Posts

Import ACSC Windows Hardening Policies in Intune - Step by Step Instructions

Image
Step by Step instructions to create ACSC Windows 10 hardening settings in Intune using Graph API Microsoft have published Intune policies to comply with   Australian Cyber Security Centre's (ACSC) Windows 10 Hardening Guidance .    This policies are quite easy to import using graph explorer using official instruction provided at  https://github.com/microsoft/Intune-ACSC-Windows-Hardening-Guidelines.  However, this guide provides detailed steps by step instructions and screenshots to simply this process.  To import these settings in Intune follow these steps 1. Navigate to  Microsoft Graph Explorer . 2. Click on Sign in, login  using authorised privileges in respective tenant i.e. Global Administrator   3. You may get a prompt to accept the consent,   select  Consent on behalf of your organization then   click Accept. 4. Create a post request using Beta schema and type following query as shown in the screenshot, https://graph.microsoft.com/beta/deviceManagement/configurationPolicie

Create a Windows 10 settings catalog from group policies using CIS Benchmark for Windows 10, Edge or Chrome

Image
Microsoft have released new feature in Intune Service release 2204 (April 2022) that allows to create a settings Catalog policy using imported GPOs from Intune Group Policy Analytics, please note that this feature is in public preview so it can only get better from here ! you can learn more about functionality and official announcement here   link . In this blog, we will import the CIS Benchmark for Windows 10 21H2 Group Policies settings in Intune then covert to Settings Catalog. CIS Secure Suite membership is required to download automated build kits make it fast and easy to configure your systems in accordance with a CIS Benchmark. You can also download sample build Kit for free from here . About CIS As per the official Microsoft Document - CISbenchmarks are internationally recognized as security standards for defendingIT systems and data against cyberattacks. Used by thousands of businesses, theyoffer prescriptive guidance for establishing a secure baseline configuration. Y

How to uninstall Sophos Endpoint Protection

Image
Sophos have officially logged the KB article to build custom batch file to trigger uninstallation from the computers.  Sophos Endpoint Security and Control: How to uninstall using a command line or batch file The Sample Batch File is showing here . The above process does work but it is time consuming and challenging.  I found the most quickest and easiest method by revoking the "C:\Program Files\Sophos\Sophos Endpoint Agent\uninstallcli.exe", all you need to do is disabled temper protection from Sophos Console. Here the screenshot showing the Sophos Components are removed one by one. After few mins, all components will be removed. You can easily deploy this using Intune or any other device management tool. 

How to deploy Application (offline installer DMG) on Apple MacOS Devices using Microsoft Intune

Image
Microsoft Intune does not support deployment of DMG file. As per the  Microsoft documentation   : " Only  .pkg files may be used to upload macOS LOB apps to Microsoft Intune. Conversion of other formats, such as .dmg to .pkg is not supported." Microsoft Intune have provided support to deploy shell script to macOS. In the example below, I will deploy Adobe Acrobat Reader DC 2020.009.20063 DMG file on MacOS Device. Save following script as .sh package i.e.  InstallAdobeReader.sh #! /bin/sh url=https://ardownload2.adobe.com/pub/adobe/reader/mac/AcrobatDC/2000920063/AcroRdrDC_2000920063_MUI.dmg   set -x tempd=$(mktemp -d) curl $url > $tempd/AdobeReaderDC.dmg listing=$(sudo hdiutil attach $tempd/AdobeReaderDC.dmg | grep Volumes) volume=$(echo "$listing" | cut -f 3) package=$(ls -1 "$volume" | grep .pkg | head -1) sudo installer -pkg "$volume"/"$package" -target / sudo hdiutil detach "$(echo "$volume" | cut -f 1)" rm -r