lot of, like,
you'd go in and turn these on
391
00:16:37,825 --> 00:16:40,885
and they were like, it
gave you certain settings
392
00:16:40,905 --> 00:16:43,565
but you didn't always have
as much visibility into 'em.
393
00:16:43,825 --> 00:16:46,565
Now if you go into one of
these security baselines,
394
00:16:47,025 --> 00:16:51,085
you can create a profile and
it essentially goes through,
395
00:16:51,985 --> 00:16:56,925
and I should actually drag
this over, it goes through, uh,
396
00:16:56,955 --> 00:16:59,365
some of those device policies
we actually talked about
397
00:16:59,925 --> 00:17:01,205
a few episodes ago,
398
00:17:02,025 --> 00:17:05,605
and it has a bunch of those policies
399
00:17:06,305 --> 00:17:08,325
pre-configured with certain settings.
400
00:17:08,385 --> 00:17:13,245
So whether it's things about,
uh, runtimes or auto play
401
00:17:13,705 --> 00:17:17,605
or configuring BitLocker on devices, uh,
402
00:17:17,605 --> 00:17:20,565
there's stuff in here
about like data protection
403
00:17:20,585 --> 00:17:24,605
and direct memory access,
file explorer settings
404
00:17:24,665 --> 00:17:28,565
and data execution
prevention, firewall, power,
405
00:17:29,185 --> 00:17:32,205
remote assistance, search wifi
406
00:17:33,875 --> 00:17:37,485
instead of kinda having a, it
used to be a little bit more
407
00:17:37,765 --> 00:17:39,765
of an obfuscated view, I
would say, of the policy
408
00:17:39,775 --> 00:17:42,325
where you were like applying
certain settings rather than
409
00:17:42,355 --> 00:17:46,165
just creating another,
uh, configuration profile.
410
00:17:46,665 --> 00:17:48,405
And this is just kind of a shortcut
411
00:17:48,405 --> 00:17:50,445
or a different way to create
different configuration
412
00:17:50,525 --> 00:17:52,965
profiles for your devices with some
413
00:17:52,965 --> 00:17:55,125
of those settings pre-configured based
414
00:17:55,125 --> 00:17:56,365
on Microsoft's recommendations.
415
00:17:56,565 --> 00:17:58,245
- I don't know if this
has been your experience.
416
00:17:58,885 --> 00:18:02,205
I, I've seen at least for
client devices, like WIN windows
417
00:18:02,425 --> 00:18:05,765
and things like that, security
baselines here don't seem
418
00:18:05,765 --> 00:18:09,725
to be as fraught with, you
know, some, some of the
419
00:18:10,445 --> 00:18:11,645
downsides that come with them in like
420
00:18:11,645 --> 00:18:12,725
the identity world, right?
421
00:18:12,725 --> 00:18:15,245
Where if I enable this
security baseline here,
422
00:18:15,305 --> 00:18:17,525
all this other stuff gets shut
off and I might want this,
423
00:18:17,545 --> 00:18:19,645
but then I need this, but
then I can't use the baseline.
424
00:18:19,995 --> 00:18:22,525
Like these are client OSS
425
00:18:22,585 --> 00:18:25,245
and applications that have
been out there for a long time.
426
00:18:26,105 --> 00:18:29,165
So most of the security
baselines, they just kind
427
00:18:29,165 --> 00:18:30,245
of make sense.
428
00:18:30,595 --> 00:18:32,885
Like, like there there's
not many downsides
429
00:18:32,945 --> 00:18:37,845
to taking a look at them and
uh, and and lighting them up.
430
00:18:38,865 --> 00:18:43,605
The other thing is monitoring
the baselines is pretty
431
00:18:44,275 --> 00:18:45,845
easy to do over here as well.
432
00:18:46,505 --> 00:18:48,045
So like if you're going through
and you're thinking about
433
00:18:48,045 --> 00:18:51,125
like, hey I wanna spin up,
you know, a given set of
434
00:18:51,845 --> 00:18:55,685
a given set of configuration
items in this profile,
435
00:18:56,615 --> 00:18:59,405
monitoring them is fairly easy as well.
436
00:18:59,585 --> 00:19:02,685
So you get kind of nice
built in dashboarding
437
00:19:02,865 --> 00:19:06,045
and visualizations for compliance checks,
438
00:19:06,315 --> 00:19:08,285
like which devices are compliant,
439
00:19:08,285 --> 00:19:10,845
which users are compliant,
those sorts of things.
440
00:19:11,025 --> 00:19:14,485
- Yep. So I couldn't
remember Scott, I was looking
441
00:19:14,945 --> 00:19:17,885
and this I think is where
I've still gotten stuck,
442
00:19:17,885 --> 00:19:20,845
they haven't fixed this
yet, is you'll notice
443
00:19:20,845 --> 00:19:23,205
that like my configuration profiles
444
00:19:23,665 --> 00:19:27,205
and I am sharing my screen, but
if I went back to my devices
445
00:19:27,745 --> 00:19:32,445
and my configuration profiles,
that baseline policy doesn't,
446
00:19:32,955 --> 00:19:34,965
well it's using a lot
of the same settings.
