Information Security

I'm fortunate enough to have application whitelisting in use on our domain using Windows Applocker policies. It does add quite a lot of administrative overhead to manage but I've done a few things to make it easier. The first is an automated whitelisting process using a Powershell script and the Windows Task Scheduler. Task Scheduler runs the Powershell script below every 5 minutes on a domain server and checks a file share in Azure for .exe files. Only Administrators have access to this directory so to add an app to the whitelist we just dump the .exe we want to whitelist into the directory, wait for it to disappear, and then run gpupdate to sync the new policy containing the whitelisted app. This is the Powershell code which the Task Scheduler runs every 5 minutes to monitor the fileshare for new files to whitelist: ======================================================================= # This script will auto-add stuff to the AppLocker Enforce GPO # Parse a direct

To build onto my previous blog post concerning ADMX ingestion in Intune to configure Mozilla Firefox settings I'm going to show you how to auto-install extensions in Firefox with Intune. In this example I'm using the uBlock Origin extension as an example. First you'll need to get the URL of the extension. This is different from Chrome where you just need to get the ID of the extension. The easiest way I found to do this is to open Firefox and go to the Extensions Page  at Mozilla and locate the extensions you want to install. Then right-click and copy the link to the "Add to Firefox" button on the extension page. Save the link for later. Now go to the Custom OMA-URI Settings profile in Intune and add a new row. Configure the fields as follows: Name : Extensions_Install OMA-URI (case sensitive):  ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install Data type (String value)*: <enabled/> <data id="

There's a great  article  explaining how to ingest third party ADMX files into Intune and then configure policy using Intune per the settings in the ADMX file. I had trouble piecing together the OMA-URI using the steps in the article so I'm writing to explain a method I found which I feel is much easier to determine the OMA-URI. After ingesting the ADMX file into Intune assign the profile to a test device and then using Regedit browse to the following location: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault That will list all of the settings along with the OMA-URI paths to include in your Intune profile for the Custom OMA-URI Settings. Just be sure to replace the backslash in the registry path with a forward slash as shown below: