Intune EMS Discovery Questionnaire for FastTrack

 

Advertisements
Posted in Documents, elearning, Enterprise Mobility Security, Microsoft, Microsoft 365 | Leave a comment

Work Folders vs Offline Files vs OneDrive (comparisons chart)

workfolders-offlinefiles-onedrive

 

Posted in Uncategorized | Leave a comment

Windows 10 Updates & Management Options (Quick Showcase)

You are here: Study Notes > MICROSOFT > Windows 10 > Deployment > Updates > Quick Showcase – Windows 10 Updates & Management Options (Web view)

Windows 10 Updates & Management Options

•       Overview – Win10  (Web view)

•       Modern Desktop Deployment Center

•       Quick guide to Windows as a Service

•       Tech Community Windows Insider

•       Windows Insiders Meetup (WIM)

Modern Desktop Deployment Process

•        Getting Started: People, Process and Technology Guidance

Step 1: Device and App Readiness

Step 2: Directory and Network Readiness

Step 3: Office and LOB App Delivery

Step 4: User Files and Settings Migration

Step 5: Security and Compliance Considerations

Step 6: OS Deployment and Feature Updates

Step 7: Windows and Office as a Service

Step 8: User Communications and Training

•        Get your Leadership on Board: Value Discovery and Business Case

The Windows 10 operating system introduces a new way to build, deploy, and service Windows.

Planning & Process Documents

Steps to manage updates for Windows 10

From <https://docs.microsoft.com/en-us/windows/deployment/windows-10-architecture-posters>

Microsoft 365 Powered Device Lab Kit v3 1803

+

Windows Insider Program for Business getting started

You can install on individual or multiple devices. Click here to learn how.

Windows Insider Program

Windows Insider Program for Business

What’s new for Windows Insider Program for Business Preview Builds

Get started with the Windows Insider Program for Business

Register with the Windows 10 Insider Program for Business

Install Windows Insider Program for Business preview builds

Manage Windows Insider Program for Business Preview builds

Share Feedback Via the Feedback Hub

Windows readiness levels and flight rings

Windows Insider Program troubleshooting

From https://docs.microsoft.com/en-us/windows-insider/at-work-pro/wip-4-biz-get-started

  • WS00151: Deploy and manage Windows as a service
  • Heard about Windows as a service but don’t completely get it, yet? We recommend this lab. It teaches you how Microsoft will update Windows 10 with new functionality and how you can manage that process. Concepts in this lab include everything from deferral policies in Windows Update for Business to managing updates in Windows Server Update Services.
  • > LAUNCH LAB <

Online Training Workshops & Events

Desktop & Device Manager
myignite.techcommunity.microsoft.com/learning-paths/66821

Role: Microsoft 365 Enterprise Administrator
Learning Path: Mobility and Security
Microsoft 365 Device Management – MS-101.3

Posted in elearning, LABS, Microsoft, windows 10 | Leave a comment

Windows 10 Modern Desktop PoC

windows-10-logo.png

onenote-icon-logo1 Overview  (Web view)

You are here: Study Notes > MICROSOFT > Windows 10 > Modern Desktop POC > MDPoC > Overview – Windows 10 Modern Desktop 365 Powered Devices PoC

Modern Desktop 365 PoC

From <https://www.microsoft.com/microsoft-365/partners/moderndesktop-ECIF-PoC>

 Modern Desktop Partner Resources

From <https://www.yammer.com/office365partners/#/threads/inGroup?type=in_group&feedId=14347875>

 

Moodle LMS course format – Modern Desktop Windows 10

moodle-cloud-logo

Microsoft 365 Modern Desktop PoC WorkshopPLUS

From <https://theitppl.moodlecloud.com/>

 

Microsoft-365-Win10-MD-PoC-Learning-Paths-ITPRO.png

mec-sign-up

 

  • Table Of Contents

Overview – Windows 10 Modern Desktop 365 Powered Devices PoC

Ready your team for the modern workplace

Get your team certified on cloud-critical identity and access management skills

Considering Microsoft 365? Get your team certified on Office 365

Moving to Microsoft 365? Get your team certified on Windows 10

Helping customers shift to a modern desktop

Making IT simpler with a modern workplace

Windows lifecycle fact sheet

Modern Desktop technical webinars & consultations – June, July & August

Modern Desktop technical webinars & consultations – August, September & October

# M365 Powered Device PoC – Customer Presentation 1803

Windows-10-Enterprise-Proof-of-Concept-from-Microsoft-Services

Windows IT Pro Center – What’s new for IT Pros in Windows 10, version 1803

TechCommunity – What’s new for IT pros in Windows 10, version 1803

FY18 Partner Microsoft 365 Powered Device Presentation (June 14)

