01/27/2023 – Product/company overview: secRMM is a Windows security solution that audits and controls access to removable storage devices (i.e. USB drives and mobile devices). secRMM is very easy to implement in that it can operate on a standalone Windows computer (even XP!) or can be centrally managed for thousands of computers (using MECM/SCCM/ConfigMgr, Intune, Active Directory GPOs or WinRM). It can be configured to have security policies for computers and/or groups of users.
secRMM is developed by Squadra Technologies. Squadra Technologies is a Microsoft “Independent Software Developer” (ISV) and a member of the “Microsoft Intelligent Security Association” (MISA).
Watch the video: https://youtu.be/wmZqILvXorc
secRMM has supported variables in [on-premise] ‘Active Directory’ and on the ‘local computer’ and has now begun to support variables in ‘Azure Active Directory’. To set a variable in one of the secRMM properties, you use a syntax similar to: <AD:Group:SalesAndMarketing>. In this example, secRMM goes to ‘Active Directory’ (because of the ‘AD’) and get the list of users in the ‘Active Directory User Group’ names SalesAndMarketing. The <AD:Group:?> variable is useful for the secRMM property named AllowedUsers. secRMM properties are also useful/popular for the AllowedSerialNumbers and AllowedDirectories.
To use an ‘Azure Active Directory’ variable, instead of using AD, you use Az, for example <Az:Group:SalesAndMarketing>. Below is a screenshot of configuring the ‘secRMM AllowedUsers property’ in Intune using the ‘secRMM Policy Configurator tool’.
To allow secRMM to use an ‘Azure Active Directory’ variable, the computer running secRMM needs to be joined to Azure. Next, your Azure tenant will need to be setup with the secRMM ‘Azure Functions’ that will look up the variable values. You download the ‘secRMM Azure Functions’ from here:
https://www.squadratechnologies.com/StaticContent/ProductDownload/secRMM/9.11.0.0/secRMMPropertyVariablesAzureFunctions.zip. Just follow the few instructions in the ___ReadMe.txt file to get the ‘secRMM Azure Functions’ loaded into your Azure tenant as shown in the screenshot below.
Lastly, secRMM provides a program to help you (the system administrator) setup and test the ‘secRMM Azure Functions’ within your tenant. You will find it under ‘C:\Program Files\secRMM\AdminUtils\Azure\PropertyVariables. The program is named CheckAzureTenant.exe. If you type CheckAzureTenant -h, it will display the various ways to use the program. Running CheckAzureTenant generates useful log files in the same directory that will show you how it is working with the ‘secRMM Azure Functions’ running in your Azure tenant.
Of course, we are here to help you setup up your environment, please just email support@squadratechnologies.com or call us (numbers at https://www.squadratechnologies.com/Contact.aspx) and we are happy to assist.
Closing: We hope you find this secRMM feature useful for your environment(s). Please let us know what you think or if you have a specific requirement for your environment. You can get more details about secRMM by visiting https://www.squadratechnologies.com