PrintNightmare – Use Microsoft Defender/ Sentinel toolings to get insights
Technical details and a proof-of-concept (PoC) exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that makes remote code execution possible. The issue affects Windows Print Spooler. The researchers named it PrintNightmare. Currently, the latest June 2021 security…
Export Microsoft 365 Defender security events with the streaming API
By default Microsoft Defender for Endpoint stores Endpoint events in Defender for Endpoint for the configured retention period; Max: 180 days. For longer data retention it is possible to export events to external sources, most typical; Azure Storage or Azure…
Enroll Android smartphones into Microsoft Defender for Endpoint for blocking FluBot
The Flubot-malware is currently active in the news. The malware with the name FluBot will be sent to mobile endpoints with a text message or WhatsApp message. When opening the link and installing the app the FluBot malware will be…
Defender for Endpoint Device Discovery: Discover the unmanaged part of the corporate network
Unmanaged devices are most of the time a weak point in the corporate network/ environment. With the current situation more and more BYOD devices are connected to the enterprise network environment. With the new Defender for Endpoint Discovery functionality, it…
Defender for Endpoint on Linux onboarding and behavior monitoring detection
Detect critical 0-day exploits with Defender for Endpoint
Microsoft has detected multiple 0-days exploits being used to attack on-premises versions of Microsoft Exchange Servers. Microsoft releases today multiple patches. It is highly recommended to patch direct. Microsoft shared all the information about the HAFNIUM group and detected 0-day…
Use Microsoft technology for the detection and prevention of the SolarWinds chain attack
SolarWinds has revealed how monitoring products it released earlier this year may have been tampered with in a supply chain attack. In this blog post an overview of detection methods and IOC available for the detection and prevention of the…
Deploy and configure Microsoft Defender for Endpoint on iOS devices
Block low reputation apps or newly detected cloud apps with Microsoft Defender for Endpoint, MCAS and Endpoint Manager
One of the benefits of Microsoft 365/ Microsoft Endpoint is the interaction across all the different products. With the connection between multiple products. I want to show how you can use multiple products from Microsoft to block apps with a…
Apps vanuit Cloud App Security blokkeren via Microsoft Defender ATP + Microsoft Endpoint Manager
Microsoft Defender ATP is de Advanced Threat Protection dienst van Microsoft. Bij Microsoft gaan de ontwikkelingen snel, waarmee er steeds meer functionaliteiten en integraties beschikbaar komen voor de Microsoft Defender suite en cloud security producten. Microsoft Defender ATP (MDATP) is…