Hey everyone! I recently landed my first full-time job in IT, where I'm helping manage the systems alongside my boss, who is the CISO. I've been getting comfortable with our tools, especially using command-line interfaces and PowerShell for local operations, but I'm feeling a bit overwhelmed with a new task. We need to consolidate our Intune settings catalog policies, which have become pretty messy. We have around 60 different policies that are hard to manage due to naming inconsistencies and some unused entries.
To make things easier, I've been exploring tools to automate this process, but I'm nervous about handling anything that touches the production environment. Right now, I've set up a read-only account to export policy files, but the admin account I need to use is pretty powerful and could do a lot more than just read. My concern is breaking something or accidentally causing a security issue.
I did some preliminary vetting of Intune-Toolkit by running it in a sandbox and checking for malicious behavior, but it's hard to know just from looking at process activity, and the scan I did flagged it as suspicious. So, I'm reaching out for your advice. How do you practice due diligence when making changes in an IT environment or using tools you find online? How should I approach using community tools safely? Thanks a lot!
3 Answers
Remember, you're not alone in this, and oversight is important! Always get approval from your manager before using any new tools in the environment, especially if you’ve got concerns. It's their job to help guide you and ensure security measures are in place. If you think a tool could help, present it to them clearly and ask for their vetted input.
Good idea! Communication is key, especially when you're new. It shows initiative and helps you learn the ropes safely.
When vetting community tools, it's best to understand what the code does. You don't have to be a scripting expert, but being able to read through the code and look up commands can help you spot any potential malicious activity. You can also rely on the reputation of the source; well-known brands are generally safer but be cautious even then. If you're unsure, don’t hesitate to ask for help or advice from more experienced colleagues!
Before running any code, ask yourself:
1. Can I reproduce or understand this code? If not, check its reputation. If it's from a major company, it could be safer.
2. Look for community feedback or usage history, especially on platforms like GitHub. If it's active and well-reviewed, that adds some trust! But if it's from an unknown source, I’d hold back from running it. It's risky to run complex scripts without understanding them at all!
Absolutely! Sometimes just checking the commit history and how many people are contributing can be a good indicator of reliability.
And also keep an eye out for updates or patch notes. If a tool is actively maintained, that's often a good sign!
Thanks for this reassurance! I'll definitely talk to my boss about the tools I'm considering.