home.social

#defenderforendpoint โ€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #defenderforendpoint, aggregated by home.social.

  1. Update ๐Ÿงต
    Rules ARE active, Event ID 1121 confirms blocking (WmiPrvSE โ†’ HPFirmwareInstaller blocked, LSASS protection firing daily).
    But Get-MpPreference returns empty, registry key missing. TVM can't detect them โ†’ Secure Score stuck at 22/22 exposed.
    Anyone seen this before? #MDE #Intune #DefenderForEndpoint

  2. Update ๐Ÿงต
    Rules ARE active, Event ID 1121 confirms blocking (WmiPrvSE โ†’ HPFirmwareInstaller blocked, LSASS protection firing daily).
    But Get-MpPreference returns empty, registry key missing. TVM can't detect them โ†’ Secure Score stuck at 22/22 exposed.
    Anyone seen this before? #MDE #Intune #DefenderForEndpoint

  3. Update ๐Ÿงต
    Rules ARE active, Event ID 1121 confirms blocking (WmiPrvSE โ†’ HPFirmwareInstaller blocked, LSASS protection firing daily).
    But Get-MpPreference returns empty, registry key missing. TVM can't detect them โ†’ Secure Score stuck at 22/22 exposed.
    Anyone seen this before? #MDE #Intune #DefenderForEndpoint

  4. Update ๐Ÿงต
    Rules ARE active, Event ID 1121 confirms blocking (WmiPrvSE โ†’ HPFirmwareInstaller blocked, LSASS protection firing daily).
    But Get-MpPreference returns empty, registry key missing. TVM can't detect them โ†’ Secure Score stuck at 22/22 exposed.
    Anyone seen this before? #MDE #Intune #DefenderForEndpoint

  5. ๐Ÿ’ก Think your disconnected environment canโ€™t use AI-driven protection? Think again.
    With Microsoftโ€™s Streamlined Connectivity, enabling Defender for Endpoint in restricted networks has never been easier. Proxies make it possibleโ€”hereโ€™s how to do it right: blog.brianbaldock.net/mde-prox
    #CyberSecurity #DefenderForEndpoint #XDR

  6. Take advantage of Microsoft Defender for Endpoint to defend against advanced threats targeting your endpoints, including malware, ransomware, and sophisticated attacks.

  7. Comprehensive guidance for the Defender community on MDE's capabilities so you know exactly what's available

    The v6 update has 15 changes, including:

    โ€ข New ASR capabilities
    โ€ข New Defender antivirus capabilities
    โ€ข New device response actions
    โ€ข Much more!

    Ultimate Comparison of Defender for Endpoint Features by OS - Ru Campbell MVP
    campbell.scot/feb-2024-ultimat

    #microsoftdefender #defender #mde #m365 #microsoft365 #defenderforendpoint #edr #xdr #microsoft #blueteam #azure

  8. Comprehensive guidance for the Defender community on MDE's capabilities so you know exactly what's available

    The v6 update has 15 changes, including:

    โ€ข New ASR capabilities
    โ€ข New Defender antivirus capabilities
    โ€ข New device response actions
    โ€ข Much more!

    Ultimate Comparison of Defender for Endpoint Features by OS - Ru Campbell MVP
    campbell.scot/feb-2024-ultimat

    #microsoftdefender #defender #mde #m365 #microsoft365 #defenderforendpoint #edr #xdr #microsoft #blueteam #azure

  9. Comprehensive guidance for the Defender community on MDE's capabilities so you know exactly what's available

    The v6 update has 15 changes, including:

    โ€ข New ASR capabilities
    โ€ข New Defender antivirus capabilities
    โ€ข New device response actions
    โ€ข Much more!

    Ultimate Comparison of Defender for Endpoint Features by OS - Ru Campbell MVP
    campbell.scot/feb-2024-ultimat

    #microsoftdefender #defender #mde #m365 #microsoft365 #defenderforendpoint #edr #xdr #microsoft #blueteam #azure

  10. Comprehensive guidance for the Defender community on MDE's capabilities so you know exactly what's available

    The v6 update has 15 changes, including:

    โ€ข New ASR capabilities
    โ€ข New Defender antivirus capabilities
    โ€ข New device response actions
    โ€ข Much more!

    Ultimate Comparison of Defender for Endpoint Features by OS - Ru Campbell MVP
    campbell.scot/feb-2024-ultimat

    #microsoftdefender #defender #mde #m365 #microsoft365 #defenderforendpoint #edr #xdr #microsoft #blueteam #azure

  11. ๐๐ซ๐จ๐ญ๐ž๐œ๐ญ ๐ฎ๐ง๐ฆ๐š๐ง๐š๐ ๐ž๐ ๐จ๐ซ 3๐ซ๐ ๐ฉ๐š๐ซ๐ญ๐ฒ ๐Œ๐ƒ๐Œ ๐ฆ๐š๐ง๐š๐ ๐ž๐ ๐ข๐Ž๐’/๐€๐ง๐๐ซ๐จ๐ข๐ ๐๐ž๐ฏ๐ข๐œ๐ž๐ฌ ๐ฐ๐ข๐ญ๐ก ๐Œ๐ƒ๐„

    In this blog post, you will learn how to protect unmanaged (personal) or 3rd party MDM managed iOS and Android devices with Microsoft Defender for Endpoint as your Mobile Threat Defense (MTD) solution.

