tag:blogger.com,1999:blog-69011489203527936892024-03-05T22:15:57.895+01:00Security technologies on Microsoft & Mix Reality environnementMicrosoft security. Mix Reality device and platform related securityLionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.comBlogger236125tag:blogger.com,1999:blog-6901148920352793689.post-60577784229892030452017-03-31T20:51:00.002+02:002017-03-31T20:51:25.220+02:00[Windows 10] Device Guard and Credential Guard hardware readiness tool & écran bleu<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFL8kEYy2SY0ZeuGhKN3CiotmLS_b6TEOPAb9J8Wvwk21N3sOI7mcUZwsbnP9dSkCjb9tmPlhVX-kH_xs9PCGoFMdePyU0V5PboiFR2GjbmCsm4Xne8jqXRO8S-LqiNrjZ1VKs18OHjqVB/s1600/Win10-Broken.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="133" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFL8kEYy2SY0ZeuGhKN3CiotmLS_b6TEOPAb9J8Wvwk21N3sOI7mcUZwsbnP9dSkCjb9tmPlhVX-kH_xs9PCGoFMdePyU0V5PboiFR2GjbmCsm4Xne8jqXRO8S-LqiNrjZ1VKs18OHjqVB/s200/Win10-Broken.jpg" width="200" /></a></div>
<br />
Récemment je souhaitais tester la compatibilité matérielle de ma société pour <a href="https://technet.microsoft.com/fr-fr/library/dn986865(v=vs.85).aspx">Device Guard</a> et <a href="https://technet.microsoft.com/fr-fr/library/mt483740(v=vs.85).aspx">Credential Guard</a>, j'ai donc lancé sur un échantillon représentatif du parc le script fournis par Microsoft <a href="https://www.microsoft.com/en-us/download/details.aspx?id=53337">ici</a> pour être sûr de ne pas rencontrer de problème lié à l’incompatibilité matérielle. <br />
<br />
<a name='more'></a>Quelques jours plus tard je fais face assez fréquemment (une fois le matin et une fois l'après-midi) face à un sympathique SOD (<b>S</b>miley <b>O</b>f the <b>D</b>eath) de type 0x109 :(.<br />
<br />
<br />
Je rencontrais le problème sur tous les ordinateurs de test avec parfois une erreur liée à “verifier”, après investigation avec notre TAM Microsoft j'ai regardé en détail le contenu du script PowerShell utilisé pour les vérifications de compatibilités avec Credential Guard & Device Guard. Et effectivement il y a des références liés à “<a href="https://msdn.microsoft.com/windows/hardware/drivers/devtest/driver-verifier">verifier.exe</a>”:<br />
<br />
<div style="background: #202020; border-bottom: gray 0.1em solid; border-left: gray 0.8em solid; border-right: gray 0.1em solid; border-top: gray 0.1em solid; overflow: auto; padding-bottom: 0.2em; padding-left: 0.6em; padding-right: 0.6em; padding-top: 0.2em; width: auto;">
<pre style="line-height: 125%; margin: 0px;"><span style="color: #6ab825; font-weight: bold;">function</span> <span style="color: #d0d0d0;">CheckDriverCompat</span>
<span style="color: #d0d0d0;">{</span>
<span style="color: #40ffff;">$_HVCIState</span> <span style="color: #d0d0d0;">=</span> <span style="color: #d0d0d0;">CheckDGRunning(2)</span>
<span style="color: #6ab825; font-weight: bold;">if</span><span style="color: #d0d0d0;">(</span><span style="color: #40ffff;">$_HVCIState</span><span style="color: #d0d0d0;">)</span>
<span style="color: #d0d0d0;">{</span>
<span style="color: #d0d0d0;">LogAndConsoleWarning</span> <span style="color: #ed9d13;">"HVCI is already enabled on this machine, driver compat list might not be complete."</span>
<span style="color: #d0d0d0;">LogAndConsoleWarning</span> <span style="color: #ed9d13;">"Please disable HVCI and run the script again..."</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #40ffff;">$verifier_state</span> <span style="color: #d0d0d0;">=</span> <span style="color: #d0d0d0;">verifier</span> <span style="color: #d0d0d0;">/query</span> <span style="color: #d0d0d0;">|</span> <span style="color: #24909d;">Out-String</span>
<span style="color: #6ab825; font-weight: bold;">if</span><span style="color: #d0d0d0;">(</span><span style="color: #40ffff;">$verifier_state</span><span style="color: #d0d0d0;">.ToString().Contains(</span><span style="color: #ed9d13;">"No drivers are currently verified."</span><span style="color: #d0d0d0;">))</span>
<span style="color: #d0d0d0;">{</span>
<span style="color: #d0d0d0;">LogAndConsole</span> <span style="color: #ed9d13;">"Enabling Driver verifier"</span>
<span style="color: #d0d0d0;">verifier.exe</span> <span style="color: #d0d0d0;">/flags</span> <span style="color: #d0d0d0;">0x02000000</span> <span style="color: #d0d0d0;">/all</span> <span style="color: #d0d0d0;">/log.code_integrity</span>
<span style="color: #d0d0d0;">LogAndConsole</span> <span style="color: #ed9d13;">"Enabling Driver Verifier and Rebooting system"</span>
<span style="color: #d0d0d0;">Log</span> <span style="color: #40ffff;">$verifier_state</span>
<span style="color: #d0d0d0;">LogAndConsole</span> <span style="color: #ed9d13;">"Please re-execute this script after reboot...."</span>
<span style="color: #6ab825; font-weight: bold;">if</span><span style="color: #d0d0d0;">(</span><span style="color: #40ffff;">$AutoReboot</span><span style="color: #d0d0d0;">)</span>
<span style="color: #d0d0d0;">{</span>
<span style="color: #d0d0d0;">LogAndConsole</span> <span style="color: #ed9d13;">"PC will restart in 30 seconds"</span>
<span style="color: #d0d0d0;">ExecuteCommandAndLog</span> <span style="color: #ed9d13;">'shutdown /r /t 30'</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #6ab825; font-weight: bold;">else</span>
<span style="color: #d0d0d0;">{</span>
<span style="color: #d0d0d0;">LogAndConsole</span> <span style="color: #ed9d13;">"Please reboot manually and run the script again...."</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #d0d0d0;">exit</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #6ab825; font-weight: bold;">else</span>
<span style="color: #d0d0d0;">{</span>
<span style="color: #d0d0d0;">LogAndConsole</span> <span style="color: #ed9d13;">"Driver verifier already enabled"</span>
<span style="color: #d0d0d0;">Log</span> <span style="color: #40ffff;">$verifier_state</span>
<span style="color: #d0d0d0;">ListDrivers(</span><span style="color: #40ffff;">$verifier_state</span><span style="color: #d0d0d0;">.Trim().ToLowerInvariant())</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #d0d0d0;">}</span>
</pre>
</div>
<br />
On s'apercoit dans cette section du script que la vérification des pilotes proches du kernel passe en mode “agressif”, et certains pilotes n'apprécient pas beaucoup (les anti-virus pour ne pas les citer) et le montre avec un joli SOD de type 0x109 …<br />
<br />
Afin de résoudre ce problème et revenir à un mode normal, il faut lancer l'outil verifier.exe avec des privilèges élevés. Puis sur l'écran de configuration il faut sélectionner l'option qui supprime tous les paramètres liés à l'outil. Cela n'aura aucun effet de bords, en effet il est principalement utilisé par l’équipe de support de Microsoft pour investigation :<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDc5Wc4WROJBUwNYpzkfx8e0ZwXnUxshcX-oyfeNKj0eioZr1bACcHLBC5EolubDqa_26ClSF-7IBOTdfFYeHdo1mxI7sMy66M5N9QKV0rznBn_XJDopEUqhn9V_iTRt0_v6uhY7ai-Xhm/s1600/Verifier.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="336" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDc5Wc4WROJBUwNYpzkfx8e0ZwXnUxshcX-oyfeNKj0eioZr1bACcHLBC5EolubDqa_26ClSF-7IBOTdfFYeHdo1mxI7sMy66M5N9QKV0rznBn_XJDopEUqhn9V_iTRt0_v6uhY7ai-Xhm/s400/Verifier.png" width="400" /></a></div>
<br />
<br />
Après un redémarrage les SOD disparaissent comme par magie :)Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-13379225565023290272017-03-31T20:33:00.001+02:002017-03-31T20:35:51.778+02:00[Windows 10] Device Guard and Credential Guard hardware readiness tool & bleu screen<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFL8kEYy2SY0ZeuGhKN3CiotmLS_b6TEOPAb9J8Wvwk21N3sOI7mcUZwsbnP9dSkCjb9tmPlhVX-kH_xs9PCGoFMdePyU0V5PboiFR2GjbmCsm4Xne8jqXRO8S-LqiNrjZ1VKs18OHjqVB/s1600/Win10-Broken.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="133" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFL8kEYy2SY0ZeuGhKN3CiotmLS_b6TEOPAb9J8Wvwk21N3sOI7mcUZwsbnP9dSkCjb9tmPlhVX-kH_xs9PCGoFMdePyU0V5PboiFR2GjbmCsm4Xne8jqXRO8S-LqiNrjZ1VKs18OHjqVB/s200/Win10-Broken.jpg" width="200" /></a></div>
<br />
I want to test the hardware compatibility of the asset of my company for <a href="https://technet.microsoft.com/en-us/library/dn986865(v=vs.85).aspx">Device Guard</a> and <a href="https://technet.microsoft.com/en-us/library/mt483740(v=vs.85).aspx">Credential Guard</a>, I launch on a sample of assets a script provided by Microsoft <a href="https://www.microsoft.com/en-us/download/details.aspx?id=53337">here</a> to be sure that we will not face an hardware incompatibility. <br />
<br />
<a name='more'></a>Some days after I face very frequently (once the morning and the afternoon) a friendly SOD (<b>S</b>miley <b>O</b>f the <b>D</b>eath) 0x109 :(.<br />
<br />
<br />
It happens on every computer I made the test and sometimes with the “verifier” stop error, after investigation with our Microsoft TAM I look carefully inside the PowerShell script used to make the checks for Credential Guard & Device Guard. And by coincidence several lines launch “<a href="https://msdn.microsoft.com/windows/hardware/drivers/devtest/driver-verifier">verifier.exe</a>”:<br />
<br />
<div style="background: #202020; border-bottom: gray 0.1em solid; border-left: gray 0.8em solid; border-right: gray 0.1em solid; border-top: gray 0.1em solid; overflow: auto; padding-bottom: 0.2em; padding-left: 0.6em; padding-right: 0.6em; padding-top: 0.2em; width: auto;">
<pre style="line-height: 125%; margin: 0px;"><span style="color: #6ab825; font-weight: bold;">function</span> <span style="color: #d0d0d0;">CheckDriverCompat</span>
<span style="color: #d0d0d0;">{</span>
<span style="color: #40ffff;">$_HVCIState</span> <span style="color: #d0d0d0;">=</span> <span style="color: #d0d0d0;">CheckDGRunning(2)</span>
<span style="color: #6ab825; font-weight: bold;">if</span><span style="color: #d0d0d0;">(</span><span style="color: #40ffff;">$_HVCIState</span><span style="color: #d0d0d0;">)</span>
<span style="color: #d0d0d0;">{</span>
<span style="color: #d0d0d0;">LogAndConsoleWarning</span> <span style="color: #ed9d13;">"HVCI is already enabled on this machine, driver compat list might not be complete."</span>
<span style="color: #d0d0d0;">LogAndConsoleWarning</span> <span style="color: #ed9d13;">"Please disable HVCI and run the script again..."</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #40ffff;">$verifier_state</span> <span style="color: #d0d0d0;">=</span> <span style="color: #d0d0d0;">verifier</span> <span style="color: #d0d0d0;">/query</span> <span style="color: #d0d0d0;">|</span> <span style="color: #24909d;">Out-String</span>
<span style="color: #6ab825; font-weight: bold;">if</span><span style="color: #d0d0d0;">(</span><span style="color: #40ffff;">$verifier_state</span><span style="color: #d0d0d0;">.ToString().Contains(</span><span style="color: #ed9d13;">"No drivers are currently verified."</span><span style="color: #d0d0d0;">))</span>
<span style="color: #d0d0d0;">{</span>
<span style="color: #d0d0d0;">LogAndConsole</span> <span style="color: #ed9d13;">"Enabling Driver verifier"</span>
<span style="color: #d0d0d0;">verifier.exe</span> <span style="color: #d0d0d0;">/flags</span> <span style="color: #d0d0d0;">0x02000000</span> <span style="color: #d0d0d0;">/all</span> <span style="color: #d0d0d0;">/log.code_integrity</span>
<span style="color: #d0d0d0;">LogAndConsole</span> <span style="color: #ed9d13;">"Enabling Driver Verifier and Rebooting system"</span>
<span style="color: #d0d0d0;">Log</span> <span style="color: #40ffff;">$verifier_state</span>
<span style="color: #d0d0d0;">LogAndConsole</span> <span style="color: #ed9d13;">"Please re-execute this script after reboot...."</span>
<span style="color: #6ab825; font-weight: bold;">if</span><span style="color: #d0d0d0;">(</span><span style="color: #40ffff;">$AutoReboot</span><span style="color: #d0d0d0;">)</span>
<span style="color: #d0d0d0;">{</span>
<span style="color: #d0d0d0;">LogAndConsole</span> <span style="color: #ed9d13;">"PC will restart in 30 seconds"</span>
<span style="color: #d0d0d0;">ExecuteCommandAndLog</span> <span style="color: #ed9d13;">'shutdown /r /t 30'</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #6ab825; font-weight: bold;">else</span>
<span style="color: #d0d0d0;">{</span>
<span style="color: #d0d0d0;">LogAndConsole</span> <span style="color: #ed9d13;">"Please reboot manually and run the script again...."</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #d0d0d0;">exit</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #6ab825; font-weight: bold;">else</span>
