Manage Device control with Microsoft Defender for Endpoint and Endpoint Manager – Part 1/2
Microsoft Defender for Endpoint contains multiple protections layers like EDR, ASR, Network Protection, and many more. Protecting against unwanted devices is important. For example; monitoring storage devices and blocking external storage devices for restricting users to copy corporate files or launch unwanted software/malicious…
Enabling and configuring Web content filtering in Microsoft Defender for Endpoint (MDE)
Web content filtering is part of the Microsoft Defender for Endpoint solution. One of the previous blogs explained the feature during the preview release. In this blog all the information related to the current release with the new features, troubleshooting, and reporting. What…
Install the new unified Microsoft Defender for Endpoint agent on Server 2012R2 and 2016
Microsoft announced last week the public preview feature for the new Server 2012R2, Server 2016 unified solution for Defender for Endpoint. The new unified solutions bring the latest security features directly to Windows Server 2012R2 and 2016. Important: Feature currently in public preview….
Warn/monitor users for Shadow IT usage with Microsoft Cloud App Security
Cloud App Discovery is one of the most interesting functions available in Microsoft Cloud App Security. This blogpost is about the new MCAS monitoring mode for soft-block apps and gives user more information. Earlier blogs explained more details about the enablement from Defender…
Stream Azure AD Identity Protection events to Microsoft Sentinel/ Log Analytics
Microsoft recently added a new function that gives the option for stream events from Azure AD Identity Protection into Microsoft Sentinel. In this blog the instruction for export user risk events from Azure AD Identity protection into Microsoft Sentinel. Identity Protection – Risk…
Cloud App Discovery with MCAS & MDE for Shadow IT monitoring and integration with Azure Sentinel
Cloud discovery is one of the most interesting functions available with the Cloud App Discovery product. With Cloud Discovery, organizations will get insights into the application events and activities and most important the “Shadow IT” part of the network. Cloud App Security and…
Protecting against Lateral Movement with Defender for Identity and monitor with Azure Sentinel
Lateral movement refers to the techniques that a cyber attacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets. After entering the network, the attacker maintains ongoing access by moving through the…
Protecting against password spray attacks with Azure Sentinel and Azure AD
A Password Spraying Attack is a type of brute force attack where a malicious actor attempts the same password on many accounts before moving on to another one and repeating the process. In this blog the explanation of detection and protection against password spray…
Use Sysmon for monitoring servers with Microsoft Sentinel
System Monitor (Sysmon) is one of the most common add-ons for Windows logging. With Sysmon, you can detect malicious activity by tracking code behavior and network traffic. Sysmon is part of the Sysinternals package and is owned by Microsoft. What is Sysmon Sysmon…
Using Defender for Endpoint Live response API with Sentinel Playbooks/ Automation
Live response is a function from Defender for Endpoint and is available for Windows 10 and Server 1803/1903. Live response gives security operations teams instantaneous access to a device using a remote shell connection. With live response it is possible to do an…