Microsoft Defender for Endpoint series – Defender Vulnerability Management – Part5
It is time for part 5 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on the Defender for Endpoint onboarding and configuration. Now it is time for the initial usage of the Defender for Endpoint…
Microsoft Defender for Endpoint series – Attack Surface reduction and additional protection – Part4B
It is time for part 4B of the ultimate Microsoft Defender for Endpoint (MDE) series. Part 4A explains the AV policy baseline. Now it is time for some more detailed information for the Attack Surface reduction and additional protection layers of…
Which data connector and activity is free in Microsoft Sentinel?
After the initial onboarding of Microsoft Sentinel, connectors can be used for ingesting data. Microsoft invested in pre-build connectors which can be used for adding data/events correctly in Microsoft Sentinel. For a large set of Microsoft products; there are connectors…
Microsoft Defender for Endpoint series – Define the AV policy baseline – Part4A
It is time for part 4A of the ultimate Microsoft Defender for Endpoint (MDE) series. Part 4 explains the AV/ next-generation protection component. Now it is time for some more detailed policy explanation, what do we need to enable, which…
Microsoft Defender for Endpoint series – Configure AV/ next-generation protection – Part4
It is time for part 4 of the ultimate Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on the initial Defender for Endpoint onboarding. Now it is time for the initial configuration of the additional components part…
How to use Microsoft Defender EASM (External Attack Surface Management)
Microsoft released a new product with the name; Microsoft Defender EASM (External Attack Surface Management). The new product is based on the earlier products/ technology from the RiskIQ acquisition. Defender EASM is a new product in the Defender stack to…
How to implement Defender for Identity and configure all prerequisites
Microsoft Defender for Identity MDI (previously called Azure Advanced Threat Protection or Azure ATP) is a Microsoft security solution that captures signals from Domain Controllers. MDI is a cloud-based security solution that leverages on-premises Active Directory signals for detecting identity…
Microsoft Defender for Endpoint series – Onboard using Configuration Manager/ GPO – Part3D
It is time for part 3D of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3C (Onboard Defender for Endpoint using Azure Arc) it is now time for some more technical deep-dive scoped on onboarding with Configuration Manager…
How to mitigate MFA fatigue and learn from the Uber breach for additional protection
Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. With the rise of more default protection with the use of multi-factor authentication the MFA Fatigue technique is rising. In the past…
Configure File Integrity Monitoring (FIM) using Defender for Cloud and AMA-agent
File Integrity Monitoring (FIM) is a technology that monitors and detects file changes that could be indicative of a cyberattack. File Integrity Monitoring is part of Defender for Servers P2 and enables monitoring of operating system files, Windows Registry, Application Software…
