Squadra Technologies secRMM "RequireAzureVC"

Squadra Technologies security Removable Media Manager (secRMM) software is Windows security software that runs on your company’s workstations and servers.

Comment

Inspiration

secRMM continues to secure the use of "removable storage" by requiring the end-user to use "Azure VC" before the "removable storage" device will mount to the Windows Operating System (client: XP -> W11, server: W2003 -> W2022)

What it does

secRMM hooks the "removable storage" mount and calls "Azure VC". Once the end-user verifies himself with "Microsoft Authenticator", the "removable storage" drive or mobile device will be exposed in Windows Explorer and can be used as normal. All of the workflow is logged into the Windows security event log (and the secRMM event log) so security and system administrators can analyze "removable storage" security events. This event data can also be forwarded to "Azure Sentinel" and/or "Microsoft Endpoint Configuration Manager" (SCCM) [and/or Operations Manager (SCOM) and/or Syslog and/or Email and/or SNMP] to be displayed in a security dashboard/workbook. Alerts can also be defined. secRMM has special hooks for Azure Virtual Machines (and on-premise hyper-v instances) as well.

How we built it

The actual REST calls to the "Azure VC Service" are done in the Windows Desktop WPF executable (coded in C#). This executable is launched by the secRMM WMI provider (which impersonates the end-user before it launches the WPF executable).

Challenges we ran into

Mostly just coming up to speed on the terminology. I also had a heck of a time getting the dev tenant up because of the P2 requirement. Also, I could not get the free trial subscription because I have another tenant associated with my credit card.

Accomplishments that we're proud of

I am REALLY excited to show our existing customer base this new security feature in secRMM. We already support "finger print scans", "smart cards", "Azure Intune enrollment of mobile devices" and "login from mobile device [our app]" rules but the "require Azure VC verify" will be a much simpler "configuration and deployment" so I think we will get a lot of interest.

What we learned

I learned about the Azure Key Vault which I think I might be able to use for other features and functions of secRMM.

What's next for Squadra Technologies secRMM "RequireAzureVC"

I have been waiting for the Windows OS to expose (in the win32 WinBio API) the Hello facial recognition (we already are using WinBio fingerprint) but it looks like perhaps we can look at Azure for this api..."who knows, we'll see...maybe Bed-Bath-And-Beyond": quote by "Frank the Tank", movie "Old School". :-)

Built With

Share this project:

Updates