Modern Desktop Training Library

Microsoft 365 – The Benefits and Features of Windows 10 LEARNING PATH

Microsoft 365 Partner Webinar Series

Microsoft 365 Powered Device Proof of Concept and Pilot (OFF507PAL)

The Windows 10 Link List

Microsoft Ready – All July 2017 Sessions

Modern Desktop Assessment

01 Overview & Delivery Timelines guide

02 Assessment Goals

03 Shift to a modern desktop

04 How do you deploy Modern Desktop

05 Introduction to Windows Analytics

06 Partner Delivery Guide

07 Findings & Recommendations

08 Customer Report Guidelines

* LAB – Microsoft DEMOS – Microsoft 365 Enterprise Hero Demo

5-Day Workshop PoC

# 00 Project Kickoff

* LAB – Microsoft DEMOS – Microsoft 365 Powered Device

# MODULE 01 Overview

# MODULE 02 Servicing

Overview of Windows as a service

Preparing Your Enterprise for Windows 10 as a Service

02 Deploying Windows as a Service

03 Staying Current with Windows as a Service

# MODULE 03 Deployment and Management

Modern deployment options in Windows 10

Modern Windows 10 management strategies, using Configuration Manager and Microsoft Intune

Deploying Windows 10: User-driven cloud deployment with Windows AutoPilot – BRK3031

Deploying Windows 10: An overview of what’s new and future direction – BRK3030

Windows AutoPilot: What it is and how it works

Desktop deployment for Microsoft 365 – Windows 10 & Office 365 ProPlus

Deploying Windows 10 Using System Center Configuration Manager

01 Preparing Configuration Manager for Windows 10

02 Operating System Deployment (OSD) Basics

03 Deploying and Managing Windows 10 with System Center Configuration Manager

Windows as a service

Modern User Environment Management

# MODULE 04 Security

Windows 10 Security in Real Life

Windows 10 – 3min features – Windows Defender

Windows Defender Application Guard overview

How Windows Defender Credential Guard works

Deep Dive into Credential Guard

01 Credential Guard

Security Expert Roundtable: Advanced Threat Protection at Microsoft (October 2017)

# MODULE 05 Compatibility

* LAB – Microsoft DEMOS – Modern Desktop TCO

Inspire Modern Desktop – Windows Analytics Click Through

Windows 10 Analytics (MPN17584)

