VMware Horizon & Zero Clients Enabling Rapid Remote Secure IT Working. Watch the video. #DemoToDeployed #VMware #Horizon #10ZiG #ZeroClient #Secuirty #EUC #InformationSecurity #WorkingFromHome
2020, the year where the country went into lock down. In the UK we were told to work from home. This got me thinking more about options for rapid deployment of remote working without missing end user / device security. […]
2020, the year where the country went into lock down. In the UK we were told to work from home. This got me thinking more about options for rapid deployment of remote working without missing end user / device security.
Lock down and those with laptops and remote access, off they went. The desktop systems users, started looking to purchase laptops, but there was limited availability. The laptop, a great short-term fix, but do not forget the bigger picture, security of end users/devices and working conditions.
Is there an alternative, potentially faster and more secure out the box option which could also be explored? Something which is quick to deploy and manage than the time it takes to build, deploy and lock down a laptop.
Now if you host a Citrix environment or VMware Horizon then you might find you have an alternative option. Consider Thin / Zero Clients, in this example we are looking at the 10ZiG 6000q series offering. One of the nice features that 10ZiG offer is a FREE 10ZiG Manager tool which can control your devices over the internet. Anyone who has used Thin or Zero Clients before will already know that you can centrally manage and apply security controls over all the devices, but maybe you didn’t know an end user could use the device from home with a few tweaks using the cloud agent included in 10 ZiG Manager.
Does you environment already use VMware Horizon? Could you extend your VMware Horizon environment to be internet facing with VMware Unified Access Gateway in place? VMware Unified Access Gateway will allow you to secure external access to your corporate VDI desktops and applications on VMware Horizon® 7 on-premise instance.
However before running out and buying 10ZiG devices for everyone and saving on future laptop and desktop costs, consider the end users and build up scenarios for each type of device. There are various models of 10ZiG devices that can support an office user to a power user. Below you can see some thoughts around how end users might work during lock down.
In the scenarios, I found anyone who previously regularly worked from the office with a desktop could start working from home using a Zero client. The experience is like using a laptop, but I was forced into office working mode.
If you are working from home for long periods of time, things that you may have taken for granted in the office now become a concern for home. People should use an external monitor, keyboard and mouse. Have a comfy chair and desk to work at. Also a more important topic over looked and there isn’t a technical solution to resolve, finding a way of controlling Work and Home life. A desk / dedicated space to work from is the ideal way to identify to yourself the difference between work and home. If you were considering how some one works from home, ship the 10ZiG device with a monitor, keyboard and mouse. A laptop would add flexibility to roam around but you cant enforce a good working environment.
With all the above in mind 10 ZiG offer a FREE demo device to trial for 30days.
So I took this FREE demo, utilised my VMware vExpert skills, connected to the VMware Horizon environment from home and deployed a 10ZiG Zero Client, managed by a cloud agent and running in kiosk mode.
Now, I’ve just completed the trial of a 10ZiG demo device, utilising the kiosk style VMware Horizon end user experience when working from home. If your interested to see how simple the process was, take a moment to watch the 10 min video “Demo to Deployed” by Stephen Hackers.
This video shows how I ordered and configured a demo device and connected to the VMware Horizon desktop when working from home.
vSphere 7 with Kubernetes – Getting Started Guide #HowToGuide #vSphere7 #VMware #Kubernetes
VMware released the new version of vSphere with functionality to build and manage Kubernetes clusters. This series details how to…
Video discussion about VMware and their recent acquisition, security company Octarine. #Security #VMware #Octarine
VMware recently acquired yet another security company Octarine. The acquisition shows again that VMware is taking security extremely seriously. We sat down with Tom Corn, Senior Vice President of Security Products at VMware to talk about this acquisition and also why is VMware taking […]
A collection of all my study notes and lab work while working towards passing the badge Microsoft Certified Security Engineer Associate by passing the AZ-500 exam
These notes are in no order and are not focused towards any exam content other than sharing my experience of configuring and automating security within Azure in the run up to the final exam.
