#defenderforendpoint — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #defenderforendpoint, aggregated by home.social.
-
MDE導入で見落とされがちなDefenderパターンファイル配布方式の設計ポイント
https://qiita.com/AzusaShiraishi/items/8e67a50609aab91710d7?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items -
I built a browser-based editor (with the help of Claude) for authoring macOS Defender for Endpoint USB Device Control policies - no more hand-editing JSON inside XML. Full walkthrough in the article.
-
I built a browser-based editor (with the help of Claude) for authoring macOS Defender for Endpoint USB Device Control policies - no more hand-editing JSON inside XML. Full walkthrough in the article.
-
Update 🧵
Rules ARE active, Event ID 1121 confirms blocking (WmiPrvSE → HPFirmwareInstaller blocked, LSASS protection firing daily).
But Get-MpPreference returns empty, registry key missing. TVM can't detect them → Secure Score stuck at 22/22 exposed.
Anyone seen this before? #MDE #Intune #DefenderForEndpoint -
Update 🧵
Rules ARE active, Event ID 1121 confirms blocking (WmiPrvSE → HPFirmwareInstaller blocked, LSASS protection firing daily).
But Get-MpPreference returns empty, registry key missing. TVM can't detect them → Secure Score stuck at 22/22 exposed.
Anyone seen this before? #MDE #Intune #DefenderForEndpoint -
Take advantage of Microsoft Defender for Endpoint to defend against advanced threats targeting your endpoints, including malware, ransomware, and sophisticated attacks. #DefenderForEndpoint #EndpointSecurity
-
Comprehensive guidance for the Defender community on MDE's capabilities so you know exactly what's available
The v6 update has 15 changes, including:
• New ASR capabilities
• New Defender antivirus capabilities
• New device response actions
• Much more!Ultimate Comparison of Defender for Endpoint Features by OS - Ru Campbell MVP
https://campbell.scot/feb-2024-ultimate-comparison-of-defender-for-endpoint-features-by-os/#microsoftdefender #defender #mde #m365 #microsoft365 #defenderforendpoint #edr #xdr #microsoft #blueteam #azure
-
Comprehensive guidance for the Defender community on MDE's capabilities so you know exactly what's available
The v6 update has 15 changes, including:
• New ASR capabilities
• New Defender antivirus capabilities
• New device response actions
• Much more!Ultimate Comparison of Defender for Endpoint Features by OS - Ru Campbell MVP
https://campbell.scot/feb-2024-ultimate-comparison-of-defender-for-endpoint-features-by-os/#microsoftdefender #defender #mde #m365 #microsoft365 #defenderforendpoint #edr #xdr #microsoft #blueteam #azure
-
𝐏𝐫𝐨𝐭𝐞𝐜𝐭 𝐮𝐧𝐦𝐚𝐧𝐚𝐠𝐞𝐝 𝐨𝐫 3𝐫𝐝 𝐩𝐚𝐫𝐭𝐲 𝐌𝐃𝐌 𝐦𝐚𝐧𝐚𝐠𝐞𝐝 𝐢𝐎𝐒/𝐀𝐧𝐝𝐫𝐨𝐢𝐝 𝐝𝐞𝐯𝐢𝐜𝐞𝐬 𝐰𝐢𝐭𝐡 𝐌𝐃𝐄
In this blog post, you will learn how to protect unmanaged (personal) or 3rd party MDM managed iOS and Android devices with Microsoft Defender for Endpoint as your Mobile Threat Defense (MTD) solution.
The solution leverages Intune’s App Protection Policies aka MAM to enforce Device Protection with MDE regardless of the device enrollment state.
#mde #defender #defenderforendpoint #mtd #mobile #mobileprotection #mobilerhreatdefence #edr #xdr #microsoft #microsoftsecurity #soc #intune #mdm #mam #byod #ios #android #cloudnative
-
Free training for Microsoft Defender for Endpoint, Microsoft's industry leading XDR solution:
"Become a Microsoft Defender for Endpoint Ninja"
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/become-a-microsoft-defender-for-endpoint-ninja/ba-p/1515647Documentation: "Microsoft Defender for Endpoint"
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/?view=o365-worldwide#microsoft #msftadvocate #ninjatraining #defender #mde #defenderforendpoint
-
Free training for Microsoft Defender for Endpoint, Microsoft's industry leading XDR solution:
"Become a Microsoft Defender for Endpoint Ninja"
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/become-a-microsoft-defender-for-endpoint-ninja/ba-p/1515647Documentation: "Microsoft Defender for Endpoint"
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/?view=o365-worldwide#microsoft #msftadvocate #ninjatraining #defender #mde #defenderforendpoint
-
@smfinlay
I've seen some inconsistent behavior with case sensitivity with ==, maybe see if it works if the case matches. Could also be a space in the data. -
@smfinlay
I've seen some inconsistent behavior with case sensitivity with ==, maybe see if it works if the case matches. Could also be a space in the data. -
For those familiar with #DefenderforEndpoint and #KQL advanced hunting, do you know why I would get results from the query using the "contains" operator and get no results using the "==" operator?
