Block internet macros in Office, and don’t wait for Microsoft
Microsoft announced earlier this year that it would block VBA macros on downloaded documents by default for all customers. Last week Microsoft announced that it will roll back this change based on ‘user feedback’ which raises security concerns. Microsoft announced the change in…
Microsoft Defender for Endpoint series – What is Defender for Endpoint? – Part1
It is time for the first part of the ultimate Microsoft Defender for Endpoint (MDE) series. After the announcement and the great response, it is time for the first part. Part 1 contains information related to Defender for Endpoint’s basics. Upcoming parts are…
How to upgrade from MMA-based Defender for Endpoint to MDE unified solution in Defender for Cloud?
The new Defender for Endpoint unified agent is generally available for some time (since April 11th, 2022. The new unified Microsoft Defender for Endpoint solution is supported for Server 2012R2 and Windows Server 2016. In addition, automated deployment and integration of the new…
Microsoft Defender for Business – How to use it, and what are the differences with P2?
Microsoft Defender for Business (MDB) is the new Defender product scoped for small businesses. Defender for Business is a new endpoint security solution now generally available within Microsoft 365 Business Premium and as a standalone solution. Defender for business is scoped up to…
Use automation/playbooks in Microsoft Sentinel during incident update activity using update triggers
Automation is critical for modern SOC environments to handle the volume of upcoming threats and manage day-to-day tasks. Ideally most of the features are automated in Microsoft Sentinel during the incident creation, enrichment, update, and closure. For quite some time playbooks can be…
Managing Microsoft Defender for Endpoint with the new Security Management feature in MEM
Currently in general availability is the new Security Settings Management in Microsoft Defender for Endpoint. Security Management for Microsoft Defender for Endpoint is the new method to manage Security settings for devices and servers that are not enrolled yet in Microsoft Endpoint Manager/…
Microsoft Defender for Endpoint Troubleshooting mode – how to use it?
Microsoft announced recently the new troubleshooting mode functionality for Defender for Endpoint. With the new troubleshooting mode, it is possible to disable the tamper protection and change Defender Antivirus settings locally for testing different scenarios, even when they’re controlled by the organization’s policy….
Microsoft Defender for Endpoint – The ultimate blog series for Windows (Intro) – P0
Microsoft Defender for Endpoint is an endpoint security platform designed to help customers prevent, detect, investigate, and respond to advanced threats. Microsoft Defender for Endpoint contains lots of components, differences in licensing, and additional protection. Some years ago Defender for Endpoint was only…
Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction
Credential dumping or password dump is a technique used by cybercriminals to gain access to a network. They will enter the workstation through phishing and controls through the typical way the admin uses and monitors the network to find more exposed credentials (Lateral…
MFA prompt spamming/ MFA fatigue – What can you do to prevent/ detect attacks?
MFA prompt spamming/ MFA fatigue is a quite new term and seeing more after the LAPSUS$ attack. Currently there are many MFA options including SMS, One Time Passwords (OTP), and push notifications from the Microsoft Authenticator app. And while the intent of these…