- Azure – Setup Azure Blueprints
- Azure – Advisor
- Azure – AD Identity Protection
- Azure – Install and Configure Antimalware On A Virtual Machine
- Creating Security Baselines In Microsoft Azure
- Azure – Log Analytics Workspace and AzureVirtual Machine Agent Install
- Azure – Access Control and Role Assignment
- Azure – Configure Management Locks – Prevent Accidental Deletion Of Core Resources
- AZURE – Control Storage Access by Networks
- Azure – Update Management
- Azure – Monitoring Alert On Virtual Machine CPU Usage
- Azure – Register An Application in AD and Generate App Password
- Azure – Activity Log
- Azure – Route Tables – How To Force Traffic Down A Specific Route
- Azure – Content Trust in ACR and Roles
- Azure – Creating Key Vaults
- Azure – Create Kubernetes Cluster with ACR Integration
- Azure – Monitor / Alerts – Create Action Group to Notify Admin/User by SMS & Email
- Azure – Security Center and Pricing
- Azure Conditional Access Policies – Greyed Out
- Azure – Configure Web App Custom Domain and TLS
- Azure – Configure Web App and Licenses
- AZ-500: Microsoft Azure Security Technologies – EXAM PASSED!!!
Maintain groups in Azure AD with dynamic groups and set expiration settings.
Example scenario : Controlling remote access to sub contractors working on a short term project. The project owner should remove all access for sub contractors after the project completes
How to guide :
If we combine Dynamic Groups and Expiration settings, we can automatically populate groups and then invoke regular check to maintain groups are still required. Group owners will be reminded regularly to verify groups are required. Owners will have a better understanding of who has access and this help assist with your security policies.
Dynamic Group Example
Steps: Azure Active Directory > New Group > Type : Office 365 > Name, Description, Dynamic User > Owner > Dynamic user Members
Group Name : Sub Contractors – Set the value for department equals “Sub Contractor”
Dynamic User Members – Add Experssion
(user.department -eq “Sub Contractor”)
Configure Group lifetime / Expiration Settings
Steps: Azure Active Directory > Groups > Expiration > Days > No Owner email > Selected > Group > Save
“Renewal notifications are emailed to group owners 30 days, 15 days, and one day prior to group expiration. Group owners must have Exchange licenses to receive notification emails. If a group is not renewed, it is deleted along with its associated content from sources such as Outlook, SharePoint, Teams, and PowerBI.” Info from the portal Expiration settings.
When a very important file stored in OneDrive needs to be monitored. This is how to create an alert on file activity. We specifically want to monitor and alert on any activity done to the specific file by any user.
This example file is called HR.doc and is stored in OneDrive.
This is how we created an alert policy for file activity of the file “HR.doc”.
Open Office 365 Security & Compliance
Alerts > Alert Policies > New Policy
- Status – Enabled
- Severity – Medium
- Category – Information Governance
- Conditions – Activity is File Activity and File name is HR.doc
- Scope – All Users
- Email Recipients – email address
- Limit the number of notifications – optional. 5 in this example
Test the alert by trying to modify or access the file.
Alert email notification as shown below.
This logs an alert which then should be reviewed and investigated
Action the Alert
If you’re doing some compliance investigation work, you may need to search a user’s mailbox for specific words.
This is how To Search Email Content in Office 365 Security & Compliance for a specific user which sent email containing a specific word then export results.
Reference guides – Content search
Microsoft Docs Content Search
Microsoft Docs Export Search
Content Search : How to search a mailbox for specific keywords and export the data
Mircosoft 365 Admin Center -> Compliance Admin Center
Content Search > + New Search
New Search > Keywords “Blog” example > Specific Locations > Modify > Choose Users, Groups or Teams
Enter users name > Select > Choose
Done > Save > Save & Run > Save Search
This search will trigger a default alert email to be sent out
Next step, Export the results
Unable to preview results problem or export?
If you cannot preview, you need to add a role to the user account, eDiscovery Administrator role (Example) or eDiscovery Manager for specific cases / Compliance Admin / Compliance Data Administrator
You must sign out and sign in for the groups to take effect.
Now back to the search
After the you can see the preview, now you can click Export
Click Export > ReportsOnly or Export > Copy to clipboard export key > Download report > Install eDiscovery Export Tool
Export tool installs
Use the Export Key and Set a directory.
Now you can open the report exported