<span style="color: #d0d0d0;">{</span>
<span style="color: #d0d0d0;">LogAndConsole</span> <span style="color: #ed9d13;">"Driver verifier already enabled"</span>
<span style="color: #d0d0d0;">Log</span> <span style="color: #40ffff;">$verifier_state</span>
<span style="color: #d0d0d0;">ListDrivers(</span><span style="color: #40ffff;">$verifier_state</span><span style="color: #d0d0d0;">.Trim().ToLowerInvariant())</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #d0d0d0;">}</span>
</pre>
</div>
<br />
We could notice on this section of the script that the check of the drivers switch to an “aggressive” mode, and a lot of kernel drivers (the anti-virus for example) don't like it and show it through a SOD 0x109 …<br />
<br />
In order to solve this issue we need to go back to a normal mode, in order to do that we need to launch verifier.exe with high privileges. And on the setting screen we choose the option that delete all the settings related to the tool. Don't worry there will not impact anything, indeed this tool is mainly used by the support team of Microsoft when they need to investigate:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDc5Wc4WROJBUwNYpzkfx8e0ZwXnUxshcX-oyfeNKj0eioZr1bACcHLBC5EolubDqa_26ClSF-7IBOTdfFYeHdo1mxI7sMy66M5N9QKV0rznBn_XJDopEUqhn9V_iTRt0_v6uhY7ai-Xhm/s1600/Verifier.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="336" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDc5Wc4WROJBUwNYpzkfx8e0ZwXnUxshcX-oyfeNKj0eioZr1bACcHLBC5EolubDqa_26ClSF-7IBOTdfFYeHdo1mxI7sMy66M5N9QKV0rznBn_XJDopEUqhn9V_iTRt0_v6uhY7ai-Xhm/s400/Verifier.png" width="400" /></a></div>
<br />
<br />
After a reboot the SOD disappeared by magic :)Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-49345504341120528732016-05-09T09:05:00.000+02:002016-05-09T09:05:12.171+02:00[ATA] Microsoft Advanced Threat Analytics 1.6 est disponible !<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEG2E1YyePE_j6oGX2capLPa0Yd_QSNXS-Kqe7clhJIVVMZKsPg1InUxUQqhBbG307NO89Yv7liyjZxzrKAooDHlbnHbTorfkq1TqP1WBy8ls6DwXZJK_b8WAsYG-kfXB7NoKhIEf1OXR3/s1600/ATA_Logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEG2E1YyePE_j6oGX2capLPa0Yd_QSNXS-Kqe7clhJIVVMZKsPg1InUxUQqhBbG307NO89Yv7liyjZxzrKAooDHlbnHbTorfkq1TqP1WBy8ls6DwXZJK_b8WAsYG-kfXB7NoKhIEf1OXR3/s1600/ATA_Logo.png" /></a></div>
<span xmlns=""><br />Microsoft a récemment publié la version 1.6 d'<a href="https://www.microsoft.com/fr-fr/server-cloud/products/advanced-threat-analytics/default.aspx">Advanced Threat Analytics</a> (ATA).</span><br />
<span xmlns=""></span> <br />
<a name='more'></a><span xmlns="">Parmi les nouveautés, l'on peut noter :</span><br />
<ul>
<li><span xmlns=""> Des nouveaux mécanismes de détection tel que :</span></li>
<ul>
<li><span xmlns="">Enumération Net Session via le protocole SMB afin de découvrir les serveurs hébergeant les GPOs et donc les contrôleurs de domaine</span> </li>
<li><span xmlns="">Requêtes de réplications AD non autorisées</span> </li>
<li><span xmlns=""><span xmlns="">Requêtes </span>DPAPI malicieuses afin de voler une clé de recouvrement et ainsi accéder à des secrets protégés par cette dernière</span></li>
</ul>
<li><span xmlns="">Une amélioration de détection des mécanismes déjà existant</span> </li>
<li><span xmlns="">Un nouveau rôle nommé la Lightweight gateway : si la gateway avec les prérequis de miroir de port réseau est trop lourd il est possible pour des petits sites distant par exemple d’installer une version minimaliste sur un contrôleur de domaine qui agira comme un agent</span> </li>
<li><span xmlns="">Des mises à jour automatisées : il est possible désormais d’utiliser Microsoft Update, SCCM ou WSUS pour les nouveaux algorithmes comportementaux, les mécanismes de détections et les nouvelles fonctionnalités / résolution de bug</span> </li>
<li><span xmlns="">L’amélioration des performances</span> </li>
<li><span xmlns="">Une diminution des besoins de stockage : la nouvelle version utilise jusque 5 fois moins d’espace de stockage</span> </li>
<li><span xmlns="">Le support du SIEM IBM QRadar </span></li>
</ul>
<br />
<span xmlns="">Vous pouvez télécharger cette version aux adresses suivantes : </span><br />
<ul>
<li><span xmlns="">Version d'évaluation sur le <a href="https://www.microsoft.com/en-us/evalcenter/evaluate-microsoft-advanced-threat-analytics">Download Center</a></span> </li>
<li><span xmlns="">Portail <a href="https://www.microsoft.com/Licensing/servicecenter/default.aspx">V</a></span><a href="https://www.microsoft.com/Licensing/servicecenter/default.aspx">olume License Service</a> </li>
<li><a href="https://msdn.microsoft.com/en-us/subscriptions/downloads/?FileId=66994#searchTerm=&ProductFamilyId=595&Languages=en&PageSize=10&PageIndex=0&FileId=0">MSDN</a> </li>
</ul>
Si vous souhaitez accéder au nouveau site technique de Microsoft qui remplace le TechNet, vous trouverez la partie spécifique à ATA à l’adresse suivante : <a href="https://docs.microsoft.com/en-us/advanced-threat-analytics/" title="https://docs.microsoft.com/en-us/advanced-threat-analytics/">https://docs.microsoft.com/en-us/advanced-threat-analytics/</a><br />
<br />
Et comme d'habitude n'oubliez pas de lire <a href="https://docs.microsoft.com/fr-fr/advanced-threat-analytics/understand-explore/ata-update-1.6-migration-guide">les précautions d'usage pour la mise à jour de votre infrastructure</a> ainsi que les <a href="https://docs.microsoft.com/en-us/advanced-threat-analytics/understand-explore/whats-new-version-1.6#known-issues">problèmes connus</a> ;)Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-80194826976460685692016-05-09T09:00:00.000+02:002016-05-09T09:00:12.843+02:00[ATA] Microsoft Advanced Threat Analytics 1.6 is available!<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEG2E1YyePE_j6oGX2capLPa0Yd_QSNXS-Kqe7clhJIVVMZKsPg1InUxUQqhBbG307NO89Yv7liyjZxzrKAooDHlbnHbTorfkq1TqP1WBy8ls6DwXZJK_b8WAsYG-kfXB7NoKhIEf1OXR3/s1600/ATA_Logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEG2E1YyePE_j6oGX2capLPa0Yd_QSNXS-Kqe7clhJIVVMZKsPg1InUxUQqhBbG307NO89Yv7liyjZxzrKAooDHlbnHbTorfkq1TqP1WBy8ls6DwXZJK_b8WAsYG-kfXB7NoKhIEf1OXR3/s1600/ATA_Logo.png" /></a></div>
<span xmlns=""><br />Microsoft recently released <a href="https://www.microsoft.com/en-us/server-cloud/products/advanced-threat-analytics/default.aspx">Advanced Threat Analytics</a> (ATA) 1.6.</span><br />
<span xmlns=""></span> <br />
<a name='more'></a><span xmlns="">The main new features are:</span><br />
<ul>
<li><span xmlns="">New detection mechanism like:</span> <ul>
<li><span xmlns="">Net Session enumeration through SMB in order to discover the share with the GPOs and so the domain controllers</span> </li>
<li><span xmlns="">Malicious AD replications requests</span> </li>
<li><span xmlns=""><span xmlns="">Malicious </span>DPAPI in order to steal the recovery keys that give access to the shared secrets protected by this key</span></li>
</ul>
</li>
<li><span xmlns="">Improvement of existing detection mechanism </span> </li>
<li><span xmlns="">A new Lightweight gateway role: if the gateway with the port mirroring prerequisite is to heavy it’s possible for small remote sites it’s now possible to deploy a small version of the gateway on the domain controller acting like an agent</span> </li>
<li><span xmlns="">Automated updates: it’s now possible to use Microsoft Update, SCCM or WSUS in order to deploy new behaviour algorithm, detection mechanism, new features and hotfixes</span> </li>
<li><span xmlns="">Improvement of performance</span> </li>
<li><span xmlns="">Reduction of storage requirement: this version use only 20% of storage space used by the previous version</span> </li>
<li><span xmlns="">Support of IBM QRadar SIEM</span></li>
</ul>
<br />
<span xmlns="">This version is available for download at the following address: </span><br />
<ul>
<li><span xmlns="">Evaluation version on <a href="https://www.microsoft.com/en-us/evalcenter/evaluate-microsoft-advanced-threat-analytics">Download Center</a></span> </li>
<li><a href="https://www.microsoft.com/Licensing/servicecenter/default.aspx">Volume License Service</a> Portal </li>
<li><a href="https://msdn.microsoft.com/en-us/subscriptions/downloads/?FileId=66994#searchTerm=&ProductFamilyId=595&Languages=en&PageSize=10&PageIndex=0&FileId=0">MSDN</a> </li>
</ul>
If you want to use the new technical documentation portal of Microsoft which replace TechNet, you could found the dedicated part for ATA is available at: <a href="https://docs.microsoft.com/en-us/advanced-threat-analytics/" title="https://docs.microsoft.com/en-us/advanced-threat-analytics/">https://docs.microsoft.com/en-us/advanced-threat-analytics/</a><br />
<br />
And as usual don't forget to read carefully <a href="https://docs.microsoft.com/fr-fr/advanced-threat-analytics/understand-explore/ata-update-1.6-migration-guide">how to upgrade to the last version your infrastructure</a> and the <a href="https://docs.microsoft.com/en-us/advanced-threat-analytics/understand-explore/whats-new-version-1.6#known-issues">known issues</a> ;)Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-26243375541953207552016-04-04T09:10:00.000+02:002016-04-04T09:10:00.220+02:00[MDOP] Microsoft BitLocker Administration and Monitoring 2.5 SP1 est disponible !<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoYu4s10kH1Tu6bwdFFbjPLBC8Y43o-D5c_S0zAO05pfsJtYcQPK968EwlBQhyH5WW7gErOlG8hzSsJT8BX04rCCNHnMWsc8fDXXnCxPwlt7O4YRBheAA4oqJCWGv_IyOwBAwDSf2MM3JX/s1600/BitLocker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoYu4s10kH1Tu6bwdFFbjPLBC8Y43o-D5c_S0zAO05pfsJtYcQPK968EwlBQhyH5WW7gErOlG8hzSsJT8BX04rCCNHnMWsc8fDXXnCxPwlt7O4YRBheAA4oqJCWGv_IyOwBAwDSf2MM3JX/s1600/BitLocker.png" width="200" /></a></div>
<br />
Microsoft a récemment publié la version 2015 de Microsoft Desktop Optimization Pack (MDOP) qui apporte le Service Pack 1 de la version 2.5 de Microsoft BitLocker Administration and Monitoring (MBAM). <br />
<a name='more'></a>Parmi les nouvelles fonctionnalités de MBAM 2.5 SP1 on peut noter :<br />
<table> <tbody>
<tr> <th>Déploiement</th> <th>Gestion</th> <th>Entreprise</th> <th>Personalisation</th></tr>
<tr> <td>Nouveaux scripts pour la gestion de master</td> <td>Cmdlets pour importer les informations BitLocker et TPM depuis l’AD</td> <td>Ajout du support de Windows 10</td> <td>Modification de l’écran de recouvrement de BitLocker</td></tr>
<tr> <td>Demande du PIN après masterisation</td> <td>Déverrouillage automatique du TPM après recouvrement BitLocker</td> <td>Support des disques avec chiffrement matériel</td> <td>Modification du SSP lors de l’installation</td></tr>
<tr> <td>Amélioration du séquestre du mot de passe de gestion du TPM</td> <td>Consolidation et simplification de la journalisation du serveur</td> <td>Support des noms DNS Internationaux</td> <td>Traduction du client en 23 langues</td></tr>
<tr> <td></td> <td></td> <td><a href="http://blogs.technet.com/b/askcore/archive/2014/12/29/how-to-make-your-existing-bitlocker-encrypted-environment-fips-complaint.aspx">Support du FIPS pour le mot de passe de recouvrement pour Windows 7</a></td> <td>Mise à jour du schéma des rapports afin d’être édité par Report Builder</td></tr>
</tbody></table>
<br />
<h3>
I/ Nouvelles cmdlets powershell </h3>
MBAM 2.5 SP1 apporte les cmdlets suivantes :<br />
<ul>
<li>Write-MbamTpmInformation </li>
<li>Write-MbamRecoveryInformation </li>
<li>Read-ADTpmInformation </li>
<li>Read-ADRecoveryInformation </li>
<li>Write-MbamComputerUser </li>
</ul>
De nouveaux paramètres sont désormais disponibles pour les cmdlets <i>Enable-MbamWebApplication</i> et <i>Test-MbamWebApplication</i> afin de gérer les rôles Web de MBAM :<br />
<ul>
<li>DataMigrationAccessGroup </li>
<li>TpmAutoUnlock </li>
</ul>
Et enfin un nouveau script fait son apparition "<i>Invoke-MbamClientDeployment.ps1</i>" pour une meilleure gestion du déploiement de l’agent :<br />
<table style="width: 652px;"> <tbody>
<tr> <th>Parametre</th> <th></th> <th>Description</th></tr>
<tr> <td>-RecoveryServiceEndpoint</td> <td>Requis</td> <td>MBAM recovery service endpoint</td></tr>
<tr> <td>-StatusReportingServcieEndpoint</td> <td>Optionnel</td> <td>MBAM status reporting service endpoint</td></tr>
<tr> <td>-EncryptionMethod</td> <td>Optionnel</td> <td>Méthode de chiffrement (AES 128 par défaut)</td></tr>
<tr> <td>-EncryptAndEscrowDataVolume</td> <td>Switch</td> <td>Chiffre le volume et séquestre la clé de recouvrement</td></tr>
<tr> <td>-WaitForEncryptionToComplete</td> <td>Switch</td> <td>Attendre la fin du chiffrement</td></tr>
