What happened to tenant tracker
Looking for the Tenant Tracker tool? It's still here, but this is becoming the home of my blog so it did move a little. If you find Tenant Tracker helpful, hopefully you will find this helpful too.
Getting started with Defender Attack Surface Reduction - Part 2
In the previous post about ASR adoption, I recommended you enable ALL ASR rules in AUDIT mode. Now we will use the Security Baseline to build an ASR policy that should be minimally impactful to your systems and end users.
Continue reading...Getting started with Defender Attack Surface Reduction - Part 1
This post is intended as a starting point for organizations looking to adopt Attack Surface Reduction (ASR) rules. ASR rules can help improve an organization’s security, but they can potentially disrupt normal user and application behaviors in certain environments. My recommendation to anyone looking to implement ASR rules is to always start with Auditing.
Continue reading...Recent Posts
Get started with Defender AV - Part 2
Mon, Apr 04, 22 | MDE | Microsoft | Security
This is the second post on switching to Defender Anti-Virus and using the Security Baselines published in Endpoint Manager to create a good starting point for your Defender AV settings. This post will focus on the settings in the Security Baseline for Windows 10 and later and how to create an AV only policy based on these settings.
Get Started with Defender AV - Part 1
Wed, Mar 30, 22 | MDE | Microsoft | Security
When switching from one AV to another organizations want to know if they can keep their current AV settings, or if their AV Vendor has recommendations for better adoption, detection, and performance. For these types of conversations with Microsoft Defender AV I often recommend customers look at the Security Baseline rules as a good starting point.
MDE Exclusion Checker Go-Live
Tue, Mar 29, 22 | MDE
MDE Exclusion Checker is a tool to compare existing AV Exclusions against the list of exclusions that are native to Defender for Endpoint AntiVirus, and is now live!
MDI Learning Periods
Tue, Mar 08, 22 | MDI | Identity | Microsoft
MDI alerts have a number of different learning periods, and each is well documented. However, there is not a single list of all the alerts that have learning periods for easy reference, so I have created and will update this list.
MDE Exclusion Checker
Mon, Mar 07, 22 | MDE
MDE Exclusion Checker is a tool to compare your existing AV Exclusions against the list of exclusions that are native to Defender for Endpoint AntiVirus. This tool is a Beta solution and work is continuing to help improve the ‘match’ vs. ‘no match’ policies.
Custom MDE Threat and Vulnerability Report
Wed, Feb 16, 22 | MDE | Security
The Threat & Vulnerablity reports in MDE provide nice summary data across your cloud, but when you have to react to what the report says how can you get the details you need?
What happened to tenant tracker
Fri, Feb 11, 22
Looking for the Tenant Tracker tool? It's still here, but this is becoming the home of my blog so it did move a little. If you find Tenant Tracker helpful, hopefully you will find this helpful too.
Defender for Endpoint Upgrade Script - FOR ALL!
Thu, Nov 11, 21 | MDE | Security
Working with a customer on the MDE Unified Installer for Windows Server 2016/2012R2 we ran into the issue that SCEP was installed and thus blocking the Unified Installer. Therefore, instead of the Install approach we really needed to perform an Upgrade, but would that mean we needed an approach for servers where SCEP had been installed vs. servers where SCEP was not installed? Answer: No!
Defender for Endpoint Unified Package for Server 2016 and 2012 R2
Mon, Nov 01, 21 | MDE | Security
Recently Microsoft announced the public preview of a unified EPP and EDR package that allows a similar onboarding approach for these servers as Server 2019, Windows 10, and Windows 11. Recently, a customer I support wanted to test this new method and perform deployment using the GPO methodology.
Automate Accounts for Azure AD
Thu, Jul 18, 19 | AAD | Identity
Azure AD’s B2B capability is a really powerful way to leverage identities from outside of an organization, but is it the right solution for seasonal, temporary, or white listed employees? Maybe, maybe not, and if not then the creation of cloud only accounts may require a time consuming (possibly manual) request > approval > provision process.