447
00:19:35,265 --> 00:19:37,125
It doesn't show up as one
448
00:19:37,125 --> 00:19:39,005
of those configuration
profiles for Windows.
449
00:19:39,275 --> 00:19:43,525
Yeah. and one
trap that I have run into,
450
00:19:43,555 --> 00:19:45,445
like you said, they're
pretty straightforward
451
00:19:45,465 --> 00:19:48,085
and yeah, you go deploy
'em, push 'em out there.
452
00:19:48,545 --> 00:19:51,485
But if you've already done
a configuration profile, say
453
00:19:51,485 --> 00:19:54,525
for BitLocker, and then you
go turn on like a baseline
454
00:19:54,525 --> 00:19:56,685
policy that also has
BitLocker stuff in it,
455
00:19:57,545 --> 00:19:59,405
it can get a little confusing.
456
00:19:59,405 --> 00:20:01,565
And I've had clients
get tripped up over this
457
00:20:02,055 --> 00:20:04,805
where they had BitLocker enabled as part
458
00:20:04,805 --> 00:20:05,805
of a baseline policy
459
00:20:06,385 --> 00:20:09,045
and then maybe they had
BitLocker enabled as part
460
00:20:09,045 --> 00:20:10,445
of a configuration policy.
461
00:20:10,985 --> 00:20:13,725
And then another thing you
can do is endpoint security is
462
00:20:13,725 --> 00:20:15,165
you can go into disc encryption
463
00:20:15,745 --> 00:20:18,645
and create a policy here
that also does BitLocker.
464
00:20:19,065 --> 00:20:23,845
So well, what I have seen
is they're starting to have,
465
00:20:24,235 --> 00:20:26,965
they used to not have the
exact same settings in
466
00:20:27,065 --> 00:20:28,165
all of those different places.
467
00:20:28,625 --> 00:20:31,045
So depending on which place
you configure BitLocker,
468
00:20:31,415 --> 00:20:33,005
you'd get different options available.
469
00:20:33,265 --> 00:20:34,925
And some of them worked and others didn't.
470
00:20:35,265 --> 00:20:37,405
It looks like they've
started unifying that,
471
00:20:37,945 --> 00:20:42,565
but you could have different
BitLocker policies created in
472
00:20:42,565 --> 00:20:43,885
like three different places
473
00:20:44,025 --> 00:20:45,405
and they all start
fighting with each other.
474
00:20:45,725 --> 00:20:47,605
- I think it's like anything
else, you kinda have
475
00:20:47,605 --> 00:20:49,485
to choose the path you're gonna go
476
00:20:49,485 --> 00:20:50,685
down and then stick to that.
477
00:20:51,345 --> 00:20:53,205
And it goes back to recognizing
478
00:20:53,755 --> 00:20:55,525
it's a suite of stuff, right?
479
00:20:55,555 --> 00:20:56,925
It's, it's, it's, it's a suite
480
00:20:56,925 --> 00:20:58,125
of services that are out there.
481
00:20:58,985 --> 00:21:02,205
So you know, as customers I
think we feel that pain of,
482
00:21:02,385 --> 00:21:05,925
hey there, there are sometimes
2, 3, 4 different ways
483
00:21:06,065 --> 00:21:07,205
to do any given thing here
484
00:21:07,595 --> 00:21:09,245
because ultimately those came out
485
00:21:09,245 --> 00:21:11,285
of like 2, 3, 4 different products
486
00:21:11,285 --> 00:21:13,085
that somehow ended up
in this suite of things
487
00:21:13,585 --> 00:21:16,125
and it's just taking
time to rationalize it
488
00:21:16,125 --> 00:21:17,485
and get it to where it needs to be for
489
00:21:17,485 --> 00:21:18,485
- Sure.
490
00:21:18,485 --> 00:21:20,325
So just one of those things I
would say definitely be aware
491
00:21:20,325 --> 00:21:22,365
of is that, and as we're
going through these
492
00:21:22,365 --> 00:21:25,285
with other things, we talked
about security baselines
493
00:21:25,545 --> 00:21:28,765
and I kind of skipped one
then we talked about BitLocker
494
00:21:28,795 --> 00:21:30,925
disc encryption, which you have,
495
00:21:30,925 --> 00:21:32,285
you can create policies too.
496
00:21:32,305 --> 00:21:35,525
We talked about BitLocker, but
this also works for Mac os.
497
00:21:35,665 --> 00:21:38,325
You don't have baselines for
Mac os, that's only Windows.
