Jorge Laurel’s Post

How to recover your Windows hosts impacted by a recent CrowdStrike Falcon sensor? The first solution involves restarting the host and potentially switching to a wired network connection. If the system continues to crash, users can boot into Safe Mode or the Windows Recovery Environment and delete a specific file named "C-00000291.sys"*. The asterisk (*) indicates that there might be variations in the file name suffix, but it will always start with "C-00000291". For public cloud or similar environments, CrowdStrike recommends detaching the operating system disk volume from the impacted virtual server, creating a snapshot, attaching the volume to a new virtual server, deleting the problematic file, and then reattaching the volume to the original server. Alternatively, users can roll back to a snapshot created before a specific date. Recovery options for BitLocker-encrypted hosts Scenario 1: Recovery Key readily available Booting the system normally: If you have your BitLocker recovery key readily available, you might be able to boot the system normally and then proceed with the steps mentioned for non-BitLocker encrypted systems. This would involve deleting the "C-00000291.sys"* file as described earlier. Scenario 2: Recovery Key unavailable Locating the Recovery Key: If you don't have your BitLocker recovery key readily available, you'll need to locate it before proceeding. The recovery key might be stored in your Microsoft account, saved on a separate drive, or provided by your IT administrator. Accessing the Drive with the Recovery Key: Once you have the recovery key, you might need to access a specific boot menu or recovery environment to enter the key and unlock the BitLocker-encrypted drive. This process can vary depending on your Windows version and how BitLocker was originally set up. https://lnkd.in/gi7ppZ4b

New #Windows365 (#CloudPC) features help provide a more secure workspace We are constantly innovating to ensure that #Windows365 continues to provide a #safe environment to #securely stream your #personalized #Windows #desktop, #apps, settings, and #content from the Microsoft Cloud to any device. Windows 365 provides #security in various layers—#identity, #access, and #data—when employees use their Cloud PCs. Existing capabilities like Conditional Access policies help protect user identities and ensure that Cloud PCs are accessed securely from any device. Single sign-on (#SSO), In-session #passwordless authentication, Faster #reauthentication, #MobileApplicationManagement (#MAM), Traceable #watermarking and #screencaptureprotection, Microsoft #Purview Customer Key, Microsoft Purview forensic evidence, #Unidirectional clipboard redirection. Have a suggestion for a new feature or functionality? Post your ideas in the Windows 365 feature requests board, here: https://lnkd.in/dF3WBMkm Read newly added and upcoming features: https://lnkd.in/dtF4p9Re

Want to know more about #CIS and the impact of the new workbench configurations for #Intune managed devices? Then look no further and check out this in depth write up by Nick Benton and I. This article focuses on #BitLocker and what you might need to consider. Watch this space for the next parts in the series! Can't wait!

#AzureDaily Explore deployment considerations for Windows #ZTDNS client! Boost performance, security and reliability in #Azure Private DNS. Enable Secure DNS Policy Module, disable Smart Multi-Homed Name Resolution and IPv6, and get other helpful tips! 🔒💻☁️ #MicrosoftAzure #Networking

CROWD STRIKE ISSUE FIX - These are the official steps from CrowdStrike There are separate fix recommendations for Individual Hosts and Cloud (AWS and Azure) environments. Link to the CrowdStrike official details at the bottom of this post. Individual Hosts: - Boot Windows into Safe Mode or the Windows Recovery Environment - NOTE: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation. - Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory - Locate the file matching “C-00000291*.sys”, and delete it. - Boot the host normally. - Note: Bitlocker-encrypted hosts may require a recovery key. Cloud Hosted Environments: - Detach the operating system disk volume from the impacted virtual server - Create a snapshot or backup of the disk volume before proceeding further as a precaution against unintended changes - Attach/mount the volume to to a new virtual server - Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory - Locate the file matching “C-00000291*.sys”, and delete it. - Detach the volume from the new virtual server - Reattach the fixed volume to the impacted virtual server https://lnkd.in/gjCbCpq3

Are you ready to unleash the full potential of your business? 👀 With Windows 11, Microsoft's latest operating system, you can experience a whole new level of productivity, security, and efficiency. 🔒💻 This cutting-edge platform offers a sleek modern interface, enhanced security features like secure boot and biometric authentication, and seamless integration with cloud services. Plus, it's optimised for multitasking with tools like Snap Layouts and Snap Groups. 🤯 But upgrading to a new OS isn't always smooth sailing. That's why the experts at Regal Cloud are here to guide you through the process, ensuring a hassle-free transition while minimising disruptions. 🌟 From assessing your current IT infrastructure to implementing robust data backup strategies and leveraging modern deployment tools, they've got you covered every step of the way. 💪 Don't miss out on this opportunity to future-proof your business. Unlock the power of Windows 11 and elevate your organization to new heights. 🚀 Click the link to learn more about how Regal Cloud can help you harness the full potential of IT modernization: https://lnkd.in/emewW4Tt

🔄 End of an Era: Microsoft Deprecates Windows Server Update Services (WSUS) 🔄 Microsoft has officially announced that Windows Server Update Services (WSUS) is being deprecated. While the functionality will remain for now, there will be no new features or future updates, and organizations are being encouraged to shift to cloud-based solutions like Microsoft Intune, Windows Autopatch, and Azure Update Manager. This shift brings up an important discussion: I’ve seen several environments where patch management—whether via WSUS or third-party tools—has been misconfigured, leaving servers unpatched for over a year. This is a significant risk that organizations cannot afford to ignore. 🔍 Points to Consider: -Review your patch management setup: Whether you're still using WSUS or moving to cloud-based solutions, it’s crucial to ensure that your patching tools are properly configured. Misconfigurations can leave systems exposed. -Evaluate third-party tools: Many organizations use third-party patch management tools, but are they effectively integrated with your environment? Now is the time to assess their effectiveness. -Continuous monitoring and auditing: It's essential to conduct regular audits to ensure patches are being applied on schedule. A simple configuration mistake can leave critical systems unpatched. If you have Microsoft Defender licenses, you can easily deploy it to gain insights into your patching security posture. With WSUS nearing its end, it’s critical to double-check your patch management strategy and ensure everything is working as expected. #TechTrends #CloudComputing #WSUS #PatchManagement #MicrosoftIntune #Azure #WindowsAutopatch #ITSecurity

#AzureDaily 🚨Known Issue: macOS devices in stealth mode may turn non-compliant with #Microsoft Endpoint Manager #Intune VPN configurations🔧 Workaround: Temporarily disable stealth mode for compliance. Microsoft working on permanent fix🛠️ Follow updates using @IntuneSuppTeam #Azure #MVPBuzz

Druva is "always on" top when things get hairy. Being prepared when the worst strikes is not just good but necessary. Check out this insightful article on navigating events such as the CrowdStrike outage: https://lnkd.in/eRqEHdNc #recovery #data #windows #azure #innovation #cyberrecovery