Day 11 Practical Exercises and Review PDF

Summary

This document provides practical exercises and review questions for network troubleshooting, covering topics like connectivity issues, ping tests, DNS resolution, firewall checks, and more.

Full Transcript

**1. Hands-on Practice with Advanced Troubleshooting**

- **Topics**:

- **Network Troubleshooting**:

- Connectivity issues, ping tests, and using tools like
Wireshark.

- Troubleshooting firewall policies, port blocking, and VPN
connectivity issues.

1. ***Ping Test**: Run a ping test to the website\'s IP address (e.g.,
ping \).*

- *If it responds, the connectivity to the IP is intact.*

- *If no response, check for DNS or routing issues.*

2. ***DNS Test**: Use nslookup or dig to verify DNS resolution.*

- *If DNS fails, check DNS settings or switch to a different DNS
server.*

3. ***Firewall Check**: Ensure the firewall isn't blocking access to
the website's IP or domain.*

4. ***TCPing Test**: Use tcping \ \ to see if the
web server port (usually 80 or 443) is open.*

5. ***Browser Test**: Try accessing the website in different browsers
or with extensions disabled.*

1. ***Ping Gateway**: Run a continuous ping test to the default gateway
to check for packet loss.*

2. ***Check Cable or Wi-Fi**: Inspect the Ethernet cable or Wi-Fi
signal strength for possible hardware issues.*

3. ***IP Conflicts**: Run arp -a to check for duplicate IPs on the
network.*

4. ***Network Driver**: Update the network adapter driver to the latest
version.*

5. ***Firewall Logs**: Check firewall logs for potential connection
blocking on specific IPs or ports.*

1. ***Check VPN IP Address**: Ensure the user receives an IP in the VPN
subnet.*

2. ***Ping Internal Resources**: Attempt to ping internal IPs to verify
connectivity.*

3. ***Firewall Policy**: Confirm that the firewall policy allows VPN
users to access internal resources.*

4. ***DNS Settings**: Verify if VPN is using correct DNS for internal
domain resolution.*

5. ***Route Table**: Run route print to check if proper routes to
internal subnets are present.*

1. ***Ping Test**: Ping the server to measure round-trip time and
identify any packet loss.*

2. ***Traceroute**: Use tracert or traceroute to identify latency
points in the network path.*

3. ***TCPing to Specific Port**: Run tcping to see if there's a delay
in connection establishment.*

4. ***Bandwidth Test**: Perform a speed test to check the network's
current bandwidth.*

5. ***QoS Settings**: Verify Quality of Service (QoS) settings if
available, especially on network devices.*

1. ***Ping File Server**: Verify that the server is reachable by
pinging its IP address.*

2. ***Check Port 445**: Use tcping to ensure that port 445 (SMB) is
open and accessible.*

3. ***DNS Resolution**: Confirm that the server's hostname resolves
correctly using nslookup.*

4. ***Firewall Rules**: Check if the firewall allows traffic on port
445 for SMB.*

5. ***User Permissions**: Ensure the user has appropriate permissions
for the network share.*

1. ***Ping VPN Gateway**: Ensure that the VPN gateway is reachable.*

2. ***Firewall Port Check**: Confirm the required VPN ports (e.g., 443,
500, 4500) are open on the firewall.*

3. ***Check VPN Credentials**: Ensure that the VPN credentials are
correct.*

4. ***Firewall Policy**: Verify the firewall policy permits VPN
traffic.*

5. ***TCPing on VPN Port**: Use tcping on the specific VPN port to
confirm connectivity to the gateway.*

1. ***Ping the Site's IP**: Run a ping test to the intranet server's
public IP.*

2. ***Check Port Forwarding**: Ensure that the router's port forwarding
rules point to the intranet server's IP.*

3. ***Firewall Rules**: Verify firewall rules allow external
connections to the site's port.*

4. ***TCPing Test**: Use tcping \ \ to confirm that the web
server port is accessible externally.*

5. ***ISP Block**: Check with the ISP to ensure they aren't blocking
incoming connections on the required port.*

1. ***Ping Test**: Ping the gateway to check for packet loss or high
latency.*

2. ***Check Bandwidth Usage**: Use tools to monitor network bandwidth
and identify potential hogs.*

3. ***QoS or Throttling**: Check for any QoS settings or throttling
policies on the network.*

4. ***TCPing for Latency**: Use tcping to measure latency to key
services or websites.*

5. ***Network Adapter Settings**: Verify that the user's network
adapter settings (like speed and duplex) are correct.*

1. ***Ping Remote Host**: Check connectivity to the remote machine's IP
address.*

2. ***Firewall Policy**: Ensure that the firewall policy permits RDP
(usually on port 3389) through the VPN.*

3. ***TCPing on Port 3389**: Use tcping \ 3389 to confirm that the
RDP port is open.*

4. ***Check Routing Table**: Ensure proper routing between the VPN
subnet and internal network.*

5. ***Remote Access Permissions**: Verify that the user has permission
to access the remote desktop.*

1. ***Ping Device IP**: Confirm the device's IP is reachable on the
network.*

2. ***TCPing on Management Port**: Use tcping on the management port
(e.g., 22 for SSH, 80 for HTTP) to check connectivity.*

3. ***Firewall Configuration**: Ensure firewall rules allow management
traffic from the monitoring server to devices.*

4. ***Check SNMP/SSH Settings**: Verify that SNMP or SSH (if used) is
enabled and properly configured on the devices.*

5. ***Update Device Firmware**: Sometimes, firmware updates can resolve
network or management accessibility issues.*

- **Desktop Troubleshooting**:

- Handling common issues with operating system errors,
software conflicts, and performance issues.