498
00:21:38,505 --> 00:21:41,125
But disen encryption you can go in,
499
00:21:41,185 --> 00:21:45,805
create disc encryption policies
for, uh, windows for Mac OX
500
00:21:46,265 --> 00:21:48,525
to uh, enforce FileVault.
501
00:21:48,865 --> 00:21:51,445
But another one of
those that can conflict,
502
00:21:51,505 --> 00:21:52,885
you can have in a couple different places.
503
00:21:53,115 --> 00:21:55,525
This, this is also where you would go in
504
00:21:55,825 --> 00:21:58,845
and configure things
like antivirus policies.
505
00:21:59,345 --> 00:22:03,325
Uh, so if you are using
something like Defender
506
00:22:03,505 --> 00:22:05,765
for Endpoint and you wanna go in
507
00:22:05,765 --> 00:22:09,245
and set up various policies
around antivirus, what's on,
508
00:22:09,245 --> 00:22:12,285
what's enabled, different scan types
509
00:22:12,785 --> 00:22:16,165
and this again, windows, macOS Linux,
510
00:22:17,105 --> 00:22:19,405
you can also do Windows server in here,
511
00:22:19,405 --> 00:22:23,125
which is an interesting option
that you don't have in all
512
00:22:23,125 --> 00:22:24,445
of the endpoint management.
513
00:22:24,625 --> 00:22:25,765
But going in
514
00:22:25,765 --> 00:22:29,085
and setting up defender
updates, antivirus exclusions,
515
00:22:29,595 --> 00:22:31,045
antivirus configurations,
516
00:22:31,585 --> 00:22:34,285
and even some of the Windows
security experience is all
517
00:22:34,315 --> 00:22:38,005
managed from an antivirus
perspective in here as well.
518
00:22:38,665 --> 00:22:41,845
And it'll give you, this is
also, I'm gonna say, I'm trying
519
00:22:41,845 --> 00:22:44,485
to think where with time,
how much we talk about.
520
00:22:44,675 --> 00:22:46,445
This is also where you can go see like
521
00:22:46,445 --> 00:22:48,765
what devices do I have
that have pending updates
522
00:22:48,865 --> 00:22:53,125
or pending full scans,
manual steps, failures,
523
00:22:53,795 --> 00:22:55,525
even different unhealthy endpoints.
524
00:22:55,945 --> 00:22:59,485
So if you are trying to
manage your endpoints
525
00:22:59,585 --> 00:23:02,245
and if you have ones that are unhealthy
526
00:23:02,345 --> 00:23:05,005
or ones that actually have
active malware on them,
527
00:23:05,915 --> 00:23:09,885
that reporting also comes into
your endpoint security here.
528
00:23:10,315 --> 00:23:11,365
This does integrate
529
00:23:11,365 --> 00:23:14,325
and I've, I've seen this
as well a few places
530
00:23:14,495 --> 00:23:17,965
where there's also a balance
here between endpoint security
531
00:23:18,025 --> 00:23:20,365
and the security center
where certain things
532
00:23:20,365 --> 00:23:23,125
that maybe will get picked
up in endpoint security,
533
00:23:23,275 --> 00:23:24,925
surface in the security center
534
00:23:25,185 --> 00:23:27,445
or vice versa to get certain things
535
00:23:27,445 --> 00:23:29,565
to show up in the security
center, you actually do have
536
00:23:29,565 --> 00:23:31,085
to go over here to endpoint security.
537
00:23:31,355 --> 00:23:34,845
There's a little bit of
a, um, not a little bit,
538
00:23:35,035 --> 00:23:39,005
there's a lot of interaction
more so than other areas
539
00:23:39,115 --> 00:23:41,085
between endpoint security here
540
00:23:41,105 --> 00:23:43,405
and the security center
from what I've seen. Yeah,
541
00:23:43,525 --> 00:23:44,805
- I think it tends to
be one of those things
542
00:23:44,805 --> 00:23:49,725
where like diagnostics
is built into Intune.
543
00:23:49,835 --> 00:23:51,485
Like it's there out of
the box for you, right?
544
00:23:51,485 --> 00:23:54,325
Like you don't have to go,
uh, like many things you have
545
00:23:54,325 --> 00:23:56,365
to go like light up and
turn on diagnostics.
546
00:23:56,475 --> 00:23:59,005
Like I I, I know it's like a bad example
547
00:23:59,025 --> 00:24:01,165
but like the M 365 audit log, right?
548
00:24:01,165 --> 00:24:02,845
Like all right, I'm gonna go crank that up
549
00:24:02,865 --> 00:24:04,205
and turn it on kind of thing.
550
00:24:04,395 --> 00:24:06,085
Like this is a place where you just have
551
00:24:06,195 --> 00:24:07,485
diagnostics out of the box.
552
00:24:07,585 --> 00:24:11,125
So I think it makes it
easier to, to integrate with
553
00:24:11,185 --> 00:24:12,365
and and light all that up.
