Ru Campbell MVP

Privileged Identity Management (PIM) – Common Microsoft 365 Security Mistakes Series

November 19, 2023

Entra ID's P2 license (previously Azure AD Premium P2) unlocks the Privileged Identity Management (PIM). PIM is part of broader identity governance features, and is most known for enabling just-in-time admin rights. For example, you are eligible to become an a...

Conditional Access - Common Microsoft 365 Security Mistakes Series

October 5, 2023

Conditional Access (CA) is front and center of any attempt to secure Microsoft 365. If you've spent any time securing your tenant and Entra resources, you'll know what Conditional Access is by now, so we'll assume at least a level 200 understanding, skip the i...

Microsoft Improves and Simplifies Defender for Endpoint Management Capabilities

July 10, 2023

In one of the biggest changes to Microsoft Defender for Endpoint (MDE) in its product history, you no longer need a separate management engine to configure endpoint settings. In this blog, we'll look at what that change is, why it was necessary, initial impre...

Stop Making These Conditional Access Mistakes

May 16, 2023

Conditional Access is the most important security feature you will configure in Azure AD. You need to get this right, or most other things don't even matter. Compared to on-premises AD, which requires line of sight to a domain infrastructure often limited to...

[Feb 2023] Ultimate Comparison of Defender for Endpoint Features by OS

February 19, 2023

Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpoint detection and response (EDR) capabilities. It integrates with Microsoft 365 Defender (the broader XDR platform) and is available for almost any OS you'll find in an e...

Ultimate Comparison of Defender for Endpoint Features by OS [Updated August 2022]

August 26, 2022

This is the updated "matrix" of OS supported for the almost 80 features, services, and important components that make up Microsoft Defender for Endpoint. This follows up on my March 2022 release of the comparison. What's new? - Now available in Excel format,...

Updated March 2022: Ultimate Comparison of Defender for Endpoint Features by Operating System

March 29, 2022

It's been about 5 months since I last updated my comparison of Defender for Endpoint features by OS. This is a "matrix" of the tons of features, services, and important components that make up Microsoft Defender for Endpoint. Three months later, it's overdue...

Exploring Microsoft 365's NOBELIUM Defence Capabilities

December 24, 2021

I recently read through an excellent article by Mandiant, which recently split with FireEye, on their findings and analysis of the continued actions of suspected nation-state actor NOBELIUM. This group appeared on most IT pro's radar because of their SolarWin...

Updated October 2021: Availability of Defender for Endpoint Features by Operating System

October 19, 2021

In July, I released v1 of The Big Comparison of Defender for Endpoint Features by Operating System (or, what I think is much catchier, TBCMDEFOS). This was a "matrix" of the tons of features, services, and important components that make up Microsoft Defender...

Tons of Microsoft Defender for Endpoint Improvements for Server 2012 R2 & 2016

October 8, 2021

New protection capabilities for Microsoft Defender for Endpoint (MDE) customers have landed in public preview, Oct 7 '21, for Windows Server 2012 R2 and Windows Server 2016. With the public preview released today, Windows Server 2012 R2 and 2016 gain ' functi...