1. ***Check Task Manager**: Identify any applications or background
processes using excessive CPU, memory, or disk resources.*

2. ***Disable Startup Programs**: Reduce the number of applications
that start with Windows using Task Manager\'s \"Startup\" tab or the
System Configuration tool (msconfig).*

3. ***Run Disk Cleanup**: Clear temporary files and unnecessary system
files.*

4. ***Check for Malware**: Run a full antivirus scan to rule out
malware.*

5. ***Update or Reinstall Drivers**: Ensure that device drivers
(especially graphics and chipset) are up-to-date.*

1. ***Check for Application Updates**: Ensure the application is
up-to-date.*

2. ***Clear Temporary Files**: Delete temporary files that may be
causing conflicts (using Disk Cleanup or the application's
settings).*

3. ***Check Event Viewer**: Look for error logs in Event Viewer under
\"Application\" to identify specific error codes.*

4. ***Run in Compatibility Mode**: If the app is outdated, try running
it in compatibility mode for an older OS version.*

5. ***Reinstall the Application**: Uninstall and reinstall the
application to replace any corrupted files.*

1. ***Record Error Code**: Take note of the BSOD error code for more
specific troubleshooting.*

2. ***Check for Recent Changes**: Identify if any new drivers,
hardware, or updates were recently installed.*

3. ***Run System File Checker**: Use the sfc /scannow command in
Command Prompt to check for and repair corrupted system files.*

4. ***Update Drivers**: Ensure all drivers, especially graphics and
chipset drivers, are up-to-date.*

5. ***Use Windows Memory Diagnostic**: Run a memory test to rule out
faulty RAM as the cause.*

1. ***Check Printer Connection**: Ensure the printer is powered on and
properly connected to the computer or network.*

2. ***Restart Print Spooler Service**: In \"Services,\" restart the
Print Spooler service.*

3. ***Update Printer Drivers**: Ensure the printer driver is up-to-date
and compatible with the OS.*

4. ***Set Printer as Default**: In \"Devices and Printers,\" make sure
the correct printer is set as the default.*

5. ***Test with Another Application**: Try printing from a different
application to see if the issue is specific to one program.*

1. ***Check Physical Connections**: Verify that the network cable is
securely plugged in, or check Wi-Fi signal strength.*

2. ***Run Network Troubleshooter**: Use Windows Network Troubleshooter
to automatically diagnose and fix common issues.*

3. ***Flush DNS and Reset TCP/IP Stack**: Use ipconfig /flushdns and
netsh int ip reset commands.*

4. ***Disable Firewall Temporarily**: Temporarily disable the firewall
to check if it\'s blocking the connection.*

5. ***Test with Another Device**: Confirm if the issue is with the
network or specific to the user's desktop.*

1. ***Check BIOS/UEFI Settings**: Ensure that the correct boot device
is selected.*

2. ***Boot into Safe Mode**: Try booting into Safe Mode to bypass
problematic startup items.*

3. ***Perform Startup Repair**: Use the Windows Recovery Environment to
run Startup Repair.*

4. ***Run Disk Check**: Use chkdsk /f to check for and repair disk
errors.*

5. ***Restore from a System Restore Point**: If recent changes are
suspected, use System Restore to roll back to a previous stable
state.*

1. ***Run Compatibility Troubleshooter**: Use the "Troubleshoot
Compatibility" option in the application's properties.*

2. ***Install Compatibility Mode**: Set the application to run in
compatibility mode for an older version of Windows.*

3. ***Update or Find Alternative Software**: If possible, update the
software to a compatible version or find a suitable alternative.*

4. ***Check Administrator Permissions**: Run the application as an
administrator if permissions are an issue.*

5. ***Use Virtualization**: If essential, consider using a virtual
machine with a compatible OS version.*

1. ***Run Disk Cleanup**: Delete unnecessary files, including system
and temporary files.*

2. ***Uninstall Unused Applications**: Remove programs that are no
longer needed.*

3. ***Move Files to External Storage**: Transfer large files to an
external drive or cloud storage.*

4. ***Enable Storage Sense**: Use Windows Storage Sense to
automatically manage disk space.*

5. ***Check for Large Hidden Files**: Look for hidden files that may be
taking up space, such as large log files.*

1. ***Check Password Expiry**: Ensure the user's password has not
expired, especially in domain environments.*

2. ***Reset User Password**: Temporarily reset the user's password if
they are locked out.*

3. ***Check Login Attempt Logs**: Look in Event Viewer for logs that
might indicate failed login attempts.*

4. ***Verify Network Connection**: Ensure the system is connected to
the network if the login requires domain authentication.*

5. ***Disable Cached Credentials**: Clear any saved credentials that
might be conflicting with the current login.*

1. ***Check File Properties**: Right-click the file or folder, go to
\"Properties,\" and verify permissions under the \"Security\" tab.*

2. ***Take Ownership of File/Folder**: Take ownership of the file or
folder if access is restricted.*

3. ***Grant Appropriate Permissions**: Adjust permissions to allow the
user full access if necessary.*

4. ***Check for Encryption**: If the file is encrypted, ensure the user
has the correct encryption key.*

5. ***Confirm Network Drive Access**: If the file is on a network
drive, confirm that the user has the correct permissions on the
network.*

- **Firewall and Security Troubleshooting**:

- Configuring firewall rules, diagnosing access issues, and
understanding threat logs.