554
00:24:12,385 --> 00:24:14,565
But you have to know the right place
555
00:24:14,585 --> 00:24:16,525
to go to get the information.
556
00:24:16,965 --> 00:24:19,485
I think that's still the
confusing thing about it. I
557
00:24:19,485 --> 00:24:21,405
- Mean other things that
are in here firewall,
558
00:24:21,985 --> 00:24:23,565
that's pretty straightforward again too.
559
00:24:23,885 --> 00:24:26,565
Configuring firewall,
endpoint privilege management.
560
00:24:26,595 --> 00:24:28,845
Have you looked much at
endpoint privilege management?
561
00:24:28,845 --> 00:24:31,685
Scott, this is one that
I haven't done a lot with
562
00:24:32,225 --> 00:24:33,765
in endpoint security.
563
00:24:34,165 --> 00:24:38,685
- I have not played around
with this one at all. ,
564
00:24:38,995 --> 00:24:40,645
- This is one, I think I have it here
565
00:24:40,985 --> 00:24:42,205
- If I'm remembering right, like
566
00:24:42,315 --> 00:24:43,405
yeah, you got the docs there.
567
00:24:43,715 --> 00:24:47,085
This one is primarily
about being able to do like
568
00:24:47,675 --> 00:24:49,485
user elevation.
569
00:24:49,865 --> 00:24:53,445
So you know, getting away from
hey I have like a separate
570
00:24:53,575 --> 00:24:55,085
admin account and a regular user account.
571
00:24:55,085 --> 00:24:57,205
Just being able to take
your regular user account
572
00:24:57,505 --> 00:24:59,645
and get whatever kind of
573
00:25:00,205 --> 00:25:02,605
privileged operation you
need on the client Done.
574
00:25:02,715 --> 00:25:04,765
- Yeah, that's essentially what it is.
575
00:25:05,185 --> 00:25:06,325
And Sean is in the chat
576
00:25:06,425 --> 00:25:09,725
and he said this requires
either Intune Suite or P two
577
00:25:09,825 --> 00:25:11,725
and I will give that disclaimer,
578
00:25:11,865 --> 00:25:16,685
the tenant we are looking at
has every Intune license lit up
579
00:25:16,865 --> 00:25:17,885
by Believe.
580
00:25:18,625 --> 00:25:21,245
So I, to light everything up
581
00:25:21,245 --> 00:25:24,445
that we're talking about
may require Intune suite,
582
00:25:24,575 --> 00:25:29,365
which is indeed an add-on
to the normal Intune.
583
00:25:29,445 --> 00:25:32,885
I think we talked about that
in the first episode, but so,
584
00:25:32,885 --> 00:25:35,845
- So, so just from the
docs it says Intune suite
585
00:25:36,385 --> 00:25:38,965
or there's a standalone
not license for EPM,
586
00:25:38,975 --> 00:25:41,565
which I don't remember seeing
a standalone license for EPM,
587
00:25:41,665 --> 00:25:43,125
but I don't know,
588
00:25:43,175 --> 00:25:45,045
maybe it's available in
some tenant somewhere.
589
00:25:45,045 --> 00:25:46,725
- Maybe there's probably
a standalone license
590
00:25:46,825 --> 00:25:48,005
for just about anything now.
591
00:25:48,225 --> 00:25:49,645
But yeah, this is what
you were talking about.
592
00:25:49,675 --> 00:25:51,125
It's like you have standard users,
593
00:25:51,615 --> 00:25:54,365
maybe there's certain tasks
that require a related
594
00:25:54,585 --> 00:25:58,605
of a late bid elevated privileges,
595
00:25:58,955 --> 00:26:01,285
application installs, device drivers.
596
00:26:02,385 --> 00:26:06,325
And this isn't laps, so this
isn't updating their account
597
00:26:06,425 --> 00:26:09,205
or giving them like admin
creds, it's just allowing them
598
00:26:09,205 --> 00:26:11,205
to elevate permissions
599
00:26:12,025 --> 00:26:15,285
to perform certain tasks
within Windows. Yes.
600
00:26:15,945 --> 00:26:17,805
- So I think it is
important to call out EPM
601
00:26:17,805 --> 00:26:18,925
is Windows only.
602
00:26:18,985 --> 00:26:20,925
Yep, it's Windows 10, windows 11.
603
00:26:21,675 --> 00:26:25,085
It's not just things like
app installations, it's also
604
00:26:25,645 --> 00:26:27,405
elevated file access and,
605
00:26:27,465 --> 00:26:29,685
and a couple of other things
that you can do with it.
606
00:26:29,825 --> 00:26:33,605
But I don't know, given the
licensing restriction, I don't,
607
00:26:33,605 --> 00:26:35,325
I don't know how broadly
applicable that is.
608
00:26:35,355 --> 00:26:36,805
- Yeah, I don't know that it's,
609
00:26:36,965 --> 00:26:40,285
I have not run into many
people that are using
610
00:26:40,285 --> 00:26:42,805
that particular one
endpoint detection response.
