SharePoint Stuff

Kemp Load Master Template Creation Error

Written by Luke Smith. Posted in Microsoft


You download a Kemp Template such as the Exchange 2016 Templates, then uploaded into the virtual service template gallery on your Kemp device. When you then try and create a Virtual Service using the Template you receive error:
“cannot create VIP”


It’s likely the template you have download is using a feature not supported by your device such as Edge Security Protection (ESP), Web Application Firewall (WAF) or your Device is not on the supported Firmware version.

Delete the templates installed on the Kemp and Download the Templates support by your Device and Firmware revision.
Update the Firmware to support the Templates downloaded.

Microsoft Cloud App Security (MCAS) Q&A

Written by Luke Smith. Posted in Microsoft

Q: How quick can the MACS log collector ingest data
A 50GB\hr, main limitations are bandwidth and processing can be overcome by increasing the compute\bandwidth\adding more collectors
Q: What happens is the MCAS log collector can’t process the data quick enough
A: Data is dropped (DD to confirm), adding more collectors are recommended
Q: Do you need a MCAS log collector per device
A: no can use the same one
Q: Can I add more MCAS log collectors
A: Yes (DD to confirm if they can be load balanced, I think they can but couldn’t find an article
Q: What do I need to do to protect my end users when using the MCAS Proxy
A: Need devices to be Azure AD Joined, as it uses conditional access
Q: Does the MCAS proxy work with non-Windows 10 devices
A: Yes using conditional access from MDM for macOS, Android and iOS – Windows 8.1 or below TBC
Q: If the details of a cloud vendor is in correct how can these be updated
A: Microsoft Support Request from the portal
Q: Do you need to license every user for MCAS to view the activity
A: Not for proxy\firewall logs
Q: Do you need to licenses every user for MCAS is you need to control access using the proxy
A: Yes
Q: Can we create our own application and vendor classification
Q: Can we integrate MCAS with a SIEM
A: Yes
Q: Can we integrate MCAS and ATP (Defender and Office 365) together
Q: Can we integrate AIP with MAS
A: Yes

Useful Links:

Windows Defender Advanced Threat Protection (WDATP) Q&A

Written by Luke Smith. Posted in Microsoft

Q:Can you configure Defender ATP to use additional or different security threat feeds such as: FireEye, LookingGlass, Infoblox, SecureWorks, RSA, McAfee, Customer prebuilt feed)
Q: Are you able to block particular MD5\applications
A: You can create custom IOC’s and TI;s using API or PS (
Q Can you define automatic custom isolation and block rules (based on MD5 and application names)
Q: Can you Change the ratings of the existing threat categories?
A: Only for the custom Indicators of Compromise IOC’s or Threat Intelligence TI’s
Q:Can you Integrate with other SIEMs\SOCs
A: Currently only HP and splunk
Q: Can Defender ATP Integrate with third-party CMDBs
A: AD using AD connect – TBc for third-parties such as SCCM\LANDesk
Q: Can Windows Defender ATP integrate with Office ATP
A: Yes, WDATP and O365ATP can be integrated and needs enabling as per the following: and
Q: Can Defender ATP work with older versions of Windows below 8.1?
A: No, but does work with Windows Server 2012R2 and above
Q: Can Defender ATP work with non-windows based machines
A: Yes, requires Bitdefender and can run on macOS, Linux, iOS and Android: (Other third-parties such as Lookout and Ziften will be added Nov 2017)
Q: Can Defender integrate with Cloud App Security?
Q: How can I test Defender ATP
A: see: – text file containing remove the <>
A: once configured and also run:
powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile(‘’, ‘C:\test-WDATP-test\invoice.exe’);Start-Process ‘C:\test-WDATP-test\invoice.exe’

Useful Links:
Windows Defender Advanced Threat Protection – Ransomware response playbook