Security Hygiene, Azure Security Center, and Secure Score
Posted inAzure Microsoft Defender for Cloud

Security Hygiene, Azure Security Center, and Secure Score

The basics Let's start this article with some basic cybersecurity terminology.  Security hygiene, or cyber hygiene, is a general term used to describe the ongoing practice of keeping your technology and IT estate in a healthy and protected state.  The metaphor with physical hygiene is valid because we know with our bodies that there's no such thing as "set it and forget it": if we don't maintain regular hygiene practices and exercise, we atrophy. …
The Big Comparison of Defender for Endpoint Features by Operating System
Posted inMicrosoft 365 Microsoft Defender for Endpoint Microsoft Defender XDR Windows

The Big Comparison of Defender for Endpoint Features by Operating System

Microsoft Defender for Endpoint (MDE) is a massive platform.  It's not a single product, and it's more than just a service.  It's a platform of tons of security features, portals, services, and controls.  The more you dig in, the more elements of general Microsoft security have been included in the MDE "branding".  It's not only endpoint detection and response (EDR), but also Windows 10 security settings.  It's not just the security software on the…
Microsoft Defender Antivirus – Schedule & Install Updates via Network Shares
Posted inMicrosoft 365 Microsoft Defender Microsoft Defender for Endpoint Microsoft Defender XDR PowerShell

Microsoft Defender Antivirus – Schedule & Install Updates via Network Shares

Although not common, there are scenarios out where you will have LAN-only devices onboarded in Microsoft Defender for Endpoint (MDE), or at least using Microsoft Defender Antivirus (MDAV).  With no line of sight to the internet, you can use options such as WSUS, but in this blog, I'll explore using a network share, as WSUS isn't always an option. Set up the network share for updates 1. Create a directory on your file server…
Microsoft Defender Network Protection – Not Enabling via Intune – Troubleshooting & Fix
Posted inIntune Microsoft 365 Microsoft Defender for Endpoint Microsoft Intune SmartScreen/Network Protection

Microsoft Defender Network Protection – Not Enabling via Intune – Troubleshooting & Fix

When configuring Defender for Endpoint (MDE) customer recently, I ran into a problem when trying to enable network protection.  Network protection is a feature of MDE and Microsoft Defender Antivirus (MDAV) that takes the filtering capabilities of SmartScreen and applies them to all network traffic.  It is a prerequisite for things such as MDE's web content filtering and URL/domain indicators of compromise. This blog details the specific problem I had enabling it with Intune…
Microsoft Defender for Endpoint – Offline Onboarding for Windows 10 via a Proxy
Posted inGroup Policy Microsoft 365 Microsoft Defender Microsoft Defender for Endpoint Windows Windows Server

Microsoft Defender for Endpoint – Offline Onboarding for Windows 10 via a Proxy

Getting your devices into Defender for Endpoint is referred to as onboarding and can be done in lots of different ways, depending on the scenario.  The tools you use for Windows Server 2008 R2, for example, are different from the tools you use for Windows Server 2019, which are different from the tools you use for Windows 10, and so on. The common denominator behind most onboarding methods is internet connectivity.  Your device connects…
Use Intune to Manage Microsoft Defender for Endpoint Tags and Device Groups
Posted inIntune Microsoft 365 Microsoft Defender for Endpoint

Use Intune to Manage Microsoft Defender for Endpoint Tags and Device Groups

In Microsoft Defender for Endpoint (MDE), tags can be attached to a device for reporting, filtering, and as a dynamic attribute for membership of a device group.  Device groups (previously machine groups), are used to assign devices different rules and administrative ownership.  A device can only belong to one group and controls settings such as auto-remediation level and which Role-Based Access Control (RBAC) roles have administrative permissions over it. While you can assign tags,…
Understanding Application Guard for Office, Now Generally Available
Posted inApplication Guard Intune Microsoft 365 Microsoft Defender News Office 365 PowerShell Windows

Understanding Application Guard for Office, Now Generally Available

Application Guard first appeared in Windows 10 1709 ("Fall Creators Update") to isolate Edge browser activity within a Hyper V container.  Microsoft now extends that same idea to Word, Excel, and PowerPoint in Office 365 ProPlus Microsoft 365 Apps for Enterprise on Windows 10... ... if you have Microsoft 365 E5 or E5 Security.  You knew that was coming! With Application Guard for Office, your files can open in a sandbox without access local…
The Difference Between Cloud App Security Discovery (CAD), Office 365 Cloud App Security (OCAS), and Microsoft Cloud App Security (MCAS)
Posted inMicrosoft 365 Microsoft Defender Microsoft Defender for Cloud Apps Office 365

The Difference Between Cloud App Security Discovery (CAD), Office 365 Cloud App Security (OCAS), and Microsoft Cloud App Security (MCAS)

Microsoft Cloud App Security (MCAS), Redmond's cloud app security broker (CASB) offering, is a powerful tool for investigating and pro-actively controlling your SaaS estate.  It includes tools such as reverse proxying to control sessions and sits inside the Microsoft Threat Protection stack alongside Defender ATP, Office 365 ATP, and Azure ATP.  MCAS started life as Adallom prior to Microsoft's acquisition of that company in 2015.  It's included in Microsoft 365 E5 and numerous other…
Microsoft Defender for Endpoint Web Content Filtering – Migrate Rules from Existing Security Software
Posted inMicrosoft 365 Microsoft Defender Microsoft Defender for Endpoint

Microsoft Defender for Endpoint Web Content Filtering – Migrate Rules from Existing Security Software

In my last blog, I wrote about web content filtering in MDATP and how it now allows you to block website categories on the client across all apps.  Category blockers are great because, with one easy checkbox, you ban hundreds of thousands of dangerous on inappropriate websites.  Nothing is perfect, though, and anyone who's ever worked a helpdesk or SOC will attest that false positives and false negatives are common. The engine for MDATP…
Microsoft Defender for Endpoint Web Content Filtering – Administration, Limitations, and User Experience
Posted inConfiguration Manager Microsoft 365 Microsoft Defender Microsoft Defender for Endpoint Microsoft Intune

Microsoft Defender for Endpoint Web Content Filtering – Administration, Limitations, and User Experience

Historically, one of the big features missing "out of the box" with MDATP was web content filtering.  Customers typically look at MDATP as an option when their existing endpoint security is due for license renewal, and compare their existing solution against it.  They would be moving from one of the big security vendors such as Sophos, Norton, and McAfee, which all supported web content filtering.  Higher lever stakeholders often listed the ability to block…