<tr> <td>-IgnoreEscrowOwnerAuthFailure</td> <td>Switch</td> <td>Ignore l’échec du séquestre du mot de passe de gestion du TPM</td></tr>
<tr> <td>-IgnoreEscrowRecoveryKeyFailure</td> <td>Switch</td> <td>Ignore l’échec du séquestre du mot de passe de recouvrement</td></tr>
<tr> <td>-IgnoreReportStatusFailure</td> <td>Switch</td> <td>Ignore l’échec d’envoi du statu</td></tr>
</tbody></table>
<br />
<br />
De plus si l’on souhaite installer l’agent MBAM, au travers d’une séquence de tache ou manuellement, le script permet de demander immédiatement le code PIN: <i>setFirstRunKey.ps1</i><br />
<br />
<h3>
II/ Active Directory data migration </h3>
<div>
Un autre cas que j’ai souvent rencontré lors de la mise en place de MBAM qui peut être problématique : parfois on peut se retrouver sur un déploiement de BitLocker avec une gestion des clés dans AD.</div>
<div>
</div>
<div>
Mais afin de migrer ces données vers MBAM simplement reste de déchiffrer le disque, effacer la puce TPM, ou développer un script afin d’extraire et d’injecter les informations dans la base de données.</div>
<div>
</div>
<div>
</div>
<div>
Désormais MBAM 2.5 SP1 introduits 4 nouvelles cmdlets afin de rendre plus simple la migration des informations présentes dans Active Directory vers la base de données de MBAM :</div>
<table style="width: 653px;"> <tbody>
<tr> <th>Scenario</th> <th>Cmdlet</th> <th>Description</th></tr>
<tr> <td>Clé de recouvrement</td> <td>Read-ADRecoveryInformation</td> <td>Lit les informations de recouvrement dans AD<br />
<i>Aucune opération d’écriture dans AD</i></td></tr>
<tr> <td></td> <td>Write-MbamRecoveryInformation</td> <td>Ecrit les informations de recouvrement collecté via l’AD dans MBAM<br />
<i>Vérification d’intégrité lors de l’écriture dans MBAM</i></td></tr>
<tr> <td></td> <td>Add-ComputerUser.ps1 </td> <td>Lien entre utilisateurs et ordinateurs :<br />
• Attribut AD <b>ManagedBy</b><br />
• Fichier CSV</td></tr>
<tr> <td>Informations de la puce TPM</td> <td>Read-ADTpmInformation</td> <td>Lit les informations TPM dans AD<br />
<i>Aucune opération d’écriture dans AD</i></td></tr>
<tr> <td></td> <td>Write-MbamTpmInformation</td> <td>Ecrit les informations TPM collecté via l’AD dans MBAM<br />
<i><i><i>Vérification </i>d’intégrité lors de l’écriture dans </i>MBAM</i></td></tr>
<tr> <td></td> <td>Add-ComputerUser.ps1 </td> <td>Lien entre utilisateurs et ordinateurs :<br />
• Attribut AD <b>ManagedBy</b><br />
• Fichier CSV</td></tr>
</tbody></table>
<br />
<div>
<br />
Voici un exemple de fichier CSV :<br />
<i>Computer,user<br />Mycomp.snh.lab,myuser@snh.lab</i><br />
<br />
Afin d’effectuer cette migration, voici les étapes à prendre en compte :<br />
<ul>
<li>Attribuer <a href="https://technet.microsoft.com/fr-fr/library/cc771778%28WS.10%29.aspx">les droits</a> de lecture seule sur les attributs AD nécessaire </li>
<li>Créer un groupe AD avec les droits d’écritures dans MBAM </li>
<li>Ouvrir le fichier Web.config du service de recouvrement </li>
<li>Modifier la ligne <i><add key=”DataMigrationsUsersGroupName” value=””></i> </li>
</ul>
</div>
<h3>
</h3>
<h3>
III/ Nouvelles fonctionnalités liées à la puce TPM </h3>
Voici un résumé des capacités liées à la puce TPM :<br />
<table style="width: 654px;"> <tbody>
<tr> <th>Avant MBAM 2.5 SP1</th> <th>Avec MBAM 2.5 SP1</th></tr>
<tr> <td>Déverrouiller la puce TPM nécessite le mot de passe de gestion de la TPM</td> <td>Le verrouillage de la TPM 1.2 est automatiquement géré</td></tr>
<tr> <td>MBAM séquestre le mot de passe gestion de la TPM</td> <td>Non requis pour la TPM 2.0</td></tr>
<tr> <td>Le portail Helpdesk peut fournir le mot de passe gestion de la TPM<br />
<i>Nécessite les droits admin sur l’ordinateur cible</i></td> <td>• Doit être activé sur le serveur Web et par GPO<br />
• le mot de passe gestion de la TPM doit être dans MBAM</td></tr>
</tbody></table>
Il faut de plus garder en mémoire concernant le verrouillage de la puce TPM :<br />
<ul>
<li>TPM 1.2 – dépend du constructeur (toutes les 30 secondes et ensuite 2 heures) </li>
<li>TPM 2.0 – 2 heures</li>
</ul>
Avec Windows 8 et plus, MBAM 2.5 SP1 peut récupérer le mot de passe de gestion de la puce TPM sans initialiser cette dernière. En effet lors du démarrage l’agent MBAM vérifie si la puce TPM est déjà initialisée et si c’est le cas récupère le mot de passe de gestion afin de l’envoyer dans la base de données. Afin de ne pas supprimer ce dernier localement (base de registre) il faudra le spécifier par GPO.<br /><br />Pour plus d’information il existe un excellent article sur le sujet : <a href="https://technet.microsoft.com/fr-fr/library/f6613c63-b32b-45fb-a6e8-673d6dae7d16#BKMK_tpm">Configurer MBAM pour qu'il dépose le module de plateforme sécurisée (TPM) et stocke les mots de passe d'autorisation de propriétaire</a>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVHWhO3lv3Z5Y0BPi99H2XlA31AWlzfUKuiXqa5XeLthJfq2XlDmLoHuRFqkieSRykjA9RUCJuDY9jGBJ3VytAmZ6WY8N6UdQWVrnj3Uodphh1rMLzV60wSRQ8fUxVCo1FW1Dspg-Kl0C3/s1600/TPMAutoUnlock.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="44" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVHWhO3lv3Z5Y0BPi99H2XlA31AWlzfUKuiXqa5XeLthJfq2XlDmLoHuRFqkieSRykjA9RUCJuDY9jGBJ3VytAmZ6WY8N6UdQWVrnj3Uodphh1rMLzV60wSRQ8fUxVCo1FW1Dspg-Kl0C3/s640/TPMAutoUnlock.png" width="640" /></a></div>
Sur un ordinateur ayant une puce TPM 1.2, il existe la difficulté suivante : déverrouiller la puce TPM. Il est possible de se passer désormais des outils constructeurs avec la fonctionnalité <i>TPM lockout auto reset</i>, MBAM détecte que la puce est verrouillée et récupère le mot de passe de gestion de cette dernière depuis la base de données afin de la déverrouiller automatiquement sans aucune action utilisateur.<br />
<br />
Cette fonctionnalité doit être activée du coté serveur et client (<a href="https://technet.microsoft.com/fr-fr/library/f6613c63-b32b-45fb-a6e8-673d6dae7d16#BKMK_AutoUnlock">Configurer MBAM pour déverrouiller automatiquement le module de plateforme sécurisée (TPM) après un verrouillage</a>).<br />
<br />
<h3>
IV/ Nouvelle fonctionnalité FIPS </h3>
Le support de clés de type <a href="http://blogs.technet.com/b/askcore/archive/2014/12/29/how-to-make-your-existing-bitlocker-encrypted-environment-fips-complaint.aspx">Federal Information Processing Standard (FIPS)</a> pour Windows 8.1 a été portée sur Windows 7, à cet effet il sera nécessaire de déployer un <a href="http://go.microsoft.com/fwlink/?LinkId=393557">Protecteur Data Recovery Agent (DRA) protector</a>.<br />
<h3>
V/ Personnalisation du Pre-boot</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4K5RHJqcE9xkHISEzJ80xNEz-Rqg8lVyoSNNV5wCimEdrF7H7FLymylfz14toeD-S8p2SlPLD1qspCoo4L-AiJZIHWLg4FmYfkjaM6RwMP9JCxYSMyjy7NWjMNow8RgDAxV8QGfdKLjZR/s1600/Preboot+BitLocker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4K5RHJqcE9xkHISEzJ80xNEz-Rqg8lVyoSNNV5wCimEdrF7H7FLymylfz14toeD-S8p2SlPLD1qspCoo4L-AiJZIHWLg4FmYfkjaM6RwMP9JCxYSMyjy7NWjMNow8RgDAxV8QGfdKLjZR/s1600/Preboot+BitLocker.png" /></a></div>
<br />
Une nouvelle GPO permet de modifier le message et l’URL de l’écran de recouvrement. Cependant cela reste possible que pour Windows 10.<br />
<br />
<br />
Il est possible :<br />
<ul>
<li>D’utiliser uniquement un message personnalisé </li>
<li>D’utiliser uniquement une URL personnalisée </li>
<li>D’utiliser un message et une URL personnalisés</li>
</ul>
<br />
Plus d'information sur cette version à cette adresse : <a href="https://technet.microsoft.com/fr-fr/library/mt427465.aspx">https://technet.microsoft.com/fr-fr/library/mt427465.aspx</a><br />
<br />
Chemin de migration depuis la version 2.5 : <a href="https://technet.microsoft.com/fr-fr/library/dn645354.aspx">https://technet.microsoft.com/fr-fr/library/dn645354.aspx</a><br />
<br />
Liste des problèmes connus avec cette version : <a href="https://technet.microsoft.com/fr-fr/library/mt427464.aspx">https://technet.microsoft.com/fr-fr/library/mt427464.aspx</a> <br />
<br />
Afin d'obtenir plus d'information pour obtenir cette version : <a href="http://curah.microsoft.com/2867/how-do-i-get-mdop">http://curah.microsoft.com/2867/how-do-i-get-mdop</a>Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-44298323290455367992016-04-04T09:00:00.000+02:002016-04-04T09:00:13.922+02:00[MDOP] Microsoft BitLocker Administration and Monitoring 2.5 SP1 released !<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoYu4s10kH1Tu6bwdFFbjPLBC8Y43o-D5c_S0zAO05pfsJtYcQPK968EwlBQhyH5WW7gErOlG8hzSsJT8BX04rCCNHnMWsc8fDXXnCxPwlt7O4YRBheAA4oqJCWGv_IyOwBAwDSf2MM3JX/s1600/BitLocker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoYu4s10kH1Tu6bwdFFbjPLBC8Y43o-D5c_S0zAO05pfsJtYcQPK968EwlBQhyH5WW7gErOlG8hzSsJT8BX04rCCNHnMWsc8fDXXnCxPwlt7O4YRBheAA4oqJCWGv_IyOwBAwDSf2MM3JX/s1600/BitLocker.png" width="200" /></a></div>
<br />
Microsoft published Microsoft Desktop Optimization Pack (MDOP) 2015 which bring Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 Service Pack 1.<br />
<a name='more'></a>The main pillar of this version are:<br />
<table> <tbody>
<tr> <th>Deployment</th> <th>Management</th> <th>Enterprise feature</th> <th>Customization</th></tr>
<tr> <td>Introduced scripts to support imaging </td> <td>Built cmdlets to import BitLocker and TPM data from AD</td> <td>Added Windows 10 support</td> <td>Added ability to direct customers to SSP from BitLocker recovery screen</td></tr>
<tr> <td>Included prompting for PIN after imaging</td> <td>Added automatic TPM unlock when BitLocker is recovered</td> <td>Added Encrypted HDD Support</td> <td>Allowed SSP branding capability during setup</td></tr>
<tr> <td>Improved TPM OwnerAuth Escrow</td> <td>Consolidated and simplified server logging</td> <td>Supported International Domain Names</td> <td>Increased supported client languages to 23</td></tr>
<tr> <td></td> <td></td> <td><a href="http://blogs.technet.com/b/askcore/archive/2014/12/29/how-to-make-your-existing-bitlocker-encrypted-environment-fips-complaint.aspx">Supported Win7 FIPS Recovery Password</a></td> <td>Updated reports schema to allow customization using Report Builder</td></tr>
</tbody></table>
<br />
<h3>
I/ New powershell cmdlet </h3>
The following cmdlets have been implemented for MBAM 2.5 SP1:<br />
<ul>
<li>Write-MbamTpmInformation </li>
<li>Write-MbamRecoveryInformation </li>
<li>Read-ADTpmInformation </li>
<li>Read-ADRecoveryInformation </li>
<li>Write-MbamComputerUser </li>
</ul>
The following parameters have been implemented in the <i>Enable-MbamWebApplication</i> and <i>Test-MbamWebApplication</i> cmdlets in order to manage the Web server roles of MBAM:<br />
<ul>
<li>DataMigrationAccessGroup </li>
<li>TpmAutoUnlock </li>
</ul>
And finally a new "<i>Invoke-MbamClientDeployment.ps1</i>" PowerShell cmdlet is introduced, in order to make the deployment of the agent easier:<br />
<table style="width: 652px;"> <tbody>
<tr> <th>Parameter</th> <th></th> <th>Description</th></tr>
<tr> <td>-RecoveryServiceEndpoint</td> <td>Required</td> <td>MBAM recovery service endpoint</td></tr>
<tr> <td>-StatusReportingServcieEndpoint</td> <td>Optional</td> <td>MBAM status reporting service endpoint</td></tr>
<tr> <td>-EncryptionMethod</td> <td>Optional</td> <td>Encryption method (default: AES 128)</td></tr>
<tr> <td>-EncryptAndEscrowDataVolume</td> <td>Switch</td> <td>Specify to encrypt data volume(s) and escrow data volume recovery key(s)</td></tr>
<tr> <td>-WaitForEncryptionToComplete</td> <td>Switch</td> <td>Specify to wait for the encryption to complete</td></tr>
<tr> <td>-IgnoreEscrowOwnerAuthFailure</td> <td>Switch</td> <td>Specify to ignore TPM OwnerAuth escrow failure</td></tr>
<tr> <td>-IgnoreEscrowRecoveryKeyFailure</td> <td>Switch</td> <td>Specify to ignore volume recovery key escrow failure</td></tr>
<tr> <td>-IgnoreReportStatusFailure</td> <td>Switch</td> <td>Specify to ignore status reporting failure</td></tr>
</tbody></table>
<br />
<br />
<br />
If you want to install the MBAM agent on existing machine, through a task sequence or manually, a script is provided in order to prompt immediately the PIN code: <i>setFirstRunKey.ps1</i><br />
<br />
<h3>
II/ Active Directory data migration </h3>
<div lang="en-GB" style="font-family: "arial"; font-size: 11pt; margin: 0in;">
Another painful situation I often meet, is when some companies deployed BitLocker without MBAM they decide to store all the required keys on Active Directory.</div>
<div lang="en-GB" style="font-family: "arial"; font-size: 11pt; margin: 0in;">
But in order to migrate these data the easiest way was to disable and fully unencrypt the disk and clear the TPM in order to migrate the data to MBAM, or to script an extract in order to inject them on MBAM.</div>
