filmov
tv
Windows 11 Security Audits using SCCM CMPivot | Who created Local Account | Reset Password Event IDs
Показать описание
Windows 11 #Security Audits using SCCM CMPivot | Who created Local Account | Reset Password Event IDs.
#SCCM CMPivot helps you to use the existing investment to get the real data that you want from SCCM clients for a quick security audit. #ConfigMgr #MEMCM #Windows11 #Security
Modern cloud/hybrid SIEM solutions need event logs to be sent to log analytics or some other storage and analyzed from there.
➡️How SCCM can help with Windows 11 security audit with the helpful CMPivot?
➡️SCCM is not a security audit tool! This is the first point that you must remember!
➡️You can check security audit events from Windows devices to analyze the security risk of a device.
➡️Event ID 4720 for New Local User Account
➡️Created New Local User Account – Use SCCM CMPivot to Perform Security Audits
------------ User Account Management
➡️Event ID 4724 – An attempt was made to reset the Password
➡️Event ID 4724 - An attempt was made to reset an account’s password.
➡️Event ID 4738 - A user account was changed
➡️Event ID 4798 - A user’s local group membership was enumerated
➡️Event ID 4722 - A user account was enabled
============================================
More Blog posts related to SCCM/Intune/Windows 11/Cloud PC/AVD/Hyper-V/Cloud/IT Pro/Azure -
#CloudPC #Windows365 #W365
#SCCM #ConfigMgr #SCCMVideos #SCCMTutorials #SCCMStudyVideos #SCCMFreeTraining #SCCMTraining #HowtoManageDevices
#Intune #MicrosoftIntune #IntuneVideos #IntuneTutorials #IntuneGuide #IntuneStudy #MSIntune #IntuneTraining #HowtoManageDevices
#SCCM CMPivot helps you to use the existing investment to get the real data that you want from SCCM clients for a quick security audit. #ConfigMgr #MEMCM #Windows11 #Security
Modern cloud/hybrid SIEM solutions need event logs to be sent to log analytics or some other storage and analyzed from there.
➡️How SCCM can help with Windows 11 security audit with the helpful CMPivot?
➡️SCCM is not a security audit tool! This is the first point that you must remember!
➡️You can check security audit events from Windows devices to analyze the security risk of a device.
➡️Event ID 4720 for New Local User Account
➡️Created New Local User Account – Use SCCM CMPivot to Perform Security Audits
------------ User Account Management
➡️Event ID 4724 – An attempt was made to reset the Password
➡️Event ID 4724 - An attempt was made to reset an account’s password.
➡️Event ID 4738 - A user account was changed
➡️Event ID 4798 - A user’s local group membership was enumerated
➡️Event ID 4722 - A user account was enabled
============================================
More Blog posts related to SCCM/Intune/Windows 11/Cloud PC/AVD/Hyper-V/Cloud/IT Pro/Azure -
#CloudPC #Windows365 #W365
#SCCM #ConfigMgr #SCCMVideos #SCCMTutorials #SCCMStudyVideos #SCCMFreeTraining #SCCMTraining #HowtoManageDevices
#Intune #MicrosoftIntune #IntuneVideos #IntuneTutorials #IntuneGuide #IntuneStudy #MSIntune #IntuneTraining #HowtoManageDevices
0:20:10
0:08:00
0:23:43
0:00:57
0:01:05
0:10:35
0:03:37
0:10:09
0:52:58
0:03:32
0:02:44
0:02:28
0:04:45
0:08:32
0:01:22
0:04:32
0:00:57
0:12:54
0:23:14
0:02:36
0:09:05
0:08:15
0:05:14
0:04:23