Getting started with Defender Attack Surface Reduction - Part 2

In the previous post about ASR adoption, I recommended you enable ALL ASR rules in AUDIT mode. Now we will use the Security Baseline to build an ASR policy that should be minimally impactful to your systems and end users.

Read more...

Getting started with Defender Attack Surface Reduction - Part 1

This post is intended as a starting point for organizations looking to adopt Attack Surface Reduction (ASR) rules. ASR rules can help improve an organization’s security, but they can potentially disrupt normal user and application behaviors in certain environments. My recommendation to anyone looking to implement ASR rules is to always start with Auditing.

Read more...

Get started with Defender AV - Part 2

This is the second post on switching to Defender Anti-Virus and using the Security Baselines published in Endpoint Manager to create a good starting point for your Defender AV settings. This post will focus on the settings in the Security Baseline for Windows 10 and later and how to create an AV only policy based on these settings.

Read more...

Get Started with Defender AV - Part 1

When switching from one AV to another organizations want to know if they can keep their current AV settings, or if their AV Vendor has recommendations for better adoption, detection, and performance. For these types of conversations with Microsoft Defender AV I often recommend customers look at the Security Baseline rules as a good starting point.

Read more...

Custom MDE Threat and Vulnerability Report

The Threat & Vulnerablity reports in MDE provide nice summary data across your cloud, but when you have to react to what the report says how can you get the details you need?

Read more...

Defender for Endpoint Upgrade Script - FOR ALL!

Working with a customer on the MDE Unified Installer for Windows Server 2016/2012R2 we ran into the issue that SCEP was installed and thus blocking the Unified Installer. Therefore, instead of the Install approach we really needed to perform an Upgrade, but would that mean we needed an approach for servers where SCEP had been installed vs. servers where SCEP was not installed? Answer: No!

Read more...

Defender for Endpoint Unified Package for Server 2016 and 2012 R2

Recently Microsoft announced the public preview of a unified EPP and EDR package that allows a similar onboarding approach for these servers as Server 2019, Windows 10, and Windows 11. Recently, a customer I support wanted to test this new method and perform deployment using the GPO methodology.

Read more...

Azure AD MFA managed by User Account Administrator Role

Many organizations want to delegate enabling and disabling MFA for a user to their helpdesk, but the only RBAC role that allows MFA management is the Global Administrator and no one wants to grant helpdesk technicians Global Admin access to their tenant. However, there is a way around this RBAC limitation if your organization has Azure AD Premium.

Read more...

O365 MFA vs Azure AD MFA

As a Technical Solutions Professional at Microsoft who covers Identity and Security I get a lot of questions about Office 365 MFA vs. Azure Active Directory MFA around the differences, benefits, and what I suggest. Customers always assume because I concentrate on the EMS stack Microsoft offers (Intune, Azure AD, Azure Information Protection) I recommend Azure AD MFA over Office 365 MFA, but the reality is when customers really compare the experiences they will almost always go with Azure AD MFA.

Read more...

SAML Security Vulnerability

Microsoft announces that core products like Azure Active Directory, Azure B2C, and ADFS are not affected by DUO's announced SAML Vulnerability.

Read more...