Local admin report with Defender for EndPoint

Alex Mags

Securing Windows PCs starts with managing local administator access. Microsoft Defender for Endpoint logs every login and records if it was a local admin. Use this KQL query in the Advanced Hunting portal to create a report.

Bitlocker status report with Defender for EndPoint

Alex Mags

Are all your machines encrypted? If a laptop was lost is the data protected or you’ll need to declare. Microsoft Defender for EndPoint (aka ATP) stores Bitlocker status information. Use the following KQL query in the Advanced Hunting portal.

Assign Azure AD role By AD Security Group

Alex Mags
Using AD security groups to delegate access to Azure AD roles is not supported at the moment (March 2021). This post offers two workarounds. Permissions to manage Azure AD and Office365 are often assigned via Azure AD Roles. If you have strong access management processes and tooling for on prem Active Directory (access request &approval workflow, joiners & leavers, access reviews & reporting, auditing and alerts) you’ll likely want to reuse these to manage access to Azure AD and Office365.