611
00:26:42,805 --> 00:26:44,365
This is one I wanted to hit on too
612
00:26:44,365 --> 00:26:45,565
because this is another one
613
00:26:45,565 --> 00:26:49,565
that ties into Security
Center EDR in Intune
614
00:26:49,665 --> 00:26:50,685
or an endpoint security.
615
00:26:50,865 --> 00:26:52,685
And I ran into this with a
client where they were like,
616
00:26:52,685 --> 00:26:54,405
oh yeah, we wanna deploy EDR
617
00:26:54,405 --> 00:26:56,125
and have EDR for all of our endpoints.
618
00:26:56,825 --> 00:27:01,085
And you go into EDR and
endpoint security and go in
619
00:27:01,165 --> 00:27:03,605
and create a policy and
this is another one,
620
00:27:03,605 --> 00:27:06,125
windows 10 11 server, Linux, Mac os
621
00:27:06,835 --> 00:27:10,085
like this policy is
literally you give it a name
622
00:27:10,345 --> 00:27:14,605
and your configuration settings
are enable it or disable it
623
00:27:14,745 --> 00:27:16,325
and there's three settings, ,
624
00:27:16,325 --> 00:27:17,805
there's Enable Defender.
625
00:27:18,515 --> 00:27:21,125
Yeah, it's like enable it for the client,
626
00:27:21,385 --> 00:27:22,645
enable sample sharing.
627
00:27:23,065 --> 00:27:25,405
And then the third one
is telemetry reporting,
628
00:27:25,405 --> 00:27:26,765
which is actually deprecated.
629
00:27:26,865 --> 00:27:28,405
So I guess really there's only two
630
00:27:28,665 --> 00:27:30,605
and then you just go apply
it to all your endpoints.
631
00:27:30,955 --> 00:27:33,085
This one, there's no reporting, there's no
632
00:27:34,125 --> 00:27:35,725
response actions in EDR.
633
00:27:35,755 --> 00:27:38,605
It's literally the policy to enable EDR.
634
00:27:38,985 --> 00:27:42,085
And then what it does is
it enables you to collect
635
00:27:42,085 --> 00:27:43,605
that extra data, like you said,
636
00:27:43,605 --> 00:27:44,885
kinda like the unified audit log
637
00:27:44,885 --> 00:27:46,365
where it's you go turn it on
638
00:27:46,785 --> 00:27:51,245
and then anything else you
do with EDR is all done from
639
00:27:51,785 --> 00:27:54,965
within security.microsoft.com
or the security center.
640
00:27:55,155 --> 00:28:00,085
There's like no EDR
type actions, responses,
641
00:28:00,875 --> 00:28:04,445
hunting, any of that
that would happen within
642
00:28:05,165 --> 00:28:06,645
endpoint security and Intune itself.
643
00:28:06,985 --> 00:28:09,445
So I think one thing to
kinda keep in mind with all
644
00:28:09,445 --> 00:28:12,365
of this is that Intune is a
lot about pushing stuff out
645
00:28:12,365 --> 00:28:14,925
to your devices,
configuring your end points.
646
00:28:15,765 --> 00:28:18,885
It's not so much about
taking action on them
647
00:28:19,025 --> 00:28:22,005
and maybe you'll get a little
reporting sprinkled into
648
00:28:22,205 --> 00:28:24,325
endpoint security or into Intune
649
00:28:24,395 --> 00:28:26,365
- Just a little bit
- just a little bit.
650
00:28:26,435 --> 00:28:28,205
Even the reports in here are not,
651
00:28:28,555 --> 00:28:30,005
they get you some basic information,
652
00:28:30,005 --> 00:28:33,205
but the reporting in Intune
is, could use some work
653
00:28:33,785 --> 00:28:36,765
or again, it's expected that you're gonna,
654
00:28:37,305 --> 00:28:39,285
if you're doing all this, you're
gonna have security center
655
00:28:39,285 --> 00:28:40,045
and you can just go over to
656
00:28:40,245 --> 00:28:41,245
security center and get a lot of it.
657
00:28:42,185 --> 00:28:43,445
So yeah, that's a weird, that's
658
00:28:43,705 --> 00:28:45,045
- Fun times in the Intune suite.
659
00:28:45,315 --> 00:28:46,725
- Yeah. What else do we have in here?
660
00:28:47,005 --> 00:28:49,845
EDR app control for
business, I can't remember.
661
00:28:49,845 --> 00:28:53,245
This one's still in preview.
This is another one that
662
00:28:54,325 --> 00:28:55,885
I have not used.
663
00:28:56,565 --> 00:28:59,285
Policies that trust app
installs for Managed installers.
664
00:29:00,185 --> 00:29:04,725
So this is, we should gonna
learn about managed installers
665
00:29:04,725 --> 00:29:05,765
and have control for business.
