Compliance

Deploying a Custom Power Plan with Intune Remediations

Posted on February 1, 2024 by Trevor Jones in Compliance, Intune, Powershell

For a long time I've used ConfigMgr to manage power settings on devices, but I recently decided to migrate this to Intune. There is more than one way to configure power settings in Intune, such as using the Settings Catalog or the Power Policy CSP. But these approaches do not (currently) allow management of all … Continue reading Deploying a Custom Power Plan with Intune Remediations →

Encrypting Sensitive Data for Transit or Rest with PowerShell

Posted on September 23, 2022 by Trevor Jones in Compliance, Powershell

This blog is about how you can use the .Net cryptography model to encrypt and decrypt sensitive information such as passwords with PowerShell. It is specifically for the encryption in transit and encryption at rest scenarios, where, for example, you may be sending data to a backend service and securely storing it in that service. … Continue reading Encrypting Sensitive Data for Transit or Rest with PowerShell →

Automate a Daily Activity Log Audit Report for an Azure Subscription

Posted on September 13, 2022 by Trevor Jones in Azure, Compliance, Powershell, Reporting

Yesterday I published a PowerShell script that retrieves activity log events for an Azure subscription. In this post, I will demonstrate how you could automate a daily email summary report of activities in your subscription using Azure automation. The email report looks something like this, with a summary of operations performed over the last 24 … Continue reading Automate a Daily Activity Log Audit Report for an Azure Subscription →

Audit Events in Your Azure Subscription with PowerShell

Posted on September 12, 2022September 13, 2022 by Trevor Jones in Azure, Compliance, Powershell, Reporting

Update! v.1.1 released fixing a bug where the most recent events were not being returned (2022-09-13) A quick post - I just published a new script for retrieving activity log events for an Azure subscription as the current options for searching and retrieving events didn't satisfy me. Azure Monitor has an activity log at the … Continue reading Audit Events in Your Azure Subscription with PowerShell →

Enhance Update Compliance Reporting with Microsoft Endpoint Manager

Posted on May 26, 2022 by Trevor Jones in Compliance, Intune, Powershell, Reporting, Software Updates

If you're using Windows Update for Business in Microsoft Endpoint Manager you're probably also using Microsoft's Update Compliance solution for reporting. Update Compliance contains some useful data and I know the team are working on additional improvements. A while back I created my own "Update Compliance" solution in part because I wasn't happy with the … Continue reading Enhance Update Compliance Reporting with Microsoft Endpoint Manager →

Update MEMCM Configuration Item Supported Platform conditions for Windows 11 with PowerShell

Posted on November 29, 2021 by Trevor Jones in Compliance, ConfigMgr, Powershell, SCCM

Ok, so I'm late to the party but I recently updated MEM Configuration Manager to 2107 and checking the release notes the supported platform conditions for configuration items don't automatically get updated to include Windows 11 where they've been targeted to Windows 10. I've got lots of CIs and I didn't want to manually update … Continue reading Update MEMCM Configuration Item Supported Platform conditions for Windows 11 with PowerShell →

Use Proactive remediations to report on or install the Microsoft Update Health tools

Posted on July 22, 2021 by Trevor Jones in Compliance, Intune, Powershell, Reporting, Software Updates

Microsoft recently made a download available for their Update Health tools - if you're using Microsoft Endpoint Manager and enrolling or co-managing Windows devices these tools need to be installed to make use of the capability for expediting quality updates. For devices connected to Windows Update or Windows Update for Business these tools should already … Continue reading Use Proactive remediations to report on or install the Microsoft Update Health tools →

MEMCM Compliance Item Scripts to Secure PointAndPrint Registry Keys

Posted on July 9, 2021 by Trevor Jones in Compliance, ConfigMgr, Powershell, SCCM

Microsoft published some updated guidance yesterday for the Windows Print Spooler Vulnerability (CVE-2021-3457) and recommend securing a couple of Point and Print registry keys if they exist, in addition to deploying the security update: After applying the security update, review the registry settings documented in the CVE-2021-34527 advisoryIf the registry keys documented do not exist, … Continue reading MEMCM Compliance Item Scripts to Secure PointAndPrint Registry Keys →

A case of the unexplained: Intune password policy and forced local account password changes

Posted on April 27, 2021 by Trevor Jones in Compliance, ConfigMgr, Intune, Powershell, SCCM

Having a password policy is a best practice for security of accounts, whether domain, local or wherever passwords are used. In the Windows world, domain accounts have a default domain password policy. Azure AD accounts have the Azure AD password policy. Accounts local to Windows can have a password policy too, and you can use … Continue reading A case of the unexplained: Intune password policy and forced local account password changes →

Get the current patch level for Windows 10 with PowerShell

Posted on April 20, 2021April 22, 2021 by Trevor Jones in Compliance, Powershell, Reporting, Software Updates

I was working on some updates to our unified reporting solution for Windows Updates (ie WUfB + MEMCM) and I wanted to figure out simply from the OS build number whether a Windows 10 workstation has the latest cumulative update installed. The only reliable and useable static list I could find for Windows 10 build … Continue reading Get the current patch level for Windows 10 with PowerShell →