<div lang="en-GB" style="font-family: "arial"; font-size: 11pt; margin: 0in;">
</div>
<div lang="en-GB" style="font-family: "arial"; font-size: 11pt; margin: 0in;">
MBAM 2.5 SP1 introduces 4 new powershell cmdlets in order to make easy the Active Directory datas migration to the MBAM database:</div>
<table style="width: 653px;"> <tbody>
<tr> <th>Scenario</th> <th>Cmdlet</th> <th>Description</th></tr>
<tr> <td>For Volume recovery keys and packages</td> <td>Read-ADRecoveryInformation</td> <td>Reads Recovery keys, packages from AD<br />
<i>Does not write to AD</i></td></tr>
<tr> <td></td> <td>Write-MbamRecoveryInformation</td> <td>writes to MBAM Recovery keys, packages informations collected on AD<br />
<i>Data integrity checks when writing to MBAM</i></td></tr>
<tr> <td></td> <td>Add-ComputerUser.ps1 </td> <td>match users to computers :<br />
• <b>ManagedBy</b> attribute in AD<br />
• Custom CSV file</td></tr>
<tr> <td>For TPM OwnerAuth information</td> <td>Read-ADTpmInformation</td> <td>Reads TPM OwnerAuth from AD<br />
<i>Does not write to AD</i></td></tr>
<tr> <td></td> <td>Write-MbamTpmInformation</td> <td>writes to MBAM TPM OwnerAuth informations collected on AD<br />
<i>Data integrity checks when writing to MBAM</i></td></tr>
<tr> <td></td> <td>Add-ComputerUser.ps1 </td> <td>match users to computers :<br />
• <b>ManagedBy</b> attribute in AD<br />
• Custom CSV file</td></tr>
</tbody></table>
<br />
<div lang="en-GB" style="font-family: "arial"; font-size: 11pt; margin: 0in;">
<br />
Here’s an example of the CSV file:<br />
<i>Computer,user<br />Mycomp.snh.lab,myuser@snh.lab</i><br />
<br />
In order to implement this migration, the following steps to follow are:<br />
<ul>
<li>Grant <a href="https://technet.microsoft.com/en-us/library/cc771778%28WS.10%29.aspx">rights</a> in readonly to AD attributes </li>
<li>Create an AD group to grant writes to MBAM </li>
<li>Open Web.config of the recovery service </li>
<li>Edit <i><add key=”DataMigrationsUsersGroupName” value=””></i> </li>
</ul>
</div>
<h3>
III/ New TPM features </h3>
Here’s a picture about the TPM behavior:<br />
<table style="width: 654px;"> <tbody>
<tr> <th>Before MBAM 2.5 SP1</th> <th>With MBAM 2.5 SP1</th></tr>
<tr> <td>Unlocking the TPM requires the TPM OwnerAuth</td> <td>TPM 1.2 lockouts can be automatically resolved</td></tr>
<tr> <td>MBAM escrowed TPM OwnerAuth</td> <td>Not needed for TPM 2.0</td></tr>
<tr> <td>Helpdesk could provide TPM OwnerAuth<br />
<i>Requires admin rights to use on device</i></td> <td>• Feature must be enabled on web server and in GPO<br />
• TPM OwnerAuth must be in MBAM DB</td></tr>
</tbody></table>
<br />
In addition keep in mind the following about the lockout duration:<br />
<ul>
<li>TPM 1.2 – varies by manufacturer (every 30 secs and after 2h locked out)</li>
<li>TPM 2.0 – 2 hours</li>
</ul>
<br />
With Windows 8 and higher, MBAM 2.5 SP1 can escrow the OwnerAuth passwords without owning the TPM. Indeed on the startup, the MBAM agent check if the TPM is already owned and if it’s the case the passwords will be retrieved from the operating system and sent to the MBAM database. In addition, a new GPO must be set to prevent the OwnerAuth from being deleted locally.<br />
<br />
For more information, you will found more details on the <a href="https://technet.microsoft.com/en-us/library/f6613c63-b32b-45fb-a6e8-673d6dae7d16#BKMK_tpm">Configure MBAM to escrow the TPM and store OwnerAuth passwords</a> article.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVHWhO3lv3Z5Y0BPi99H2XlA31AWlzfUKuiXqa5XeLthJfq2XlDmLoHuRFqkieSRykjA9RUCJuDY9jGBJ3VytAmZ6WY8N6UdQWVrnj3Uodphh1rMLzV60wSRQ8fUxVCo1FW1Dspg-Kl0C3/s1600/TPMAutoUnlock.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="44" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVHWhO3lv3Z5Y0BPi99H2XlA31AWlzfUKuiXqa5XeLthJfq2XlDmLoHuRFqkieSRykjA9RUCJuDY9jGBJ3VytAmZ6WY8N6UdQWVrnj3Uodphh1rMLzV60wSRQ8fUxVCo1FW1Dspg-Kl0C3/s640/TPMAutoUnlock.png" width="640" /></a></div>
On computers running TPM 1.2, the main pain point was the unlock of the TPM chip in case of a lockout. Due to the several implementation of this specification this version allow us to handle it more easily without going through the vendor tools. If the TPM lockout auto reset feature is enabled, MBAM can detect that the TPM is locked out and then retrieve the OwnerAuth password from the MBAM database in order to automatically unlock the TPM on behalf of the user.<br />
<br />
This feature must be enabled on both the server side and on the client side (<a href="https://technet.microsoft.com/en-us/library/f6613c63-b32b-45fb-a6e8-673d6dae7d16#BKMK_AutoUnlock">Configure MBAM to automatically unlock the TPM after a lockout</a>).<br />
<br />
<h3>
IV/ New FIPS feature </h3>
The support for <a href="http://blogs.technet.com/b/askcore/archive/2014/12/29/how-to-make-your-existing-bitlocker-encrypted-environment-fips-complaint.aspx">Federal Information Processing Standard (FIPS)-compliant BitLocker recovery keys</a> on devices running the Windows 8.1 operating system was now backported to Windows 7, these devices still required a <a href="http://go.microsoft.com/fwlink/?LinkId=393557">Data Recovery Agent (DRA) protector</a> for recovery.<br />
<h3>
V/ Pre-boot customisation </h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4K5RHJqcE9xkHISEzJ80xNEz-Rqg8lVyoSNNV5wCimEdrF7H7FLymylfz14toeD-S8p2SlPLD1qspCoo4L-AiJZIHWLg4FmYfkjaM6RwMP9JCxYSMyjy7NWjMNow8RgDAxV8QGfdKLjZR/s1600/Preboot+BitLocker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4K5RHJqcE9xkHISEzJ80xNEz-Rqg8lVyoSNNV5wCimEdrF7H7FLymylfz14toeD-S8p2SlPLD1qspCoo4L-AiJZIHWLg4FmYfkjaM6RwMP9JCxYSMyjy7NWjMNow8RgDAxV8QGfdKLjZR/s1600/Preboot+BitLocker.png" /></a></div>
<br />
A new Group Policy setting, <i>Configure pre-boot recovery message and URL</i>, now allow a custom recovery message or specify a URL on the pre-boot BitLocker recovery screen when the OS drive is locked. But this functionality is available only for Windows 10.<br />
<br />
<br />
It’s possible with this new feature to choose one of these options for the pre-boot recovery message:<br />
<ul>
<li>Use custom recovery message </li>
<li>Use custom recovery URL </li>
<li>Use default recovery message and URL </li>
</ul>
<br />
For more information about this version: <a href="https://technet.microsoft.com/en-us/library/mt427465.aspx">https://technet.microsoft.com/en-us/library/mt427465.aspx</a><br />
<br />
More information about the upgrade process from 2.5: <a href="https://technet.microsoft.com/en-us/library/dn645354.aspx">https://technet.microsoft.com/en-us/library/dn645354.aspx</a><br />
<br />
Known issues: <a href="https://technet.microsoft.com/en-us/library/mt427464.aspx">https://technet.microsoft.com/en-us/library/mt427464.aspx</a> <br />
<br />
<br />
How to download this version: <a href="http://curah.microsoft.com/2867/how-do-i-get-mdop">http://curah.microsoft.com/2867/how-do-i-get-mdop</a>Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-45801375651912743312015-12-31T09:05:00.000+01:002016-01-04T13:34:25.499+01:00[ATA] Microsoft Advanced threat Analytics 2016 est disponible !<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEG2E1YyePE_j6oGX2capLPa0Yd_QSNXS-Kqe7clhJIVVMZKsPg1InUxUQqhBbG307NO89Yv7liyjZxzrKAooDHlbnHbTorfkq1TqP1WBy8ls6DwXZJK_b8WAsYG-kfXB7NoKhIEf1OXR3/s1600/ATA_Logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEG2E1YyePE_j6oGX2capLPa0Yd_QSNXS-Kqe7clhJIVVMZKsPg1InUxUQqhBbG307NO89Yv7liyjZxzrKAooDHlbnHbTorfkq1TqP1WBy8ls6DwXZJK_b8WAsYG-kfXB7NoKhIEf1OXR3/s1600/ATA_Logo.png" /></a></div>
<span xmlns=""><br />Microsoft a récemment publié la version 1.5 d'<a href="https://www.microsoft.com/fr-fr/server-cloud/products/advanced-threat-analytics/default.aspx">Advanced threat Analytics</a> (ATA).</span><br />
<a name='more'></a><span xmlns=""><br />Parmi les nouveautés, l'on peut noter :</span><br />
<ul>
<li><span xmlns="">Une amélioration de délais de réactivité pour la détection</span></li>
<li><span xmlns="">L'amélioration du scénario de type PoC / Lab afin de démontrer les capacités du produit</span></li>
<li><span xmlns="">L'amélioration de l’algorithme en gestion du NAT afin de mieux gérer les machines qui possèdent ce type d'adresse</span></li>
<li><span xmlns="">Pour les postes hors domaine l'amélioration de la résolution du nom de ces derniers</span></li>
<li>Une meilleur gestion de l'interface lorsqu'un trop grand nombre d’activités sont affichées </li>
<li><span xmlns="">Mise en place des chemins de mise à jour (de plus le centre d’administration fournis la nouvelle version du package pour les passerelles) :) </span></li>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6pM067DWZIC-SDrYL6LyXx3HxMxh5nc1EiBbp_w5hby2V9ZMXUT42LrlLYhUIY0D71uda9Mwt3mPpwFEEh-GXf7crn4QaMx4fTYHbec0j7MR4_o3ev8fMiLCsQkAyPWLIHe00HdaNnFY8/s1600/ATA+Update.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="222" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6pM067DWZIC-SDrYL6LyXx3HxMxh5nc1EiBbp_w5hby2V9ZMXUT42LrlLYhUIY0D71uda9Mwt3mPpwFEEh-GXf7crn4QaMx4fTYHbec0j7MR4_o3ev8fMiLCsQkAyPWLIHe00HdaNnFY8/s400/ATA+Update.jpg" width="400" /></a></div>
</ul>
Parmi les bugs résolus on peut trouver :<br />
<ul>
<li>Le service de la passerelle ne plante plus lors de son arrêt</li>
<li>Levée d'une erreur lors de l'analyse des évènements reçus depuis Splunk</li>
<li>Parfois le service du centre d'administration n'arrive pas à se lancer
</li>
</ul>
<span xmlns="">Vous pouvez télécharger cette version aux adresses suivantes : </span><br />
<ul>
<li><span xmlns="">Version d'évaluation sur le <a href="https://www.microsoft.com/en-us/evalcenter/evaluate-microsoft-advanced-threat-analytics">Download Center</a></span></li>
<li><span xmlns="">Portail <a href="https://www.microsoft.com/Licensing/servicecenter/default.aspx">V</a></span><a href="https://www.microsoft.com/Licensing/servicecenter/default.aspx">olume License Service</a></li>
<li><a href="https://msdn.microsoft.com/en-us/subscriptions/downloads/?FileId=66994">MSDN</a></li>
</ul>
Et comme d'habitude n'oubliez pas de lire <a href="https://technet.microsoft.com/en-us/library/mt612814.aspx">les précautions d'usage pour la mise à jour de votre infrastructure</a> ;)Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-6691128787774615642015-12-31T09:00:00.000+01:002015-12-31T09:00:15.613+01:00[ATA] Microsoft Advanced threat Analytics 2016 is available!<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEG2E1YyePE_j6oGX2capLPa0Yd_QSNXS-Kqe7clhJIVVMZKsPg1InUxUQqhBbG307NO89Yv7liyjZxzrKAooDHlbnHbTorfkq1TqP1WBy8ls6DwXZJK_b8WAsYG-kfXB7NoKhIEf1OXR3/s1600/ATA_Logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEG2E1YyePE_j6oGX2capLPa0Yd_QSNXS-Kqe7clhJIVVMZKsPg1InUxUQqhBbG307NO89Yv7liyjZxzrKAooDHlbnHbTorfkq1TqP1WBy8ls6DwXZJK_b8WAsYG-kfXB7NoKhIEf1OXR3/s1600/ATA_Logo.png" /></a></div>
<span xmlns=""><br /></span><span xmlns=""><span xmlns="">Microsoft recently released </span><a href="https://www.microsoft.com/fr-fr/server-cloud/products/advanced-threat-analytics/default.aspx">Advanced threat Analytics</a> (ATA) 1.5.</span><br />
<a name='more'></a><span xmlns=""><br /></span><span xmlns=""><span xmlns="">The main new features are</span>:</span><br />
<ul>
<li><span xmlns="">Better detection time</span></li>
<li><span xmlns="">Improvement for PoC / Lab scenario in order to show the product capacity</span></li>
<li><span xmlns="">NAT algorithm is improved for NATed devices</span></li>
<li><span xmlns="">For non domain joined assets the name resolution is improved</span></li>
<li><span xmlns="">The UI with a lot of activites is more reactive </span></li>
<li><span xmlns="">First version with an upgrade path scenario (the Center also provide the updated version of the Gateways binaries) :) </span></li>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6pM067DWZIC-SDrYL6LyXx3HxMxh5nc1EiBbp_w5hby2V9ZMXUT42LrlLYhUIY0D71uda9Mwt3mPpwFEEh-GXf7crn4QaMx4fTYHbec0j7MR4_o3ev8fMiLCsQkAyPWLIHe00HdaNnFY8/s1600/ATA+Update.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="222" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6pM067DWZIC-SDrYL6LyXx3HxMxh5nc1EiBbp_w5hby2V9ZMXUT42LrlLYhUIY0D71uda9Mwt3mPpwFEEh-GXf7crn4QaMx4fTYHbec0j7MR4_o3ev8fMiLCsQkAyPWLIHe00HdaNnFY8/s400/ATA+Update.jpg" width="400" /></a></div>
</ul>
The following issues are now solved:<br />
<ul>
<li>“Sometimes gateway service stuck on shutdown”. </li>
<li>“Exception when parsing forwarded event messages from Splunk”. </li>
<li>“Center service fail to start”.
