#defenderforendpoint — Public Fediverse posts

Update 🧵
Rules ARE active, Event ID 1121 confirms blocking (WmiPrvSE → HPFirmwareInstaller blocked, LSASS protection firing daily).
But Get-MpPreference returns empty, registry key missing. TVM can't detect them → Secure Score stuck at 22/22 exposed.
Anyone seen this before? #MDE #Intune #DefenderForEndpoint

𝐏𝐫𝐨𝐭𝐞𝐜𝐭 𝐮𝐧𝐦𝐚𝐧𝐚𝐠𝐞𝐝 𝐨𝐫 3𝐫𝐝 𝐩𝐚𝐫𝐭𝐲 𝐌𝐃𝐌 𝐦𝐚𝐧𝐚𝐠𝐞𝐝 𝐢𝐎𝐒/𝐀𝐧𝐝𝐫𝐨𝐢𝐝 𝐝𝐞𝐯𝐢𝐜𝐞𝐬 𝐰𝐢𝐭𝐡 𝐌𝐃𝐄

In this blog post, you will learn how to protect unmanaged (personal) or 3rd party MDM managed iOS and Android devices with Microsoft Defender for Endpoint as your Mobile Threat Defense (MTD) solution.

The solution leverages Intune’s App Protection Policies aka MAM to enforce Device Protection with MDE regardless of the device enrollment state.

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/protect-unmanaged-or-3rd-party-mdm-managed-ios-android-devices/ba-p/4057691

#mde #defender #defenderforendpoint #mtd #mobile #mobileprotection #mobilerhreatdefence #edr #xdr #microsoft #microsoftsecurity #soc #intune #mdm #mam #byod #ios #android #cloudnative

𝗗𝗲𝗳𝗲𝗻𝗱𝗶𝗻𝗴 𝗻𝗲𝘄 𝘃𝗲𝗰𝘁𝗼𝗿𝘀: 𝗧𝗵𝗿𝗲𝗮𝘁 𝗮𝗰𝘁𝗼𝗿𝘀 𝗮𝘁𝘁𝗲𝗺𝗽𝘁 𝗦𝗤𝗟 𝗦𝗲𝗿𝘃𝗲𝗿 𝘁𝗼 𝗰𝗹𝗼𝘂𝗱 𝗹𝗮𝘁𝗲𝗿𝗮𝗹 𝗺𝗼𝘃𝗲𝗺𝗲𝗻𝘁

Nice write-up by Microsoft security researchers about new campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance.

Attackers are now attempting to move laterally into cloud environments via SQL Server instances—a method previously seen in VMs and Kubernetes clusters but not in SQL Server.

https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/

#microsoft #microsoftsecurity #securityresearch #azure #SQL #cloudlateralmovement #lateralmovement #cloudsecurity #cloudnative #cybersecurity #soc #defenderforcloud #defenderforendpoint #mde #xdr #edr #defenderforsql #soc

𝗗𝗲𝗳𝗲𝗻𝗱𝗶𝗻𝗴 𝗻𝗲𝘄 𝘃𝗲𝗰𝘁𝗼𝗿𝘀: 𝗧𝗵𝗿𝗲𝗮𝘁 𝗮𝗰𝘁𝗼𝗿𝘀 𝗮𝘁𝘁𝗲𝗺𝗽𝘁 𝗦𝗤𝗟 𝗦𝗲𝗿𝘃𝗲𝗿 𝘁𝗼 𝗰𝗹𝗼𝘂𝗱 𝗹𝗮𝘁𝗲𝗿𝗮𝗹 𝗺𝗼𝘃𝗲𝗺𝗲𝗻𝘁

Nice write-up by Microsoft security researchers about new campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance.

Attackers are now attempting to move laterally into cloud environments via SQL Server instances—a method previously seen in VMs and Kubernetes clusters but not in SQL Server.

https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/

#microsoft #microsoftsecurity #securityresearch #azure #SQL #cloudlateralmovement #lateralmovement #cloudsecurity #cloudnative #cybersecurity #soc #defenderforcloud #defenderforendpoint #mde #xdr #edr #defenderforsql #soc

𝗗𝗲𝗳𝗲𝗻𝗱𝗶𝗻𝗴 𝗻𝗲𝘄 𝘃𝗲𝗰𝘁𝗼𝗿𝘀: 𝗧𝗵𝗿𝗲𝗮𝘁 𝗮𝗰𝘁𝗼𝗿𝘀 𝗮𝘁𝘁𝗲𝗺𝗽𝘁 𝗦𝗤𝗟 𝗦𝗲𝗿𝘃𝗲𝗿 𝘁𝗼 𝗰𝗹𝗼𝘂𝗱 𝗹𝗮𝘁𝗲𝗿𝗮𝗹 𝗺𝗼𝘃𝗲𝗺𝗲𝗻𝘁

Nice write-up by Microsoft security researchers about new campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance.

