CCMTune

Presentation This script provides an overview of the status of the various security components integrated into Windows 10 and 11. Github link : https://github.com/ChrisMogis/Win11_Security_Check When running the script, we check for the following: Windows Defender Windows Firewall Secure Boot Bitlocker Windows Updates Windows Hypervisor Credential Guard Device Guard App Guard As well as the status of the following protocols : SMB v1 TLS1.2 SSL 2.0 SSL3.0 PCT 1.0 WDigest LLMNR HVCI Execution Command line :  powershell.exe -executionpolicy ByPass -file .\W11_Security_Check.ps1 Other information The script will evolve in the coming weeks and integrate the remediation part.

Disable Internet Explorer on Windows 10 Client For obvious security reasons, it is essential to disactivate Internet Explorer on all computers in your IT infrastructure. In this article, i'm going to explain all steps for disable Internet Explorer on Windows 10 client.  source :  https://docs.microsoft.com/en-us/deployedge/edge-ie-disable-ie11 Process Open the Microsoft Intune Console : https://Endpoint.microsoft.com Select Devices / Windows / Configuration profiles  Click Create profile Select platform,  Profile type and Custom Enter a name select Add  Enter this informations Name :  Disable Internet Explorer 11 Description :  Disable Internet Explorer for all computers OMA-URI :  ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableInternetExplorerApp Data type : String Value :  <enabled/><data id="NotifyDisableIEOptions" value="2"/> Click Save and Next  Select device group for assignment and click Next In applicability Rules, click Next R

Presentation Microsoft has just added a very interesting feature to Microsoft Intune, it now offers us the possibility of importing configuration elements (ADML & ADMX) into MEM. This makes it easier for us to customize products like Mozilla Firefox on Windows 10/11 workstations. For more information, see this article :  https://docs.microsoft.com/en-us/mem/intune/configuration/administrative-templates-import-custom Now I will detail the procedure to follow to exploit this new feature with Mozilla Firefox. Prerequisites Firefox available on your computer Download the latest version of ADMX/L for Firefox  https://github.com/mozilla/policy-templates/releases Process Import ADMX / ADML Connect to MEM console :  https://endpoint.microsoft.com Go to  Devices  /  Configuration Profiles  /  Import ADMX  /  Import Import your files  in MEM Your configuration files have uploaded with success Create configuration profile based on firefox ADMX / L  Connect to MEM console :  https://endpoint.m

Presentation Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization. The target, simplify the management of patch management and reduce security gaps on your IT equipment. Prerequisites Licencing Windows 10/11 Enterprise E3 Connectivity Access to multiple Microsoft service endpoints from corporate network Azure AD Azure Active Directory must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure Active Directory Connect to enable Hybrid Azure Active Directory join. Device management Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices. At least, the Windows Update, Device configurat

 Presentation This post details all the steps to set the correct time zone on the device managed by Microsoft Intune. This setting disables the "Set time zone automatically" option. This configuration is particularly relevant when deploying Windows 365 devices used by users in different countries or users who do not travel abroad. Process Open the Microsoft Intune Console :  https://Endpoint.microsoft.com Click "Create Profile" Select  "Windows 10 and later"  then  "Settings Catalog"  and click  "Create" Complete the field  "Name" Click  "Add Settings" Enter  "Time zone"  in the search zone and click  "Search"  then in the category field, select  "Time Language Settings"  and Tick  "Configure Time Zone" Enter your Time Zone ID in the field  "Configure Time Zone"  To get the list of Time zone IDs, open a PowerShell console and launch this command line :   Get-TimeZone

 Presentation When we want to set up a lab, we are forced to multiply the clicks to create our environment. To make my task easier, I created a script with two virtual machine templates. Github link :   https://github.com/ChrisMogis/Create_VM_HyperV.ps1.git  The first model proposes: 2 vCPU 2Gb  of memory 60Gb  hard drive The second model proposes :  4 vCPU 4Gb  of memory 80Gb  fard drive Prerequisites CPU compatible with virtualization instructions Virtualization activated in UEFI Windows 10/11 Pro or Enterprise license Hyper-V is available on your computer How to install Hyper-V :  https://www.ccmtune.fr/2022/08/how-to-install-hyper-v-feature-on.html Variables avalables in the Script VM naming Two variables used for create the name of vitrual machine $VMNumber  =  Get Random $VMName  =  "CCMT" + $VMNumber Virtual Switch This variable is used to name the virtual switch that will be created when you run the script.  (If the virtual switch already exist, the script bypass the

Presentation The Hyper-V virtualization module allows you to create one or more virtual machines on a physical server or a PC. In our case, we are going to install it on a PC equipped with Windows 11.  Note that you need a Windows Professional or Enterprise edition license for this. Prerequisites CPU compatible with virtualization instructions Virtualization activated in UEFI Windows 10/11 Pro or Enterprise license Install feature Installation via Windows's GUI Go to Start Menu / Settings / Apps / Optional Features Click More optional features Search Hyper-V , tick the Hyper-V and click OK Windows proceed on Hyper-V installation. After this step, a computer restart is required. Installation with PowerShell Open Powershell with admin right Insert this command line :  Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All Check installation with this command line :   (Get-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V).State

Presentation During the registration phase of the device at the Windows Autopilot service level, we may encounter the following error: Windows 11 Windows 10 This error comes from the fact that the user is probably not authorized to join his machine through the Windows Autopilot service. Resolution For resolved this issue, I invite you to carry out the following procedure : You go to Portal.azure.com Devices section Device setting And active " Users may join devices to Azure AD ", two possibilities : All                 OR Selected (select one or many user groups)