Defender Performance Tuning
Defender Deployment Tool
QR Phishing with MDO
How to map AAD Groups to MDE Device Groups
Install MDE with SaltStack
MDI Learning Periods
Why Microsoft Defender Didn't Block It
From helping customers POC, Pen Test, and creating the Microsoft FastTrack Quick Start for MDE I've had a lot of experience handling when MDE testing fails and determining cause. These lessons aren't just about POCs and Pen-Test, but translate to real world lessons that help prevent breaches.
Defender Performance Tuning
"Defender is causing performance issues" is the dreaded statement everyone who has deployed an AV and/or EDR tool fears hearing. Sure the system owners should probably do a better job of stating what is needed to minimize impact, but security professionals need to know how to address this. So let's tune Defender!
Defender Deployment Tool
The Defender Deployment Tool has been released, at least in public preview, and you should use it now.
Advanced Hunting Repository
I've been collecting some common queries often requested by customers I work with. Many of these are related to Vulnerability Management reporting, but some get into various threat detection activities.
MDE Policy Migration
I have intentionally and reluctantly avoided this topic for a while, but enough customer experience has occurred, and I feel the benefits are balanced with or outweigh the negatives. So, over the last week I wrote and have made available My-MdeMigration a PowerShell Module to help with MDE Migrations.
MDE Offline Update Container
MDE Offline update provides the ability for organizations to locally source MDE Security Intelligence Updates rather than using the provided Microsoft SIU service. Considering the repeat scripting and static file web server requirements it seemed that this could conventiently be addressed by containerization.
Export MDE Policies
Customers frequently ask about moving Defender policies between various environment. This generally requires manual efforts of replicating settings from one portal to another. However, this manual process is painful and error prone which makes the migration less that optimal.
MDE Get Healthy with MDfS Driven Migration
Recently I've been working with several customers on migrations from a third party EPP-EDR to Microsoft Defender for Servers (MDfS), and have found there is an important pattern that should be followed to predict, control, and minimize performance and business impacts during the migration. While Arc may perform the onboarding for your organization, other factors like change management and maintenance windows may require additional steps or procedures to limit & control what and when Arc performs actions.
MDE Linux Management from the Security Portal
These are running notes related to MDE on Linux and the ability to manage it with MDE's Security Management capability.
QR Phishing with MDO
Previsouly, I wrote about QR Phishing and the many challenges it poses to current cyber awareness training, and defensive tools. As this is a growing trend it is important for companies to incorporate this type of phishing method into existing cyber training and awareness. Specifically, this post will detail how to use Microsoft Defender for Office to generate a QR Phishing campaign.