vulnerabilities in on-premises Active Directory environments. When multiple privileged accounts share the same password, a single compromise can cascade across your entire infrastructure. In this post, I'll demonstrate how to audit your Active Directory environment for shared passwords using PowerShell and the DSInternals module.

myself), are managing those iOS devices as private BYOD devices enrolled through the Company Portal. As of such, keeping the devices up to date is the end-user's responsibility and something that's often forgotten and neglected. So what if we could send those devices and users a kind reminder automatically, both as a custom notification directly on the device, but also as an e-mail? Microsoft Intune Powershell SDK to the rescue!

that's considered the crown jewels. This is due to Active Directory still being the bread and butter for most organizations in regard to authentication and authorization. When it comes to security, automation is your best friend and keeping a close eye on privileged group membership should be on top of your list. This post will walk you through, how you can make sure no unwelcome objects make their way into privileged groups in on-premises AD, by leveraging Microsoft Sentinel and its option to run playbooks automated. This breaks down to Microsoft Sentinel generating an alert, which triggers the associated Playbook, which triggers a Logic app, which triggers a Runbook in an Automation Account, which ultimately runs a PowerShell script on an on-premises server.

security-conscious professionals, we need to be proactive about monitoring whether our users' credentials have been compromised. That's why I built an automated PowerShell tool that checks Entra ID (Azure AD) group members against the Have I Been Pwned database.

Sysmon (System Monitor) from Microsoft's Sysinternals suite is an essential tool for detailed system monitoring and security analysis. However, traditional installation can be time-consuming, especially in urgent situations. This blog post introduces a PowerShell script that automates the download, extraction, and installation of Sysmon, along with applying a pre-configured setup.

what's changed and started browsing and comparing the various settings via the admin portal. Then I realized how that's not very optimal, and began looking for alternatives. I eventually got myself into trying something new, and went on to compare the Security Baselines Profiles using Powershell and the Microsoft Graph. The result of that journey is this post.

already. At time of writing, the new security baseline for Windows 11 23H2 in Intune configure this as well, restricting local logons to the built-in groups: Users and Administrators. This solution does something else. This solution grabs the currently logged on user and configures the 'Allow logon locally' policy to ONLY allow this very user as well as Administrators to be able to log on locally.

Windows 11.

releases an iOS update, Intune can flag non-compliance - but the built-in notifications on iOS are often overlooked and don't have the same visibility or urgency as alerts on a user's primary work device. The solution: cross-platform automation.

script I'm using to prevent users from migrating to the new Outlook if your environment isn't quite ready for it.

heard about the recommendation to disable the legacy protocol NetBIOS in Windows. If this is news to you, there's some interesting reading for you in this article: Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay, Sub-technique T1557.001 - Enterprise | MITRE ATT&CK NOTE: Before disabling anything, make sure you do your due diligence and monitor your environment for NetBIOS traffic, so you don't accidently break stuff!

a jiffy using PowerShell and Configuration Manager I received a few questions whether the PowerShell script can be used with Microsoft Intune instead of Microsoft Configuration Manager. And sure! This post will explain one of many approaches available with Intune.

Microsoft Intune Remediations. The script handles both HKCU and HKLM, supports all registry types, and works on Microsoft Entra ID and hybrid joined devices.

banners and pop-ups. But in 2025 - almost 2026 - it's time to reframe the conversation: ad blocking is a fundamental security control every organization should implement.

apps. Instead of specifying a command line, you upload a script. This gives admins more flexibility when deploying applications. I've created a template (install and uninstall) that can serve as inspiration

exclusively for Microsoft Intune!