How to check and block “malicious” browser extensions with Microsoft Defender and Intune?
In the past years, malicious browser extensions have been on the rise and are more popular to be used as part of cyberattacks. With the use of malicious extensions, it is possible to gain data/ cookies or gain initial access…
How to use Microsoft Security Exposure Management (XSPM)
Microsoft Security Exposure Management is a new product/feature in the Defender XDR suite. This blog will explain more about it and the difference between Vulnerability Management/ Secure Score and XSPM since there is still a difference between the Microsoft Security…
Configure File Integrity Monitoring (FIM) using Defender for Endpoint
Previously the File Integrity Monitoring (FIM) feature in Defender for Server P2 was based on the MMA and/or Azure Monitor Agent. Since the MMA agent is almost retired/ EOL, Microsoft decided to switch to a new technique and release the…
How to check for a healthy Defender for Endpoint environment?
When using Defender for Endpoint it is important to make sure the agent are healthy. I performed many reviews/ configurations in the past years and onboarded around a million devices to Defender for Endpoint for small and larger “enterprise” customers….
Automatic attack disruption in Microsoft Defender XDR and containing users during Human-operated Attacks
Microsoft announced last year a new feature with the name; Automatic Attack Disruption in Defender XDR (Microsoft 365 Defender). Since October last year, Microsoft expanded the Automatic attack disruption feature with the support of human-operated attacks and the ability of…
How to use deception in Microsoft Defender for Endpoint/ Defender XDR
Microsoft Defender XDR is expanding in the full attack stage. With the new Deception capability in Microsoft Defender XDR, it is possible to detect attackers early in the kill chain and disrupt advanced attacks. Deception is a new feature for…
Common mistakes during Microsoft Defender for Endpoint deployments
Microsoft Defender for Endpoint (MDE) is part of Microsoft Defender XDR and can be deployed via multiple configurations. During my experience with the product, I deployed/ reviewed and evaluated many Defender for Endpoint instances and configured new instances for many…
How to use Automatic Attack Disruption in Microsoft 365 Defender (BEC, AiTM & HumOR)
Last year Microsoft announced a new feature called; Automatic attack disruption which uses correlated insights from the Microsoft 365 ecosystem and powerful AI models to stop sophisticated attack techniques while the attack is in progress. Automatic attack disruption supports the…
How to troubleshoot Live Response in Defender for Endpoint
Live Response is a powerful feature as part of the Microsoft 365 Defender portal. With the use of Live Response Security Operations Teams can establish a remote session to collect more files/ or forensic evidence/ run scripts remotely. With the…
Onboard and configure Defender for Endpoint for non-persistent VDI environments
Microsoft supports multiple onboardings methods for Defender for Endpoint. For non-persistent VDI’s there is always a challenge since non-persistent VDI’s are working differently in comparison with typical endpoints. For Defender for Endpoint, there is a challenge during the onboarding and…