In this blog, I want to discuss one mitigation technique for the attack DPERSIST1 better known as “golden certificate”.

A user with administrative permissions is able to create Defender AV exclusions without using the Add-MPPrefence cmdlet. Because of the way the exclusion is created, most public guidelines and hunting queries on detecting this kind of change won’t detect it. Even more troubling is the fact that Microsoft Defender for Endpoint will not log any of those changes made. Therefore it’s not easy to detect and could go undetected for security personnel which relies on those queries and products.

Officially Pulse Secure does not yet support Windows 11, but that doesn’t mean it won’t work. However, it is not as easy as expected. The connection keeps getting disconnected after a few seconds. The manual solution which is described in the forum was a bit too “manual” for me. Open the settings of the “Juniper Networks Virtual Adapter” Enable the “Juniper Network Service” network binding Since the virtual network card is automatically removed if the connection is not successful and then loses the setting, I have automated the steps via PowerShell.

Some Exchange Online users receive the following error message for one or more invited mailboxes when creating new meetings: MapiExceptionShutoffQuotaExceeded. This article looks for the cause and a solution to the problem.

In the last blogpost of the series it gets a bit more technical. Because for FIDO2 Security Keys as a login method, some additional settings can be configured in the Azure Portal

So far, we have only used FIDO2 security keys and Windows Hello for Business for sign-in. Unfortunately, there is still a gap in order to get along completely without a password. Microsoft does not currently support FIDO2 sign-in on Android or iOS, so a password would be required for sign-in on the smartphone. But there is a solution for this as well.