</li>
</ul>
<span xmlns=""><span xmlns="">This version is available for download at the following address</span>: </span><br />
<ul>
<li><span xmlns="">Evaluation version on <a href="https://www.microsoft.com/en-us/evalcenter/evaluate-microsoft-advanced-threat-analytics">Download Center</a></span></li>
<li><span xmlns=""><a href="https://www.microsoft.com/Licensing/servicecenter/default.aspx">V</a></span><a href="https://www.microsoft.com/Licensing/servicecenter/default.aspx">olume License Service</a> Portal</li>
<li><a href="https://msdn.microsoft.com/en-us/subscriptions/downloads/?FileId=66994">MSDN</a></li>
</ul>
And as usual don't forget to read carefully <a href="https://technet.microsoft.com/en-us/library/mt612814.aspx">how to upgrade to the last version your infrastructure</a> ;)Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-37008613198002604902015-08-31T09:00:00.000+02:002015-08-31T09:00:03.641+02:00[MIM] Welcome to Microsoft Identity Manager 2016<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGBmGnUgUUEbE20LYbZYKlS758Mug6aj-msBtA-1ef30-7n-sflSVZGwykyw23sjFO9x11GtFGoDalFga9HvgTXPU0TEOBH_PmsVY2yZfJbF5RervjXsBWxhDTxoi0TRLY20DDC1qat71m/s1600/MIM_Logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="77" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGBmGnUgUUEbE20LYbZYKlS758Mug6aj-msBtA-1ef30-7n-sflSVZGwykyw23sjFO9x11GtFGoDalFga9HvgTXPU0TEOBH_PmsVY2yZfJbF5RervjXsBWxhDTxoi0TRLY20DDC1qat71m/s320/MIM_Logo.png" width="320" /></a></div>
<br />
Microsoft recently release quietly the successor of Forefront Identity Manager 2010 R2, named Microsoft Identity Manager 2016 (I wonder why 2016), with the following enhancements:<br />
<a name='more'></a><br />
<h3>
I/ Hybrid scenario with the cloud</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://i-technet.sec.s-msft.com/dynimg/IC807749.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://i-technet.sec.s-msft.com/dynimg/IC807749.jpeg" /></a></div>
It's now possible to integrate the reports on the Azure management portal, with an <a href="http://azure.microsoft.com/en-us/services/active-directory/">Azure AD Premium</a> subscription we could retrieve all the activity of MIM on the Azure AD reports in addition of the default ones.<br />
<br />
For example the events related to the self-service password reset, will be located on the Azure AD reports tab <i>Password Reset Activity Report</i>. For more information about this you could read the <a href="https://technet.microsoft.com/en-us/library/mt148517.aspx">dedicated article</a>.<br />
<br />
The self-service portal could also use a second factor authentication mechanism provided by <a href="http://azure.microsoft.com/en-us/services/multi-factor-authentication/">Azure multi-factor authentication (MFA)</a>.<br />
<h3>
</h3>
<h3>
II/ Privileged Identity Management</h3>
In order to protect the high privileged accounts of Active Directory like:<br />
<ul>
<li>Account Operators</li>
<li>Administrators</li>
<li>Backup Operators</li>
<li>Cert Publishers</li>
<li>Domain Admins</li>
<li>Enterprise Admins</li>
<li>Group Policy Creator Owners</li>
<li>Schema Admins</li>
<li>Server Operators</li>
</ul>
A bastion like infrastructure is commonly used, it's possible to add the <a href="https://technet.microsoft.com/en-US/library/dn903243.aspx">Privileged Access Management (PAM)</a> functionality in order to harden more these accounts, through mechanism like Just In Time (JIT) and <a href="https://technet.microsoft.com/en-us/library/dn487455.aspx">Privileged Identity Management (PIM)</a>.<br />
<br />
With all of this on normal behavior these groups are empty and populated on demand when required. And the membership is time limited (with a theoretical minimum of 5 minutes) which also impact the Kerberos token (taking in account the most constraining time).<br />
<br />
The workflow in order to approve the right escalation is depending of some criteria like the authentication, being member of a particular MIM role, using a second factor like MFA, or a manual validation. It's then possible while creating different roles to setup granular conditions and to add manual validation for each access request.<br />
<br />
The managed forest must be at least in 2003 functional level (take care of the end of life of 2003 ;)), but the administrative / bastion forest hosting MIM must be on 2012 R2 or upper functional level. Only an unidirectional forest trust have to be in place between both forest.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_wgfs1JUUBxq4oiZn03Ii3731Frm-pxaMM9heM5dm_1guL7wiP-o10QZ9k1WRqsOa8q_8f24GpGitd9G-Lg3SwheIrc0S6Gr_WcfhpetWlXNv0YqbZoI-IIHyNAUmKdOOudnkcAT49sXQ/s1600/PAM+event.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="277" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_wgfs1JUUBxq4oiZn03Ii3731Frm-pxaMM9heM5dm_1guL7wiP-o10QZ9k1WRqsOa8q_8f24GpGitd9G-Lg3SwheIrc0S6Gr_WcfhpetWlXNv0YqbZoI-IIHyNAUmKdOOudnkcAT49sXQ/s400/PAM+event.jpg" width="400" /></a></div>
After implementing the PAM feature of MIM, the “protected” groups are monitored. When an user will try to be a member of one of these groups without being authorized, an alert will be raised on the event log on the administrative forest, this event could also be forwarded to a SIEM.<br />
<br />
Some PowerShell cmdlets appeared in order to manage this module, in order to list them we could use the <i>Get-Command -Module MIMPAM</i> cmdlet.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhsaoQETiAJggojdfb0HHyZGMfOjcFHeqmvMAOmnX9Y64tvX4eTsHn1bHJkL7GzXkc9WiCmnNkP8o3_1FfQ6VT8U-gNSz9rC2C8PiH9rRqUDxf0lhktoW5q_-cn-Um1Vwbgpv2UqpWqqpw/s1600/PAM+portal.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="221" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhsaoQETiAJggojdfb0HHyZGMfOjcFHeqmvMAOmnX9Y64tvX4eTsHn1bHJkL7GzXkc9WiCmnNkP8o3_1FfQ6VT8U-gNSz9rC2C8PiH9rRqUDxf0lhktoW5q_-cn-Um1Vwbgpv2UqpWqqpw/s400/PAM+portal.jpg" width="400" /></a></div>
<br />
Finally some new REST API could be used in order to integrate PAM with existing tools already in place in the corporate network, and why not create our own portal which communicate to MIM through PowerShell with exposed SOAP API, a sample of a portal is also available.<br />
<h3>
</h3>
<h3>
III/ Certificate manager</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5pYBHDQk67nOB-gdxhD9c9SCQPdoL-qKLKlHzSm1JTCRuzNmTugNwryuEx1cx2lef9j3u1_jfd2XxhIPNwB1zIPO8p9t6iTQKFd9zqKoa4I6gKlgGT7yQH4YnVhB_gsj3E8CSNqZwPAgs/s1600/VSCCM.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5pYBHDQk67nOB-gdxhD9c9SCQPdoL-qKLKlHzSm1JTCRuzNmTugNwryuEx1cx2lef9j3u1_jfd2XxhIPNwB1zIPO8p9t6iTQKFd9zqKoa4I6gKlgGT7yQH4YnVhB_gsj3E8CSNqZwPAgs/s400/VSCCM.jpg" width="400" /></a></div>
Certificate manager bring the management of virtual smartcard appeared with Windows 8.x. A new ModernUI application is available and to free from the command lines, with a better management of the TPM initialization, and certificate management.<br />
<br />
All of this is possible with the REST API provided by the server in order to handle the following scenarios:<br />
<ul>
<li>Create a Virtual Smart Card</li>
<li>Request a software certificate</li>
<li>Request a certificate with a generated key pair from MIM (PFX)</li>
<li>Request a certificate for an existing Virtual Smart Card</li>
<li>Recovery of a deleted certificate</li>
<li>Read the detailed information of a certificate (Issuer, Thumbprint, etc...)</li>
</ul>
<br />
At least the administrative portal of Certificate manager has been updated with new performance counter, new log events and private life management with a link related to the privacy info directly on the application.<br />
<h3>
</h3>
<h3>
IV/ Password self-service portal</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixzWoW3KqlYUd7hnwOa80gtEf1oJj4oEm21cIAySDBeSdHURi6Anwhva1Afl_OBKnk5TMZ7CVxPPofGd-vlNtiOXbX_1qzvf4BCYlHygihlKOevBSHtUVzc62X1fIJHDdTto7yuuBSm1Dj/s1600/SSAU.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixzWoW3KqlYUd7hnwOa80gtEf1oJj4oEm21cIAySDBeSdHURi6Anwhva1Afl_OBKnk5TMZ7CVxPPofGd-vlNtiOXbX_1qzvf4BCYlHygihlKOevBSHtUVzc62X1fIJHDdTto7yuuBSm1Dj/s1600/SSAU.jpg" /></a></div>
When changing a password sometimes some applications use the old one stored in the cache in order to authenticate (like Outlook for example), which lock the user account. A new feature named self-service account unlock (SSAU) expand the password self-service portal. Indeed after validation of the user through a MFA OTP for example, it's possible to separate the account unlock to the password reset.<br />
<h3>
</h3>
<h3>
V/ Prerequisite</h3>
The prerequisites are also updated to the last supported technologies.<br />
<h4>
</h4>
<h4>
V.1) Servers side</h4>
The required minimum OS level are:<br />
<ul>
<li>Windows Server 2008 R2</li>
<li>Windows Server 2012</li>
<li>Windows Server 2012 R2</li>
</ul>
<h4>
</h4>
<h4>
V.2) EndPoint side</h4>
The MIM agent support:<br />
<ul>
<li>Microsoft Windows 7</li>
<li>Microsoft Windows8.1</li>
<li>Microsoft Outlook 2007 SP2</li>
<li>Microsoft Outlook 2010</li>
<li>Microsoft Outlook 2013</li>
<li>Internet Explorer 8 and upper</li>
</ul>
Strangely it seems that the Windows 10 support and the Microsoft Edge one are missing. I hope so that it will be the case soon.<br />
<b>[UPDATE]</b>: <a href="http://blogs.technet.com/b/ad/archive/2015/08/06/microsoft-identity-manager-2016-is-now-ga.aspx">Microsoft announce the Windows 10 support</a>.<br />
<br />
<h4>
V.3) Miscellaneous</h4>
It's possible to deploy the MIM databases on: <br />
<ul>
<li>Microsoft SQL Server 2008 R2 x64</li>
<li>Microsoft SQL Server 2012</li>
<li>Microsoft SQL Server 2014</li>
</ul>
But today no announcement is available regarding high availability mechanism like AlwaysOn for example.<br />
<br />
The workflows could use the following version for the e-mail:<br />
<ul>
<li>Microsoft Exchange Server 2007</li>
<li>Microsoft Exchange Server 2010</li>
<li>Microsoft Exchange Server 2013</li>
</ul>
For the portal side: <br />
<ul>
<li>SharePoint Foundation 2013 with SP1</li>
</ul>
The Service manager support is also announced, but I need to dig more about it:<br />
<ul>
<li>System Center Service Manager 2012 </li>
<li>System Center Service Manager 2012 R2</li>
</ul>
<h3>
</h3>
<h3>
VI/ Resources</h3>
For more information: <a href="https://www.microsoft.com/en-us/server-cloud/products/microsoft-identity-manager/">MIM 2016 dedicated website</a>, and take care of the <a href="https://draft.blogger.com/">deprecated functionalities</a>.<br />
<br />
MIM is available for download at:<br />
<ul>
<li><a href="https://msdn.microsoft.com/en-us/subscriptions/downloads/#FileId=64107">MSDN</a></li>
<li><a href="https://www.microsoft.com/Licensing/servicecenter/default.aspx">MVLS portal</a></li>
<li><a href="https://www.microsoft.com/en-us/download/details.aspx?id=48244">Evaluation version</a></li>
</ul>
In order to go deeper:<br />
<ul>
<li><a href="https://technet.microsoft.com/en-us/library/mt218776.aspx">TechNet Library</a></li>
<li><a href="http://social.technet.microsoft.com/wiki/contents/articles/28754.microsoft-identity-manager-2016-resources.aspx">TechNet Wiki</a></li>
</ul>
More information about the deployment ;) :<br />
<ul>
<li><a href="https://technet.microsoft.com/en-us/library/mt219041.aspx">Upgrade from FIM 2010 R2</a></li>
<li><a href="https://technet.microsoft.com/en-us/library/mt150255.aspx">Prerequisite and setup</a></li>
<li><a href="https://msdn.microsoft.com/en-US/library/mt243303.aspx">The developer bible </a></li>
</ul>
Additional information about <a href="https://technet.microsoft.com/en-us/library/mt150258.aspx">Privileged Identity management</a> and MIM <a href="https://technet.microsoft.com/en-us/library/mt134415.aspx">Certificate Manager</a>. <br />
<br />Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-67211313436089342652015-08-06T09:22:00.001+02:002015-08-30T14:44:23.799+02:00[MIM] Bienvenue à Microsoft Identity Manager 2016<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGBmGnUgUUEbE20LYbZYKlS758Mug6aj-msBtA-1ef30-7n-sflSVZGwykyw23sjFO9x11GtFGoDalFga9HvgTXPU0TEOBH_PmsVY2yZfJbF5RervjXsBWxhDTxoi0TRLY20DDC1qat71m/s1600/MIM_Logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="77" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGBmGnUgUUEbE20LYbZYKlS758Mug6aj-msBtA-1ef30-7n-sflSVZGwykyw23sjFO9x11GtFGoDalFga9HvgTXPU0TEOBH_PmsVY2yZfJbF5RervjXsBWxhDTxoi0TRLY20DDC1qat71m/s320/MIM_Logo.png" width="320" /></a></div>
<br />
Microsoft a récemment publié en catimini la version RTM du successeur de Forefront Identity Manager 2010 R2 à savoir Microsoft Identity Manager 2016 (je me pose toujours la question de pourquoi 2016), qui apporte les principales nouveautés suivantes :<br />
<a name='more'></a><br />
<h3>
I/ Utilisation hybride avec le cloud</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://i-technet.sec.s-msft.com/dynimg/IC807749.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://i-technet.sec.s-msft.com/dynimg/IC807749.jpeg" /></a></div>
