Zero Trust, Secure Administration and ADJ/HAADJ vs. AADJ

September 21, 2023September 22, 2023 ~ cford79 ~ Leave a comment

One of the security issues that domain joined/Active Directory Joined (ADJ) devices bring with them is the tight network connectivity that they require to Domain Controllers (DCs). ADJ and likewise Hybrid Azure AD Joined (HAADJ) devices require 1000's of ports open to DCs in order to function, and these same ports are also used for … Continue reading Zero Trust, Secure Administration and ADJ/HAADJ vs. AADJ

Hardening: Using LGPO to enforce non-Intune supported settings on AAD devices. ACSC example.

July 12, 2022 ~ cford79 ~ Leave a comment

There are a number of security baselines out there for Windows clients: Microsoft, CIS, NIST and ACSC to name a few. These baselines focus mainly on domain-joined Windows clients, however Microsoft do also release security baselines targeted at Intune/AAD-only clients through their Intune Security Baselines. The reason Microsoft release separate baselines for AAD vs. AD … Continue reading Hardening: Using LGPO to enforce non-Intune supported settings on AAD devices. ACSC example.

Microsoft/Intune/ACSC Security Baseline Comparison for Windows 10 21H2

June 16, 2022June 17, 2022 ~ cford79 ~ 1 Comment

FINAL-MS Security Baseline Windows 10 v21H1-Intune-ACSCDownload If you have ever wanted to know the difference between these baselines, the attached spreadsheet contains a comparison between all three for Windows 10 21H1. The Microsoft baseline was used as the base with columns added for the others with some colour-coding for easy sorting / filtering. Update 17/06/2022: … Continue reading Microsoft/Intune/ACSC Security Baseline Comparison for Windows 10 21H2