How to upgrade from MMA-based Defender for Endpoint to MDE unified solution in Defender for Cloud?
The new Defender for Endpoint unified agent is generally available for some time (since April 11th, 2022. The new unified Microsoft Defender for Endpoint solution is supported for Server 2012R2 and Windows Server 2016. In addition, automated deployment and integration of the new…
Microsoft Defender for Business – How to use it, and what are the differences with P2?
Microsoft Defender for Business (MDB) is the new Defender product scoped for small businesses. Defender for Business is a new endpoint security solution now generally available within Microsoft 365 Business Premium and as a standalone solution. Defender for business is scoped up to…
Use automation/playbooks in Microsoft Sentinel during incident update activity using update triggers
Automation is critical for modern SOC environments to handle the volume of upcoming threats and manage day-to-day tasks. Ideally most of the features are automated in Microsoft Sentinel during the incident creation, enrichment, update, and closure. For quite some time playbooks can be…
Managing Microsoft Defender for Endpoint with the new Security Management feature in MEM/Intune
Currently in general availability is the new Security Settings Management in Microsoft Defender for Endpoint. Security Management for Microsoft Defender for Endpoint is the new method to manage Security settings for devices and servers that are not enrolled yet in Microsoft Endpoint Manager/…
Microsoft Defender for Endpoint Troubleshooting mode – how to use it?
Microsoft announced recently the new troubleshooting mode functionality for Defender for Endpoint. With the new troubleshooting mode, it is possible to disable the tamper protection and change Defender Antivirus settings locally for testing different scenarios, even when they’re controlled by the organization’s policy….
Microsoft Defender for Endpoint – The ultimate blog series for Windows (Intro) – P0
Microsoft Defender for Endpoint is an endpoint security platform designed to help customers prevent, detect, investigate, and respond to advanced threats. Microsoft Defender for Endpoint contains many components, licensing differences, and additional protection. Some years ago Defender for Endpoint was only available for…
Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction
Credential dumping or password dump is a technique used by cybercriminals to gain access to a network. They will enter the workstation through phishing and controls through the typical way the admin uses and monitors the network to find more exposed credentials (Lateral…
MFA prompt spamming/ MFA fatigue – What can you do to prevent/ detect attacks?
MFA prompt spamming/ MFA fatigue is a quite new term and seeing more after the LAPSUS$ attack. Currently there are many MFA options including SMS, One Time Passwords (OTP), and push notifications from the Microsoft Authenticator app. And while the intent of these…
Use Microsoft Defender for Identity Response Actions for on-premises AD accounts
Microsoft announced recently the public availability of the native response actions in Defender for Identity. Security teams can now directly impact the on-premises AD account from one single experience part of the Defender security portal. In this blog post, the new long-awaited response…
What happens without RDP protection after 24+ hours in Microsoft Sentinel & Microsoft security products
For many years, abuse of Remote Desktop Protection (RDP) has been the most common root cause of all ransomware events. At the moment one of the most common attacks against VMs in Azure/ AWS or other clouds is based on the RDP brute-force…