Il est possible d'intégrer les rapports dans le portail de gestion d'Azure, ce qui permet avec un abonnement <a href="http://azure.microsoft.com/en-us/services/active-directory/">Azure AD Premium</a> d'obtenir toute l'activité de MIM consolidée dans les rapports d'Azure AD en supplément de ceux fournis par défaut par ce service.<br />
<br />
Par exemple il sera possible d'avoir les événements liés à la réinitialisation du mot de passe disponible en libre-service, il sera présent dans la section Password Reset Activity Report de l'onglet Azure AD Reports. Pour plus d'information sur le sujet je vous conseil de consulter la <a href="https://technet.microsoft.com/en-us/library/mt148517.aspx">page dédiée</a> sur le sujet.<br />
<br />
De plus le portail de réinitialisation de mot de passe pourra être associé à un second facteur d'authentification fourni par <a href="http://azure.microsoft.com/en-us/services/multi-factor-authentication/">Azure multi-factor authentication (MFA)</a>.<br />
<h3>
</h3>
<h3>
II/ Privileged Identity Management</h3>
Afin de protéger les comptes à haut privilèges d'Active Directory tels que :<br />
<ul>
<li>Account Operators</li>
<li>Administrators</li>
<li>Backup Operators</li>
<li>Cert Publishers</li>
<li>Domain Admins</li>
<li>Enterprise Admins</li>
<li>Group Policy Creator Owners</li>
<li>Schema Admins</li>
<li>Server Operators</li>
</ul>
Une infrastructure de type bastion est souvent mise en place, il est possible d’y ajouter une brique <a href="https://technet.microsoft.com/en-US/library/dn903243.aspx">Privileged Access Management (PAM)</a> afin de renforcer la protection des ces comptes, au travers de mécanismes de type Just In Time (JIT) et <a href="https://technet.microsoft.com/en-us/library/dn487455.aspx">Privileged Identity Management (PIM)</a>.<br />
<br />
Ces différents mécanismes additionnés permettent de rendre en temps normal ces groupes vides et peuplés à la demande. De plus l’appartenance à ces groupes sont effectivement limités dans le temps (avec un minima théorique de 5 minutes) ce qui permet aussi d’impacter les tokens Kerberos affecté au compte (reprenant le temps minima le plus contraignant entre ce mécanisme et les GPOs).<br />
<br />
Le workflow de gestion permet l’approbation automatique selon plusieurs critères tels que l’authentification, le fait de faire partie d’un rôle MIM précis, l’utilisation d’un second facteur de type MFA par exemple, ou bien une validation manuelle par différents intervenants. Il est possible lors de la création des différents rôles de configurer finement toutes ces conditions et si on le souhaite attribuer la validation manuelle de ces demandes d'élévation de privilège.<br />
<br />
La forêt existante de production doit au minimum être de niveau fonctionnelle 2003 au minimum (attention à la fin de supportabilité de 2003 ;)), cependant la forêt du bastion qui hébergera MIM devra avoir un niveau fonctionnel 2012 R2 ou plus. Et seul un trust unidirectionnel de forêt devra être mise en place entre ces dernières.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_wgfs1JUUBxq4oiZn03Ii3731Frm-pxaMM9heM5dm_1guL7wiP-o10QZ9k1WRqsOa8q_8f24GpGitd9G-Lg3SwheIrc0S6Gr_WcfhpetWlXNv0YqbZoI-IIHyNAUmKdOOudnkcAT49sXQ/s1600/PAM+event.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="277" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_wgfs1JUUBxq4oiZn03Ii3731Frm-pxaMM9heM5dm_1guL7wiP-o10QZ9k1WRqsOa8q_8f24GpGitd9G-Lg3SwheIrc0S6Gr_WcfhpetWlXNv0YqbZoI-IIHyNAUmKdOOudnkcAT49sXQ/s400/PAM+event.jpg" width="400" /></a></div>
Après la mise en place de la fonctionnalité PAM de MIM, les groupes “protégés” seront sous surveillances. Ainsi si un utilisateur tente de s’y ajouter alors qu’il n’y est pas autorisé une alerte sera levée au sein du journal d’événement au niveau de la forêt du bastion, ce dernier pouvant être transmis au niveau du SIEM.<br />
<br />
De plus différentes commandes PowerShell ont été ajoutées afin de gérer ce module, il est possible de lister ces cmdlets en exécutant <i>Get-Command -Module MIMPAM</i>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhsaoQETiAJggojdfb0HHyZGMfOjcFHeqmvMAOmnX9Y64tvX4eTsHn1bHJkL7GzXkc9WiCmnNkP8o3_1FfQ6VT8U-gNSz9rC2C8PiH9rRqUDxf0lhktoW5q_-cn-Um1Vwbgpv2UqpWqqpw/s1600/PAM+portal.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="221" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhsaoQETiAJggojdfb0HHyZGMfOjcFHeqmvMAOmnX9Y64tvX4eTsHn1bHJkL7GzXkc9WiCmnNkP8o3_1FfQ6VT8U-gNSz9rC2C8PiH9rRqUDxf0lhktoW5q_-cn-Um1Vwbgpv2UqpWqqpw/s400/PAM+portal.jpg" width="400" /></a></div>
<br />
Enfin de nouvelles API de type REST font leur apparition afin d’intégrer la gestion du PAM avec des outils déjà existant dans le réseau d'entreprise, voir créer son propre portail qui dialoguera avec le module PowerShell au travers d’API de type SOAP, un exemple de portail est d’ailleurs disponible.<br />
<h3>
</h3>
<h3>
III/ Certificate manager</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5pYBHDQk67nOB-gdxhD9c9SCQPdoL-qKLKlHzSm1JTCRuzNmTugNwryuEx1cx2lef9j3u1_jfd2XxhIPNwB1zIPO8p9t6iTQKFd9zqKoa4I6gKlgGT7yQH4YnVhB_gsj3E8CSNqZwPAgs/s1600/VSCCM.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5pYBHDQk67nOB-gdxhD9c9SCQPdoL-qKLKlHzSm1JTCRuzNmTugNwryuEx1cx2lef9j3u1_jfd2XxhIPNwB1zIPO8p9t6iTQKFd9zqKoa4I6gKlgGT7yQH4YnVhB_gsj3E8CSNqZwPAgs/s400/VSCCM.jpg" width="400" /></a></div>
Certificate manager apporte désormais la possibilité de gérer les cartes à puces virtuelles apparues avec Windows 8.x. Une application de type ModernUI est désormais disponible et permet de s'affranchir des lignes de commandes, ce qui apporte une meilleur gestion de cette dernière aussi bien pour l'étape de préparation de la puce TPM, que de la gestion des certificats.<br />
<br />
Ceci est rendu possible par les API REST fourni par le serveur, afin d'adresser les scénarios suivants :<br />
<ul>
<li>Création de la Virtual Smart Card</li>
<li>Demande d'un certificat logiciel</li>
<li>Demande de certificat avec une génération de la paire de clé par MIM (PFX)</li>
<li>Demande de certificat pour une Virtual Smart Card existante</li>
<li>Récupération d'un certificat supprimé</li>
<li>Consulter les détails d'un certificat (Issuer, Thumbprint, etc...)</li>
</ul>
<br />
Enfin, le portail d'administration de Certificate manager a été mise à jour avec de nouveaux compteurs de performance, de nouveaux journaux d'événements et la possibilité de gérer la vie privée avec la possibilité d'ajouter un lien en relation avec cette dernière dans l'application cliente.<br />
<h3>
</h3>
<h3>
IV/ Portail de gestion du mot de passe en libre-service</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixzWoW3KqlYUd7hnwOa80gtEf1oJj4oEm21cIAySDBeSdHURi6Anwhva1Afl_OBKnk5TMZ7CVxPPofGd-vlNtiOXbX_1qzvf4BCYlHygihlKOevBSHtUVzc62X1fIJHDdTto7yuuBSm1Dj/s1600/SSAU.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixzWoW3KqlYUd7hnwOa80gtEf1oJj4oEm21cIAySDBeSdHURi6Anwhva1Afl_OBKnk5TMZ7CVxPPofGd-vlNtiOXbX_1qzvf4BCYlHygihlKOevBSHtUVzc62X1fIJHDdTto7yuuBSm1Dj/s1600/SSAU.jpg" /></a></div>
Il arrive parfois après un changement de mot de passe que certaines applications utilisent l'ancienne information mise en cache pour s'authentifier (comme Outlook par exemple), ce qui a pour conséquence de verrouiller le compte de l'utilisateur. Un nouveau service nommé self-service account unlock (SSAU) permet d'étendre les fonctionnalités offertes par le portail de réinitialisation du mot de passe. En effet après vérification de l'utilisateur par un OTP de type MFA par exemple, on peut dissocier le fait de déverrouiller son compte du fait de changer son de mot de passe.<br />
<h3>
</h3>
<h3>
V/ Prérequis</h3>
La liste des différentes technologies supportées a aussi été remis au gout du jour.<br />
<h4>
</h4>
<h4>
V.1) Partie Serveur</h4>
Les briques serveur nécessaires au bon fonctionnement de MIM ne peuvent s'installer que sur les OS suivants :<br />
<ul>
<li>Windows Server 2008 R2</li>
<li>Windows Server 2012</li>
<li>Windows Server 2012 R2</li>
</ul>
<h4>
</h4>
<h4>
V.2) Partie Client</h4>
Quant à l'agent il supporte les versions suivantes :<br />
<ul>
<li>Microsoft Windows 7</li>
<li>Microsoft Windows8.1</li>
<li>Microsoft Outlook 2007 SP2</li>
<li>Microsoft Outlook 2010</li>
<li>Microsoft Outlook 2013</li>
<li>Internet Explorer 8 et plus</li>
</ul>
Bizarrement il semblerait que le support de Windows 10 et Microsoft Edge ne soient pas au rendez-vous. Espérons qu'une mise à jour permettra le support de ces derniers.<br />
<b>[UPDATE] </b>: <a href="http://blogs.technet.com/b/ad/archive/2015/08/06/microsoft-identity-manager-2016-is-now-ga.aspx">Microsoft à annoncé le support de Windows 10</a>.<br />
<br />
<h4>
V.3) Divers</h4>
La base de donnée de MIM pourra être déployée sur : <br />
<ul>
<li>Microsoft SQL Server 2008 R2 x64</li>
<li>Microsoft SQL Server 2012</li>
<li>Microsoft SQL Server 2014</li>
</ul>
Cependant sans aucune précision sur le support des différents mécanismes de haute disponibilité tel qu'AlwaysOn par exemple.<br />
<br />
Les différents workflow pourront se reposer sur les versions suivantes d'Exchange pour l'envoi d'e-mail :<br />
<ul>
<li>Microsoft Exchange Server 2007</li>
<li>Microsoft Exchange Server 2010</li>
<li>Microsoft Exchange Server 2013</li>
</ul>
Le portail supporte quant à lui : <br />
<ul>
<li>SharePoint Foundation 2013 with SP1</li>
</ul>
Il est aussi annoncé le support de Service manager, mais il faut que je creuse le sujet pour étudier les différents scénario d'usage :<br />
<ul>
<li>System Center Service Manager 2012 </li>
<li>System Center Service Manager 2012 R2</li>
</ul>
<h3>
</h3>
<h3>
VI/ Ressources</h3>
Pour plus d'information vous pouvez consulter: <a href="https://www.microsoft.com/en-us/server-cloud/products/microsoft-identity-manager/">le site dédié à MIM 2016</a>, de plus attention aux <span id="goog_1426210285"></span><a href="https://draft.blogger.com/">fonctionnalités dépréciées<span id="goog_1426210286"></span></a>.<br />
<br />
Vous pouvez télécharger cette version aux l'adresses suivantes :<br />
<ul>
<li><a href="https://msdn.microsoft.com/en-us/subscriptions/downloads/#FileId=64107">MSDN</a></li>
<li><a href="https://www.microsoft.com/Licensing/servicecenter/default.aspx">Portail MVLS</a></li>
<li><a href="https://www.microsoft.com/en-us/download/details.aspx?id=48244">Version d'évaluation</a></li>
</ul>
Afin de plonger les mains dans la partie technique :<br />
<ul>
<li><a href="https://technet.microsoft.com/en-us/library/mt218776.aspx">TechNet Library</a></li>
<li><a href="http://social.technet.microsoft.com/wiki/contents/articles/28754.microsoft-identity-manager-2016-resources.aspx">TechNet Wiki</a></li>
</ul>
Quelques informations sur le déploiement avant de foncer tête baissée ;) :<br />
<ul>
<li><a href="https://technet.microsoft.com/en-us/library/mt219041.aspx">Mise à jour de FIM 2010 R2</a></li>
<li><a href="https://technet.microsoft.com/en-us/library/mt150255.aspx">Prérequis et installation</a></li>
<li><a href="https://msdn.microsoft.com/en-US/library/mt243303.aspx">La bible pour nos amis développeur </a></li>
</ul>
Quelques informations supplémentaires sur le <a href="https://technet.microsoft.com/en-us/library/mt150258.aspx">Privileged Identity management</a> et sur l'utilisation de MIM <a href="https://technet.microsoft.com/en-us/library/mt134415.aspx">Certificate Manager</a>. <br />
<br />Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-48814990320905044362015-07-08T11:57:00.004+02:002015-07-08T11:57:31.686+02:00MVP 2015 on Enterprise Security area<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0SEtfVs0xSBUuLCp5i33JRNNJkLJKEsI6Uu4sgDmlZ8N1d4stWp9LC44VrU31ZRUAK6p-uHjVvi1wHf-7DHfs3Mf3yFw6hyphenhyphen6NchOAIUnP7oS4hQtkNzhI8LH2iDQsDDe0eX3axPlUjvj3/s1600/mvp.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0SEtfVs0xSBUuLCp5i33JRNNJkLJKEsI6Uu4sgDmlZ8N1d4stWp9LC44VrU31ZRUAK6p-uHjVvi1wHf-7DHfs3Mf3yFw6hyphenhyphen6NchOAIUnP7oS4hQtkNzhI8LH2iDQsDDe0eX3axPlUjvj3/s1600/mvp.jpg" /></a></div>
I'm
glad to learn today that I was awarded by Microsoft on Enterprise Security field
of expertise as Most Valuable Professional for the fifth year. <br />
<br />
<a name='more'></a><br />
<br />
Some news about this year, first of all a change about my expertise, lots of new interesting things are coming like MBAM, Windows Hello, Windows passport, Windows 10, Windows Server 2016, Microsoft Identity Manager, ... <br />
<!--more--><br />
<br />
I want to thank Microsoft for the confidence about my contribution to
the community. And also in particular all of you who read my blog and
tweets.<br />
<br />
My MVP profile is now available at: <br />
<a href="http://mvp.microsoft.com/en-US/findanmvp/Pages/profile.aspx?MVPID=6ea71dad-def7-4e57-97d3-e8f8fdcc5afd">http://mvp.microsoft.com/en-us/mvp/Lionel%20Leperlier-4033560</a><br />
