Author: Steve Burns

In less than 2 hours, determined the root cause of an unexpected AppLocker issue that was effectively bricking computers and developed solution to patch the problem. The cause was a conflict between AppLocker and an untested app control mechanism that a coworker pushed out via a 3rd party MDM tool. The only other alternative at…

Led the incident response team starting at 1:30 AM EST, reducing downtime to 1.5 hours.

Fixed a conditional access error* caused by security enabling an untested conditional access policy on the user device level and the Entra Connect sync user for one of the domains having insufficient privileges, caused by the msds-KeyCredentialLink attribute to not being writable.The security team had enabled Entra Seamless SSO and had blocked unmanaged devices from…

Fixed an Entra Connect Sync issue** that was preventing 40 machines from enrolling into Intune properly. The issue was caused by the Sync service user having insufficient permissions to modify the msds-ConsistencyGUID AD attribute. ** NOTE: 2-3 other team members had spent over a month working on this with no improvement. Other Info: Entra /…

Resolve the stalled migration of a critical database server after the MAC addressed changed which caused the migration agent to crash due to its utilization of the MAC address. MAC Address change was caused by an active NIC on a bonded interface changing from the secondary back to primary.

Resolved complex networking issues between the on-prem and multi account AWS environment during the second phase of an on-prem to AWS migration during a very restricted time window, ensuring a smooth transition to the cloud.

Created a reporting script to show user & group access to folders & shares. Had developed plans to enable the script to automatically run and automatically send the results in an email, when triggered by receiving an email from the reporting team.

Resolved a Sev2 data sync issue for Entra Connect in less than a day. The problem was caused by the security team having excessive permissions to the production Entra / Intune environment and they then consequently enabled policies that killed multiple Entra connected services due to improper permission scoping.

NOC Team reported a Sev1 data leak from a vendor. So I recognized the impact and jumped on the task, despite having ZERO experience managing that aspect of AWS file access and permission. I was able to lock down the inappropriate access in less than 15 minute by creating a new IAM permissions set and…

Created policies and Intune apps to enable the automatic distribution of key software such as the security suite, teams, Chrome, etc.