-
For those familiar with #DefenderforEndpoint and #KQL advanced hunting, do you know why I would get results from the query using the "contains" operator and get no results using the "==" operator?
-
𝐀𝐮𝐠𝐦𝐞𝐧𝐭 𝐲𝐨𝐮𝐫 𝐄𝐃𝐑 𝐰𝐢𝐭𝐡 𝐝𝐞𝐜𝐞𝐩𝐭𝐢𝐨𝐧 𝐭𝐚𝐜𝐭𝐢𝐜𝐬 𝐭𝐨 𝐜𝐚𝐭𝐜𝐡 𝐚𝐝𝐯𝐞𝐫𝐬𝐚𝐫𝐢𝐞𝐬 𝐞𝐚𝐫𝐥𝐲
Deception is now a built-in capability in Microsoft Defender for Endpoint.
Deception in Defender for Endpoint provides customers with:
➡ 𝐇𝐢𝐠𝐡 𝐜𝐨𝐧𝐟𝐢𝐝𝐞𝐧𝐜𝐞 𝐝𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧𝐬 𝐚𝐧𝐝 𝐚𝐮𝐭𝐨𝐦𝐚𝐭𝐢𝐜 𝐝𝐢𝐬𝐫𝐮𝐩𝐭𝐢𝐨𝐧 𝐨𝐟 𝐭𝐡𝐫𝐞𝐚𝐭𝐬 – Detects human operated lateral movement in the early stages of a cyber-attack and triggers attack disruption to contain the threat.
➡𝐀𝐈-𝐩𝐨𝐰𝐞𝐫𝐞𝐝 𝐠𝐞𝐧𝐞𝐫𝐚𝐭𝐢𝐨𝐧 𝐨𝐟 𝐚𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜 𝐝𝐞𝐜𝐨𝐲𝐬 𝐚𝐧𝐝 𝐥𝐮𝐫𝐞𝐬 – Defender for Endpoint uses machine learning to autogenerate and deploy authentic decoys and lures into your network that mirror production assets
➡𝐁𝐮𝐢𝐥𝐭 𝐢𝐧𝐭𝐨 𝐭𝐡𝐞 𝐞𝐱𝐢𝐬𝐭𝐢𝐧𝐠 𝐞𝐧𝐝𝐩𝐨𝐢𝐧𝐭 𝐚𝐠𝐞𝐧𝐭 - no additional deployment or management of sensors on your network.
➡𝐈𝐧𝐭𝐞𝐠𝐫𝐚𝐭𝐞𝐝 𝐢𝐧𝐭𝐨 𝐭𝐡𝐞 𝐗𝐃𝐑 𝐒𝐎𝐂 𝐞𝐱𝐩𝐞𝐫𝐢𝐞𝐧𝐜𝐞 – for easy, end to end investigation of attacks
#defender #microsoftdefender #mde #xdr #deception #azure #microsoft #microsoftsecurity #soc #ransomware #ai #aisecurity #analyst #defenderforendpoint #cloudnative #cloudsecurity
-
S𝘁𝗿𝗲𝗮𝗺𝗹𝗶𝗻𝗲𝗱 𝗱𝗲𝘃𝗶𝗰𝗲 𝗰𝗼𝗻𝗻𝗲𝗰𝘁𝗶𝘃𝗶𝘁𝘆 𝗲𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲 𝗳𝗼𝗿 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗳𝗼𝗿 𝗘𝗻𝗱𝗽𝗼𝗶𝗻𝘁
To help simplify device connectivity and management, we are excited to announce a new method that streamlines the device connectivity and onboarding experience for Microsoft Defender for Endpoint, now available in public preview for Windows OS.
The Defender for Endpoint-recognized simplified domain *.𝗲𝗻𝗱𝗽𝗼𝗶𝗻𝘁.𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆.𝗺𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁.𝗰𝗼𝗺 will consolidate and replace URLs for the following core Defender for Endpoint services:
- Cloud-delivered protection (MAPS)
- Malware sample submission storage
- Automated investigation and remediation sample storage
- Defender for Endpoint command and control
- Endpoint detection and response cyber data
#defenderforendpoint #mde #edr #microsoft #microsoftsecurity #endpoint #azure #networking #network #microsoftdefenderforendpoint #cybersecurity #cyber
-
S𝘁𝗿𝗲𝗮𝗺𝗹𝗶𝗻𝗲𝗱 𝗱𝗲𝘃𝗶𝗰𝗲 𝗰𝗼𝗻𝗻𝗲𝗰𝘁𝗶𝘃𝗶𝘁𝘆 𝗲𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲 𝗳𝗼𝗿 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗳𝗼𝗿 𝗘𝗻𝗱𝗽𝗼𝗶𝗻𝘁
To help simplify device connectivity and management, we are excited to announce a new method that streamlines the device connectivity and onboarding experience for Microsoft Defender for Endpoint, now available in public preview for Windows OS.