<a href="http://mvp.microsoft.com/fr-fr/mvp/Lionel%20Leperlier-4033560"></a>Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-59252527928310210152015-07-08T11:50:00.004+02:002015-07-08T11:50:35.250+02:00MVP Enterprise Security 2015<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0SEtfVs0xSBUuLCp5i33JRNNJkLJKEsI6Uu4sgDmlZ8N1d4stWp9LC44VrU31ZRUAK6p-uHjVvi1wHf-7DHfs3Mf3yFw6hyphenhyphen6NchOAIUnP7oS4hQtkNzhI8LH2iDQsDDe0eX3axPlUjvj3/s1600/mvp.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0SEtfVs0xSBUuLCp5i33JRNNJkLJKEsI6Uu4sgDmlZ8N1d4stWp9LC44VrU31ZRUAK6p-uHjVvi1wHf-7DHfs3Mf3yFw6hyphenhyphen6NchOAIUnP7oS4hQtkNzhI8LH2iDQsDDe0eX3axPlUjvj3/s1600/mvp.jpg" /></a></div>
C'est
avec joie que j'ai été récompensé pour le domaine d’expertise Enterprise Security par Microsoft en tant que Most Valuable Professional pour la cinquième année consécutive. <br />
<br />
<a name='more'></a><br />
<br />
Cette année petite nouveauté concernant mon expertise, de plus elle promet d'être riche en article avec MBAM, Windows Hello, Windows passport, Windows 10, Windows Server 2016, Microsoft Identity Manager, ... En gros que du bonheur à venir<br />
<!--more--><br />
<br />
Je tiens donc à remercier Microsoft pour avoir renouvelé sa confiance sur ma participation communautaire. Et aussi en particulier ceux qui ont eu le courage de lire mes articles et mes tweets.<br />
<br />
Mon profil MVP est disponible à cette adresse : <br />
<a href="http://mvp.microsoft.com/fr-fr/mvp/Lionel%20Leperlier-4033560">http://mvp.microsoft.com/fr-fr/mvp/Lionel%20Leperlier-4033560</a><a href="http://mvp.microsoft.com/fr-FR/findanmvp/Pages/profile.aspx?MVPID=6ea71dad-def7-4e57-97d3-e8f8fdcc5afd"></a>Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-36051652359079007432015-03-18T09:05:00.000+01:002015-03-18T09:05:00.452+01:00[BitLocker] Limitation sur le PIN/Mot de passe<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZHOLZDgqxMOoSFF5vVeDeCbqneqduCoOCjDFSAlwqdNnw9PTXcrpu8aM-tgHMlBvhhvIkVM5x5jmV6Pzs5nnwm_xBBZomezLelgb8b6ZL8Fk-1oQHPdAk0Lzb4y7Vr1t6ZORc-jesWxm0/s1600/BitLocker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZHOLZDgqxMOoSFF5vVeDeCbqneqduCoOCjDFSAlwqdNnw9PTXcrpu8aM-tgHMlBvhhvIkVM5x5jmV6Pzs5nnwm_xBBZomezLelgb8b6ZL8Fk-1oQHPdAk0Lzb4y7Vr1t6ZORc-jesWxm0/s1600/BitLocker.png" height="197" width="200" /></a></div>
<a href="https://social.technet.microsoft.com/profile/starrandersen/">Starr Andersen</a> a publiée une limitation existante sur BitLocker.<br />
<a name='more'></a><br />
<h2>
1/ Contexte</h2>
Il est possible de définir un PIN dit complexe (aka un mot de passe) en tant que protecteur BitLocker par les différents moyens suivants :<br />
<ul>
<li>L'assistant de BitLocker</li>
<li>MBAM</li>
<li>La ligne de commande avec <a href="https://technet.microsoft.com/fr-fr/library/ff829848%28v=ws.10%29.aspx#BKMK_addprotectors">manage-bde</a></li>
<li>La cmdlet PowerShell <a href="https://technet.microsoft.com/en-us/library/jj649835.aspx">Add-BitLockerKeyProtector</a></li>
<li>Le panneau de configuration (control.exe /name Microsoft.BitLockerDriveEncryption)</li>
</ul>
Cependant la cmdlet et manage-bde permettent de spécifier un mot de passe de 256 caractères tandis que dans les autres cas ce dernier est limité à 100 caractères. Dans ce cas le mot de passe sera tronqué à 100 caractères. Lorsque l'on tente d'entrer le mot de passe de plus de 100 caractères au démarrage on fait fasse au message d'erreur "<i>The password you typed is not correct</i>", avec après plusieurs tentatives une bascule en mode de clé de recouvrement.<br />
<h2>
2/ Solution</h2>
Utiliser un mot de passe de 100 caractères au maximum :)Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-66676076782889913782015-03-18T09:00:00.000+01:002015-03-18T09:00:01.153+01:00[BitLocker] Limitation for the PIN/Password<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZHOLZDgqxMOoSFF5vVeDeCbqneqduCoOCjDFSAlwqdNnw9PTXcrpu8aM-tgHMlBvhhvIkVM5x5jmV6Pzs5nnwm_xBBZomezLelgb8b6ZL8Fk-1oQHPdAk0Lzb4y7Vr1t6ZORc-jesWxm0/s1600/BitLocker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZHOLZDgqxMOoSFF5vVeDeCbqneqduCoOCjDFSAlwqdNnw9PTXcrpu8aM-tgHMlBvhhvIkVM5x5jmV6Pzs5nnwm_xBBZomezLelgb8b6ZL8Fk-1oQHPdAk0Lzb4y7Vr1t6ZORc-jesWxm0/s1600/BitLocker.png" height="197" width="200" /></a></div>
<a href="https://social.technet.microsoft.com/profile/starrandersen/">Starr Andersen</a> publish an interesting article about an issue regarding BitLocker password. You could found more information about it at the following URL <a href="http://social.technet.microsoft.com/wiki/contents/articles/11520.bitlocker-passwords-should-be-less-than-100-characters-in-length.aspx">http://social.technet.microsoft.com/wiki/contents/articles/11520.bitlocker-passwords-should-be-less-than-100-characters-in-length.aspx</a><br />
<br />Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-37576163343241686342015-03-17T09:05:00.000+01:002015-03-17T09:05:00.548+01:00[BitLocker] Quoi de neuf dans Windows 10 ?<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZHOLZDgqxMOoSFF5vVeDeCbqneqduCoOCjDFSAlwqdNnw9PTXcrpu8aM-tgHMlBvhhvIkVM5x5jmV6Pzs5nnwm_xBBZomezLelgb8b6ZL8Fk-1oQHPdAk0Lzb4y7Vr1t6ZORc-jesWxm0/s1600/BitLocker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZHOLZDgqxMOoSFF5vVeDeCbqneqduCoOCjDFSAlwqdNnw9PTXcrpu8aM-tgHMlBvhhvIkVM5x5jmV6Pzs5nnwm_xBBZomezLelgb8b6ZL8Fk-1oQHPdAk0Lzb4y7Vr1t6ZORc-jesWxm0/s1600/BitLocker.png" height="196" width="200" /></a></div>
L'arrivée de Windows 10 apporte aussi son lot de nouveautés pour BitLocker. Cependant elles sont susceptible de changer, en effet ces dernières se base sur la dernière build numéro 9926 du programme <a href="https://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CCIQFjAA&url=https%3A%2F%2Finsider.windows.com%2F&ei=GnUFVYTiMIK6ad7CgrAN&usg=AFQjCNF87_10bUUpAZvDFttvjHiDwGBXrw&sig2=OPRs8VVE2vHHaXIyveEVIA&bvm=bv.88198703,d.d2s">Insider</a>.<br />
<a name='more'></a><br />
<br />
Les améliorations prévues sont :<br />
<ul>
<li>Authentification PreBoot : les HotPlug DMA seront refusées</li>
<li><a href="https://msdn.microsoft.com/en-us/library/windows/hardware/dn879006.aspx">Hardware Security Test Interface</a> (HSTI) : chiffrement automatique de tous les appareils conformes</li>
<li>Clé de recouvrement : sauvegarde possible de cette dernière dans AZURE Active Directory</li>
<li>VM : support de la puce TPM virtuelle (vTPM). Le serveur Hyper-V (vNext) ayant une puce TPM pourra désormais exposer cette dernière aux machines virtuelles.</li>
<li>Windows Phone : possibilité d'activer le chiffrement de façon autonome sans passer par un outil de MDM tel que Intune, SCCM, ...</li>
</ul>
Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-41779856863410773022015-03-17T09:00:00.000+01:002015-03-17T09:00:09.995+01:00[BitLocker] What's new with Windows 10?<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZHOLZDgqxMOoSFF5vVeDeCbqneqduCoOCjDFSAlwqdNnw9PTXcrpu8aM-tgHMlBvhhvIkVM5x5jmV6Pzs5nnwm_xBBZomezLelgb8b6ZL8Fk-1oQHPdAk0Lzb4y7Vr1t6ZORc-jesWxm0/s1600/BitLocker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZHOLZDgqxMOoSFF5vVeDeCbqneqduCoOCjDFSAlwqdNnw9PTXcrpu8aM-tgHMlBvhhvIkVM5x5jmV6Pzs5nnwm_xBBZomezLelgb8b6ZL8Fk-1oQHPdAk0Lzb4y7Vr1t6ZORc-jesWxm0/s1600/BitLocker.png" height="196" width="200" /></a></div>
Windows 10 brings some new features to BitLocker. Keep in mind that this list is subject to change, indeed it's based on the latest build number 9926 of the <a href="https://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CCIQFjAA&url=https%3A%2F%2Finsider.windows.com%2F&ei=GnUFVYTiMIK6ad7CgrAN&usg=AFQjCNF87_10bUUpAZvDFttvjHiDwGBXrw&sig2=OPRs8VVE2vHHaXIyveEVIA&bvm=bv.88198703,d.d2s">Insider</a> program.<br />
<a name='more'></a><br />
<br />
The main changes are:<br />
<ul>
<li>PreBoot Authentification: HotPlug DMAare prohibited</li>
<li><a href="https://msdn.microsoft.com/en-us/library/windows/hardware/dn879006.aspx">Hardware Security Test Interface</a> (HSTI): automatic encryption of all corresponding devices</li>
<li>Recovery key: backup in AZURE Active Directory will be available</li>
<li>VM: support of virtual TPM chip (vTPM). Hyper-V (vNext) with a physical TPM chip could expose it to the virtual machines.</li>
<li>Windows Phone: stand-alone encryption without going through a MDM like Intune, SCCM, ...</li>
</ul>
Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-818284892267443222015-03-16T09:05:00.000+01:002015-03-16T09:05:00.181+01:00[EMET] Disponibilité de la version 5.2<div style="text-align: center;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipmeNh4X7Byzb24AQSmVcymBP-uMU6VIbu5vV4bkR5mEygzoEC3flk6qhR93UtXPPiyR96HCu7LB9LwifP8jjaBfWqQ7ptRBHUS36Fngs6kxYfGsMupfwHwdbMjjxnO_zWc9Hd4LUQ6LjE/s1600/emet-logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipmeNh4X7Byzb24AQSmVcymBP-uMU6VIbu5vV4bkR5mEygzoEC3flk6qhR93UtXPPiyR96HCu7LB9LwifP8jjaBfWqQ7ptRBHUS36Fngs6kxYfGsMupfwHwdbMjjxnO_zWc9Hd4LUQ6LjE/s1600/emet-logo.png" /></a></div>
<span xmlns=""><span style="font-size: 12pt;"> </span></span></div>
<span xmlns=""><br />Microsoft a récemment publié la version 5.2 d'<a href="http://www.microsoft.com/emet">Enhanced Mitigation Experience Toolkit</a> (EMET).</span><br />
<a name='more'></a><span xmlns=""><br />Parmi les nouveautés, l'on peut noter :</span><br />
<ul>
<li><span xmlns=""><b>Control Flow Guard</b> : compilation des DLLs d'EMET avec la fonctionnalité <a href="http://blogs.msdn.com/b/vcblog/archive/2014/12/08/visual-studio-2015-preview-work-in-progress-security-feature.aspx">Control Flow Guard</a> (CFG) de Visual Studio 2015, cette dernière permet la detection et la remediation des attaques de type <a href="http://fr.wikipedia.org/wiki/Hijacking">hijacking</a>. Cette fonctionnalité n'est disponible qu'avec Windows 8.1 et Windows 10.</span></li>
<li><span xmlns=""><b>VBScript in Attack Surface Reduction</b> : la fonctionnalité Attack Surface Reduction (ASR) afin de bloquer toutes extensions VBScript chargée dans la zone Internet avec Internet Explorer. Ceci permet de mitiger les attaques recentes de type "<a href="http://blog.fortinet.com/post/advanced-exploit-techniques-attacking-the-ie-script-engine">VBScript God Mode</a>"</span></li>
<li><span xmlns=""><b>Enhanced Protected Mode/Modern IE</b> : support du mode Enhanced Protected d'Internet Explorer en mode ModernUI ou bureau.</span></li>
</ul>
<span xmlns="">Vous pouvez télécharger cette version à l'adresse suivante : <a href="http://aka.ms/EMET52">http://aka.ms/EMET52</a><br /> </span>Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-53421022519639731742015-03-16T09:00:00.000+01:002015-03-16T09:00:10.864+01:00[EMET] Version 5.2 available<div style="text-align: center;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipmeNh4X7Byzb24AQSmVcymBP-uMU6VIbu5vV4bkR5mEygzoEC3flk6qhR93UtXPPiyR96HCu7LB9LwifP8jjaBfWqQ7ptRBHUS36Fngs6kxYfGsMupfwHwdbMjjxnO_zWc9Hd4LUQ6LjE/s1600/emet-logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipmeNh4X7Byzb24AQSmVcymBP-uMU6VIbu5vV4bkR5mEygzoEC3flk6qhR93UtXPPiyR96HCu7LB9LwifP8jjaBfWqQ7ptRBHUS36Fngs6kxYfGsMupfwHwdbMjjxnO_zWc9Hd4LUQ6LjE/s1600/emet-logo.png" /></a></div>
<span xmlns=""><span style="font-size: 12pt;"> </span></span></div>
<span xmlns=""><br /></span><span xmlns=""><span>Microsoft recently released</span> <a href="http://www.microsoft.com/emet">Enhanced Mitigation Experience Toolkit</a> (EMET) 5.2.</span><br />
<a name='more'></a><span xmlns=""><br />The main new features are:</span><br />
<ul>
<li><span xmlns=""><b>Control Flow Guard</b> : EMET DLL compiled with the <a href="http://blogs.msdn.com/b/vcblog/archive/2014/12/08/visual-studio-2015-preview-work-in-progress-security-feature.aspx">Control Flow Guard</a> (CFG) functionality available in Visual Studio 2015, it allows mitigating <a href="http://en.wikipedia.org/wiki/Hijacking#In_communications_and_computing">hijacking</a> attack. This functionality is available only in Windows 8.1 and Windows 10.</span></li>
<li><span xmlns=""><b>VBScript in Attack Surface Reduction</b> : Attack Surface Reduction (ASR) enhancement in order to block VBScript extension loaded in Internet zone of Internet Explorer. In order to mitigate recent "<a href="http://blog.fortinet.com/post/advanced-exploit-techniques-attacking-the-ie-script-engine">VBScript God Mode</a>" attack.</span></li>
<li><span xmlns=""><b>Enhanced Protected Mode/Modern IE</b> : support of Enhanced Protected for Internet Explorer in Modern or desktop versions.</span></li>
</ul>
<span xmlns="">This version is available for download at the following address: <a href="http://aka.ms/EMET52">http://aka.ms/EMET52</a><br /> </span>Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-8526279216270572102014-12-10T11:24:00.001+01:002014-12-10T11:24:58.324+01:00[UAG] Service Pack 4 Rollup 1<span xmlns=""></span><br />
<div style="text-align: center;">