666
00:29:05,895 --> 00:29:07,485
We're gonna learn on the fly.
667
00:29:07,535 --> 00:29:10,765
Scott, I think this is really managing
668
00:29:10,765 --> 00:29:14,405
what people are allowed to
install, maybe outside of
669
00:29:15,025 --> 00:29:18,365
app deployments from Intune
Business Barriers trusted
670
00:29:18,505 --> 00:29:22,285
by your organization as authorized sources
671
00:29:22,505 --> 00:29:23,845
for application installation.
672
00:29:24,125 --> 00:29:25,965
- I tend to think of
this one and it might be
673
00:29:26,865 --> 00:29:28,405
not the right way to think about it,
674
00:29:29,065 --> 00:29:31,525
but like software center for Intune.
675
00:29:31,795 --> 00:29:34,645
Like, you know, give me, gimme
a set of things out there
676
00:29:34,645 --> 00:29:36,965
that I'm allowed to install
from trusted sources
677
00:29:37,945 --> 00:29:41,365
and they're kind of a
allow listed, you know, for
678
00:29:41,425 --> 00:29:42,485
for my organization.
679
00:29:42,745 --> 00:29:44,925
- Yep. Said managed installers.
680
00:29:45,235 --> 00:29:46,325
Yeah, where it's watching
681
00:29:46,325 --> 00:29:49,125
what installers are doing
doesn't support applications.
682
00:29:49,275 --> 00:29:51,685
Self update. If an
application was deployed
683
00:29:51,745 --> 00:29:52,925
by managed installer
684
00:29:52,925 --> 00:29:56,005
and later updates itself won't
include original information.
685
00:29:56,755 --> 00:29:59,205
Yeah and can, I don't know
686
00:29:59,205 --> 00:30:00,885
what the licensing is for this one.
687
00:30:00,995 --> 00:30:02,005
This is one that,
688
00:30:02,345 --> 00:30:03,845
it just hasn't been a common one in
689
00:30:03,845 --> 00:30:04,925
the organizations I've done.
690
00:30:04,925 --> 00:30:06,965
Maybe other organizations are using it.
691
00:30:07,185 --> 00:30:09,045
Not super popular from what I've done.
692
00:30:09,585 --> 00:30:11,245
You've got a few others in here as well.
693
00:30:11,425 --> 00:30:13,445
Attack surface reduction policies.
694
00:30:13,955 --> 00:30:17,325
Another one that I haven't done, I need
695
00:30:17,325 --> 00:30:18,605
to do more with Endpoint security.
696
00:30:18,615 --> 00:30:20,885
Scott, anybody wants some
endpoint security stuff?
697
00:30:21,105 --> 00:30:23,005
Oh, did they move web protection in here?
698
00:30:23,185 --> 00:30:24,605
That's the legacy edge though.
699
00:30:24,945 --> 00:30:28,805
Web big protection,
isolating apps and browsers.
700
00:30:29,435 --> 00:30:31,525
Some application control on here as well.
701
00:30:31,945 --> 00:30:36,125
So setting up like let's
go spin up application by
702
00:30:36,645 --> 00:30:38,885
restricting applications that
you're allowed to run code
703
00:30:38,885 --> 00:30:41,805
that executes again
really just weighs a lot
704
00:30:41,805 --> 00:30:45,125
of the endpoint security
is stuff to lock down
705
00:30:45,635 --> 00:30:47,685
what users are allowed
to do on their devices.
706
00:30:48,235 --> 00:30:50,485
This one's gonna be geared more
towards those applications.
707
00:30:50,865 --> 00:30:54,085
Do do, do account protection,
device compliance,
708
00:30:54,115 --> 00:30:57,965
conditional access, device
compliance, conditional access.
709
00:30:58,135 --> 00:31:02,725
Those are going to go right
back into those intro settings.
710
00:31:02,725 --> 00:31:04,325
Those are not new device compliance
711
00:31:04,345 --> 00:31:05,565
or new conditional access.
712
00:31:05,995 --> 00:31:09,685
It's going right back
into the device compliance
713
00:31:09,685 --> 00:31:10,725
that we were talked about.
714
00:31:10,725 --> 00:31:13,725
Devices, what, two episodes ago.
715
00:31:13,875 --> 00:31:16,565
Conditional access is your
enter ID conditional access
716
00:31:16,835 --> 00:31:17,885
account protection.
717
00:31:17,955 --> 00:31:19,605
This is where, this is a new one.
718
00:31:19,605 --> 00:31:23,565
Scott, we should mention this
one is where the new lapses
719
00:31:24,105 --> 00:31:27,565
for Azure ad based lapse.
