Microsoft Defender for Business – How to use it, and what are the differences with P2?
Microsoft Defender for Business (MDB) is the new Defender product scoped for small businesses. Defender for Business is a new endpoint security solution now generally available within Microsoft 365 Business Premium and as a standalone solution. Defender for business is scoped up to…
Managing Microsoft Defender for Endpoint with the new Security Management feature in MEM/Intune
Currently in general availability is the new Security Settings Management in Microsoft Defender for Endpoint. Security Management for Microsoft Defender for Endpoint is the new method to manage Security settings for devices and servers that are not enrolled yet in Microsoft Endpoint Manager/…
Microsoft Defender for Endpoint Troubleshooting mode – how to use it?
Microsoft announced recently the new troubleshooting mode functionality for Defender for Endpoint. With the new troubleshooting mode, it is possible to disable the tamper protection and change Defender Antivirus settings locally for testing different scenarios, even when they’re controlled by the organization’s policy….
Microsoft Defender for Endpoint – The ultimate blog series for Windows (Intro) – P0
Microsoft Defender for Endpoint is an endpoint security platform designed to help customers prevent, detect, investigate, and respond to advanced threats. Microsoft Defender for Endpoint contains many components, licensing differences, and additional protection. Some years ago Defender for Endpoint was only available for…
Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction
Credential dumping or password dump is a technique used by cybercriminals to gain access to a network. They will enter the workstation through phishing and controls through the typical way the admin uses and monitors the network to find more exposed credentials (Lateral…
Tag domain controllers automatically in Defender for Endpoint using KQL, Logic App, and API
The use of device tags within Microsoft Defender for Endpoint (MDE) is important for environments. Device tags can be used to give more control over how you manage your devices and scope devices for different groups. When onboarded many devices without any good…
Onboard Microsoft Defender for Endpoint using Azure Arc for non-Azure devices
Microsoft Defender for Endpoint deployment is possible based on multiple deployment mechanisms. Microsoft Defender for Cloud (previous Azure Defender) is available in Azure, with Microsoft Defender for Cloud it is possible to manage devices in Azure. By using Azure Arc, it is possible…
Deploying Defender for Endpoint on iOS with zero-touch onboarding
Defender for Endpoint is available for multiple platforms. For mobile platforms Defender for Endpoint is supported for iOS en Android. In this blog, I will explain the zero-touch onboarding of Defender for Endpoint for iOS. View the updated post: Deploy Microsoft Defender for…
Log4j and CVE-2021-44228: Use Microsoft Defender for Endpoint for software/ threat investigation
One of the most important and trending topics in the last couple of days is related to Log4j, log4shell, and the attached CVE 2021-44228. A zero-day vulnerability (CVE-2021-44228), publicly released on 9 December 2021 and known as Log4j or Log4Shell, is actively being…
Manage Device control with Microsoft Defender for Endpoint and Endpoint Manager
Microsoft Defender for Endpoint contains multiple protections layers like EDR, ASR, Network Protection, and many more. Protecting against unwanted devices is important. For example; monitoring storage devices and blocking external storage devices for restricting users to copy corporate files or launch unwanted software/malicious…