<span xmlns=""><img alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhM40FlwOOsaI4HCs-NBEcuzXCHTgVjOnmWSz8-q15_46Lc0AFSx1qPVoSVqLGNGgksqiInyLiqOZbSVhuDdLPKj2ArCHDUIvQhCr_2n5f42OCrhYnwRqBOfmBwF8W1uyXtB6HqshVDHeKg/s320/Microsoft_Forefront_UAG.png" /><span style="font-size: 12pt;"><br /> </span></span></div>
<span xmlns=""><br />Microsoft a récemment publié le Rollup 1 du Service Pack 4 de Forefront UAG.</span><br />
<a name='more'></a><span xmlns=""><br />Parmi les nouvelles corrections apportées, l'on peut noter :</span><br />
<ul>
<li><span xmlns="">Fin des problèmes d'accès sur les applications publiées</span></li>
<li><span xmlns="">Correction de l'IP source manquante pour l'event ID 14 dans le Web Monitor</span></li>
<li><span xmlns="">Une meilleure gestion du certificat pour une application hébergée sur un serveur web Apache</span></li>
<li><span xmlns="">Parfois le portail n'était plus accessible</span></li>
<li><span xmlns="">Des correctifs liés au modèle de publication spécifique pour Exchange</span></li>
<li><span xmlns="">Des correctifs liés au modèle de publication spécifique pour SharePoint</span></li>
<li><span xmlns="">Des correctifs liés au modèle de publication spécifique pour RemoteApp</span></li>
<li><span xmlns="">Des correctifs liés au modèle de publication spécifique pour le VPN SSTP</span></li>
<li><span xmlns="">Une erreur d'authentification lorsque le login était fournis en format UPN </span></li>
</ul>
<span xmlns="">Pour une liste détaillée sur les corrections apportées ainsi que pour le télécharger vous pouvez vous rendre sur Microsoft Download Center: <a href="http://support.microsoft.com/kb/2922171">http://support.microsoft.com/kb/2922171</a><br /> </span>Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-50541649534971483062014-12-10T11:23:00.003+01:002014-12-10T11:24:27.251+01:00[UAG] Service Pack 4 Rollup 1 released<span xmlns=""></span><br />
<div style="text-align: center;">
<span xmlns=""><img alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhM40FlwOOsaI4HCs-NBEcuzXCHTgVjOnmWSz8-q15_46Lc0AFSx1qPVoSVqLGNGgksqiInyLiqOZbSVhuDdLPKj2ArCHDUIvQhCr_2n5f42OCrhYnwRqBOfmBwF8W1uyXtB6HqshVDHeKg/s320/Microsoft_Forefront_UAG.png" /><span style="font-size: 12pt;"><br /> </span></span></div>
<span xmlns=""><br />Microsoft recently released Forefront UAG Service Pack 4 Rollup 1.</span><br />
<a name='more'></a><span xmlns=""><br />The main fix are:</span><br />
<ul>
<li>FIX: You are not authorized to access applications published</li>
<li><span xmlns="">FIX: Source IP and user name missing from Event ID 14 in the Web Monitor log file</span></li>
<li><span xmlns="">FIX: "An unknown error occurred while processing the certificate" error when you access an application that is hosted on an Apache web server</span></li>
<li><span xmlns="">FIX: The Forefront Unified Access Gateway portal may be unavailable</span></li>
<li><span xmlns="">Template improvements for Exchange Server 2013</span></li>
<li><span xmlns="">Template improvements for SharePoint Server 2013</span></li>
<li><span xmlns=""><span xmlns="">Template improvements for </span>RemoteApp</span></li>
<li><span xmlns=""><span xmlns="">Template improvements for </span>SSTP VPN</span></li>
<li><span xmlns="">FIX: "Authentication failed" error when you try to log on to Unified Access Gateway by using the UPN format </span></li>
</ul>
<span xmlns="">The rollup and detailed information is now available on Microsoft Download Center: <a href="http://support.microsoft.com/kb/2922171">http://support.microsoft.com/kb/2922171</a><br /> </span>Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-40656455632401373802014-10-02T17:30:00.000+02:002014-10-03T11:35:13.150+02:00[MDOP] MBAM Compliance Data Cleanup Tool 2.5 est disponible !<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoYu4s10kH1Tu6bwdFFbjPLBC8Y43o-D5c_S0zAO05pfsJtYcQPK968EwlBQhyH5WW7gErOlG8hzSsJT8BX04rCCNHnMWsc8fDXXnCxPwlt7O4YRBheAA4oqJCWGv_IyOwBAwDSf2MM3JX/s1600/BitLocker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoYu4s10kH1Tu6bwdFFbjPLBC8Y43o-D5c_S0zAO05pfsJtYcQPK968EwlBQhyH5WW7gErOlG8hzSsJT8BX04rCCNHnMWsc8fDXXnCxPwlt7O4YRBheAA4oqJCWGv_IyOwBAwDSf2MM3JX/s1600/BitLocker.png" height="196" width="200" /></a></div>
<br />
Microsoft a récemment publié la version 2.5 de l'outil MBAM Compliance Data Cleanup Tool (MBAMCDCT) qui apporte la compatibilité avec la version 2.5 de Microsoft BitLocker Administration and Monitoring (MBAM).<br />
<br />
<a name='more'></a><br />
<br />
<!--more-->Parmi les fonctionnalités de MBAMCDCT 2.5 on peut noter le fait de pouvoir nettoyer uniquement la base de l'état de compliance selon les critères suivants :<br />
<ul>
<li>Pour un agent qui n'a pas effectuée de remontée d'information depuis un nombre de jour donné</li>
<li>Pour une liste d'agent donné au travers une ligne de commande, ces derniers étant séparés par une virgule</li>
<li>Pour une liste d'agent fournis dans un fichier texte</li>
</ul>
Ce dernier est bien entendu compatible avec les versions de MBAM 1.0 à la version 2.5 inclus.<br />
De plus cet outil ne touche en aucun cas aux données contenues dans les bases de recouvrement.<br />
<br />
Plus d'information sur cette version à cette adresse : <a href="http://blogs.technet.com/b/askcore/archive/2014/09/03/announcing-public-availability-of-mbam-compliance-data-cleanup-tool-2-5.aspx">http://blogs.technet.com/b/askcore/archive/2014/09/03/announcing-public-availability-of-mbam-compliance-data-cleanup-tool-2-5.aspx</a><a href="http://technet.microsoft.com/en-us/library/dn656930.aspx"></a><br />
<br />
Afin d'obtenir plus d'information pour obtenir cette version : <a href="http://gallery.technet.microsoft.com/MBAM-Compliance-Data-9b4c950d">http://gallery.technet.microsoft.com/MBAM-Compliance-Data-9b4c950d</a><br />
<br />Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-17323819093880969732014-10-02T17:29:00.001+02:002014-10-02T17:29:21.125+02:00[MDOP] MBAM Compliance Data Cleanup Tool 2.5 released !<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoYu4s10kH1Tu6bwdFFbjPLBC8Y43o-D5c_S0zAO05pfsJtYcQPK968EwlBQhyH5WW7gErOlG8hzSsJT8BX04rCCNHnMWsc8fDXXnCxPwlt7O4YRBheAA4oqJCWGv_IyOwBAwDSf2MM3JX/s1600/BitLocker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoYu4s10kH1Tu6bwdFFbjPLBC8Y43o-D5c_S0zAO05pfsJtYcQPK968EwlBQhyH5WW7gErOlG8hzSsJT8BX04rCCNHnMWsc8fDXXnCxPwlt7O4YRBheAA4oqJCWGv_IyOwBAwDSf2MM3JX/s1600/BitLocker.png" height="196" width="200" /></a></div>
<br />
Microsoft recently released the MBAM Compliance Data Cleanup Tool (MBAMCDCT) 2.5 which bring the compatibility with Microsoft BitLocker Administration and Monitoring (MBAM) 2.5.<br />
<br />
<a name='more'></a><br />
<br />
<!--more-->MBAMCDCT 2.5 got the possibility to clean up the compliance database with the following criteria:<br />
<ul>
<li>An agent not reported from an amount of days</li>
<li>A comma separated list of agent using the command line</li>
<li>A list of agent in a specific text file</li>
</ul>
This tool works with MBAM 1.0 to 2.5 versions.<br />
Keep in mind that this tool doesn't delete the recovery data.<br />
<br />
For more information about this tool: <a href="http://blogs.technet.com/b/askcore/archive/2014/09/03/announcing-public-availability-of-mbam-compliance-data-cleanup-tool-2-5.aspx">http://blogs.technet.com/b/askcore/archive/2014/09/03/announcing-public-availability-of-mbam-compliance-data-cleanup-tool-2-5.aspx</a><a href="http://technet.microsoft.com/en-us/library/dn656930.aspx"></a><br />
<br />
You could download this tool here: <a href="http://gallery.technet.microsoft.com/MBAM-Compliance-Data-9b4c950d">http://gallery.technet.microsoft.com/MBAM-Compliance-Data-9b4c950d</a><br />
<br />Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-30442070926701164032014-09-01T09:02:00.000+02:002014-09-01T09:02:00.435+02:00[TechEd] Ma session des TechEd Europe 2014<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnu1IfLaF3dEETLNXpT0qDAIQQO3LejNRzHUcEHCC8e9W0k47yQkfggRtbUjCBR56QhdoIBGcb9LHsO6BppLHLMzbRMC0jgfPgtS9oq5KcBtUjT_Ojgb3bNI-YSukcA22fjp8pnVkWRVF_/s1600/TechEd.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnu1IfLaF3dEETLNXpT0qDAIQQO3LejNRzHUcEHCC8e9W0k47yQkfggRtbUjCBR56QhdoIBGcb9LHsO6BppLHLMzbRMC0jgfPgtS9oq5KcBtUjT_Ojgb3bNI-YSukcA22fjp8pnVkWRVF_/s1600/TechEd.png" height="92" width="640" /></a></div>
<br />
<a href="http://www.maximerastello.com/">Maxime Rastello</a> d'AZEO et moi-même animerons la session suivante aux TechEd Europe 2014 :<br />
<br />
<b>CDP-B375 TWC | Microsoft BitLocker Administration and Monitoring 2.5 Extravaganza</b><br />
<br />
<a name='more'></a><br />
<br />
<b>Animé le</b>: jeudi 30 octobre de 15h15 à 16h30<br />
<b>Speaker(s)</b>: Lionel Leperlier, Maxime Rastello<br />
<b>Track</b>: Cloud and Datacenter Platform<br />
<b>Topic</b>: Microsoft Desktop Optimization Pack, Trustworthy Computing <br />
<br />
<i>Since the end of TrueCrypt, one of the alternatives for data security is BitLocker. Discover the new enterprise implementation of BitLocker, called Microsoft BitLocker Administration and Monitoring (MBAM). We cover all the new features of version 2.5. MBAM simplifies the deployment of BitLocker and enables key recovery, centralizing compliance monitoring and reporting. It also reduces the costs associated with provisioning and supporting encrypted drives within your organization. This session presents feedback and best practices around the new features such as System Center Configuration Manager integration, self-service recovery, PIN complexity, high availability, Windows 8.1 support, and more! </i><br />
<br />
<br />
Je vous donne donc rendez-vous aux TechEd :)
Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-33188904825240693762014-09-01T09:00:00.000+02:002014-09-01T09:00:06.941+02:00[TechEd] My TechEd Europe 2014 session<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnu1IfLaF3dEETLNXpT0qDAIQQO3LejNRzHUcEHCC8e9W0k47yQkfggRtbUjCBR56QhdoIBGcb9LHsO6BppLHLMzbRMC0jgfPgtS9oq5KcBtUjT_Ojgb3bNI-YSukcA22fjp8pnVkWRVF_/s1600/TechEd.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnu1IfLaF3dEETLNXpT0qDAIQQO3LejNRzHUcEHCC8e9W0k47yQkfggRtbUjCBR56QhdoIBGcb9LHsO6BppLHLMzbRMC0jgfPgtS9oq5KcBtUjT_Ojgb3bNI-YSukcA22fjp8pnVkWRVF_/s1600/TechEd.png" height="92" width="640" /></a></div>
<br />
<a href="http://www.maximerastello.com/">Maxime Rastello</a> from AZEO and me will animate the following session at TechEd Europe 2014:<br />
<br />
<b>CDP-B375 TWC | Microsoft BitLocker Administration and Monitoring 2.5 Extravaganza</b><br />
<br />
<a name='more'></a><br />
<br />
<b>On</b>: Thursday 30th October de 3:15PM - 4:30PM<br />
<b>Speaker(s)</b>: Lionel Leperlier, Maxime Rastello<br />
<b>Track</b>: Cloud and Datacenter Platform<br />
<b>Topic</b>: Microsoft Desktop Optimization Pack, Trustworthy Computing <br />
<br />
<i>Since the end of TrueCrypt, one of the alternatives for data security is BitLocker. Discover the new enterprise implementation of BitLocker, called Microsoft BitLocker Administration and Monitoring (MBAM). We cover all the new features of version 2.5. MBAM simplifies the deployment of BitLocker and enables key recovery, centralizing compliance monitoring and reporting. It also reduces the costs associated with provisioning and supporting encrypted drives within your organization. This session presents feedback and best practices around the new features such as System Center Configuration Manager integration, self-service recovery, PIN complexity, high availability, Windows 8.1 support, and more! </i><br />
<br />
See you at the TechEd :)
Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0tag:blogger.com,1999:blog-6901148920352793689.post-4438408359212952862014-07-01T15:28:00.001+02:002014-07-01T15:28:10.007+02:00MVP Forefront 2014<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0SEtfVs0xSBUuLCp5i33JRNNJkLJKEsI6Uu4sgDmlZ8N1d4stWp9LC44VrU31ZRUAK6p-uHjVvi1wHf-7DHfs3Mf3yFw6hyphenhyphen6NchOAIUnP7oS4hQtkNzhI8LH2iDQsDDe0eX3axPlUjvj3/s1600/mvp.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0SEtfVs0xSBUuLCp5i33JRNNJkLJKEsI6Uu4sgDmlZ8N1d4stWp9LC44VrU31ZRUAK6p-uHjVvi1wHf-7DHfs3Mf3yFw6hyphenhyphen6NchOAIUnP7oS4hQtkNzhI8LH2iDQsDDe0eX3axPlUjvj3/s1600/mvp.jpg" /></a></div>
C'est
avec joie que j'ai été récompensé pour le domaine d’expertise Forefront
par Microsoft en tant que Most Valuable Professional pour la quatrième année consécutive. <br />
<br />
Je tiens donc à remercier Microsoft pour avoir renouvelé sa confiance sur ma participation communautaire. Et aussi en particulier ceux qui ont eu le courage de lire mes articles et mes tweets.<br />
<br />
Mon profil MVP est disponible à cette adresse : <br />
<a href="http://mvp.microsoft.com/fr-fr/mvp/Lionel%20Leperlier-4033560">http://mvp.microsoft.com/fr-fr/mvp/Lionel%20Leperlier-4033560</a><a href="http://mvp.microsoft.com/fr-FR/findanmvp/Pages/profile.aspx?MVPID=6ea71dad-def7-4e57-97d3-e8f8fdcc5afd"></a>Lionelhttp://www.blogger.com/profile/06895066857419270957noreply@blogger.com0