- Practical with FortiClient VPN troubleshooting.

- ***Issue**: A user reports they cannot access a particular website.*

- ***Troubleshooting Steps**:*

1. ***Check Firewall Policies**: Confirm that there is no firewall
rule blocking access to the website\'s IP address or URL.*

2. ***Inspect Web Filtering Logs**: Look for any web filtering
policies that might be blocking the category or the URL.*

3. ***Test Website Access**: Attempt to access the website from
another network to confirm it is not down.*

4. ***Check DNS Settings**: Verify that DNS is resolving the
website correctly, as DNS blocks can also affect access.*

5. ***Create an Exception Rule**: If needed, create a specific rule
that allows access to the website.*

- ***Issue**: After updating firewall rules, specific application
traffic is now blocked.*

- ***Troubleshooting Steps**:*

1. ***Review Recent Rule Changes**: Identify any recent changes to
firewall rules that may have affected the application's
traffic.*

2. ***Analyze Logs**: Use the firewall logs to see if the
application traffic is being denied.*

3. ***Verify Application Ports**: Confirm which ports the
application uses and ensure they are allowed in the firewall
rule.*

4. ***Test Traffic with Temporary Rule**: Create a temporary rule
that allows all traffic from the application's IP range to
verify if traffic flows correctly.*

5. ***Adjust Specific Rules**: Modify the firewall rule to permit
only the necessary ports and protocols for the application.*

- ***Issue**: Threat logs show multiple unauthorized access attempts
from a specific IP.*

- ***Troubleshooting Steps**:*

1. ***Identify Source IP**: Use the threat log details to identify
the IP attempting unauthorized access.*

2. ***Block IP Address**: Create a firewall rule to block incoming
traffic from the suspicious IP.*

3. ***Check for Existing Vulnerabilities**: Verify if there are any
open or vulnerable services that could be targeted.*

4. ***Enable Geo-IP Blocking** (if applicable): Restrict access to
specific countries if the IP is from a suspicious region.*

5. ***Monitor for Further Attempts**: Continue monitoring the
threat logs to detect any new attempts.*

- ***Issue**: The user can connect to the VPN, but cannot access
internal resources.*

- ***Troubleshooting Steps**:*

1. ***Verify VPN Policy**: Ensure that the VPN policy permits
access to internal networks.*

2. ***Check Split Tunneling**: Confirm if split tunneling is
enabled, and ensure that internal IP ranges are routed through
the VPN.*

3. ***DNS Configuration**: Verify if internal DNS settings are
correctly assigned to the VPN client.*

4. ***Inspect Firewall Rules**: Make sure there is a rule allowing
traffic from the VPN subnet to internal subnets.*

5. ***Run a Traceroute**: From the client machine, run a traceroute
to check the path to internal resources and identify where the
traffic is blocked.*

- ***Issue**: A remote user cannot establish a connection to the VPN.*

- ***Troubleshooting Steps**:*

1. ***Check FortiClient VPN Configuration**: Ensure the VPN server
address, username, and password are correct.*

2. ***Verify User Permissions**: Check if the user has been granted
VPN access on the firewall or VPN server.*

3. ***Inspect Firewall Port Settings**: Confirm that the necessary
ports (e.g., 443 or 500/4500 for IPsec) are open on the
firewall.*

4. ***Update FortiClient**: Ensure the user is using the latest
version of the FortiClient VPN software.*

5. ***Check Logs for Errors**: Review the VPN logs for specific
error messages to identify the root cause.*

- ***Issue**: An internal service is unreachable following a firewall
rule change.*

- ***Troubleshooting Steps**:*

1. ***Review Recent Changes**: Identify the exact rule changes made
that could impact internal traffic.*

2. ***Check Service Ports**: Confirm that the required ports for
the internal service are allowed.*

3. ***Inspect Network Segmentation**: Ensure there are no
restrictions between network segments that the service relies
on.*

4. ***Test with Temporary Access**: Temporarily allow all internal
traffic to see if the service becomes reachable.*

5. ***Adjust Firewall Rules**: Refine the firewall rules to allow
only specific traffic for the service.*

- ***Issue**: High traffic from an unusual IP is detected in threat or
traffic logs.*

- ***Troubleshooting Steps**:*

1. ***Identify Source IP Details**: Look up the IP address to see
if it's from a known malicious source.*

2. ***Block IP Temporarily**: Create a temporary block rule for the
IP address.*

3. ***Analyze Traffic Pattern**: Review logs to see what type of
traffic the IP is generating.*

4. ***Inspect Potential Compromise**: Verify if any internal
devices have been compromised and are sending unusual traffic.*