01 Windows Telemetry

02 WINDOWS SERVER 2016 AND SYSTEM CENTER 2016 TELEMETRY – Technical Overview Whitepaper 2016

Developer’s Guide to the Desktop Bridge

01 Intro

02 Desktop App Converter

03 Debugging and Testing Your Converted Apps

04 Distributing Your Converted Apps

05 Enhancing Desktop Applications with UWP Features

06 Extending and Modernizing Applications with UWP Components

07 What’s next for Desktop Bridged

05 Compatibility Breakouts

# MODULE 06 Assessment Roadmap

# MODULE 07 Project Close

Modern Desktop Pilot

M365PDP_D00_DeliveryGuide_1803

M365PDP_D01_SolutionArchitecture_1803

M365PDP_D02_CapabilityArchitecture_1803

M365PDP_D03_ProjectKickoff_1803

M365PDP_D04_ProjectCloseout_1803

M365PDP_D05_TrainingPlan_1803

M365PDP_D06_DocumentGraphics_1803

M365PDP_S00_Datasheet_1803

M365PDP_S01_SalesDeck_1803

Microsoft 365 Powered Device Pilot sow editable copy

Configure & Enable Co-Management

CM_CoManagement_TechnicalGuide_1803

CM_Comanagement_Workshop_1803

Configure & Enable Modern Deployment

Modern Deployment_TechnicalGuide_1803

Modern Deployment_Workshop_1803

Design & Implement Application Delivery

ApplicationDelivery_TechnicalGuide_1803

CM_ApplicationDelivery_Workshop_1803

Design & Implement Windows Servicing

Servicing_TechnicalGuide_1803

Servicing_Workshop_1803

Design & Pilot In-Place Upgrade Deployment

InPlaceUpgrade_TechnicalGuide_1803

InPlaceUpgrade_Workshop_1803

Infrastructure Foundations

Infrastructure Foundations_TechnicalGuide_1803

Infrastructure Foundations_Workshop_1803

Security Foundations

SecurityFoundations_TechnicalGuide_1803

M365 Powered Device Pilot_SecurityFoundations_Workshop_1803

Upgrade CM Core Infrastructure

M365PDP_CM_UpgradeInfra_TechnicalGuide_1803

M365 Powered Device Pilot_UpgradeInfra_Workshop_1803

Desktop Deployment Planning Services

Microsoft 365 Powered Devices Lab Guides

00_Lab Setup – On-Premises Environment Setup

01_Lab Setup – Cloud Environment

02_Lab Setup – On-Premises Environment Post Setup Manual Steps

03_Servicing – Windows Analytics Update Compliance

04_Servicing – Servicing Windows 10 with Configuration Manager

05_Servicing – Servicing Office 365 ProPlus with Configuration Manager

06_Deployment & Management – Modern Device Deployment

07_Deployment & Management – Modern Device Management

08_Deployment & Management – Office 365 ProPlus Deployment

09_Deployment & Management – BIOS to UEFI Conversion

10_Deployment & Management – Modern Application Management

11_Deployment & Management – Enterprise State Roaming

12_Security – Windows Defender Application Guard

13_Security – Windows Defender Exploit Guard

14_Security – Windows Defender Advanced Threat Protection

15_Security – Device Guard – User Mode Code Integrity

16_Security – Windows Hello

17_Security – Credential Guard

18_Security – Device Encryption

19_Security – Windows Information Protection

20_Security – Remote Access (VPN)

21_Compatibility – Windows Analytics Upgrade Readiness

22_Compatibility – Desktop Bridges

23_Compatibility – Browser Compatibility

24_Compatibility – Windows App Certification Kit

25_Compatibility – Application Virtualization

Additional Technical Resources

Windows 10 Resources – General Information & News (Sway Presentation)

Modern Workplace Learning Maps

Microsoft Education Resource Center

Microsoft Academic & Partner Programs for Education & Learning Partners

Microsoft

Microsoft Digital Literacy

Professional Development through the Microsoft Educator Community

Microsoft Tech Academy

Microsoft Azure Essentials

Visual Studio Dev Essentials

Office 365 Dev Program

Microsoft Cloud Society

Practice Acceleration Framework

Microsoft Azure Master

MCSE Mobility & Windows 10 Modern Desktop Admin – Exam Prep

# vNext Steps & Windows Modern SysAdmin

What’s New? Windows Client Workshops

Posted in elearning, Microsoft, windows 10 | Leave a comment

Microsoft Certified Trainer 2018-2019

http://mct.robertgabos.com

mct-badge-2018-2019
Microsoft Certified Trainer 2018-2019
Go to this Sway

 

Posted in IT-CERTS, Microsoft | Leave a comment

Active Directory Replication Troubleshooting Tools

Posted in Active Directory, elearning, Microsoft, Windows Server | Leave a comment

IIS Security SSL TLS Windows OS schannel protocol settings

Here is a collection of IIS Security related documents related to the SSL TLS updates in Windows.

The settings below will enforce TLS 1.1 and 1.2 for Windows Server 2008 SP2 all the way till Win10 and Server 2016

It will change the default behaviour for versions older then Windows 10.

The new changes are presented in this chart.

Windows OS

SSLv2

SSLv3

TLS 1.0

TLS 1.1

TLS 1.2

Windows Server 2008

Disabled

Disabled

Disabled

Enabled

Enabled

Windows 7 (WS2008 R2)

Disabled

Disabled

Disabled

Enabled

Enabled

Windows 8 (WS2012)

Disabled

Disabled

Disabled

Enabled

Enabled

Windows 8.1 (WS2012 R2)

Disabled

Disabled

Disabled

Enabled

Enabled

Windows 10

Disabled

Disabled

Disabled

Enabled

Enabled

Windows Server 2016

Not Supported

Disabled

Disabled

Enabled

Enabled

The PowerShell cmdlet to use in this case for working with the Registry keys is New-ItemProperty

# enable TLS 1.2 for client and server

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server” -name “Enabled” -value 1 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client” -name “Enabled” -value 1 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

# enable TLS 1.1 for client and server

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server” -name “Enabled” -value 1 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client” -name “Enabled” -value 1 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

# disable TLS 1.0 for client and server

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server” -name “Enabled” -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client” -name “Enabled” -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client” -name “DisabledByDefault” -value 0 -PropertyType “DWord”

# disable SSL 3.0

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server” -name Enabled -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client” -name Enabled -value 0 -PropertyType “DWord”

# disable SSL 2.0

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server”

md “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server” -name Enabled -value 0 -PropertyType “DWord”

new-itemproperty -path “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client” -name Enabled -value 0 -PropertyType “DWord”

Before enforcing the settings via the Registry keys, the default settings are shown in these tables.