    The solution leverages Intuneโ€™s App Protection Policies aka MAM to enforce Device Protection with MDE regardless of the device enrollment state.

    techcommunity.microsoft.com/t5

    #mde #defender #defenderforendpoint #mtd #mobile #mobileprotection #mobilerhreatdefence #edr #xdr #microsoft #microsoftsecurity #soc #intune #mdm #mam #byod #ios #android #cloudnative

  12. ๐๐ซ๐จ๐ญ๐ž๐œ๐ญ ๐ฎ๐ง๐ฆ๐š๐ง๐š๐ ๐ž๐ ๐จ๐ซ 3๐ซ๐ ๐ฉ๐š๐ซ๐ญ๐ฒ ๐Œ๐ƒ๐Œ ๐ฆ๐š๐ง๐š๐ ๐ž๐ ๐ข๐Ž๐’/๐€๐ง๐๐ซ๐จ๐ข๐ ๐๐ž๐ฏ๐ข๐œ๐ž๐ฌ ๐ฐ๐ข๐ญ๐ก ๐Œ๐ƒ๐„

    In this blog post, you will learn how to protect unmanaged (personal) or 3rd party MDM managed iOS and Android devices with Microsoft Defender for Endpoint as your Mobile Threat Defense (MTD) solution.

    The solution leverages Intuneโ€™s App Protection Policies aka MAM to enforce Device Protection with MDE regardless of the device enrollment state.

    techcommunity.microsoft.com/t5

    #mde #defender #defenderforendpoint #mtd #mobile #mobileprotection #mobilerhreatdefence #edr #xdr #microsoft #microsoftsecurity #soc #intune #mdm #mam #byod #ios #android #cloudnative

  13. ๐๐ซ๐จ๐ญ๐ž๐œ๐ญ ๐ฎ๐ง๐ฆ๐š๐ง๐š๐ ๐ž๐ ๐จ๐ซ 3๐ซ๐ ๐ฉ๐š๐ซ๐ญ๐ฒ ๐Œ๐ƒ๐Œ ๐ฆ๐š๐ง๐š๐ ๐ž๐ ๐ข๐Ž๐’/๐€๐ง๐๐ซ๐จ๐ข๐ ๐๐ž๐ฏ๐ข๐œ๐ž๐ฌ ๐ฐ๐ข๐ญ๐ก ๐Œ๐ƒ๐„

    In this blog post, you will learn how to protect unmanaged (personal) or 3rd party MDM managed iOS and Android devices with Microsoft Defender for Endpoint as your Mobile Threat Defense (MTD) solution.

    The solution leverages Intuneโ€™s App Protection Policies aka MAM to enforce Device Protection with MDE regardless of the device enrollment state.

    techcommunity.microsoft.com/t5

    #mde #defender #defenderforendpoint #mtd #mobile #mobileprotection #mobilerhreatdefence #edr #xdr #microsoft #microsoftsecurity #soc #intune #mdm #mam #byod #ios #android #cloudnative

  14. ๐๐ซ๐จ๐ญ๐ž๐œ๐ญ ๐ฎ๐ง๐ฆ๐š๐ง๐š๐ ๐ž๐ ๐จ๐ซ 3๐ซ๐ ๐ฉ๐š๐ซ๐ญ๐ฒ ๐Œ๐ƒ๐Œ ๐ฆ๐š๐ง๐š๐ ๐ž๐ ๐ข๐Ž๐’/๐€๐ง๐๐ซ๐จ๐ข๐ ๐๐ž๐ฏ๐ข๐œ๐ž๐ฌ ๐ฐ๐ข๐ญ๐ก ๐Œ๐ƒ๐„

    In this blog post, you will learn how to protect unmanaged (personal) or 3rd party MDM managed iOS and Android devices with Microsoft Defender for Endpoint as your Mobile Threat Defense (MTD) solution.

    The solution leverages Intuneโ€™s App Protection Policies aka MAM to enforce Device Protection with MDE regardless of the device enrollment state.

    techcommunity.microsoft.com/t5

    #mde #defender #defenderforendpoint #mtd #mobile #mobileprotection #mobilerhreatdefence #edr #xdr #microsoft #microsoftsecurity #soc #intune #mdm #mam #byod #ios #android #cloudnative

  15. @smfinlay
    I've seen some inconsistent behavior with case sensitivity with ==, maybe see if it works if the case matches. Could also be a space in the data.

    #DefenderforEndpoint #KQL

  16. @smfinlay
    I've seen some inconsistent behavior with case sensitivity with ==, maybe see if it works if the case matches. Could also be a space in the data.

    #DefenderforEndpoint #KQL

  17. @smfinlay
    I've seen some inconsistent behavior with case sensitivity with ==, maybe see if it works if the case matches. Could also be a space in the data.

    #DefenderforEndpoint #KQL

  18. @smfinlay
    I've seen some inconsistent behavior with case sensitivity with ==, maybe see if it works if the case matches. Could also be a space in the data.

