Archive for the ‘EMS’ Category

Unable to upload Android Line-of-business application in Intune

February 23, 2018 Leave a comment

Recently we ran into an issue with Intune when trying to upload an in-house developed line of business application for Android.

The symptoms seen are rather straightforward : when selecting the .apk file, the details like name, platform, version, etc. are not populated automatically and the OK button remains greyed out. As a result the application cannot be uploaded.


Clearly something is missing, but trying to pinpoint the root cause has turned out to be difficult. The actual requirements that an application must meet are, to my knowledge, not documented. This makes it very hard to determine the cause and provide any further details to the application developer in an attempt to further resolve this.

Getting this resolved (with the help from Microsoft support) was twofold :

First we needed to ensure the manifest included platformBuildVersionCode and platformBuildVersionName:


Still we could not upload the .apk until the developer ran through the following steps:

  • Put the following line in android.enableAapt2=false
  • Restart the Gradle daemon by running ./gradlew –stop from the command line
  • Sync gradle settings

For the non-developer (like me) this does not say much, but at this point the .apk file could successfully be uploaded in Intune.

Hope it helps!



Advanced Threat Analytics triggering Symantec Endpoint Protection alert

August 17, 2017 Leave a comment

During a recent proof of concept implementation of Microsoft Advanced Threat Analytics the customer reported a large number of workstations suddenly displaying a notification from Symantec Endpoint Protection.

The notification was indicating unusual traffic with packets originating from the ATA Gateway we had just implemented. An example screenshot is shown below:


As the main purpose of the ATA Gateway is to capture and inspect network traffic from the domain controller, the customer was unsure whether this was legitimate traffic or not. Why would an ATA Gateway send packets to a large number of workstations on the network?

Luckily we could confirm it is legitimate activity – and the rules for Symantec Endpoint Protection could safely be adapted to avoid have these popups again.

Some more background

Next to capturing the Domain Controller network traffic one of the other functions of the ATA Gateway is to perform resolution of network entities. When we inspect the ATA Gateway log files we clearly see the resolution steps taking place. It is the RPC NTLM resolution that actually triggered the alerts on the endpoints.


Backing up our statement above is a note which can be found in the ATA Prerequisites documentation.


Conclusion : make sure to check your other security solutions in place when implementing Advanced Threat Analytics. Without implementing and/or tweaking some rules you may accidently trigger some alerts on a large number of systems and make some security folks nervous.

Until next time!


SCUG New Year Evening Event Speaker

January 21, 2017 Leave a comment

HackerNext week I will be presenting at the first System Center User Group evening for 2017.

Topic will be Advanced Threat Analytics (aka ATA). During the session I will cover the product architecture, how to design and setup an ATA infrastructure, and of course show the product in action during some live demos.

Before wrapping up the session my fellow MVP and SCUG member Kenny Buntinx will also talk about Windows Defender Advanced Threat Protection (aka ATP) which is a related Microsoft security product which also helps to detect, investigate, and respond to advanced and targeted attacks.

Interested in getting to know these 2 products? Registration is still open!

More details here.