Windows OS

SSLv2

SSLv3

TLS 1.0

TLS 1.1

TLS 1.2

Windows Vista

Enabled

Enabled

Default

Not Supported

Not Supported

Windows Server 2008

Enabled

Enabled

Default

Disabled

Disabled

Windows 7 (WS2008 R2)

Enabled

Enabled

Default

Disabled

Disabled

Windows 8 (WS2012)

Disabled

Enabled

Enabled

Enabled

Default

Windows 8.1 (WS2012 R2)

Disabled

Enabled

Enabled

Enabled

Default

Windows 10

Disabled

Enabled

Enabled

Enabled

Default

Windows Server 2016

Not Supported

Disabled

Enabled

Enabled

Default

TLS 1.0 Client TLS 1.0 Server TLS 1.1 Client TLS 1.1 Server TLS 1.2 Client TLS 1.2 Server
Windows Vista/Windows Server 2008 Enabled Enabled Not supported Not supported Not supported Not supported
Windows Server 2008 with Service Pack 2 (SP2) Enabled Enabled Disabled Disabled Disabled Disabled
Windows 7/Windows Server 2008 R2 Enabled Enabled Disabled Disabled Disabled Disabled
Windows 8/Windows Server 2012 Enabled Enabled Enabled Enabled Enabled Enabled
Windows 8.1/Windows Server 2012 R2 Enabled Enabled Enabled Enabled Enabled Enabled
Windows 10, version 1507 Enabled Enabled Enabled Enabled Enabled Enabled
Windows 10, version 1511 Enabled Enabled Enabled Enabled Enabled Enabled
Windows 10, version 1607/Windows Server 2016 Standard Enabled Enabled Enabled Enabled Enabled Enabled
Windows 10, version 1703 Enabled Enabled Enabled Enabled Enabled Enabled
Windows OS PCT 1.0 SSL2 Client SSL2 Server SSL3 Client SSL3 Server
Windows Vista/Windows Server 2008 Not supported Disabled Enabled Enabled Enabled
Windows Server 2008 with SP2 Not supported Disabled Enabled Enabled Enabled
Windows 7/Windows Server 2008 R2 Not supported Disabled Enabled Enabled Enabled
Windows 8/Windows Server 2012 Not supported Disabled Disabled Enabled Enabled
Windows 8.1/Windows Server 2012 R2 Not supported Disabled Disabled Enabled Enabled
Windows 10, version 1507 Not supported Disabled Disabled Enabled Enabled
Windows 10, version 1511 Not supported Disabled Disabled Enabled Enabled
Windows 10, version 1607/Windows Server 2016 Standard Not supported Not supported Not supported Disabled Disabled
Windows 10, version 1703 Not supported Not supported Not supported Disabled Disabled

For older versions of Windows these updates need to be installed.

For Windows 7, Windows Server 2008 R2
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

For Windows Server 2008 SP2
https://support.microsoft.com/en-us/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows

Update install files for Win2008SP2
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4019276

Update install files for Win7 and 2008R2
http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb3140245

A good best practice article from the Exchange server team shows examples of TLS settings, https://blogs.technet.microsoft.com/exchange/2015/07/27/exchange-tls-ssl-best-practices/

Also a big change for Office 365 later this year will be related to TLS 1.2

Preparing for the mandatory use of TLS 1.2 in Office 365
https://support.microsoft.com/en-ca/help/4057306/preparing-for-tls-1-2-in-office-365

For logging this exact information in IIS servers. The best way I found so far is via this new option using the Custom logging field.

https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/logfile/customfields/

New IIS functionality to help identify weak TLS usage
https://cloudblogs.microsoft.com/microsoftsecure/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/

** As a best practice it has been suggested to disable SSL 3.0 on client systems first, to gauge usage and report compatibility problems before making the same changes on the servers.

Using Internet Explorer, there are Group Policy settings available to push these type of security compliance settings out to clients.

Tools that can be used to built templates are Microsoft Security Compliance Manager and the Security Compliance Toolkit

  • Microsoft KB reference articles

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll
https://support.microsoft.com/en-ca/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc

Protocols in TLS/SSL (Schannel SSP)
https://msdn.microsoft.com/library/windows/desktop/mt808159.aspx

Transport Layer Security (TLS) registry settings
https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings

TLS/SSL Settings
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)

TLS 1.2 support at Microsoft
https://cloudblogs.microsoft.com/microsoftsecure/2017/06/20/tls-1-2-support-at-microsoft/

Exchange TLS & SSL Best Practices
https://blogs.technet.microsoft.com/exchange/2015/07/27/exchange-tls-ssl-best-practices/

  • Related Online Resources

IIS Cipher Suites and TLS Configuration
https://gist.github.com/jasonnemesis/ecd2071ec97d7ef4b4f5435633ff2671#file-iis_cipher_suites_and_tls_config-md

Setup your IIS for SSL Perfect Forward Secrecy and TLS 1.2
https://gist.github.com/matejskubic/10268126

 Latest content available on OneNote


Posted in Microsoft, Windows Server | Tagged , , , , , , , , , | Leave a comment