    #DefenderforEndpoint #KQL

  19. For those familiar with #DefenderforEndpoint and #KQL advanced hunting, do you know why I would get results from the query using the "contains" operator and get no results using the "==" operator?

  20. For those familiar with #DefenderforEndpoint and #KQL advanced hunting, do you know why I would get results from the query using the "contains" operator and get no results using the "==" operator?

  21. For those familiar with #DefenderforEndpoint and #KQL advanced hunting, do you know why I would get results from the query using the "contains" operator and get no results using the "==" operator?

  22. For those familiar with #DefenderforEndpoint and #KQL advanced hunting, do you know why I would get results from the query using the "contains" operator and get no results using the "==" operator?

  23. ๐€๐ฎ๐ ๐ฆ๐ž๐ง๐ญ ๐ฒ๐จ๐ฎ๐ซ ๐„๐ƒ๐‘ ๐ฐ๐ข๐ญ๐ก ๐๐ž๐œ๐ž๐ฉ๐ญ๐ข๐จ๐ง ๐ญ๐š๐œ๐ญ๐ข๐œ๐ฌ ๐ญ๐จ ๐œ๐š๐ญ๐œ๐ก ๐š๐๐ฏ๐ž๐ซ๐ฌ๐š๐ซ๐ข๐ž๐ฌ ๐ž๐š๐ซ๐ฅ๐ฒ

    Deception is now a built-in capability in Microsoft Defender for Endpoint.

    Deception in Defender for Endpoint provides customers with:

    โžก ๐‡๐ข๐ ๐ก ๐œ๐จ๐ง๐Ÿ๐ข๐๐ž๐ง๐œ๐ž ๐๐ž๐ญ๐ž๐œ๐ญ๐ข๐จ๐ง๐ฌ ๐š๐ง๐ ๐š๐ฎ๐ญ๐จ๐ฆ๐š๐ญ๐ข๐œ ๐๐ข๐ฌ๐ซ๐ฎ๐ฉ๐ญ๐ข๐จ๐ง ๐จ๐Ÿ ๐ญ๐ก๐ซ๐ž๐š๐ญ๐ฌ โ€“ Detects human operated lateral movement in the early stages of a cyber-attack and triggers attack disruption to contain the threat.

    โžก๐€๐ˆ-๐ฉ๐จ๐ฐ๐ž๐ซ๐ž๐ ๐ ๐ž๐ง๐ž๐ซ๐š๐ญ๐ข๐จ๐ง ๐จ๐Ÿ ๐š๐ฎ๐ญ๐ก๐ž๐ง๐ญ๐ข๐œ ๐๐ž๐œ๐จ๐ฒ๐ฌ ๐š๐ง๐ ๐ฅ๐ฎ๐ซ๐ž๐ฌ โ€“ Defender for Endpoint uses machine learning to autogenerate and deploy authentic decoys and lures into your network that mirror production assets

    โžก๐๐ฎ๐ข๐ฅ๐ญ ๐ข๐ง๐ญ๐จ ๐ญ๐ก๐ž ๐ž๐ฑ๐ข๐ฌ๐ญ๐ข๐ง๐  ๐ž๐ง๐๐ฉ๐จ๐ข๐ง๐ญ ๐š๐ ๐ž๐ง๐ญ - no additional deployment or management of sensors on your network.

    โžก๐ˆ๐ง๐ญ๐ž๐ ๐ซ๐š๐ญ๐ž๐ ๐ข๐ง๐ญ๐จ ๐ญ๐ก๐ž ๐—๐ƒ๐‘ ๐’๐Ž๐‚ ๐ž๐ฑ๐ฉ๐ž๐ซ๐ข๐ž๐ง๐œ๐ž โ€“ for easy, end to end investigation of attacks

    techcommunity.microsoft.com/t5

    #defender #microsoftdefender #mde #xdr #deception #azure #microsoft #microsoftsecurity #soc #ransomware #ai #aisecurity #analyst #defenderforendpoint #cloudnative #cloudsecurity

  24. ๐€๐ฎ๐ ๐ฆ๐ž๐ง๐ญ ๐ฒ๐จ๐ฎ๐ซ ๐„๐ƒ๐‘ ๐ฐ๐ข๐ญ๐ก ๐๐ž๐œ๐ž๐ฉ๐ญ๐ข๐จ๐ง ๐ญ๐š๐œ๐ญ๐ข๐œ๐ฌ ๐ญ๐จ ๐œ๐š๐ญ๐œ๐ก ๐š๐๐ฏ๐ž๐ซ๐ฌ๐š๐ซ๐ข๐ž๐ฌ ๐ž๐š๐ซ๐ฅ๐ฒ

    Deception is now a built-in capability in Microsoft Defender for Endpoint.