720
00:31:28,025 --> 00:31:31,645
And this was one that I did
have clients asking about,
721
00:31:32,285 --> 00:31:33,685
I dunno, two or three years ago
722
00:31:33,945 --> 00:31:35,965
as they were coming from on-prem ad
723
00:31:36,175 --> 00:31:39,525
where they had lapsed the
local admin password solution
724
00:31:39,855 --> 00:31:43,085
where users could go in
request essentially admin
725
00:31:43,085 --> 00:31:44,845
credentials to go perform a certain task.
726
00:31:44,945 --> 00:31:46,445
It would rotate on a regular basis.
727
00:31:47,505 --> 00:31:51,765
Uh, there hasn't been a solution for that
728
00:31:52,585 --> 00:31:55,805
if you're in an intra ID only environment
729
00:31:56,145 --> 00:31:59,605
and they rolled this out in
preview maybe a year ago or so.
730
00:31:59,625 --> 00:32:02,645
Now it's not a preview,
now it's a GA feature.
731
00:32:03,185 --> 00:32:05,965
So if you did use Lapse on-prem
732
00:32:06,065 --> 00:32:08,805
or if you're looking for
another one of those solutions
733
00:32:08,815 --> 00:32:10,885
where, you know what, every user
734
00:32:11,425 --> 00:32:13,285
by default should be a standard user.
735
00:32:13,615 --> 00:32:16,965
Maybe we wanna give them admin
creds every once in a while
736
00:32:17,275 --> 00:32:19,805
because they need them
to install an application
737
00:32:19,805 --> 00:32:20,925
or perform a certain task.
738
00:32:21,545 --> 00:32:24,725
But you can now roll out lapse in
739
00:32:25,425 --> 00:32:29,045
ID within the account protection
in your endpoint security.
740
00:32:30,415 --> 00:32:32,525
Other than that, I mean I think that's it.
741
00:32:32,555 --> 00:32:34,085
This is probably the least.
742
00:32:34,635 --> 00:32:36,405
There's a lot of policies in here,
743
00:32:37,225 --> 00:32:41,245
but that's really a lot of
what this is, is just going in
744
00:32:41,245 --> 00:32:42,965
and enabling some of these policies
745
00:32:43,505 --> 00:32:45,205
for all of your endpoints.
746
00:32:45,545 --> 00:32:48,005
The last one I guess is
Microsoft Defender for Endpoint.
747
00:32:48,265 --> 00:32:50,205
If you wanna go in, set that up
748
00:32:50,345 --> 00:32:53,405
and configure different settings
around endpoint security
749
00:32:54,025 --> 00:32:56,005
and enabling defender
750
00:32:56,105 --> 00:33:00,325
to enforce endpoint security
configurations, what level
751
00:33:00,705 --> 00:33:05,165
of devices you want to
connect from Android,
752
00:33:05,825 --> 00:33:08,005
iOS to Microsoft Defender for endpoint
753
00:33:08,945 --> 00:33:10,565
and a little bit of reporting
754
00:33:10,565 --> 00:33:12,165
around devices that have been onboarded.
755
00:33:12,265 --> 00:33:16,485
So overall, I think that walks
756
00:33:16,485 --> 00:33:18,765
through endpoint security
at a high level. You
757
00:33:18,765 --> 00:33:22,005
- Took us way further
than we intended there.
758
00:33:22,345 --> 00:33:23,525
Oh, half, you know,
759
00:33:23,595 --> 00:33:24,965
- With endpoint security. Yeah,
760
00:33:25,275 --> 00:33:26,275
- Yeah.
761
00:33:26,275 --> 00:33:27,765
You, you went, you went
beyond your own notes called
762
00:33:27,765 --> 00:33:28,765
- An audible.
763
00:33:28,765 --> 00:33:29,405
I did go beyond my own notes.
764
00:33:29,645 --> 00:33:31,525
I just get in here and start
looking at the admin center.
765
00:33:31,565 --> 00:33:32,965
I shouldn't have pulled
up the admin center.
766
00:33:33,065 --> 00:33:35,405
That's my, that was my problem, right?
767
00:33:35,805 --> 00:33:37,525
I start playing around with stuff. I
768
00:33:37,525 --> 00:33:39,325
- Mean, at the end of the day,
I think it really is like,
769
00:33:39,395 --> 00:33:41,725
yeah, there, there, there's
some of like the bells
770
00:33:41,725 --> 00:33:43,125
and whistles stuff that you called out.
771
00:33:43,145 --> 00:33:44,245
But in, in my mind,
772
00:33:44,515 --> 00:33:47,325
like endpoint security
really does come down to
773
00:33:48,055 --> 00:33:49,365
encryption policies.
774
00:33:50,195 --> 00:33:54,245
It's your implementation of baselines,
775
00:33:54,555 --> 00:33:58,645
potentially firewalls and antivirus.
776
00:33:59,205 --> 00:34:01,685
Anything outside of that
is really just like above
777
00:34:01,685 --> 00:34:03,485
and beyond icing on
the cake kind of thing.
