How to implement Defender for Identity and configure all prerequisites
Microsoft Defender for Identity MDI (previously called Azure Advanced Threat Protection or Azure ATP) is a Microsoft security solution that captures signals from Domain Controllers. MDI is a cloud-based security solution that leverages on-premises Active Directory signals for detecting identity attacks. I often…
Microsoft Defender for Endpoint series – Onboard using Configuration Manager/ GPO – Part3D
It is time for part 3D of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3C (Onboard Defender for Endpoint using Azure Arc) it is now time for some more technical deep-dive scoped on onboarding with Configuration Manager aka SCCM and…
How to mitigate MFA fatigue and learn from the Uber breach for additional protection
Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. With the rise of more default protection with the use of multi-factor authentication the MFA Fatigue technique is rising. In the past months, multiple large…
Configure File Integrity Monitoring (FIM) using Defender for Cloud and AMA-agent
File Integrity Monitoring (FIM) is a technology that monitors and detects file changes that could be indicative of a cyberattack. File Integrity Monitoring is part of Defender for Servers P2 and enables monitoring of operating system files, Windows Registry, Application Software files, and Linux…
Microsoft Defender for Endpoint series – Onboard using Azure Arc – Part3C
It is time for part 3C of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3B (Onboard Defender for Endpoint using Defender for Cloud) it is now time for some more technical deep-dive scoped on Azure Arc and onboarding of non-azure…
Microsoft Defender for Endpoint series – Onboard using Defender for Cloud – Part3B
It is time for part 3B of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3A (Onboard Defender for Endpoint using Microsoft Intune) it is now time for some more technical deep-dive scoped on Defender for Cloud. Part 3B is focused…
Microsoft Defender for Endpoint series – Onboard using Microsoft Intune – Part3A
It is time for part 3A of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3 (Onboard Defender for Endpoint) it is now time for some more technical deep dive for specific onboarding methods. Part 3A is focused on onboarding using…
Tips for preventing against new modern identity attacks (AiTM, MFA Fatigue, PRT, OAuth)
Identity attacks are currently changing and focussing on new techniques. In the past years, many organizations protected accounts with MFA/ FIDO2 and configured additional controls like Conditional Access and disablement of legacy authentication. After some years Microsoft starts finally the depreciation of basic/…
Microsoft Defender for Endpoint series – Onboard Defender for Endpoint – Part3
It is time for part 3 of the ultimate Microsoft Defender for Endpoint (MDE) series. After part 2 (configuration MDE) we are now going to deep-dive more into the initial onboarding of Defender for Endpoint. In part 2 the question; how to configure Defender for Endpoint…
Use the Azure Monitor Agent (AMA) for Defender for Cloud and migrate from MMA agent
Defender for Cloud was since the release based on the Microsoft Monitoring Agent (MMA). Since august 2022 it is possible to auto-deploy the Azure Monitoring Agent. With this new improvement, it is finally possible to migrate entirely from the Microsoft Monitoring Agent (MMA)…