    Deception in Defender for Endpoint provides customers with:

    โžก ๐‡๐ข๐ ๐ก ๐œ๐จ๐ง๐Ÿ๐ข๐๐ž๐ง๐œ๐ž ๐๐ž๐ญ๐ž๐œ๐ญ๐ข๐จ๐ง๐ฌ ๐š๐ง๐ ๐š๐ฎ๐ญ๐จ๐ฆ๐š๐ญ๐ข๐œ ๐๐ข๐ฌ๐ซ๐ฎ๐ฉ๐ญ๐ข๐จ๐ง ๐จ๐Ÿ ๐ญ๐ก๐ซ๐ž๐š๐ญ๐ฌ โ€“ Detects human operated lateral movement in the early stages of a cyber-attack and triggers attack disruption to contain the threat.

    โžก๐€๐ˆ-๐ฉ๐จ๐ฐ๐ž๐ซ๐ž๐ ๐ ๐ž๐ง๐ž๐ซ๐š๐ญ๐ข๐จ๐ง ๐จ๐Ÿ ๐š๐ฎ๐ญ๐ก๐ž๐ง๐ญ๐ข๐œ ๐๐ž๐œ๐จ๐ฒ๐ฌ ๐š๐ง๐ ๐ฅ๐ฎ๐ซ๐ž๐ฌ โ€“ Defender for Endpoint uses machine learning to autogenerate and deploy authentic decoys and lures into your network that mirror production assets

    โžก๐๐ฎ๐ข๐ฅ๐ญ ๐ข๐ง๐ญ๐จ ๐ญ๐ก๐ž ๐ž๐ฑ๐ข๐ฌ๐ญ๐ข๐ง๐  ๐ž๐ง๐๐ฉ๐จ๐ข๐ง๐ญ ๐š๐ ๐ž๐ง๐ญ - no additional deployment or management of sensors on your network.

    โžก๐ˆ๐ง๐ญ๐ž๐ ๐ซ๐š๐ญ๐ž๐ ๐ข๐ง๐ญ๐จ ๐ญ๐ก๐ž ๐—๐ƒ๐‘ ๐’๐Ž๐‚ ๐ž๐ฑ๐ฉ๐ž๐ซ๐ข๐ž๐ง๐œ๐ž โ€“ for easy, end to end investigation of attacks

    techcommunity.microsoft.com/t5

    #defender #microsoftdefender #mde #xdr #deception #azure #microsoft #microsoftsecurity #soc #ransomware #ai #aisecurity #analyst #defenderforendpoint #cloudnative #cloudsecurity

  25. ๐€๐ฎ๐ ๐ฆ๐ž๐ง๐ญ ๐ฒ๐จ๐ฎ๐ซ ๐„๐ƒ๐‘ ๐ฐ๐ข๐ญ๐ก ๐๐ž๐œ๐ž๐ฉ๐ญ๐ข๐จ๐ง ๐ญ๐š๐œ๐ญ๐ข๐œ๐ฌ ๐ญ๐จ ๐œ๐š๐ญ๐œ๐ก ๐š๐๐ฏ๐ž๐ซ๐ฌ๐š๐ซ๐ข๐ž๐ฌ ๐ž๐š๐ซ๐ฅ๐ฒ

    Deception is now a built-in capability in Microsoft Defender for Endpoint.

    Deception in Defender for Endpoint provides customers with:

    โžก ๐‡๐ข๐ ๐ก ๐œ๐จ๐ง๐Ÿ๐ข๐๐ž๐ง๐œ๐ž ๐๐ž๐ญ๐ž๐œ๐ญ๐ข๐จ๐ง๐ฌ ๐š๐ง๐ ๐š๐ฎ๐ญ๐จ๐ฆ๐š๐ญ๐ข๐œ ๐๐ข๐ฌ๐ซ๐ฎ๐ฉ๐ญ๐ข๐จ๐ง ๐จ๐Ÿ ๐ญ๐ก๐ซ๐ž๐š๐ญ๐ฌ โ€“ Detects human operated lateral movement in the early stages of a cyber-attack and triggers attack disruption to contain the threat.

    โžก๐€๐ˆ-๐ฉ๐จ๐ฐ๐ž๐ซ๐ž๐ ๐ ๐ž๐ง๐ž๐ซ๐š๐ญ๐ข๐จ๐ง ๐จ๐Ÿ ๐š๐ฎ๐ญ๐ก๐ž๐ง๐ญ๐ข๐œ ๐๐ž๐œ๐จ๐ฒ๐ฌ ๐š๐ง๐ ๐ฅ๐ฎ๐ซ๐ž๐ฌ โ€“ Defender for Endpoint uses machine learning to autogenerate and deploy authentic decoys and lures into your network that mirror production assets

    โžก๐๐ฎ๐ข๐ฅ๐ญ ๐ข๐ง๐ญ๐จ ๐ญ๐ก๐ž ๐ž๐ฑ๐ข๐ฌ๐ญ๐ข๐ง๐  ๐ž๐ง๐๐ฉ๐จ๐ข๐ง๐ญ ๐š๐ ๐ž๐ง๐ญ - no additional deployment or management of sensors on your network.

