Mar 01, 24 | MDE | Security

MDE Get Healthy with MDfS Driven Migration

Nov 07, 23 | MDO | Security

QR Phishing with MDO

Feb 15, 23 | MDE | Security

How to map AAD Groups to MDE Device Groups

Recent Posts

Image for Post Install MDE with SaltStack
Install MDE with SaltStack

MDE for Linux has serveral articles about using common deployment tools, but recently I was asked about using SaltStack which was a tool I’m not familiar with and that lacks/lacked official documentation.

Jan 11, 23 | MDE | Security | Read more...
Getting started with Defender Attack Surface Reduction - Part 2

In the previous post about ASR adoption, I recommended you enable ALL ASR rules in AUDIT mode. Now we will use the Security Baseline to build an ASR policy that should be minimally impactful to your systems and end users.

May 02, 22 | MDE | Microsoft | Security | Read more...
Getting started with Defender Attack Surface Reduction - Part 1

This post is intended as a starting point for organizations looking to adopt Attack Surface Reduction (ASR) rules. ASR rules can help improve an organization’s security, but they can potentially disrupt normal user and application behaviors in certain environments. My recommendation to anyone looking to implement ASR rules is to always start with Auditing.

Apr 13, 22 | MDE | Microsoft | Security | Read more...
Get started with Defender AV - Part 2

This is the second post on switching to Defender Anti-Virus and using the Security Baselines published in Endpoint Manager to create a good starting point for your Defender AV settings. This post will focus on the settings in the Security Baseline for Windows 10 and later and how to create an AV only policy based on these settings.

Apr 04, 22 | MDE | Microsoft | Security | Read more...
Get Started with Defender AV - Part 1

When switching from one AV to another organizations want to know if they can keep their current AV settings, or if their AV Vendor has recommendations for better adoption, detection, and performance. For these types of conversations with Microsoft Defender AV I often recommend customers look at the Security Baseline rules as a good starting point.

Mar 30, 22 | MDE | Microsoft | Security | Read more...
Image for Post MDE Exclusion Checker Go-Live
MDE Exclusion Checker Go-Live

MDE Exclusion Checker is a tool to compare existing AV Exclusions against the list of exclusions that are native to Defender for Endpoint AntiVirus, and is now live!

Mar 29, 22 | MDE | Read more...
Image for Post MDI Learning Periods
MDI Learning Periods

MDI alerts have a number of different learning periods, and each is well documented. However, there is not a single list of all the alerts that have learning periods for easy reference, so I have created and will update this list.

Mar 08, 22 | MDI | Identity | Microsoft | Read more...
Image for Post MDE Exclusion Checker
MDE Exclusion Checker

MDE Exclusion Checker is a tool to compare your existing AV Exclusions against the list of exclusions that are native to Defender for Endpoint AntiVirus. This tool is a Beta solution and work is continuing to help improve the ‘match’ vs. ‘no match’ policies.

Mar 07, 22 | MDE | Read more...
Custom MDE Threat and Vulnerability Report

The secuity portal comes with several nice vulnerability reports for customers to review that show a summary of the risks in their environment. However, some customers find that these reports are too general, so while they show summary data they cannot distribute these to system owners who could then go an patch their systems.

Feb 16, 22 | MDE | Security | Read more...
What happened to tenant tracker

Looking for Tenant Tracker tool? It’s still here (the link is in the top navigation left of my name), but this is site is transitioning to the home for my blog. Hopefully, if you liked the tool you’ll find some useful content here too.

Feb 11, 22 | Read more...