Onboard and configure Defender for Endpoint for non-persistent VDI environments
Microsoft supports multiple onboardings methods for Defender for Endpoint. For non-persistent VDI’s there is always a challenge since non-persistent VDI’s are working differently in comparison with typical endpoints. For Defender for Endpoint, there is a challenge during the onboarding and…
How to use Defender for IoT firmware Scanning for checking potential security vulnerabilities and weaknesses
Recently Microsoft announced a new firmware scanning feature in Defender for IoT. With the new Defender for IoT Firmware analysis, it is possible to upload firmware images for security analysis and checking against vulnerabilities and weaknesses. Currently, the feature is…
Block apps (discovered/ shadow IT) with Defender for Cloud Apps and Defender for Endpoint
With the use of Defender for Cloud Apps in combination with Defender for Endpoint it is possible to block unsanctioned apps, the block of apps is possible based on discovered applications. Blog information:Blog published: July 26, 2023Blog latest updated: July…
Manage Defender for Endpoint for Windows, macOS, and Linux via Security settings management
Recently Microsoft announced a couple of new improvements related to the new security settings management for Windows, macOS, and Linux as part of Defender for Endpoint. In the past years, there was always a bit of a cap between the…
How to protect Azure storage accounts (Blob) using Defender for Storage
Defender for Storage is the Azure-native layer of security intelligence that detects potentially harmful attempts to access or malicious activity. With the use of Microsoft Threat Intelligence and security AI, contextual security alerts and recommendations are available. Defender for Storage…
Onboard Defender for Endpoint without Azure Arc via Direct onboarding
Previously, onboarding hybrid servers to Defender for Servers with MDE required Azure Arc as a pre-requisite for the deployment. Since the standalone plan was removed from the licensing options some time ago (for CSP customers without EA agreement). Azure Arc…
Microsoft Defender Threat Intelligence (Defender TI) integrations with Microsoft Sentinel
Microsoft Defender Threat Intelligence (MDTI) previously known as RiskIQ brings the threat intelligence data together from multiple sources. With the use of Microsoft Defender Threat Intelligence (MDTI) customers will have direct access to data and signals to hunt for threats…
Block gTLD (.zip)/ FQDN domains with Windows Firewall and Defender for Endpoint
Recently there was some news with new gTLD domains. Google Registry launched eight new top-level domains: .dad, .phd, .prof, .esq, .foo, .zip, .mov, and .nexus. From a security point of view, the .zip and .mov can be dangerous (of course more TLDs are known as malicious targets). Malicious actors…
How works Microsoft Defender Threat Intelligence / Defender TI – and what is the difference between free and paid
Microsoft Defender Threat Intelligence (MDTI), previously known as RiskIQ brings threat Intelligence data together from multiple sources. With Microsoft Defender Threat Intelligence (MDTI), customers will have direct access to real-time data and signals to hunt for threats across their environments….
Block C2 communication with Defender for Endpoint
Human-operated ransomware (HumOR) is growing and needs different layers of protection. Microsoft released some new features to protect against C2 communication. Attackers rely heavily on C2 communications for multiple stages, and blocking these direct connections can disrupt or mitigate attacks…