    โžก๐ˆ๐ง๐ญ๐ž๐ ๐ซ๐š๐ญ๐ž๐ ๐ข๐ง๐ญ๐จ ๐ญ๐ก๐ž ๐—๐ƒ๐‘ ๐’๐Ž๐‚ ๐ž๐ฑ๐ฉ๐ž๐ซ๐ข๐ž๐ง๐œ๐ž โ€“ for easy, end to end investigation of attacks

    techcommunity.microsoft.com/t5

    #defender #microsoftdefender #mde #xdr #deception #azure #microsoft #microsoftsecurity #soc #ransomware #ai #aisecurity #analyst #defenderforendpoint #cloudnative #cloudsecurity

  26. S๐˜๐—ฟ๐—ฒ๐—ฎ๐—บ๐—น๐—ถ๐—ป๐—ฒ๐—ฑ ๐—ฑ๐—ฒ๐˜ƒ๐—ถ๐—ฐ๐—ฒ ๐—ฐ๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜๐—ถ๐˜ƒ๐—ถ๐˜๐˜† ๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ณ๐—ผ๐—ฟ ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ณ๐—ผ๐—ฟ ๐—˜๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜

    To help simplify device connectivity and management, we are excited to announce a new method that streamlines the device connectivity and onboarding experience for Microsoft Defender for Endpoint, now available in public preview for Windows OS.

    The Defender for Endpoint-recognized simplified domain *.๐—ฒ๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜.๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†.๐—บ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜.๐—ฐ๐—ผ๐—บ will consolidate and replace URLs for the following core Defender for Endpoint services:

    - Cloud-delivered protection (MAPS)

    - Malware sample submission storage

    - Automated investigation and remediation sample storage

    - Defender for Endpoint command and control

    - Endpoint detection and response cyber data

    techcommunity.microsoft.com/t5

    #defenderforendpoint #mde #edr #microsoft #microsoftsecurity #endpoint #azure #networking #network #microsoftdefenderforendpoint #cybersecurity #cyber

  27. S๐˜๐—ฟ๐—ฒ๐—ฎ๐—บ๐—น๐—ถ๐—ป๐—ฒ๐—ฑ ๐—ฑ๐—ฒ๐˜ƒ๐—ถ๐—ฐ๐—ฒ ๐—ฐ๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜๐—ถ๐˜ƒ๐—ถ๐˜๐˜† ๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ณ๐—ผ๐—ฟ ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ณ๐—ผ๐—ฟ ๐—˜๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜

    To help simplify device connectivity and management, we are excited to announce a new method that streamlines the device connectivity and onboarding experience for Microsoft Defender for Endpoint, now available in public preview for Windows OS.

    The Defender for Endpoint-recognized simplified domain *.๐—ฒ๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜.๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†.๐—บ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜.๐—ฐ๐—ผ๐—บ will consolidate and replace URLs for the following core Defender for Endpoint services:

    - Cloud-delivered protection (MAPS)

    - Malware sample submission storage

    - Automated investigation and remediation sample storage

    - Defender for Endpoint command and control

    - Endpoint detection and response cyber data

    techcommunity.microsoft.com/t5

    #defenderforendpoint #mde #edr #microsoft #microsoftsecurity #endpoint #azure #networking #network #microsoftdefenderforendpoint #cybersecurity #cyber

  28. S๐˜๐—ฟ๐—ฒ๐—ฎ๐—บ๐—น๐—ถ๐—ป๐—ฒ๐—ฑ ๐—ฑ๐—ฒ๐˜ƒ๐—ถ๐—ฐ๐—ฒ ๐—ฐ๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜๐—ถ๐˜ƒ๐—ถ๐˜๐˜† ๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ณ๐—ผ๐—ฟ ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ณ๐—ผ๐—ฟ ๐—˜๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜

    To help simplify device connectivity and management, we are excited to announce a new method that streamlines the device connectivity and onboarding experience for Microsoft Defender for Endpoint, now available in public preview for Windows OS.

    The Defender for Endpoint-recognized simplified domain *.๐—ฒ๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜.๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†.๐—บ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜.๐—ฐ๐—ผ๐—บ will consolidate and replace URLs for the following core Defender for Endpoint services:

    - Cloud-delivered protection (MAPS)

    - Malware sample submission storage

    - Automated investigation and remediation sample storage

    - Defender for Endpoint command and control

    - Endpoint detection and response cyber data

    techcommunity.microsoft.com/t5

    #defenderforendpoint #mde #edr #microsoft #microsoftsecurity #endpoint #azure #networking #network #microsoftdefenderforendpoint #cybersecurity #cyber

  29. S๐˜๐—ฟ๐—ฒ๐—ฎ๐—บ๐—น๐—ถ๐—ป๐—ฒ๐—ฑ ๐—ฑ๐—ฒ๐˜ƒ๐—ถ๐—ฐ๐—ฒ ๐—ฐ๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜๐—ถ๐˜ƒ๐—ถ๐˜๐˜† ๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ณ๐—ผ๐—ฟ ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ณ๐—ผ๐—ฟ ๐—˜๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜

    To help simplify device connectivity and management, we are excited to announce a new method that streamlines the device connectivity and onboarding experience for Microsoft Defender for Endpoint, now available in public preview for Windows OS.

