This is my attempt on writing and learning about Microsoft Defender. I’ve been meaning to write about this since some time now and I guess this is the best time to do that as the importance of Security has been recognized than ever.
To start things off the main focus of the series is Microsoft Defender for Endpoint (MDE) as that has many features to talk about and many more are added literally everyday.
I would also like to focus on KQL (Kusto Query Language) as that is becoming the norm and able to provide more insights to Security admins.
I hope this series will be informative and will help you to learn something new.
Configure “Enhanced Phishing Protection in Microsoft Defender SmartScreen” in Windows 11 22H2 via Endpoint Manager
Windows 11 22H2 update brought a lot of good stuff and as a tech enthusiast I really appreciate what Microsoft is doing to ensure the end user devices are protected. Enhanced Phishing Protection in Microsoft defender SmartScreen is one of … Continue reading Configure “Enhanced Phishing Protection in Microsoft Defender SmartScreen” in Windows 11 22H2 via Endpoint Manager
Endpoint Manager and Defender for Endpoint Relationship Simplified
I stumbled upon this so many times, tripped and fell, read things over, test things again and again and finally thought to write about it. Without understanding the high-level architecture and how these two services talk to each other, using … Continue reading Endpoint Manager and Defender for Endpoint Relationship Simplified
Microsoft 365 Defender – Advanced Threat Hunting Basics
With this post, I’m focussing anyone who is keen on knowing more about advanced features of MDE and how to get into that realm of threat hunting, and what are the controls available. So you have proper licensing enabled, and … Continue reading Microsoft 365 Defender – Advanced Threat Hunting Basics
An Attempt to Configure Defender for Endpoint and Endpoint Manager With the Same Device Tag
Most often the device tagging requirements are simple or you do have a set of tags for the devices that are enrolled in Intune and a set of tags for the devices onboarded in Defender for Endpoint. However there can … Continue reading An Attempt to Configure Defender for Endpoint and Endpoint Manager With the Same Device Tag
Web Content Filtering with Microsoft Defender for Endpoint Advanced Features
I recently realised I haven’t done much writing on Microsoft Endpoint Manager (MDE) side of things for a while. Web Content Filtering via MDE is a straight forward implementation and this will work on the devices that are onboarded currently. … Continue reading Web Content Filtering with Microsoft Defender for Endpoint Advanced Features
Microsoft Defender for Identity – Install and Configure Sensors (Azure ATP Sensors)
I will cut to the chase. MDI or Microsoft Defender for Identity is a great tool for identifying Identity threats in the local AD environment. Once the sensor is setup, you can monitor for the behavior and have the ability … Continue reading Microsoft Defender for Identity – Install and Configure Sensors (Azure ATP Sensors)
How To Set Defender For Endpoint To Work In Parallel When Defender Is Not The Primary A/V In The Workstation/ Server
EDR in Block Mode EDR stands for Endpoint Detection and Response. MDE has the capability to work in parallel to the 3rd party A/V running in the device. While this will not provide 100% of the tasks done by an … Continue reading How To Set Defender For Endpoint To Work In Parallel When Defender Is Not The Primary A/V In The Workstation/ Server
How to Configure Attack Surface Reduction (ASR) Rules using MEM
In this section, I would like to discuss one of MDE’s important set of settings and how to set these up. Namely ASRs rules or Attarck Surface Reduction rules. As the name implies, it helps closes any security holes in … Continue reading How to Configure Attack Surface Reduction (ASR) Rules using MEM
I’ve completed the MDE Ninja Training and it was great! (my thoughts and experience)
It took me sometime, but finally completed the MDE Ninja training. I got to know about this course from a local user group meetup and it hit me. This certificate is not a standard Microsoft certificate, but I would say … Continue reading I’ve completed the MDE Ninja Training and it was great! (my thoughts and experience)
How to Onboard Windows Devices to Microsoft Defender for Endpoint
To start hunting for threats and act on alerts, first the devices in the organisation must be onboarded to MDE. There are few onboarding methods that suites the organisation and I will be showcasing the steps of the commonly used … Continue reading How to Onboard Windows Devices to Microsoft Defender for Endpoint
How to configure Microsoft Defender for Endpoint Advanced Features
In my previous article we saw how to enable roles and provide RBAC to specific groups. In this article I will explore on how to enable the advanced features in MDE so it will be on “God Mode” as I … Continue reading How to configure Microsoft Defender for Endpoint Advanced Features
Security Microsoft Defender for Endpoint Roles and Device Group Access
In this article of the Defender series, I would like to discuss about the MDE RBAC to reflect the least access principal. This will cover the Roles for MDE and Device Group Access As you may know the Least Privileged … Continue reading Security Microsoft Defender for Endpoint Roles and Device Group Access
Introduction to Microsoft Defender for Endpoint
To make things simpler I will be calling this as MDE. Of course that the industry level acronym for Defender for Endpoint. In an age where security is the very soul of the tech industry and basically any industry, Microsoft … Continue reading Introduction to Microsoft Defender for Endpoint
Shehan Perera:[techBlog] 