5. ***Implement Permanent Block if Necessary**: If the IP continues
to generate high traffic, permanently block it.*

- ***Issue**: A new server on the network cannot connect to the
internet.*

- ***Troubleshooting Steps**:*

1. ***Verify IP and Gateway Configuration**: Ensure the server has
the correct IP address and gateway settings.*

2. ***Inspect Outbound Rules**: Check if there is an outbound rule
that allows internet access for the server's subnet.*

3. ***Check NAT Configuration**: Verify that NAT is configured to
allow the server to route internet-bound traffic.*

4. ***Check Firewall Logs**: Look for any blocked traffic from the
server in the firewall logs.*

5. ***Test Connection with Ping/Traceroute**: Use ping and
traceroute to diagnose where the connection is failing.*

- ***Issue**: A user's account is locked due to repeated failed login
attempts on the VPN.*

- ***Troubleshooting Steps**:*

1. ***Unlock User Account**: Use the user management console to
unlock the account.*

2. ***Verify User Credentials**: Confirm the user is using the
correct username and password.*

3. ***Check Account Lockout Policy**: Review the VPN or firewall
settings to adjust the lockout threshold if necessary.*

4. ***Analyze Login Logs**: Look at the VPN login logs to identify
if there were legitimate login attempts or brute-force
attempts.*

5. ***Educate the User**: If necessary, provide the user with
instructions on entering credentials correctly to avoid
lockout.*

- ***Issue**: A security audit reveals open ports that should not be
accessible externally.*

- ***Troubleshooting Steps**:*

1. ***Identify Open Ports**: Review the firewall configuration to
identify the open ports flagged by the audit.*

2. ***Verify Port Requirements**: Confirm if these ports are
essential for any application or service; if not, close them.*

3. ***Limit External Access**: If the ports are necessary, restrict
access to specific IP addresses.*

4. ***Enable Logging for Open Ports**: Set up logging to monitor
access attempts on these ports.*

5. ***Implement Regular Port Scans**: Schedule routine scans to
identify any unexpected open ports in the future.*

- **Microsoft 365 Components** (OneDrive, SharePoint, Email):

- Resolving sync issues, permissions, and file access errors
in OneDrive and SharePoint.

- Common email issues (e.g., message delivery failure,
attachment restrictions).

- ***Scenario**: A user reports that their files are not syncing
between OneDrive on their local device and the cloud.*

- ***Troubleshooting Steps**:*

1. *Verify the user is signed in with the correct Microsoft 365
account in OneDrive.*

2. *Check for any paused sync status and resume sync if needed.*

3. *Ensure there is enough disk space on the local device.*

4. *Clear the OneDrive cache or reset the OneDrive app.*

5. *Check the OneDrive sync client version and update if
necessary.*

6. *Ensure that no files have restricted characters or names that
may cause sync issues.*

- ***Scenario**: A user receives a shared link to a OneDrive file but
cannot access it.*

- ***Troubleshooting Steps**:*

1. *Verify the sharing permissions of the file (e.g., view or edit
access).*

2. *Ensure the link was shared with the user's correct email
address.*

3. *Check if the file has been restricted to specific people and if
the user is on the list.*

4. *Confirm if the file owner has restricted external sharing if
the user is from outside the organization.*

5. *Re-share the file with the appropriate permissions.*

- ***Scenario**: A user tries to access a SharePoint document library
but encounters an \"Access Denied\" error.*

- ***Troubleshooting Steps**:*

1. *Verify that the user has been granted permission to the
SharePoint site.*

2. *Check if the document library has unique permissions and ensure
the user has access.*

3. *Confirm that the user's Microsoft 365 account is active and not
locked.*

4. *Clear the user's browser cache and try accessing SharePoint in
a different browser.*

5. *If permissions are correct, ask the user to log out and log
back into Microsoft 365.*

- ***Scenario**: A user cannot sync a SharePoint document library to
their local device.*

- ***Troubleshooting Steps**:*

1. *Confirm that OneDrive is installed and connected with the
correct account.*

2. *Verify that the user has sync permissions for the SharePoint
library.*

3. *Restart OneDrive and try to initiate the sync again.*

4. *Clear the OneDrive cache or reset OneDrive if necessary.*

5. *Check if the library exceeds the file count or size limit
(e.g., more than 5,000 items can cause issues).*

- ***Scenario**: A user reports that emails sent to an external domain
are bouncing back.*

- ***Troubleshooting Steps**:*

1. *Review the bounce-back message for specific error codes or
reasons.*

2. *Confirm that the recipient\'s email address is correct and
valid.*

3. *Check if the external domain has been blocked by the
organization's email policy.*

4. *Verify that the user's mailbox is not over its storage limit.*

5. *Test sending to other external domains to determine if the
issue is specific to one domain.*

- ***Scenario**: A user cannot send an email because of a large
attachment.*

- ***Troubleshooting Steps**:*

1. *Check the attachment size and compare it to the Microsoft 365
attachment size limit.*

2. *Suggest uploading the attachment to OneDrive or SharePoint and
sharing a link instead.*

3. *If available, use a file compression tool to reduce the file
size.*

4. *Confirm that the email client (e.g., Outlook) is updated to the
latest version.*