    The Defender for Endpoint-recognized simplified domain *.๐—ฒ๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜.๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†.๐—บ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜.๐—ฐ๐—ผ๐—บ will consolidate and replace URLs for the following core Defender for Endpoint services:

    - Cloud-delivered protection (MAPS)

    - Malware sample submission storage

    - Automated investigation and remediation sample storage

    - Defender for Endpoint command and control

    - Endpoint detection and response cyber data

    techcommunity.microsoft.com/t5

    #defenderforendpoint #mde #edr #microsoft #microsoftsecurity #endpoint #azure #networking #network #microsoftdefenderforendpoint #cybersecurity #cyber

  30. S๐˜๐—ฟ๐—ฒ๐—ฎ๐—บ๐—น๐—ถ๐—ป๐—ฒ๐—ฑ ๐—ฑ๐—ฒ๐˜ƒ๐—ถ๐—ฐ๐—ฒ ๐—ฐ๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜๐—ถ๐˜ƒ๐—ถ๐˜๐˜† ๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ณ๐—ผ๐—ฟ ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ณ๐—ผ๐—ฟ ๐—˜๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜

    To help simplify device connectivity and management, we are excited to announce a new method that streamlines the device connectivity and onboarding experience for Microsoft Defender for Endpoint, now available in public preview for Windows OS.

    The Defender for Endpoint-recognized simplified domain *.๐—ฒ๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜.๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†.๐—บ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜.๐—ฐ๐—ผ๐—บ will consolidate and replace URLs for the following core Defender for Endpoint services:

    - Cloud-delivered protection (MAPS)

    - Malware sample submission storage

    - Automated investigation and remediation sample storage

    - Defender for Endpoint command and control

    - Endpoint detection and response cyber data

    techcommunity.microsoft.com/t5

    #defenderforendpoint #mde #edr #microsoft #microsoftsecurity #endpoint #azure #networking #network #microsoftdefenderforendpoint #cybersecurity #cyber

  31. S๐˜๐—ฟ๐—ฒ๐—ฎ๐—บ๐—น๐—ถ๐—ป๐—ฒ๐—ฑ ๐—ฑ๐—ฒ๐˜ƒ๐—ถ๐—ฐ๐—ฒ ๐—ฐ๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜๐—ถ๐˜ƒ๐—ถ๐˜๐˜† ๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ณ๐—ผ๐—ฟ ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ณ๐—ผ๐—ฟ ๐—˜๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜

    To help simplify device connectivity and management, we are excited to announce a new method that streamlines the device connectivity and onboarding experience for Microsoft Defender for Endpoint, now available in public preview for Windows OS.

    The Defender for Endpoint-recognized simplified domain *.๐—ฒ๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜.๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†.๐—บ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜.๐—ฐ๐—ผ๐—บ will consolidate and replace URLs for the following core Defender for Endpoint services:

    - Cloud-delivered protection (MAPS)

    - Malware sample submission storage

    - Automated investigation and remediation sample storage

    - Defender for Endpoint command and control

    - Endpoint detection and response cyber data

    techcommunity.microsoft.com/t5

    #defenderforendpoint #mde #edr #microsoft #microsoftsecurity #endpoint #azure #networking #network #microsoftdefenderforendpoint #cybersecurity #cyber

  32. S๐˜๐—ฟ๐—ฒ๐—ฎ๐—บ๐—น๐—ถ๐—ป๐—ฒ๐—ฑ ๐—ฑ๐—ฒ๐˜ƒ๐—ถ๐—ฐ๐—ฒ ๐—ฐ๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜๐—ถ๐˜ƒ๐—ถ๐˜๐˜† ๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ณ๐—ผ๐—ฟ ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ณ๐—ผ๐—ฟ ๐—˜๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜

    To help simplify device connectivity and management, we are excited to announce a new method that streamlines the device connectivity and onboarding experience for Microsoft Defender for Endpoint, now available in public preview for Windows OS.

    The Defender for Endpoint-recognized simplified domain *.๐—ฒ๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜.๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†.๐—บ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜.๐—ฐ๐—ผ๐—บ will consolidate and replace URLs for the following core Defender for Endpoint services:

    - Cloud-delivered protection (MAPS)

    - Malware sample submission storage

    - Automated investigation and remediation sample storage

    - Defender for Endpoint command and control

    - Endpoint detection and response cyber data

    techcommunity.microsoft.com/t5

    #defenderforendpoint #mde #edr #microsoft #microsoftsecurity #endpoint #azure #networking #network #microsoftdefenderforendpoint #cybersecurity #cyber

  33. My latest #project is coming to an end, and Iโ€™ll be honest, itโ€™s been fun and an interesting piece of work.

    Inplementing a Network, Detection and Response (#ndr) platform powered by #bluehexagon (now owned by #qualys) , with full integration into #Sentinel and #defenderforendpoint.

    The interesting part was creating a custom #powershell #cmdlet / toolset for security engineering to integrate data as part of security incidents. Had me brushing off my coding skills and remembering how much I actually enjoy it!

    This also means, my diary is now free from the end of this monthโ€ฆ so am #opentowork.

    Check out my #blog at paulsanders.co.uk for some (not so much upto date) posts.

