New Microsoft Recovery Tool for CrowdStrike Issue on Windows Endpoints

Not sure who need this resource, but Microsoft updated its Recovery Tool for the CrowdStrike issue on Windows endpoints:

Here is the link to the Microsoft Tech Community Support Site:

https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959

As a former cybersecurity Incident Commander for Intel, here are my additional recommendations:

· Verify the source of every tool or procedure you plan on using!

· For a large organization, have a single accountable tech savvy group create the recovery process and don’t allow other groups to home-brew their own fixes

· Test the fix out on your different builds

· Formalize the step-by-step process for your environment — break down instructions to keep each step simple

· Make sure you have accounted for hard drive encryption hurdles (ex. Bitlocker or other 3rd party vendors), if applicable

· Roll-out the recovery in phases, starting with non-critical systems, just in case there are unforeseen issues and system data loss

· Have a process to record and report which systems have successfully been restored

· If things go sideways, STOP and seek more advanced assistance

Happy hunting!