5. *Review email policies to ensure there are no custom size
restrictions.*

- ***Scenario**: A user reports duplicate files appearing in OneDrive,
often with "PC" or "Conflict" added to the file names.*

- ***Troubleshooting Steps**:*

1. *Confirm if multiple users are editing the same file at the same
time.*

2. *Check if the user is accessing OneDrive files from multiple
devices simultaneously.*

3. *Instruct the user to save and close files before switching
devices.*

4. *Identify the duplicate files and help the user consolidate the
changes.*

5. *Suggest using version history in OneDrive to resolve conflicts
and restore previous versions if needed.*

- ***Scenario**: A user reports they can no longer edit files in a
SharePoint library they previously had access to.*

- ***Troubleshooting Steps**:*

1. *Verify if there have been any recent permission changes on the
SharePoint site.*

2. *Check if unique permissions have been applied to specific files
or folders within the library.*

3. *Confirm that the user's group or role still has edit
permissions on the library.*

4. *Review any recent changes in the user's account status (e.g.,
reactivation).*

5. *Reapply edit permissions to the affected user or group if
necessary.*

- ***Scenario**: A user reports Outlook is unable to connect to their
Microsoft 365 mailbox.*

- ***Troubleshooting Steps**:*

1. *Check the user's internet connection to ensure stable
connectivity.*

2. *Verify that the user is logged into Outlook with their
Microsoft 365 account.*

3. *Ensure that no recent password changes have caused credential
mismatches.*

4. *Check for any service issues with Microsoft 365 Exchange.*

5. *Clear Outlook\'s cache or recreate the profile if the issue
persists.*

- ***Scenario**: A user tries to access a file shared via OneDrive but
receives a notification that the link has expired.*

- ***Troubleshooting Steps**:*

1. *Confirm the link settings with the file owner (e.g., expiration
date and permissions).*

2. *Ask the file owner to recreate the sharing link if it has
expired.*

3. *Verify if organization policies limit sharing link duration and
adjust if needed.*

4. *Suggest using a more permanent sharing method, such as direct
permission assignment, if frequent access is needed.*

5. *Educate the user about link expiration settings to avoid
similar issues in the future.*

- **Antivirus and Security Measures**:

- Troubleshooting Microsoft Defender policies, scanning, and
malware removal.

- ***Problem**: A policy configured in Microsoft Defender is not
applying to an endpoint.*

- ***Troubleshooting Steps**:*

1. *Check if the device is properly enrolled in Intune and
associated with the correct group.*

2. *Verify that the policy is correctly configured and deployed to
the target group.*

3. *Ensure the device is connected to the network and has a stable
internet connection.*

4. *Confirm that the device is compliant with all other configured
policies.*

5. *Restart the device and check if the policy is applied after
reboot.*

6. *Review logs in Microsoft Defender for Endpoint and Intune for
any errors or conflicts.*

- ***Problem**: Real-time protection is disabled and cannot be
re-enabled.*

- ***Troubleshooting Steps**:*

1. *Check if there are any other antivirus solutions installed that
may conflict with Defender.*

2. *Confirm that real-time protection is enabled in the Microsoft
Defender policy settings.*

3. *Look for Windows updates that might have caused compatibility
issues; apply the latest updates.*

4. *Open Windows Security and try enabling real-time protection
manually.*

5. *Check Event Viewer for Defender-specific errors and resolve
them accordingly.*

6. *If unresolved, try resetting the Defender app using
PowerShell.*

- ***Problem**: Defender scan fails or stops midway.*

- ***Troubleshooting Steps**:*

1. *Clear temporary files to free up system resources.*

2. *Run a quick scan to identify if any immediate threats are
causing the issue.*

3. *Check if any third-party security software is conflicting;
temporarily disable or remove it.*

4. *Restart the system and retry the scan.*

5. *Use PowerShell to run Start-MpScan -ScanType FullScan to
initiate the scan.*

6. *If the problem persists, review Windows Event Viewer for
detailed error logs.*

- ***Problem**: Webroot is falsely identifying legitimate software as
a threat and blocking it.*

- ***Troubleshooting Steps**:*

1. *Open Webroot and check the quarantine or detection history for
the blocked application.*

2. *Add the application to Webroot's allowlist to prevent future
blocks.*

3. *Verify if the application has a digital signature to confirm
legitimacy.*

4. *Report the application as a false positive to Webroot's support
for analysis.*

5. *Run a full system scan to ensure no other threats are present.*

6. *Update Webroot to the latest version to reduce false
positives.*

- ***Problem**: Kaspersky is using excessive resources, slowing down
the system.*

- ***Troubleshooting Steps**:*

1. *Open Kaspersky settings and disable any unnecessary background
tasks or additional features.*

2. *Update Kaspersky to the latest version to ensure optimal
performance.*

3. *Check system resources in Task Manager to identify high usage
by Kaspersky components.*

4. *Configure Kaspersky to run scans at low-priority times.*

5. *Add commonly used programs to Kaspersky's trusted applications
to reduce scanning load.*