    #dfir #soc #siem

  34. My latest #project is coming to an end, and Iโ€™ll be honest, itโ€™s been fun and an interesting piece of work.

    Inplementing a Network, Detection and Response (#ndr) platform powered by #bluehexagon (now owned by #qualys) , with full integration into #Sentinel and #defenderforendpoint.

    The interesting part was creating a custom #powershell #cmdlet / toolset for security engineering to integrate data as part of security incidents. Had me brushing off my coding skills and remembering how much I actually enjoy it!

    This also means, my diary is now free from the end of this monthโ€ฆ so am #opentowork.

    Check out my #blog at paulsanders.co.uk for some (not so much upto date) posts.

    #dfir #soc #siem

  35. My latest #project is coming to an end, and Iโ€™ll be honest, itโ€™s been fun and an interesting piece of work.

    Inplementing a Network, Detection and Response (#ndr) platform powered by #bluehexagon (now owned by #qualys) , with full integration into #Sentinel and #defenderforendpoint.

    The interesting part was creating a custom #powershell #cmdlet / toolset for security engineering to integrate data as part of security incidents. Had me brushing off my coding skills and remembering how much I actually enjoy it!

    This also means, my diary is now free from the end of this monthโ€ฆ so am #opentowork.

    Check out my #blog at paulsanders.co.uk for some (not so much upto date) posts.

    #dfir #soc #siem

  36. My latest #project is coming to an end, and Iโ€™ll be honest, itโ€™s been fun and an interesting piece of work.

    Inplementing a Network, Detection and Response (#ndr) platform powered by #bluehexagon (now owned by #qualys) , with full integration into #Sentinel and #defenderforendpoint.

    The interesting part was creating a custom #powershell #cmdlet / toolset for security engineering to integrate data as part of security incidents. Had me brushing off my coding skills and remembering how much I actually enjoy it!

    This also means, my diary is now free from the end of this monthโ€ฆ so am #opentowork.

    Check out my #blog at paulsanders.co.uk for some (not so much upto date) posts.

    #dfir #soc #siem

  37. ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ถ๐—ป๐—ด ๐—ป๐—ฒ๐˜„ ๐˜ƒ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ๐˜€: ๐—ง๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐—ฎ๐—ฐ๐˜๐—ผ๐—ฟ๐˜€ ๐—ฎ๐˜๐˜๐—ฒ๐—บ๐—ฝ๐˜ ๐—ฆ๐—ค๐—Ÿ ๐—ฆ๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฟ ๐˜๐—ผ ๐—ฐ๐—น๐—ผ๐˜‚๐—ฑ ๐—น๐—ฎ๐˜๐—ฒ๐—ฟ๐—ฎ๐—น ๐—บ๐—ผ๐˜ƒ๐—ฒ๐—บ๐—ฒ๐—ป๐˜

    Nice write-up by Microsoft security researchers about new campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance.

    Attackers are now attempting to move laterally into cloud environments via SQL Server instancesโ€”a method previously seen in VMs and Kubernetes clusters but not in SQL Server.

    microsoft.com/en-us/security/b

    #microsoft #microsoftsecurity #securityresearch #azure #SQL #cloudlateralmovement #lateralmovement #cloudsecurity #cloudnative #cybersecurity #soc #defenderforcloud #defenderforendpoint #mde #xdr #edr #defenderforsql #soc

  38. ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ถ๐—ป๐—ด ๐—ป๐—ฒ๐˜„ ๐˜ƒ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ๐˜€: ๐—ง๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐—ฎ๐—ฐ๐˜๐—ผ๐—ฟ๐˜€ ๐—ฎ๐˜๐˜๐—ฒ๐—บ๐—ฝ๐˜ ๐—ฆ๐—ค๐—Ÿ ๐—ฆ๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฟ ๐˜๐—ผ ๐—ฐ๐—น๐—ผ๐˜‚๐—ฑ ๐—น๐—ฎ๐˜๐—ฒ๐—ฟ๐—ฎ๐—น ๐—บ๐—ผ๐˜ƒ๐—ฒ๐—บ๐—ฒ๐—ป๐˜

    Nice write-up by Microsoft security researchers about new campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance.

    Attackers are now attempting to move laterally into cloud environments via SQL Server instancesโ€”a method previously seen in VMs and Kubernetes clusters but not in SQL Server.

    microsoft.com/en-us/security/b

    #microsoft #microsoftsecurity #securityresearch #azure #SQL #cloudlateralmovement #lateralmovement #cloudsecurity #cloudnative #cybersecurity #soc #defenderforcloud #defenderforendpoint #mde #xdr #edr #defenderforsql #soc

  39. ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ถ๐—ป๐—ด ๐—ป๐—ฒ๐˜„ ๐˜ƒ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ๐˜€: ๐—ง๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐—ฎ๐—ฐ๐˜๐—ผ๐—ฟ๐˜€ ๐—ฎ๐˜๐˜๐—ฒ๐—บ๐—ฝ๐˜ ๐—ฆ๐—ค๐—Ÿ ๐—ฆ๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฟ ๐˜๐—ผ ๐—ฐ๐—น๐—ผ๐˜‚๐—ฑ ๐—น๐—ฎ๐˜๐—ฒ๐—ฟ๐—ฎ๐—น ๐—บ๐—ผ๐˜ƒ๐—ฒ๐—บ๐—ฒ๐—ป๐˜

    Nice write-up by Microsoft security researchers about new campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance.