The Defender for Endpoint-recognized simplified domain *.𝗲𝗻𝗱𝗽𝗼𝗶𝗻𝘁.𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆.𝗺𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁.𝗰𝗼𝗺 will consolidate and replace URLs for the following core Defender for Endpoint services:
- Cloud-delivered protection (MAPS)
- Malware sample submission storage
- Automated investigation and remediation sample storage
- Defender for Endpoint command and control
- Endpoint detection and response cyber data
#defenderforendpoint #mde #edr #microsoft #microsoftsecurity #endpoint #azure #networking #network #microsoftdefenderforendpoint #cybersecurity #cyber
-
My latest #project is coming to an end, and I’ll be honest, it’s been fun and an interesting piece of work.
Inplementing a Network, Detection and Response (#ndr) platform powered by #bluehexagon (now owned by #qualys) , with full integration into #Sentinel and #defenderforendpoint.
The interesting part was creating a custom #powershell #cmdlet / toolset for security engineering to integrate data as part of security incidents. Had me brushing off my coding skills and remembering how much I actually enjoy it!
This also means, my diary is now free from the end of this month… so am #opentowork.
Check out my #blog at https://paulsanders.co.uk for some (not so much upto date) posts.
-
My latest #project is coming to an end, and I’ll be honest, it’s been fun and an interesting piece of work.
Inplementing a Network, Detection and Response (#ndr) platform powered by #bluehexagon (now owned by #qualys) , with full integration into #Sentinel and #defenderforendpoint.
The interesting part was creating a custom #powershell #cmdlet / toolset for security engineering to integrate data as part of security incidents. Had me brushing off my coding skills and remembering how much I actually enjoy it!
This also means, my diary is now free from the end of this month… so am #opentowork.
Check out my #blog at https://paulsanders.co.uk for some (not so much upto date) posts.
-
𝗗𝗲𝗳𝗲𝗻𝗱𝗶𝗻𝗴 𝗻𝗲𝘄 𝘃𝗲𝗰𝘁𝗼𝗿𝘀: 𝗧𝗵𝗿𝗲𝗮𝘁 𝗮𝗰𝘁𝗼𝗿𝘀 𝗮𝘁𝘁𝗲𝗺𝗽𝘁 𝗦𝗤𝗟 𝗦𝗲𝗿𝘃𝗲𝗿 𝘁𝗼 𝗰𝗹𝗼𝘂𝗱 𝗹𝗮𝘁𝗲𝗿𝗮𝗹 𝗺𝗼𝘃𝗲𝗺𝗲𝗻𝘁
Nice write-up by Microsoft security researchers about new campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance.
Attackers are now attempting to move laterally into cloud environments via SQL Server instances—a method previously seen in VMs and Kubernetes clusters but not in SQL Server.
#microsoft #microsoftsecurity #securityresearch #azure #SQL #cloudlateralmovement #lateralmovement #cloudsecurity #cloudnative #cybersecurity #soc #defenderforcloud #defenderforendpoint #mde #xdr #edr #defenderforsql #soc
-
Today we are excited to announce the public preview of a 𝘂𝗻𝗶𝗳𝗶𝗲𝗱 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘀𝗲𝘁𝘁𝗶𝗻𝗴𝘀 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗲𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲 that offers a consistent, single source of truth for 𝗺𝗮𝗻𝗮𝗴𝗶𝗻𝗴 𝗲𝗻𝗱𝗽𝗼𝗶𝗻𝘁 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘀𝗲𝘁𝘁𝗶𝗻𝗴𝘀 𝗮𝗰𝗿𝗼𝘀𝘀 𝗪𝗶𝗻𝗱𝗼𝘄𝘀, 𝗺𝗮𝗰𝗢𝗦, 𝗮𝗻𝗱 𝗟𝗶𝗻𝘂𝘅.
𝗜𝘁 𝗶𝘀 𝗯𝘂𝗶𝗹𝘁 𝗶𝗻𝘁𝗼 𝘁𝗵𝗲 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝟯𝟲𝟱 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗽𝗼𝗿𝘁𝗮𝗹, and therefore easily accessible for security teams, but built on the powerful capabilities of Microsoft Intune.
#mde #defenderforendpoint #security #securitysettings #management #microsoft #microsoftsecurity #microsoft365defedner #xdr #edr #soc #intune #device #devicemanagement #unifiedexperience #azure #cloud #cloudnative #windows #linux #macos #epp
-
Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR
Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.
#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst
-
Novità in ambito Security Settings Management di Microsoft Defender for Endpoint: supporto ampliato per le regole di Attack Surface Reduction.
Security Settings Management è una modalità di gestione delle impostazioni di MDE che permette di distribuire le stesse anche su dispositivi non enrollati in Intune.
Tutti i dettagli e la solita documentazione a go-go nell'articolo di oggi.
-
Metti in sicurezza i tuoi Mac usando le raccomandazioni di Microsoft Defender for Endpoint come piano di hardening.
➡️ https://youtu.be/ZNcZfEXnnzU
Oggi vediamo come impostare una strategia completa di hardening per i tuoi Mac aziendali: l’integrazione con il resto dell’infrastruttura così sarà più sicura e la postura di sicurezza migliorerà.
Se vuoi seguire contenuti come questo, iscriviti al mio canale YouTube: ti aspetto!