6. *Restart the system and monitor performance after making
adjustments.*

- ***Problem**: Defender detected malware but couldn't fully remove
it.*

- ***Troubleshooting Steps**:*

1. *Run Defender's Offline Scan to try removing persistent
threats.*

2. *Check if real-time protection is enabled and attempt to re-scan
the system.*

3. *Use PowerShell to remove the malware with Remove-MpThreat.*

4. *Download and run Microsoft Safety Scanner or Malwarebytes for
additional cleanup.*

5. *Manually delete suspicious files or registry entries if
identified.*

6. *Reboot the system and check if the threat has been removed.*

- ***Problem**: Endpoint's SentinelOne agent is not connecting to the
management console.*

- ***Troubleshooting Steps**:*

1. *Confirm the endpoint has an active internet connection.*

2. *Verify that the agent version on the endpoint is up-to-date.*

3. *Check if there's any firewall or network setting blocking
SentinelOne's communication.*

4. *Restart the SentinelOne agent service on the endpoint.*

5. *Re-enroll the device in SentinelOne if necessary.*

6. *Contact SentinelOne support if connectivity issues persist.*

- ***Problem**: Webroot fails to update its virus definitions.*

- ***Troubleshooting Steps**:*

1. *Check the internet connection and firewall settings that may
block Webroot's update servers.*

2. *Ensure there is enough disk space for downloading updates.*

3. *Manually initiate the update from Webroot's settings menu.*

4. *Restart the Webroot application and attempt the update again.*

5. *Uninstall and reinstall Webroot if the issue remains.*

6. *Contact Webroot support for further assistance if the problem
persists.*

- ***Problem**: Defender is disabled by Group Policy and grayed out.*

- ***Troubleshooting Steps**:*

1. *Open the Group Policy Editor and navigate to **Computer
Configuration \> Administrative Templates \> Windows
Components \> Microsoft Defender Antivirus**.*

2. *Set **Turn off Microsoft Defender Antivirus** to \"Not
Configured\" or \"Disabled.\"*

3. *Run gpupdate /force in Command Prompt to apply policy changes.*

4. *Restart the system and check if Defender is re-enabled.*

5. *If managed by Intune, ensure Defender settings in Intune do not
conflict with Group Policy.*

6. *Verify with IT admin if changes to Group Policy require
additional permissions.*

- ***Problem**: Kaspersky is not initiating scans on external drives.*

- ***Troubleshooting Steps**:*

1. *Open Kaspersky settings and navigate to scan options.*

2. *Ensure that \"Scan external drives\" is enabled under scan
settings.*

3. *Connect an external drive and manually initiate a scan to
confirm settings.*

4. *Update Kaspersky to ensure compatibility with external storage
devices.*

5. *Check if the device is recognized correctly in the operating
system.*

6. *Restart the system if the issue persists and try scanning
again.*

**2. Scenario-based Exercises for Microsoft 365 and Device Management**

- **Activities**:

- **Microsoft 365 Administration**:

- Case studies on managing users, permissions, and resolving
access issues.

- Scenarios involving Conditional Access policies and security
alerts.

- ***Problem**: A user reports being unable to access their Outlook
account, receiving a \"Something went wrong\" error.*

- ***Troubleshooting Steps**:*

1. *Verify the user\'s account status in the Microsoft 365 Admin
Center (e.g., account not locked, no password expiry).*

2. *Check if there are Conditional Access policies restricting
access from certain locations or devices.*

3. *Ensure the user has an active Outlook license assigned.*

4. *Confirm the user is not blocked by any sign-in risk policies.*

5. *Instruct the user to clear cache or try accessing Outlook in a
private browser window.*

- ***Problem**: A user cannot access a SharePoint site they previously
had access to.*

- ***Troubleshooting Steps**:*

1. *Check if the user's permissions were recently modified or
removed on the SharePoint site.*

2. *Review the site permissions and confirm the user is a member of
the correct group.*

3. *Ensure the user's account is still active and licensed for
SharePoint.*

4. *Verify if there are any Conditional Access policies restricting
access to SharePoint.*

5. *Check for any recent security or compliance policies affecting
SharePoint access.*

- ***Problem**: A user reports that they are not receiving MFA prompts
when signing in.*

- ***Troubleshooting Steps**:*

1. *Confirm MFA is enabled for the user under Azure Active
Directory (Azure AD) \> Users \> Multi-Factor Authentication.*

2. *Check if there is a Conditional Access policy requiring MFA and
confirm it applies to the user.*

3. *Verify that the user's authentication method (e.g., mobile
phone, authenticator app) is correctly configured.*

4. *Ask the user to try a different MFA method if multiple methods
are available.*

5. *If the issue persists, reset the user's MFA setup and have them
reconfigure it.*

- ***Problem**: A user cannot access OneDrive from their personal
device, but they can access it from their work device.*

- ***Troubleshooting Steps**:*

1. *Check if Conditional Access policies restrict access to
OneDrive from unmanaged devices.*

2. *Review the user's access permissions and ensure they are part
of any necessary device compliance groups.*

3. *Verify if the user's personal device meets the organization\'s
compliance requirements (e.g., antivirus, encryption).*

4. *Confirm if there are any session controls configured to limit
OneDrive access on unmanaged devices.*

5. *If needed, advise the user to add their personal device as a
managed device or use the Microsoft 365 app if allowed.*