    Attackers are now attempting to move laterally into cloud environments via SQL Server instancesโ€”a method previously seen in VMs and Kubernetes clusters but not in SQL Server.

    microsoft.com/en-us/security/b

    #microsoft #microsoftsecurity #securityresearch #azure #SQL #cloudlateralmovement #lateralmovement #cloudsecurity #cloudnative #cybersecurity #soc #defenderforcloud #defenderforendpoint #mde #xdr #edr #defenderforsql #soc

  40. ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ถ๐—ป๐—ด ๐—ป๐—ฒ๐˜„ ๐˜ƒ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ๐˜€: ๐—ง๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐—ฎ๐—ฐ๐˜๐—ผ๐—ฟ๐˜€ ๐—ฎ๐˜๐˜๐—ฒ๐—บ๐—ฝ๐˜ ๐—ฆ๐—ค๐—Ÿ ๐—ฆ๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฟ ๐˜๐—ผ ๐—ฐ๐—น๐—ผ๐˜‚๐—ฑ ๐—น๐—ฎ๐˜๐—ฒ๐—ฟ๐—ฎ๐—น ๐—บ๐—ผ๐˜ƒ๐—ฒ๐—บ๐—ฒ๐—ป๐˜

    Nice write-up by Microsoft security researchers about new campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance.

    Attackers are now attempting to move laterally into cloud environments via SQL Server instancesโ€”a method previously seen in VMs and Kubernetes clusters but not in SQL Server.

    microsoft.com/en-us/security/b

    #microsoft #microsoftsecurity #securityresearch #azure #SQL #cloudlateralmovement #lateralmovement #cloudsecurity #cloudnative #cybersecurity #soc #defenderforcloud #defenderforendpoint #mde #xdr #edr #defenderforsql #soc

  41. ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ถ๐—ป๐—ด ๐—ป๐—ฒ๐˜„ ๐˜ƒ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ๐˜€: ๐—ง๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐—ฎ๐—ฐ๐˜๐—ผ๐—ฟ๐˜€ ๐—ฎ๐˜๐˜๐—ฒ๐—บ๐—ฝ๐˜ ๐—ฆ๐—ค๐—Ÿ ๐—ฆ๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฟ ๐˜๐—ผ ๐—ฐ๐—น๐—ผ๐˜‚๐—ฑ ๐—น๐—ฎ๐˜๐—ฒ๐—ฟ๐—ฎ๐—น ๐—บ๐—ผ๐˜ƒ๐—ฒ๐—บ๐—ฒ๐—ป๐˜

    Nice write-up by Microsoft security researchers about new campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance.

    Attackers are now attempting to move laterally into cloud environments via SQL Server instancesโ€”a method previously seen in VMs and Kubernetes clusters but not in SQL Server.

    microsoft.com/en-us/security/b

    #microsoft #microsoftsecurity #securityresearch #azure #SQL #cloudlateralmovement #lateralmovement #cloudsecurity #cloudnative #cybersecurity #soc #defenderforcloud #defenderforendpoint #mde #xdr #edr #defenderforsql #soc

  42. Today we are excited to announce the public preview of a ๐˜‚๐—ป๐—ถ๐—ณ๐—ถ๐—ฒ๐—ฑ ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐˜€๐—ฒ๐˜๐˜๐—ถ๐—ป๐—ด๐˜€ ๐—บ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜ ๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ that offers a consistent, single source of truth for ๐—บ๐—ฎ๐—ป๐—ฎ๐—ด๐—ถ๐—ป๐—ด ๐—ฒ๐—ป๐—ฑ๐—ฝ๐—ผ๐—ถ๐—ป๐˜ ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐˜€๐—ฒ๐˜๐˜๐—ถ๐—ป๐—ด๐˜€ ๐—ฎ๐—ฐ๐—ฟ๐—ผ๐˜€๐˜€ ๐—ช๐—ถ๐—ป๐—ฑ๐—ผ๐˜„๐˜€, ๐—บ๐—ฎ๐—ฐ๐—ข๐—ฆ, ๐—ฎ๐—ป๐—ฑ ๐—Ÿ๐—ถ๐—ป๐˜‚๐˜….

    ๐—œ๐˜ ๐—ถ๐˜€ ๐—ฏ๐˜‚๐—ถ๐—น๐˜ ๐—ถ๐—ป๐˜๐—ผ ๐˜๐—ต๐—ฒ ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐Ÿฏ๐Ÿฒ๐Ÿฑ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—ฝ๐—ผ๐—ฟ๐˜๐—ฎ๐—น, and therefore easily accessible for security teams, but built on the powerful capabilities of Microsoft Intune.

    techcommunity.microsoft.com/t5

    #mde #defenderforendpoint #security #securitysettings #management #microsoft #microsoftsecurity #microsoft365defedner #xdr #edr #soc #intune #device #devicemanagement #unifiedexperience #azure #cloud #cloudnative #windows #linux #macos #epp