How to protect Azure storage accounts (Blob) using Defender for Storage
Defender for Storage is the Azure-native layer of security intelligence that detects potentially harmful attempts to access or malicious activity. With the use of Microsoft Threat Intelligence and security AI, contextual security alerts and recommendations are available. Defender for Storage is part of…
Onboard Defender for Endpoint without Azure Arc via Direct onboarding
Previously, onboarding hybrid servers to Defender for Servers with MDE required Azure Arc as a pre-requisite for the deployment. Since the standalone plan was removed from the licensing options some time ago (for CSP customers without EA agreement). Azure Arc gives a benefit…
Microsoft Defender for Cloud– The ultimate blog series (Intro) – P0
Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP). Defender for Cloud contains a large set of features and capabilities; it is based on the following: Introduction blog series This ultimate blog series will contain as much information as possible based…
Configure File Integrity Monitoring (FIM) using Defender for Cloud and AMA-agent
File Integrity Monitoring (FIM) is a technology that monitors and detects file changes that could be indicative of a cyberattack. File Integrity Monitoring is part of Defender for Servers P2 and enables monitoring of operating system files, Windows Registry, Application Software files, and Linux…
Microsoft Defender for Endpoint series – Onboard using Azure Arc – Part3C
It is time for part 3C of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3B (Onboard Defender for Endpoint using Defender for Cloud) it is now time for some more technical deep-dive scoped on Azure Arc and onboarding of non-azure…
Microsoft Defender for Endpoint series – Onboard using Defender for Cloud – Part3B
It is time for part 3B of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3A (Onboard Defender for Endpoint using Microsoft Intune) it is now time for some more technical deep-dive scoped on Defender for Cloud. Part 3B is focused…
Use the Azure Monitor Agent (AMA) for Defender for Cloud and migrate from MMA agent
Defender for Cloud was since the release based on the Microsoft Monitoring Agent (MMA). Since august 2022 it is possible to auto-deploy the Azure Monitoring Agent. With this new improvement, it is finally possible to migrate entirely from the Microsoft Monitoring Agent (MMA)…
How to upgrade from MMA-based Defender for Endpoint to MDE unified solution in Defender for Cloud?
The new Defender for Endpoint unified agent is generally available for some time (since April 11th, 2022. The new unified Microsoft Defender for Endpoint solution is supported for Server 2012R2 and Windows Server 2016. In addition, automated deployment and integration of the new…
Onboard Microsoft Defender for Endpoint using Azure Arc for non-Azure devices
Microsoft Defender for Endpoint deployment is possible based on multiple deployment mechanisms. Microsoft Defender for Cloud (previous Azure Defender) is available in Azure, with Microsoft Defender for Cloud it is possible to manage devices in Azure. By using Azure Arc, it is possible…
PrintNightmare – Use Microsoft Defender/ Sentinel toolings to get insights
Technical details and a proof-of-concept (PoC) exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that makes remote code execution possible. The issue affects Windows Print Spooler. The researchers named it PrintNightmare. Currently, the latest June 2021 security patches do not…