- ***Problem**: An administrator receives a security alert for
suspicious activity on a user's account.*

- ***Troubleshooting Steps**:*

1. *Review the security alert details in Microsoft 365 Security
Center to understand the activity type and severity.*

2. *Check the sign-in logs in Azure AD to confirm if there was
unusual sign-in behavior (e.g., logins from unusual locations).*

3. *Notify the user and recommend a password reset.*

4. *Apply a Conditional Access policy to enforce MFA for high-risk
sign-ins if not already enabled.*

5. *Monitor the user's activity for any further suspicious
behavior.*

- ***Problem**: A user reports that they cannot access Microsoft
Teams; they are either unable to log in or see a \"restricted\"
message.*

- ***Troubleshooting Steps**:*

1. *Verify that the user has a Microsoft 365 license that includes
Teams.*

2. *Confirm that Conditional Access policies do not block Teams
access on their device.*

3. *Check if the user is assigned the correct security and
compliance roles to access Teams.*

4. *Ensure there are no network restrictions or firewall issues on
the user\'s device blocking Teams.*

5. *Ask the user to try logging into Teams through a different
browser or the Teams desktop app.*

- ***Problem**: A user is unable to share files with external users in
OneDrive or SharePoint.*

- ***Troubleshooting Steps**:*

1. *Verify the organization's sharing settings in SharePoint Admin
Center to ensure external sharing is allowed.*

2. *Check the user's permission level on the files they are trying
to share.*

3. *Confirm that there are no Conditional Access policies
restricting external sharing for this user.*

4. *Review any compliance policies or sensitivity labels that may
limit sharing with external users.*

5. *Advise the user to try sharing the file again, possibly using a
different sharing option (e.g., email link).*

- ***Problem**: A user cannot access Microsoft 365 resources due to a
device compliance policy.*

- ***Troubleshooting Steps**:*

1. *Check the Conditional Access policy settings to understand the
device compliance requirements.*

2. *Review the user's device compliance status in Intune to
identify any non-compliant settings.*

3. *Ensure the device has required security configurations (e.g.,
antivirus, encryption, updated OS).*

4. *Instruct the user on how to bring the device into compliance,
or provide them with a compliant device.*

5. *Reassess the device's compliance status after the user makes
necessary adjustments.*

- ***Problem**: A remote worker cannot sign in to Microsoft 365 from a
new location.*

- ***Troubleshooting Steps**:*

1. *Review the Conditional Access policy to determine if it
restricts sign-ins from certain geographic locations or IP
addresses.*

2. *Verify if there is a "named location" policy and update it to
include the new location if necessary.*

3. *Check if there are any policies requiring VPN access for remote
logins.*

4. *Confirm that the user\'s account is not flagged for high-risk
sign-ins.*

5. *If appropriate, adjust the policy settings temporarily or
advise the user to access from an approved location.*

- ***Problem**: The user receives an alert that their account had a
risky sign-in attempt.*

- ***Troubleshooting Steps**:*

1. *Review the sign-in activity in the Azure AD Sign-In logs to
understand the risk type (e.g., unusual location).*

2. *Instruct the user to change their password immediately.*

3. *Enable MFA for the user if it is not already enforced.*

4. *Review and, if necessary, adjust Conditional Access policies to
mitigate future risks.*

5. *Consider using Identity Protection to automate risk-based
sign-in responses for similar situations.*

- **Device Management**:

- Hands-on with Intune for device enrollment, policy
troubleshooting, and application deployment.

- Troubleshooting Autopilot issues and compliance policies for
device security.

- ***Issue**: A user reports that their device is not enrolling in
Intune after following the enrollment steps.*

- ***Troubleshooting Steps**:*

1. ***Check User Licenses**: Verify that the user has an
appropriate Intune license assigned.*

2. ***Verify Network Connectivity**: Ensure the device has a stable
internet connection.*

3. ***Clear Enrollment Status Page**: Check if the device is stuck
at the Enrollment Status Page (ESP); if so, try restarting the
enrollment process.*

4. ***Verify Enrollment Restrictions**: Confirm that the enrollment
restrictions are not preventing the device from enrolling.*

5. ***Check Device Compliance**: Make sure the device is not
blocked by conditional access policies.*

- ***Issue**: A device fails to complete the Windows Autopilot
enrollment process.*

- ***Troubleshooting Steps**:*

1. ***Review Autopilot Profile Assignment**: Ensure the Autopilot
profile is assigned to the user or device group.*

2. ***Reset Device and Restart Enrollment**: If stuck, reset the
device to factory settings and attempt the enrollment again.*

3. ***Check Internet Connection**: Autopilot requires an active
internet connection; confirm that it is connected.*

4. ***Review Error Codes**: Check any error codes displayed during
enrollment and refer to Microsoft documentation for specific
solutions.*

5. ***Verify Azure AD Join Configurations**: Make sure the device
meets Azure AD join requirements and that the join is
successful.*

- ***Issue**: A device shows as \"Non-Compliant\" due to the antivirus
not being installed or up-to-date.*

- ***Troubleshooting Steps**:*

1. ***Verify Antivirus Installation**: Check if Microsoft Defender
or a third-party antivirus is installed and up-to-date.*