Attackers are now attempting to move laterally into cloud environments via SQL Server instances—a method previously seen in VMs and Kubernetes clusters but not in SQL Server.

https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/

#microsoft #microsoftsecurity #securityresearch #azure #SQL #cloudlateralmovement #lateralmovement #cloudsecurity #cloudnative #cybersecurity #soc #defenderforcloud #defenderforendpoint #mde #xdr #edr #defenderforsql #soc

𝗗𝗲𝗳𝗲𝗻𝗱𝗶𝗻𝗴 𝗻𝗲𝘄 𝘃𝗲𝗰𝘁𝗼𝗿𝘀: 𝗧𝗵𝗿𝗲𝗮𝘁 𝗮𝗰𝘁𝗼𝗿𝘀 𝗮𝘁𝘁𝗲𝗺𝗽𝘁 𝗦𝗤𝗟 𝗦𝗲𝗿𝘃𝗲𝗿 𝘁𝗼 𝗰𝗹𝗼𝘂𝗱 𝗹𝗮𝘁𝗲𝗿𝗮𝗹 𝗺𝗼𝘃𝗲𝗺𝗲𝗻𝘁

Nice write-up by Microsoft security researchers about new campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance.

Attackers are now attempting to move laterally into cloud environments via SQL Server instances—a method previously seen in VMs and Kubernetes clusters but not in SQL Server.

https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/

#microsoft #microsoftsecurity #securityresearch #azure #SQL #cloudlateralmovement #lateralmovement #cloudsecurity #cloudnative #cybersecurity #soc #defenderforcloud #defenderforendpoint #mde #xdr #edr #defenderforsql #soc

𝗗𝗲𝗳𝗲𝗻𝗱𝗶𝗻𝗴 𝗻𝗲𝘄 𝘃𝗲𝗰𝘁𝗼𝗿𝘀: 𝗧𝗵𝗿𝗲𝗮𝘁 𝗮𝗰𝘁𝗼𝗿𝘀 𝗮𝘁𝘁𝗲𝗺𝗽𝘁 𝗦𝗤𝗟 𝗦𝗲𝗿𝘃𝗲𝗿 𝘁𝗼 𝗰𝗹𝗼𝘂𝗱 𝗹𝗮𝘁𝗲𝗿𝗮𝗹 𝗺𝗼𝘃𝗲𝗺𝗲𝗻𝘁

Nice write-up by Microsoft security researchers about new campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance.

Attackers are now attempting to move laterally into cloud environments via SQL Server instances—a method previously seen in VMs and Kubernetes clusters but not in SQL Server.

https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/

#microsoft #microsoftsecurity #securityresearch #azure #SQL #cloudlateralmovement #lateralmovement #cloudsecurity #cloudnative #cybersecurity #soc #defenderforcloud #defenderforendpoint #mde #xdr #edr #defenderforsql #soc

Today we are excited to announce the public preview of a 𝘂𝗻𝗶𝗳𝗶𝗲𝗱 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘀𝗲𝘁𝘁𝗶𝗻𝗴𝘀 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗲𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲 that offers a consistent, single source of truth for 𝗺𝗮𝗻𝗮𝗴𝗶𝗻𝗴 𝗲𝗻𝗱𝗽𝗼𝗶𝗻𝘁 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘀𝗲𝘁𝘁𝗶𝗻𝗴𝘀 𝗮𝗰𝗿𝗼𝘀𝘀 𝗪𝗶𝗻𝗱𝗼𝘄𝘀, 𝗺𝗮𝗰𝗢𝗦, 𝗮𝗻𝗱 𝗟𝗶𝗻𝘂𝘅.

𝗜𝘁 𝗶𝘀 𝗯𝘂𝗶𝗹𝘁 𝗶𝗻𝘁𝗼 𝘁𝗵𝗲 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝟯𝟲𝟱 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗽𝗼𝗿𝘁𝗮𝗹, and therefore easily accessible for security teams, but built on the powerful capabilities of Microsoft Intune.

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/manage-security-settings-for-windows-macos-and-linux-natively-in/ba-p/3870617

#mde #defenderforendpoint #security #securitysettings #management #microsoft #microsoftsecurity #microsoft365defedner #xdr #edr #soc #intune #device #devicemanagement #unifiedexperience #azure #cloud #cloudnative #windows #linux #macos #epp

Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR

Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatically-disrupt-adversary-in-the-middle-aitm-attacks-with/ba-p/3821751

#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst

Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR

Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatically-disrupt-adversary-in-the-middle-aitm-attacks-with/ba-p/3821751

#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst