Enabling and configuring Web content filtering in Microsoft Defender for Endpoint (MDE)
Web content filtering is part of the Microsoft Defender for Endpoint solution. One of the previous blogs explained the feature during the preview release. In this blog all the information related to the current release with the new features, troubleshooting, and reporting. Blog…
Install the new unified Microsoft Defender for Endpoint agent on Server 2012R2 and 2016
Since April 11th, 2022, the new unified Microsoft Defender for Endpoint solution is generally available for Server 2016 and Server 2016. The unified Microsoft Defender for Endpoint solution enables more features that were previously only available on Windows Server 2019 and later. The…
Using Defender for Endpoint Live response API with Sentinel Playbooks/ Automation
Live response is a function from Defender for Endpoint and is available for Windows 10 and Server 1803/1903. Live response gives security operations teams instantaneous access to a device using a remote shell connection. With live response it is possible to do an…
PrintNightmare – Use Microsoft Defender/ Sentinel toolings to get insights
Technical details and a proof-of-concept (PoC) exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that makes remote code execution possible. The issue affects Windows Print Spooler. The researchers named it PrintNightmare. Currently, the latest June 2021 security patches do not…
Export Microsoft 365 Defender security events with the streaming API
By default Microsoft Defender for Endpoint stores Endpoint events in Defender for Endpoint for the configured retention period; Max: 180 days. For longer data retention it is possible to export events to external sources, most typical; Azure Storage or Azure Event Hubs. In…
Enroll Android smartphones into Microsoft Defender for Endpoint for blocking FluBot
The Flubot-malware is currently active in the news. The malware with the name FluBot will be sent to mobile endpoints with a text message or WhatsApp message. When opening the link and installing the app the FluBot malware will be activated. With the…
Defender for Endpoint Device Discovery: Discover the unmanaged part of the corporate network
Unmanaged devices are most of the time a weak point in the corporate network/ environment. With the current situation more and more BYOD devices are connected to the enterprise network environment. With the new Defender for Endpoint Discovery functionality, it is possible to…
Defender for Endpoint on Linux onboarding and behavior monitoring detection
Detect critical 0-day exploits with Defender for Endpoint
Microsoft has detected multiple 0-days exploits being used to attack on-premises versions of Microsoft Exchange Servers. Microsoft releases today multiple patches. It is highly recommended to patch direct. Microsoft shared all the information about the HAFNIUM group and detected 0-day exploits. If you…
Use Microsoft technology for the detection and prevention of the SolarWinds chain attack
SolarWinds has revealed how monitoring products it released earlier this year may have been tampered with in a supply chain attack. In this blog post an overview of detection methods and IOC available for the detection and prevention of the SolarWinds attack. In…