2. ***Check Compliance Policy**: Review the compliance policy
settings to ensure they match the antivirus requirements.*

3. ***Run a Sync**: Perform a manual sync on the device to update
compliance status.*

4. ***Update Antivirus Definitions**: If using Defender, manually
check for updates or schedule an update.*

5. ***Force Compliance Evaluation**: Use PowerShell on the device
to manually evaluate compliance (Invoke-ComplianceEvaluation).*

- ***Issue**: An app fails to deploy to devices through Intune.*

- ***Troubleshooting Steps**:*

1. ***Verify App Assignment**: Ensure the application is assigned
to the correct user or device group.*

2. ***Check App Installation Requirements**: Confirm the device
meets the app installation requirements (OS version,
architecture).*

3. ***Review Intune Logs**: Check Intune logs on the device (using
Company Portal app or event logs) for error messages.*

4. ***Confirm Storage Availability**: Ensure the device has enough
storage space for the application.*

5. ***Resync Device with Intune**: Manually resync the device with
Intune to initiate the app installation again.*

- ***Issue**: A device is marked non-compliant because BitLocker
encryption is not enabled.*

- ***Troubleshooting Steps**:*

1. ***Check Encryption Policy**: Ensure BitLocker or device
encryption is required by the compliance policy.*

2. ***Enable BitLocker**: On Windows devices, enable BitLocker
manually and confirm it's applied to all required drives.*

3. ***Check TPM Compatibility**: Verify that the device has a
compatible TPM chip and that it is enabled.*

4. ***Run Compliance Sync**: Manually sync the device with Intune
to update compliance status.*

5. ***Check Intune Policy Update**: Confirm that the latest
encryption policy is deployed to the device.*

- ***Issue**: A device does not receive the compliance policies set in
Intune, leaving it unsecured.*

- ***Troubleshooting Steps**:*

1. ***Check Device Enrollment**: Ensure the device is enrolled in
Intune and linked to the correct user.*

2. ***Confirm Policy Assignment**: Verify that the compliance
policy is assigned to the correct user or device group.*

3. ***Sync Policy in Intune Console**: Go to the device's page in
Intune and trigger a \"Sync\" operation.*

4. ***Verify Device Group Membership**: Ensure the device is part
of the intended Azure AD group targeted by the policy.*

5. ***Check Policy Conflicts**: Make sure there are no conflicting
policies preventing compliance settings from being applied.*

- ***Issue**: A device gets stuck on the \"Identifying\" phase during
Autopilot enrollment.*

- ***Troubleshooting Steps**:*

1. ***Check Network Access**: Confirm that the device has internet
access and can reach Microsoft endpoints.*

2. ***Review Autopilot Profile**: Ensure the Autopilot profile is
assigned to the device and configured correctly.*

3. ***Reset the Device**: Reset the device and restart the
Autopilot process.*

4. ***Check for Firmware Updates**: Ensure that the device firmware
and drivers are up-to-date.*

5. ***Review Logs**: Access Windows Event Logs for any
Autopilot-specific errors and consult Microsoft documentation
for solutions.*

- ***Issue**: The Company Portal app does not display required apps
assigned to the device.*

- ***Troubleshooting Steps**:*

1. ***Check App Assignments**: Verify that the apps are assigned as
\"Required\" and to the correct device/user groups.*

2. ***Sync Device**: Open the Company Portal app on the device and
manually sync to refresh the app list.*

3. ***Verify Connectivity**: Ensure the device has a stable
internet connection to retrieve app information.*

4. ***Check for App Conflicts**: Make sure there are no conflicts
or restrictions preventing the apps from being displayed.*

5. ***Clear App Cache**: Clear the cache in the Company Portal app
and restart it.*

- ***Issue**: A device shows non-compliance because it does not meet
the security baseline policy.*

- ***Troubleshooting Steps**:*

1. ***Review Security Baseline Settings**: Check the specific
requirements of the security baseline policy (e.g., password
complexity, lock screen timeout).*

2. ***Confirm Policy Assignment**: Ensure the security baseline is
assigned to the correct group.*

3. ***Check Policy Conflicts**: Verify that there are no
conflicting policies applied to the same device.*

4. ***Run a Compliance Check**: On the device, manually trigger a
compliance check.*

5. ***Sync Device with Intune**: Initiate a sync from Intune to
update the device's compliance status.*

- ***Issue**: A device enrollment fails because a Conditional Access
policy is blocking access.*

- ***Troubleshooting Steps**:*

1. ***Review Conditional Access Policy**: Check the specific
requirements of the Conditional Access policy blocking the
device.*

2. ***Ensure Compliance Requirements**: Make sure the device meets
all compliance requirements defined in the policy.*

3. ***Update Conditional Access Exclusions**: If necessary,
temporarily exclude the device from the Conditional Access
policy to allow enrollment.*

4. ***Verify User and Device Group Membership**: Confirm the user
and device are part of the correct Azure AD groups.*

5. ***Review Enrollment Logs**: Check the device's event logs for
any error messages related to Conditional Access.*

**3. Review and Q&A Session**

- **Activities**:

- Summarize key points from each topic.

- Open Q&A for specific issues faced by participants.

- Discuss best practices and tips for ongoing troubleshooting and
management.