Monitor Microsoft Sentinel Data Connectors using Health Monitoring and Logic App
Microsoft announced a new public preview which contains the new Microsoft Sentinel Health Monitoring feature. Microsoft Sentinel now provides the SentinelHealth data table to help monitor the connector health and provides some insights which are interesting for further monitoring. Important: Feature currently in public preview….
Tag domain controllers automatically in Defender for Endpoint using KQL, Logic App, and API
The use of device tags within Microsoft Defender for Endpoint (MDE) is important for environments. Device tags can be used to give more control over how you manage your devices and scope devices for different groups. When onboarded many devices without any good…
Onboard Microsoft Defender for Endpoint using Azure Arc for non-Azure devices
Microsoft Defender for Endpoint deployment is possible based on multiple deployment mechanisms. Microsoft Defender for Cloud (previous Azure Defender) is available in Azure, with Microsoft Defender for Cloud it is possible to manage devices in Azure. By using Azure Arc, it is possible…
Deploying Defender for Endpoint on iOS with zero-touch onboarding
Defender for Endpoint is available for multiple platforms. For mobile platforms Defender for Endpoint is supported for iOS en Android. In this blog, I will explain the zero-touch onboarding of Defender for Endpoint for iOS. With zero-touch admins can configure Microsoft Defender for…
Log4j and CVE-2021-44228: Use Microsoft Defender for Endpoint for software/ threat investigation
One of the most important and trending topics in the last couple of days is related to Log4j, log4shell, and the attached CVE 2021-44228. A zero-day vulnerability (CVE-2021-44228), publicly released on 9 December 2021 and known as Log4j or Log4Shell, is actively being…
Identity Protection Risk Analysis workbook: Get more Azure AD Identity Protection insights
During Ignite ’21 Microsoft announced multiple new functionalities, renames, and new products. In the upcoming weeks, more blogs are coming with new features which are in preview or GA. This blog is all about the new Identity Protection Risk Analysis workbook. Useful for…
Microsoft Sentinel content hub: Using solutions and start with the Training Lab content
Microsoft Sentinel is in the last months improved with a huge amount of new interesting features. One of the announced features is the content hub. In this blog the usage of the content hub and usage of the Teams / Training Lab content. …
Manage Device control with Microsoft Defender for Endpoint and Endpoint Manager – Part 1/2
Microsoft Defender for Endpoint contains multiple protections layers like EDR, ASR, Network Protection, and many more. Protecting against unwanted devices is important. For example; monitoring storage devices and blocking external storage devices for restricting users to copy corporate files or launch unwanted software/malicious…
Enabling and configuring Web content filtering in Microsoft Defender for Endpoint (MDE)
Web content filtering is part of the Microsoft Defender for Endpoint solution. One of the previous blogs explained the feature during the preview release. In this blog all the information related to the current release with the new features, troubleshooting, and reporting. What…
Install the new unified Microsoft Defender for Endpoint agent on Server 2012R2 and 2016
Microsoft announced last week the public preview feature for the new Server 2012R2, Server 2016 unified solution for Defender for Endpoint. The new unified solutions bring the latest security features directly to Windows Server 2012R2 and 2016. Important: Feature currently in public preview….