778
00:34:03,725 --> 00:34:06,325
- I agree. And those are
the four, like those four
779
00:34:06,325 --> 00:34:08,725
that you mentioned are
the biggest ones that
780
00:34:09,525 --> 00:34:11,165
I do have clients implementing the,
781
00:34:11,165 --> 00:34:12,205
those are the ones I want.
782
00:34:12,205 --> 00:34:14,725
They want those baselines
secure their own points,
783
00:34:15,115 --> 00:34:18,365
make sure antivirus is running,
if they're using Defender on
784
00:34:18,365 --> 00:34:19,445
that encryption and firewall.
785
00:34:20,005 --> 00:34:22,365
I would say the next common
one is probably lapse
786
00:34:22,365 --> 00:34:25,605
where I've had more questions
about lapse than some
787
00:34:25,605 --> 00:34:27,645
of the other stuff around
privilege, endpoint management,
788
00:34:27,785 --> 00:34:31,365
NAP controls, and I guess
EDR is the other one.
789
00:34:31,705 --> 00:34:34,165
If you have EDR, I would say turn it on
790
00:34:34,165 --> 00:34:37,165
because it doesn't affect
your devices at all.
791
00:34:37,435 --> 00:34:40,165
It's not like it's pushing out
policies or limiting stuff.
792
00:34:40,545 --> 00:34:41,845
The EDR stuff.
793
00:34:42,425 --> 00:34:44,765
And there are some comments
in the chat about that.
794
00:34:44,765 --> 00:34:46,965
It does have leave some to be desired,
795
00:34:47,345 --> 00:34:49,885
but it's really just
pushing additional data
796
00:34:50,515 --> 00:34:54,405
into your security center
to help detect issues
797
00:34:54,505 --> 00:34:57,005
and respond to threats
798
00:34:57,145 --> 00:34:59,045
or compromises within your environment.
799
00:34:59,225 --> 00:35:01,765
So that's the other way I
would say go set up a policy,
800
00:35:01,835 --> 00:35:03,285
turn it on and as much data
801
00:35:03,285 --> 00:35:05,965
as you can get can be
helpful when you do need it.
802
00:35:05,985 --> 00:35:08,445
Yep. With that, do we finally make it
803
00:35:08,445 --> 00:35:09,885
through Intune, Scott? I think
804
00:35:09,885 --> 00:35:11,205
- We've gone all the way through Intune.
805
00:35:11,385 --> 00:35:13,325
If we have, we're we're,
we're gonna have to go back
806
00:35:13,325 --> 00:35:14,605
to an Azure thing after this.
807
00:35:14,915 --> 00:35:16,525
- Yeah, you get to pick then.
808
00:35:16,705 --> 00:35:18,085
Do you have anything to tease us with?
809
00:35:18,545 --> 00:35:20,485
Are you gonna commit to anything yet? No.
810
00:35:20,485 --> 00:35:22,245
Well yeah, if anybody
has any questions about
811
00:35:22,265 --> 00:35:23,565
Intune, let us know.
812
00:35:23,565 --> 00:35:26,085
Like we did talk about the
One app troubleshooting app
813
00:35:26,085 --> 00:35:29,325
installations, but it is, it's fun.
814
00:35:29,325 --> 00:35:30,805
Scott, I've enjoyed Intune.
815
00:35:30,805 --> 00:35:33,965
There's a lot of stuff in
Intune, a lot of stuff you can do
816
00:35:34,485 --> 00:35:36,605
particularly around
securing your endpoint.
817
00:35:36,665 --> 00:35:40,405
So it's been a fun one for
me to work on. A fun one.
818
00:35:40,405 --> 00:35:42,565
I know Sean has done a bunch
of work in Intune as well.
819
00:35:42,745 --> 00:35:45,285
He really enjoys Intune, so let us know.
820
00:35:45,465 --> 00:35:48,245
And with that we'll wrap
up the Intune episodes
821
00:35:48,745 --> 00:35:52,405
and get to our weekends of
fixing routers and internet.
822
00:35:52,465 --> 00:35:54,805
Sounds like a plan. All
right, well thanks Scott.
823
00:35:55,095 --> 00:35:58,165
Enjoy your weekend and we'll
talk to you again soon.
824
00:35:58,265 --> 00:36:02,525
All right, thanks Ben. If
you enjoyed the podcast,
825
00:36:03,025 --> 00:36:05,085
go leave us a five star rating in iTunes.
826
00:36:05,305 --> 00:36:06,645
It helps to get the word out
827
00:36:06,665 --> 00:36:09,965
so more IT pros can learn
about Office 365 and Azure.
828
00:36:10,625 --> 00:36:13,405
If you have any questions you
want us to address on the show
829
00:36:13,545 --> 00:36:16,045
or feedback about the show, feel free
830
00:36:16,105 --> 00:36:19,165
to reach out via our website,
Twitter, or Facebook.
831
00:36:19,425 --> 00:36:21,525
Thanks again for listening
and have a great day.
